github.com/spotahome/redis-operator@v1.2.4/charts/redisoperator/crds/databases.spotahome.com_redisfailovers.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: (devel) 8 creationTimestamp: null 9 name: redisfailovers.databases.spotahome.com 10 spec: 11 group: databases.spotahome.com 12 names: 13 kind: RedisFailover 14 listKind: RedisFailoverList 15 plural: redisfailovers 16 shortNames: 17 - rf 18 singular: redisfailover 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .metadata.name 23 name: NAME 24 type: string 25 - jsonPath: .spec.redis.replicas 26 name: REDIS 27 type: integer 28 - jsonPath: .spec.sentinel.replicas 29 name: SENTINELS 30 type: integer 31 - jsonPath: .metadata.creationTimestamp 32 name: AGE 33 type: date 34 name: v1 35 schema: 36 openAPIV3Schema: 37 description: RedisFailover represents a Redis failover 38 properties: 39 apiVersion: 40 description: 'APIVersion defines the versioned schema of this representation 41 of an object. Servers should convert recognized schemas to the latest 42 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 43 type: string 44 kind: 45 description: 'Kind is a string value representing the REST resource this 46 object represents. Servers may infer this from the endpoint the client 47 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: RedisFailoverSpec represents a Redis failover spec 53 properties: 54 auth: 55 description: AuthSettings contains settings about auth 56 properties: 57 secretPath: 58 type: string 59 type: object 60 bootstrapNode: 61 description: BootstrapSettings contains settings about a potential 62 bootstrap node 63 properties: 64 allowSentinels: 65 type: boolean 66 host: 67 type: string 68 port: 69 type: string 70 type: object 71 labelWhitelist: 72 items: 73 type: string 74 type: array 75 redis: 76 description: RedisSettings defines the specification of the redis 77 cluster 78 properties: 79 affinity: 80 description: Affinity is a group of affinity scheduling rules. 81 properties: 82 nodeAffinity: 83 description: Describes node affinity scheduling rules for 84 the pod. 85 properties: 86 preferredDuringSchedulingIgnoredDuringExecution: 87 description: The scheduler will prefer to schedule pods 88 to nodes that satisfy the affinity expressions specified 89 by this field, but it may choose a node that violates 90 one or more of the expressions. The node that is most 91 preferred is the one with the greatest sum of weights, 92 i.e. for each node that meets all of the scheduling 93 requirements (resource request, requiredDuringScheduling 94 affinity expressions, etc.), compute a sum by iterating 95 through the elements of this field and adding "weight" 96 to the sum if the node matches the corresponding matchExpressions; 97 the node(s) with the highest sum are the most preferred. 98 items: 99 description: An empty preferred scheduling term matches 100 all objects with implicit weight 0 (i.e. it's a no-op). 101 A null preferred scheduling term matches no objects 102 (i.e. is also a no-op). 103 properties: 104 preference: 105 description: A node selector term, associated with 106 the corresponding weight. 107 properties: 108 matchExpressions: 109 description: A list of node selector requirements 110 by node's labels. 111 items: 112 description: A node selector requirement is 113 a selector that contains values, a key, 114 and an operator that relates the key and 115 values. 116 properties: 117 key: 118 description: The label key that the selector 119 applies to. 120 type: string 121 operator: 122 description: Represents a key's relationship 123 to a set of values. Valid operators 124 are In, NotIn, Exists, DoesNotExist. 125 Gt, and Lt. 126 type: string 127 values: 128 description: An array of string values. 129 If the operator is In or NotIn, the 130 values array must be non-empty. If the 131 operator is Exists or DoesNotExist, 132 the values array must be empty. If the 133 operator is Gt or Lt, the values array 134 must have a single element, which will 135 be interpreted as an integer. This array 136 is replaced during a strategic merge 137 patch. 138 items: 139 type: string 140 type: array 141 required: 142 - key 143 - operator 144 type: object 145 type: array 146 matchFields: 147 description: A list of node selector requirements 148 by node's fields. 149 items: 150 description: A node selector requirement is 151 a selector that contains values, a key, 152 and an operator that relates the key and 153 values. 154 properties: 155 key: 156 description: The label key that the selector 157 applies to. 158 type: string 159 operator: 160 description: Represents a key's relationship 161 to a set of values. Valid operators 162 are In, NotIn, Exists, DoesNotExist. 163 Gt, and Lt. 164 type: string 165 values: 166 description: An array of string values. 167 If the operator is In or NotIn, the 168 values array must be non-empty. If the 169 operator is Exists or DoesNotExist, 170 the values array must be empty. If the 171 operator is Gt or Lt, the values array 172 must have a single element, which will 173 be interpreted as an integer. This array 174 is replaced during a strategic merge 175 patch. 176 items: 177 type: string 178 type: array 179 required: 180 - key 181 - operator 182 type: object 183 type: array 184 type: object 185 weight: 186 description: Weight associated with matching the 187 corresponding nodeSelectorTerm, in the range 1-100. 188 format: int32 189 type: integer 190 required: 191 - preference 192 - weight 193 type: object 194 type: array 195 requiredDuringSchedulingIgnoredDuringExecution: 196 description: If the affinity requirements specified by 197 this field are not met at scheduling time, the pod will 198 not be scheduled onto the node. If the affinity requirements 199 specified by this field cease to be met at some point 200 during pod execution (e.g. due to an update), the system 201 may or may not try to eventually evict the pod from 202 its node. 203 properties: 204 nodeSelectorTerms: 205 description: Required. A list of node selector terms. 206 The terms are ORed. 207 items: 208 description: A null or empty node selector term 209 matches no objects. The requirements of them are 210 ANDed. The TopologySelectorTerm type implements 211 a subset of the NodeSelectorTerm. 212 properties: 213 matchExpressions: 214 description: A list of node selector requirements 215 by node's labels. 216 items: 217 description: A node selector requirement is 218 a selector that contains values, a key, 219 and an operator that relates the key and 220 values. 221 properties: 222 key: 223 description: The label key that the selector 224 applies to. 225 type: string 226 operator: 227 description: Represents a key's relationship 228 to a set of values. Valid operators 229 are In, NotIn, Exists, DoesNotExist. 230 Gt, and Lt. 231 type: string 232 values: 233 description: An array of string values. 234 If the operator is In or NotIn, the 235 values array must be non-empty. If the 236 operator is Exists or DoesNotExist, 237 the values array must be empty. If the 238 operator is Gt or Lt, the values array 239 must have a single element, which will 240 be interpreted as an integer. This array 241 is replaced during a strategic merge 242 patch. 243 items: 244 type: string 245 type: array 246 required: 247 - key 248 - operator 249 type: object 250 type: array 251 matchFields: 252 description: A list of node selector requirements 253 by node's fields. 254 items: 255 description: A node selector requirement is 256 a selector that contains values, a key, 257 and an operator that relates the key and 258 values. 259 properties: 260 key: 261 description: The label key that the selector 262 applies to. 263 type: string 264 operator: 265 description: Represents a key's relationship 266 to a set of values. Valid operators 267 are In, NotIn, Exists, DoesNotExist. 268 Gt, and Lt. 269 type: string 270 values: 271 description: An array of string values. 272 If the operator is In or NotIn, the 273 values array must be non-empty. If the 274 operator is Exists or DoesNotExist, 275 the values array must be empty. If the 276 operator is Gt or Lt, the values array 277 must have a single element, which will 278 be interpreted as an integer. This array 279 is replaced during a strategic merge 280 patch. 281 items: 282 type: string 283 type: array 284 required: 285 - key 286 - operator 287 type: object 288 type: array 289 type: object 290 type: array 291 required: 292 - nodeSelectorTerms 293 type: object 294 type: object 295 podAffinity: 296 description: Describes pod affinity scheduling rules (e.g. 297 co-locate this pod in the same node, zone, etc. as some 298 other pod(s)). 299 properties: 300 preferredDuringSchedulingIgnoredDuringExecution: 301 description: The scheduler will prefer to schedule pods 302 to nodes that satisfy the affinity expressions specified 303 by this field, but it may choose a node that violates 304 one or more of the expressions. The node that is most 305 preferred is the one with the greatest sum of weights, 306 i.e. for each node that meets all of the scheduling 307 requirements (resource request, requiredDuringScheduling 308 affinity expressions, etc.), compute a sum by iterating 309 through the elements of this field and adding "weight" 310 to the sum if the node has pods which matches the corresponding 311 podAffinityTerm; the node(s) with the highest sum are 312 the most preferred. 313 items: 314 description: The weights of all of the matched WeightedPodAffinityTerm 315 fields are added per-node to find the most preferred 316 node(s) 317 properties: 318 podAffinityTerm: 319 description: Required. A pod affinity term, associated 320 with the corresponding weight. 321 properties: 322 labelSelector: 323 description: A label query over a set of resources, 324 in this case pods. 325 properties: 326 matchExpressions: 327 description: matchExpressions is a list 328 of label selector requirements. The requirements 329 are ANDed. 330 items: 331 description: A label selector requirement 332 is a selector that contains values, 333 a key, and an operator that relates 334 the key and values. 335 properties: 336 key: 337 description: key is the label key 338 that the selector applies to. 339 type: string 340 operator: 341 description: operator represents a 342 key's relationship to a set of values. 343 Valid operators are In, NotIn, Exists 344 and DoesNotExist. 345 type: string 346 values: 347 description: values is an array of 348 string values. If the operator is 349 In or NotIn, the values array must 350 be non-empty. If the operator is 351 Exists or DoesNotExist, the values 352 array must be empty. This array 353 is replaced during a strategic merge 354 patch. 355 items: 356 type: string 357 type: array 358 required: 359 - key 360 - operator 361 type: object 362 type: array 363 matchLabels: 364 additionalProperties: 365 type: string 366 description: matchLabels is a map of {key,value} 367 pairs. A single {key,value} in the matchLabels 368 map is equivalent to an element of matchExpressions, 369 whose key field is "key", the operator 370 is "In", and the values array contains 371 only "value". The requirements are ANDed. 372 type: object 373 type: object 374 namespaceSelector: 375 description: A label query over the set of namespaces 376 that the term applies to. The term is applied 377 to the union of the namespaces selected by 378 this field and the ones listed in the namespaces 379 field. null selector and null or empty namespaces 380 list means "this pod's namespace". An empty 381 selector ({}) matches all namespaces. 382 properties: 383 matchExpressions: 384 description: matchExpressions is a list 385 of label selector requirements. The requirements 386 are ANDed. 387 items: 388 description: A label selector requirement 389 is a selector that contains values, 390 a key, and an operator that relates 391 the key and values. 392 properties: 393 key: 394 description: key is the label key 395 that the selector applies to. 396 type: string 397 operator: 398 description: operator represents a 399 key's relationship to a set of values. 400 Valid operators are In, NotIn, Exists 401 and DoesNotExist. 402 type: string 403 values: 404 description: values is an array of 405 string values. If the operator is 406 In or NotIn, the values array must 407 be non-empty. If the operator is 408 Exists or DoesNotExist, the values 409 array must be empty. This array 410 is replaced during a strategic merge 411 patch. 412 items: 413 type: string 414 type: array 415 required: 416 - key 417 - operator 418 type: object 419 type: array 420 matchLabels: 421 additionalProperties: 422 type: string 423 description: matchLabels is a map of {key,value} 424 pairs. A single {key,value} in the matchLabels 425 map is equivalent to an element of matchExpressions, 426 whose key field is "key", the operator 427 is "In", and the values array contains 428 only "value". The requirements are ANDed. 429 type: object 430 type: object 431 namespaces: 432 description: namespaces specifies a static list 433 of namespace names that the term applies to. 434 The term is applied to the union of the namespaces 435 listed in this field and the ones selected 436 by namespaceSelector. null or empty namespaces 437 list and null namespaceSelector means "this 438 pod's namespace". 439 items: 440 type: string 441 type: array 442 topologyKey: 443 description: This pod should be co-located (affinity) 444 or not co-located (anti-affinity) with the 445 pods matching the labelSelector in the specified 446 namespaces, where co-located is defined as 447 running on a node whose value of the label 448 with key topologyKey matches that of any node 449 on which any of the selected pods is running. 450 Empty topologyKey is not allowed. 451 type: string 452 required: 453 - topologyKey 454 type: object 455 weight: 456 description: weight associated with matching the 457 corresponding podAffinityTerm, in the range 1-100. 458 format: int32 459 type: integer 460 required: 461 - podAffinityTerm 462 - weight 463 type: object 464 type: array 465 requiredDuringSchedulingIgnoredDuringExecution: 466 description: If the affinity requirements specified by 467 this field are not met at scheduling time, the pod will 468 not be scheduled onto the node. If the affinity requirements 469 specified by this field cease to be met at some point 470 during pod execution (e.g. due to a pod label update), 471 the system may or may not try to eventually evict the 472 pod from its node. When there are multiple elements, 473 the lists of nodes corresponding to each podAffinityTerm 474 are intersected, i.e. all terms must be satisfied. 475 items: 476 description: Defines a set of pods (namely those matching 477 the labelSelector relative to the given namespace(s)) 478 that this pod should be co-located (affinity) or not 479 co-located (anti-affinity) with, where co-located 480 is defined as running on a node whose value of the 481 label with key <topologyKey> matches that of any node 482 on which a pod of the set of pods is running 483 properties: 484 labelSelector: 485 description: A label query over a set of resources, 486 in this case pods. 487 properties: 488 matchExpressions: 489 description: matchExpressions is a list of label 490 selector requirements. The requirements are 491 ANDed. 492 items: 493 description: A label selector requirement 494 is a selector that contains values, a key, 495 and an operator that relates the key and 496 values. 497 properties: 498 key: 499 description: key is the label key that 500 the selector applies to. 501 type: string 502 operator: 503 description: operator represents a key's 504 relationship to a set of values. Valid 505 operators are In, NotIn, Exists and 506 DoesNotExist. 507 type: string 508 values: 509 description: values is an array of string 510 values. If the operator is In or NotIn, 511 the values array must be non-empty. 512 If the operator is Exists or DoesNotExist, 513 the values array must be empty. This 514 array is replaced during a strategic 515 merge patch. 516 items: 517 type: string 518 type: array 519 required: 520 - key 521 - operator 522 type: object 523 type: array 524 matchLabels: 525 additionalProperties: 526 type: string 527 description: matchLabels is a map of {key,value} 528 pairs. A single {key,value} in the matchLabels 529 map is equivalent to an element of matchExpressions, 530 whose key field is "key", the operator is 531 "In", and the values array contains only "value". 532 The requirements are ANDed. 533 type: object 534 type: object 535 namespaceSelector: 536 description: A label query over the set of namespaces 537 that the term applies to. The term is applied 538 to the union of the namespaces selected by this 539 field and the ones listed in the namespaces field. 540 null selector and null or empty namespaces list 541 means "this pod's namespace". An empty selector 542 ({}) matches all namespaces. 543 properties: 544 matchExpressions: 545 description: matchExpressions is a list of label 546 selector requirements. The requirements are 547 ANDed. 548 items: 549 description: A label selector requirement 550 is a selector that contains values, a key, 551 and an operator that relates the key and 552 values. 553 properties: 554 key: 555 description: key is the label key that 556 the selector applies to. 557 type: string 558 operator: 559 description: operator represents a key's 560 relationship to a set of values. Valid 561 operators are In, NotIn, Exists and 562 DoesNotExist. 563 type: string 564 values: 565 description: values is an array of string 566 values. If the operator is In or NotIn, 567 the values array must be non-empty. 568 If the operator is Exists or DoesNotExist, 569 the values array must be empty. This 570 array is replaced during a strategic 571 merge patch. 572 items: 573 type: string 574 type: array 575 required: 576 - key 577 - operator 578 type: object 579 type: array 580 matchLabels: 581 additionalProperties: 582 type: string 583 description: matchLabels is a map of {key,value} 584 pairs. A single {key,value} in the matchLabels 585 map is equivalent to an element of matchExpressions, 586 whose key field is "key", the operator is 587 "In", and the values array contains only "value". 588 The requirements are ANDed. 589 type: object 590 type: object 591 namespaces: 592 description: namespaces specifies a static list 593 of namespace names that the term applies to. The 594 term is applied to the union of the namespaces 595 listed in this field and the ones selected by 596 namespaceSelector. null or empty namespaces list 597 and null namespaceSelector means "this pod's namespace". 598 items: 599 type: string 600 type: array 601 topologyKey: 602 description: This pod should be co-located (affinity) 603 or not co-located (anti-affinity) with the pods 604 matching the labelSelector in the specified namespaces, 605 where co-located is defined as running on a node 606 whose value of the label with key topologyKey 607 matches that of any node on which any of the selected 608 pods is running. Empty topologyKey is not allowed. 609 type: string 610 required: 611 - topologyKey 612 type: object 613 type: array 614 type: object 615 podAntiAffinity: 616 description: Describes pod anti-affinity scheduling rules 617 (e.g. avoid putting this pod in the same node, zone, etc. 618 as some other pod(s)). 619 properties: 620 preferredDuringSchedulingIgnoredDuringExecution: 621 description: The scheduler will prefer to schedule pods 622 to nodes that satisfy the anti-affinity expressions 623 specified by this field, but it may choose a node that 624 violates one or more of the expressions. The node that 625 is most preferred is the one with the greatest sum of 626 weights, i.e. for each node that meets all of the scheduling 627 requirements (resource request, requiredDuringScheduling 628 anti-affinity expressions, etc.), compute a sum by iterating 629 through the elements of this field and adding "weight" 630 to the sum if the node has pods which matches the corresponding 631 podAffinityTerm; the node(s) with the highest sum are 632 the most preferred. 633 items: 634 description: The weights of all of the matched WeightedPodAffinityTerm 635 fields are added per-node to find the most preferred 636 node(s) 637 properties: 638 podAffinityTerm: 639 description: Required. A pod affinity term, associated 640 with the corresponding weight. 641 properties: 642 labelSelector: 643 description: A label query over a set of resources, 644 in this case pods. 645 properties: 646 matchExpressions: 647 description: matchExpressions is a list 648 of label selector requirements. The requirements 649 are ANDed. 650 items: 651 description: A label selector requirement 652 is a selector that contains values, 653 a key, and an operator that relates 654 the key and values. 655 properties: 656 key: 657 description: key is the label key 658 that the selector applies to. 659 type: string 660 operator: 661 description: operator represents a 662 key's relationship to a set of values. 663 Valid operators are In, NotIn, Exists 664 and DoesNotExist. 665 type: string 666 values: 667 description: values is an array of 668 string values. If the operator is 669 In or NotIn, the values array must 670 be non-empty. If the operator is 671 Exists or DoesNotExist, the values 672 array must be empty. This array 673 is replaced during a strategic merge 674 patch. 675 items: 676 type: string 677 type: array 678 required: 679 - key 680 - operator 681 type: object 682 type: array 683 matchLabels: 684 additionalProperties: 685 type: string 686 description: matchLabels is a map of {key,value} 687 pairs. A single {key,value} in the matchLabels 688 map is equivalent to an element of matchExpressions, 689 whose key field is "key", the operator 690 is "In", and the values array contains 691 only "value". The requirements are ANDed. 692 type: object 693 type: object 694 namespaceSelector: 695 description: A label query over the set of namespaces 696 that the term applies to. The term is applied 697 to the union of the namespaces selected by 698 this field and the ones listed in the namespaces 699 field. null selector and null or empty namespaces 700 list means "this pod's namespace". An empty 701 selector ({}) matches all namespaces. 702 properties: 703 matchExpressions: 704 description: matchExpressions is a list 705 of label selector requirements. The requirements 706 are ANDed. 707 items: 708 description: A label selector requirement 709 is a selector that contains values, 710 a key, and an operator that relates 711 the key and values. 712 properties: 713 key: 714 description: key is the label key 715 that the selector applies to. 716 type: string 717 operator: 718 description: operator represents a 719 key's relationship to a set of values. 720 Valid operators are In, NotIn, Exists 721 and DoesNotExist. 722 type: string 723 values: 724 description: values is an array of 725 string values. If the operator is 726 In or NotIn, the values array must 727 be non-empty. If the operator is 728 Exists or DoesNotExist, the values 729 array must be empty. This array 730 is replaced during a strategic merge 731 patch. 732 items: 733 type: string 734 type: array 735 required: 736 - key 737 - operator 738 type: object 739 type: array 740 matchLabels: 741 additionalProperties: 742 type: string 743 description: matchLabels is a map of {key,value} 744 pairs. A single {key,value} in the matchLabels 745 map is equivalent to an element of matchExpressions, 746 whose key field is "key", the operator 747 is "In", and the values array contains 748 only "value". The requirements are ANDed. 749 type: object 750 type: object 751 namespaces: 752 description: namespaces specifies a static list 753 of namespace names that the term applies to. 754 The term is applied to the union of the namespaces 755 listed in this field and the ones selected 756 by namespaceSelector. null or empty namespaces 757 list and null namespaceSelector means "this 758 pod's namespace". 759 items: 760 type: string 761 type: array 762 topologyKey: 763 description: This pod should be co-located (affinity) 764 or not co-located (anti-affinity) with the 765 pods matching the labelSelector in the specified 766 namespaces, where co-located is defined as 767 running on a node whose value of the label 768 with key topologyKey matches that of any node 769 on which any of the selected pods is running. 770 Empty topologyKey is not allowed. 771 type: string 772 required: 773 - topologyKey 774 type: object 775 weight: 776 description: weight associated with matching the 777 corresponding podAffinityTerm, in the range 1-100. 778 format: int32 779 type: integer 780 required: 781 - podAffinityTerm 782 - weight 783 type: object 784 type: array 785 requiredDuringSchedulingIgnoredDuringExecution: 786 description: If the anti-affinity requirements specified 787 by this field are not met at scheduling time, the pod 788 will not be scheduled onto the node. If the anti-affinity 789 requirements specified by this field cease to be met 790 at some point during pod execution (e.g. due to a pod 791 label update), the system may or may not try to eventually 792 evict the pod from its node. When there are multiple 793 elements, the lists of nodes corresponding to each podAffinityTerm 794 are intersected, i.e. all terms must be satisfied. 795 items: 796 description: Defines a set of pods (namely those matching 797 the labelSelector relative to the given namespace(s)) 798 that this pod should be co-located (affinity) or not 799 co-located (anti-affinity) with, where co-located 800 is defined as running on a node whose value of the 801 label with key <topologyKey> matches that of any node 802 on which a pod of the set of pods is running 803 properties: 804 labelSelector: 805 description: A label query over a set of resources, 806 in this case pods. 807 properties: 808 matchExpressions: 809 description: matchExpressions is a list of label 810 selector requirements. The requirements are 811 ANDed. 812 items: 813 description: A label selector requirement 814 is a selector that contains values, a key, 815 and an operator that relates the key and 816 values. 817 properties: 818 key: 819 description: key is the label key that 820 the selector applies to. 821 type: string 822 operator: 823 description: operator represents a key's 824 relationship to a set of values. Valid 825 operators are In, NotIn, Exists and 826 DoesNotExist. 827 type: string 828 values: 829 description: values is an array of string 830 values. If the operator is In or NotIn, 831 the values array must be non-empty. 832 If the operator is Exists or DoesNotExist, 833 the values array must be empty. This 834 array is replaced during a strategic 835 merge patch. 836 items: 837 type: string 838 type: array 839 required: 840 - key 841 - operator 842 type: object 843 type: array 844 matchLabels: 845 additionalProperties: 846 type: string 847 description: matchLabels is a map of {key,value} 848 pairs. A single {key,value} in the matchLabels 849 map is equivalent to an element of matchExpressions, 850 whose key field is "key", the operator is 851 "In", and the values array contains only "value". 852 The requirements are ANDed. 853 type: object 854 type: object 855 namespaceSelector: 856 description: A label query over the set of namespaces 857 that the term applies to. The term is applied 858 to the union of the namespaces selected by this 859 field and the ones listed in the namespaces field. 860 null selector and null or empty namespaces list 861 means "this pod's namespace". An empty selector 862 ({}) matches all namespaces. 863 properties: 864 matchExpressions: 865 description: matchExpressions is a list of label 866 selector requirements. The requirements are 867 ANDed. 868 items: 869 description: A label selector requirement 870 is a selector that contains values, a key, 871 and an operator that relates the key and 872 values. 873 properties: 874 key: 875 description: key is the label key that 876 the selector applies to. 877 type: string 878 operator: 879 description: operator represents a key's 880 relationship to a set of values. Valid 881 operators are In, NotIn, Exists and 882 DoesNotExist. 883 type: string 884 values: 885 description: values is an array of string 886 values. If the operator is In or NotIn, 887 the values array must be non-empty. 888 If the operator is Exists or DoesNotExist, 889 the values array must be empty. This 890 array is replaced during a strategic 891 merge patch. 892 items: 893 type: string 894 type: array 895 required: 896 - key 897 - operator 898 type: object 899 type: array 900 matchLabels: 901 additionalProperties: 902 type: string 903 description: matchLabels is a map of {key,value} 904 pairs. A single {key,value} in the matchLabels 905 map is equivalent to an element of matchExpressions, 906 whose key field is "key", the operator is 907 "In", and the values array contains only "value". 908 The requirements are ANDed. 909 type: object 910 type: object 911 namespaces: 912 description: namespaces specifies a static list 913 of namespace names that the term applies to. The 914 term is applied to the union of the namespaces 915 listed in this field and the ones selected by 916 namespaceSelector. null or empty namespaces list 917 and null namespaceSelector means "this pod's namespace". 918 items: 919 type: string 920 type: array 921 topologyKey: 922 description: This pod should be co-located (affinity) 923 or not co-located (anti-affinity) with the pods 924 matching the labelSelector in the specified namespaces, 925 where co-located is defined as running on a node 926 whose value of the label with key topologyKey 927 matches that of any node on which any of the selected 928 pods is running. Empty topologyKey is not allowed. 929 type: string 930 required: 931 - topologyKey 932 type: object 933 type: array 934 type: object 935 type: object 936 command: 937 items: 938 type: string 939 type: array 940 containerSecurityContext: 941 description: SecurityContext holds security configuration that 942 will be applied to a container. Some fields are present in both 943 SecurityContext and PodSecurityContext. When both are set, 944 the values in SecurityContext take precedence. 945 properties: 946 allowPrivilegeEscalation: 947 description: 'AllowPrivilegeEscalation controls whether a 948 process can gain more privileges than its parent process. 949 This bool directly controls if the no_new_privs flag will 950 be set on the container process. AllowPrivilegeEscalation 951 is true always when the container is: 1) run as Privileged 952 2) has CAP_SYS_ADMIN Note that this field cannot be set 953 when spec.os.name is windows.' 954 type: boolean 955 capabilities: 956 description: The capabilities to add/drop when running containers. 957 Defaults to the default set of capabilities granted by the 958 container runtime. Note that this field cannot be set when 959 spec.os.name is windows. 960 properties: 961 add: 962 description: Added capabilities 963 items: 964 description: Capability represent POSIX capabilities 965 type 966 type: string 967 type: array 968 drop: 969 description: Removed capabilities 970 items: 971 description: Capability represent POSIX capabilities 972 type 973 type: string 974 type: array 975 type: object 976 privileged: 977 description: Run container in privileged mode. Processes in 978 privileged containers are essentially equivalent to root 979 on the host. Defaults to false. Note that this field cannot 980 be set when spec.os.name is windows. 981 type: boolean 982 procMount: 983 description: procMount denotes the type of proc mount to use 984 for the containers. The default is DefaultProcMount which 985 uses the container runtime defaults for readonly paths and 986 masked paths. This requires the ProcMountType feature flag 987 to be enabled. Note that this field cannot be set when spec.os.name 988 is windows. 989 type: string 990 readOnlyRootFilesystem: 991 description: Whether this container has a read-only root filesystem. 992 Default is false. Note that this field cannot be set when 993 spec.os.name is windows. 994 type: boolean 995 runAsGroup: 996 description: The GID to run the entrypoint of the container 997 process. Uses runtime default if unset. May also be set 998 in PodSecurityContext. If set in both SecurityContext and 999 PodSecurityContext, the value specified in SecurityContext 1000 takes precedence. Note that this field cannot be set when 1001 spec.os.name is windows. 1002 format: int64 1003 type: integer 1004 runAsNonRoot: 1005 description: Indicates that the container must run as a non-root 1006 user. If true, the Kubelet will validate the image at runtime 1007 to ensure that it does not run as UID 0 (root) and fail 1008 to start the container if it does. If unset or false, no 1009 such validation will be performed. May also be set in PodSecurityContext. If 1010 set in both SecurityContext and PodSecurityContext, the 1011 value specified in SecurityContext takes precedence. 1012 type: boolean 1013 runAsUser: 1014 description: The UID to run the entrypoint of the container 1015 process. Defaults to user specified in image metadata if 1016 unspecified. May also be set in PodSecurityContext. If 1017 set in both SecurityContext and PodSecurityContext, the 1018 value specified in SecurityContext takes precedence. Note 1019 that this field cannot be set when spec.os.name is windows. 1020 format: int64 1021 type: integer 1022 seLinuxOptions: 1023 description: The SELinux context to be applied to the container. 1024 If unspecified, the container runtime will allocate a random 1025 SELinux context for each container. May also be set in 1026 PodSecurityContext. If set in both SecurityContext and 1027 PodSecurityContext, the value specified in SecurityContext 1028 takes precedence. Note that this field cannot be set when 1029 spec.os.name is windows. 1030 properties: 1031 level: 1032 description: Level is SELinux level label that applies 1033 to the container. 1034 type: string 1035 role: 1036 description: Role is a SELinux role label that applies 1037 to the container. 1038 type: string 1039 type: 1040 description: Type is a SELinux type label that applies 1041 to the container. 1042 type: string 1043 user: 1044 description: User is a SELinux user label that applies 1045 to the container. 1046 type: string 1047 type: object 1048 seccompProfile: 1049 description: The seccomp options to use by this container. 1050 If seccomp options are provided at both the pod & container 1051 level, the container options override the pod options. Note 1052 that this field cannot be set when spec.os.name is windows. 1053 properties: 1054 localhostProfile: 1055 description: localhostProfile indicates a profile defined 1056 in a file on the node should be used. The profile must 1057 be preconfigured on the node to work. Must be a descending 1058 path, relative to the kubelet's configured seccomp profile 1059 location. Must only be set if type is "Localhost". 1060 type: string 1061 type: 1062 description: "type indicates which kind of seccomp profile 1063 will be applied. Valid options are: \n Localhost - a 1064 profile defined in a file on the node should be used. 1065 RuntimeDefault - the container runtime default profile 1066 should be used. Unconfined - no profile should be applied." 1067 type: string 1068 required: 1069 - type 1070 type: object 1071 windowsOptions: 1072 description: The Windows specific settings applied to all 1073 containers. If unspecified, the options from the PodSecurityContext 1074 will be used. If set in both SecurityContext and PodSecurityContext, 1075 the value specified in SecurityContext takes precedence. 1076 Note that this field cannot be set when spec.os.name is 1077 linux. 1078 properties: 1079 gmsaCredentialSpec: 1080 description: GMSACredentialSpec is where the GMSA admission 1081 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1082 inlines the contents of the GMSA credential spec named 1083 by the GMSACredentialSpecName field. 1084 type: string 1085 gmsaCredentialSpecName: 1086 description: GMSACredentialSpecName is the name of the 1087 GMSA credential spec to use. 1088 type: string 1089 hostProcess: 1090 description: HostProcess determines if a container should 1091 be run as a 'Host Process' container. This field is 1092 alpha-level and will only be honored by components that 1093 enable the WindowsHostProcessContainers feature flag. 1094 Setting this field without the feature flag will result 1095 in errors when validating the Pod. All of a Pod's containers 1096 must have the same effective HostProcess value (it is 1097 not allowed to have a mix of HostProcess containers 1098 and non-HostProcess containers). In addition, if HostProcess 1099 is true then HostNetwork must also be set to true. 1100 type: boolean 1101 runAsUserName: 1102 description: The UserName in Windows to run the entrypoint 1103 of the container process. Defaults to the user specified 1104 in image metadata if unspecified. May also be set in 1105 PodSecurityContext. If set in both SecurityContext and 1106 PodSecurityContext, the value specified in SecurityContext 1107 takes precedence. 1108 type: string 1109 type: object 1110 type: object 1111 customCommandRenames: 1112 items: 1113 description: RedisCommandRename defines the specification of 1114 a "rename-command" configuration option 1115 properties: 1116 from: 1117 type: string 1118 to: 1119 type: string 1120 type: object 1121 type: array 1122 customConfig: 1123 items: 1124 type: string 1125 type: array 1126 dnsPolicy: 1127 description: DNSPolicy defines how a pod's DNS will be configured. 1128 type: string 1129 exporter: 1130 description: Exporter defines the specification for the redis/sentinel 1131 exporter 1132 properties: 1133 args: 1134 items: 1135 type: string 1136 type: array 1137 containerSecurityContext: 1138 description: SecurityContext holds security configuration 1139 that will be applied to a container. Some fields are present 1140 in both SecurityContext and PodSecurityContext. When both 1141 are set, the values in SecurityContext take precedence. 1142 properties: 1143 allowPrivilegeEscalation: 1144 description: 'AllowPrivilegeEscalation controls whether 1145 a process can gain more privileges than its parent process. 1146 This bool directly controls if the no_new_privs flag 1147 will be set on the container process. AllowPrivilegeEscalation 1148 is true always when the container is: 1) run as Privileged 1149 2) has CAP_SYS_ADMIN Note that this field cannot be 1150 set when spec.os.name is windows.' 1151 type: boolean 1152 capabilities: 1153 description: The capabilities to add/drop when running 1154 containers. Defaults to the default set of capabilities 1155 granted by the container runtime. Note that this field 1156 cannot be set when spec.os.name is windows. 1157 properties: 1158 add: 1159 description: Added capabilities 1160 items: 1161 description: Capability represent POSIX capabilities 1162 type 1163 type: string 1164 type: array 1165 drop: 1166 description: Removed capabilities 1167 items: 1168 description: Capability represent POSIX capabilities 1169 type 1170 type: string 1171 type: array 1172 type: object 1173 privileged: 1174 description: Run container in privileged mode. Processes 1175 in privileged containers are essentially equivalent 1176 to root on the host. Defaults to false. Note that this 1177 field cannot be set when spec.os.name is windows. 1178 type: boolean 1179 procMount: 1180 description: procMount denotes the type of proc mount 1181 to use for the containers. The default is DefaultProcMount 1182 which uses the container runtime defaults for readonly 1183 paths and masked paths. This requires the ProcMountType 1184 feature flag to be enabled. Note that this field cannot 1185 be set when spec.os.name is windows. 1186 type: string 1187 readOnlyRootFilesystem: 1188 description: Whether this container has a read-only root 1189 filesystem. Default is false. Note that this field cannot 1190 be set when spec.os.name is windows. 1191 type: boolean 1192 runAsGroup: 1193 description: The GID to run the entrypoint of the container 1194 process. Uses runtime default if unset. May also be 1195 set in PodSecurityContext. If set in both SecurityContext 1196 and PodSecurityContext, the value specified in SecurityContext 1197 takes precedence. Note that this field cannot be set 1198 when spec.os.name is windows. 1199 format: int64 1200 type: integer 1201 runAsNonRoot: 1202 description: Indicates that the container must run as 1203 a non-root user. If true, the Kubelet will validate 1204 the image at runtime to ensure that it does not run 1205 as UID 0 (root) and fail to start the container if it 1206 does. If unset or false, no such validation will be 1207 performed. May also be set in PodSecurityContext. If 1208 set in both SecurityContext and PodSecurityContext, 1209 the value specified in SecurityContext takes precedence. 1210 type: boolean 1211 runAsUser: 1212 description: The UID to run the entrypoint of the container 1213 process. Defaults to user specified in image metadata 1214 if unspecified. May also be set in PodSecurityContext. If 1215 set in both SecurityContext and PodSecurityContext, 1216 the value specified in SecurityContext takes precedence. 1217 Note that this field cannot be set when spec.os.name 1218 is windows. 1219 format: int64 1220 type: integer 1221 seLinuxOptions: 1222 description: The SELinux context to be applied to the 1223 container. If unspecified, the container runtime will 1224 allocate a random SELinux context for each container. May 1225 also be set in PodSecurityContext. If set in both SecurityContext 1226 and PodSecurityContext, the value specified in SecurityContext 1227 takes precedence. Note that this field cannot be set 1228 when spec.os.name is windows. 1229 properties: 1230 level: 1231 description: Level is SELinux level label that applies 1232 to the container. 1233 type: string 1234 role: 1235 description: Role is a SELinux role label that applies 1236 to the container. 1237 type: string 1238 type: 1239 description: Type is a SELinux type label that applies 1240 to the container. 1241 type: string 1242 user: 1243 description: User is a SELinux user label that applies 1244 to the container. 1245 type: string 1246 type: object 1247 seccompProfile: 1248 description: The seccomp options to use by this container. 1249 If seccomp options are provided at both the pod & container 1250 level, the container options override the pod options. 1251 Note that this field cannot be set when spec.os.name 1252 is windows. 1253 properties: 1254 localhostProfile: 1255 description: localhostProfile indicates a profile 1256 defined in a file on the node should be used. The 1257 profile must be preconfigured on the node to work. 1258 Must be a descending path, relative to the kubelet's 1259 configured seccomp profile location. Must only be 1260 set if type is "Localhost". 1261 type: string 1262 type: 1263 description: "type indicates which kind of seccomp 1264 profile will be applied. Valid options are: \n Localhost 1265 - a profile defined in a file on the node should 1266 be used. RuntimeDefault - the container runtime 1267 default profile should be used. Unconfined - no 1268 profile should be applied." 1269 type: string 1270 required: 1271 - type 1272 type: object 1273 windowsOptions: 1274 description: The Windows specific settings applied to 1275 all containers. If unspecified, the options from the 1276 PodSecurityContext will be used. If set in both SecurityContext 1277 and PodSecurityContext, the value specified in SecurityContext 1278 takes precedence. Note that this field cannot be set 1279 when spec.os.name is linux. 1280 properties: 1281 gmsaCredentialSpec: 1282 description: GMSACredentialSpec is where the GMSA 1283 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1284 inlines the contents of the GMSA credential spec 1285 named by the GMSACredentialSpecName field. 1286 type: string 1287 gmsaCredentialSpecName: 1288 description: GMSACredentialSpecName is the name of 1289 the GMSA credential spec to use. 1290 type: string 1291 hostProcess: 1292 description: HostProcess determines if a container 1293 should be run as a 'Host Process' container. This 1294 field is alpha-level and will only be honored by 1295 components that enable the WindowsHostProcessContainers 1296 feature flag. Setting this field without the feature 1297 flag will result in errors when validating the Pod. 1298 All of a Pod's containers must have the same effective 1299 HostProcess value (it is not allowed to have a mix 1300 of HostProcess containers and non-HostProcess containers). In 1301 addition, if HostProcess is true then HostNetwork 1302 must also be set to true. 1303 type: boolean 1304 runAsUserName: 1305 description: The UserName in Windows to run the entrypoint 1306 of the container process. Defaults to the user specified 1307 in image metadata if unspecified. May also be set 1308 in PodSecurityContext. If set in both SecurityContext 1309 and PodSecurityContext, the value specified in SecurityContext 1310 takes precedence. 1311 type: string 1312 type: object 1313 type: object 1314 enabled: 1315 type: boolean 1316 env: 1317 items: 1318 description: EnvVar represents an environment variable present 1319 in a Container. 1320 properties: 1321 name: 1322 description: Name of the environment variable. Must 1323 be a C_IDENTIFIER. 1324 type: string 1325 value: 1326 description: 'Variable references $(VAR_NAME) are expanded 1327 using the previously defined environment variables 1328 in the container and any service environment variables. 1329 If a variable cannot be resolved, the reference in 1330 the input string will be unchanged. Double $$ are 1331 reduced to a single $, which allows for escaping the 1332 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 1333 the string literal "$(VAR_NAME)". Escaped references 1334 will never be expanded, regardless of whether the 1335 variable exists or not. Defaults to "".' 1336 type: string 1337 valueFrom: 1338 description: Source for the environment variable's value. 1339 Cannot be used if value is not empty. 1340 properties: 1341 configMapKeyRef: 1342 description: Selects a key of a ConfigMap. 1343 properties: 1344 key: 1345 description: The key to select. 1346 type: string 1347 name: 1348 description: 'Name of the referent. More info: 1349 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1350 TODO: Add other useful fields. apiVersion, 1351 kind, uid?' 1352 type: string 1353 optional: 1354 description: Specify whether the ConfigMap or 1355 its key must be defined 1356 type: boolean 1357 required: 1358 - key 1359 type: object 1360 fieldRef: 1361 description: 'Selects a field of the pod: supports 1362 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1363 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1364 spec.serviceAccountName, status.hostIP, status.podIP, 1365 status.podIPs.' 1366 properties: 1367 apiVersion: 1368 description: Version of the schema the FieldPath 1369 is written in terms of, defaults to "v1". 1370 type: string 1371 fieldPath: 1372 description: Path of the field to select in 1373 the specified API version. 1374 type: string 1375 required: 1376 - fieldPath 1377 type: object 1378 resourceFieldRef: 1379 description: 'Selects a resource of the container: 1380 only resources limits and requests (limits.cpu, 1381 limits.memory, limits.ephemeral-storage, requests.cpu, 1382 requests.memory and requests.ephemeral-storage) 1383 are currently supported.' 1384 properties: 1385 containerName: 1386 description: 'Container name: required for volumes, 1387 optional for env vars' 1388 type: string 1389 divisor: 1390 anyOf: 1391 - type: integer 1392 - type: string 1393 description: Specifies the output format of 1394 the exposed resources, defaults to "1" 1395 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1396 x-kubernetes-int-or-string: true 1397 resource: 1398 description: 'Required: resource to select' 1399 type: string 1400 required: 1401 - resource 1402 type: object 1403 secretKeyRef: 1404 description: Selects a key of a secret in the pod's 1405 namespace 1406 properties: 1407 key: 1408 description: The key of the secret to select 1409 from. Must be a valid secret key. 1410 type: string 1411 name: 1412 description: 'Name of the referent. More info: 1413 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1414 TODO: Add other useful fields. apiVersion, 1415 kind, uid?' 1416 type: string 1417 optional: 1418 description: Specify whether the Secret or its 1419 key must be defined 1420 type: boolean 1421 required: 1422 - key 1423 type: object 1424 type: object 1425 required: 1426 - name 1427 type: object 1428 type: array 1429 image: 1430 type: string 1431 imagePullPolicy: 1432 description: PullPolicy describes a policy for if/when to 1433 pull a container image 1434 type: string 1435 resources: 1436 description: ResourceRequirements describes the compute resource 1437 requirements. 1438 properties: 1439 limits: 1440 additionalProperties: 1441 anyOf: 1442 - type: integer 1443 - type: string 1444 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1445 x-kubernetes-int-or-string: true 1446 description: 'Limits describes the maximum amount of compute 1447 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1448 type: object 1449 requests: 1450 additionalProperties: 1451 anyOf: 1452 - type: integer 1453 - type: string 1454 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1455 x-kubernetes-int-or-string: true 1456 description: 'Requests describes the minimum amount of 1457 compute resources required. If Requests is omitted for 1458 a container, it defaults to Limits if that is explicitly 1459 specified, otherwise to an implementation-defined value. 1460 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1461 type: object 1462 type: object 1463 type: object 1464 extraContainers: 1465 items: 1466 description: A single application container that you want to 1467 run within a pod. 1468 properties: 1469 args: 1470 description: 'Arguments to the entrypoint. The container 1471 image''s CMD is used if this is not provided. Variable 1472 references $(VAR_NAME) are expanded using the container''s 1473 environment. If a variable cannot be resolved, the reference 1474 in the input string will be unchanged. Double $$ are reduced 1475 to a single $, which allows for escaping the $(VAR_NAME) 1476 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 1477 "$(VAR_NAME)". Escaped references will never be expanded, 1478 regardless of whether the variable exists or not. Cannot 1479 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1480 items: 1481 type: string 1482 type: array 1483 command: 1484 description: 'Entrypoint array. Not executed within a shell. 1485 The container image''s ENTRYPOINT is used if this is not 1486 provided. Variable references $(VAR_NAME) are expanded 1487 using the container''s environment. If a variable cannot 1488 be resolved, the reference in the input string will be 1489 unchanged. Double $$ are reduced to a single $, which 1490 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1491 will produce the string literal "$(VAR_NAME)". Escaped 1492 references will never be expanded, regardless of whether 1493 the variable exists or not. Cannot be updated. More info: 1494 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1495 items: 1496 type: string 1497 type: array 1498 env: 1499 description: List of environment variables to set in the 1500 container. Cannot be updated. 1501 items: 1502 description: EnvVar represents an environment variable 1503 present in a Container. 1504 properties: 1505 name: 1506 description: Name of the environment variable. Must 1507 be a C_IDENTIFIER. 1508 type: string 1509 value: 1510 description: 'Variable references $(VAR_NAME) are 1511 expanded using the previously defined environment 1512 variables in the container and any service environment 1513 variables. If a variable cannot be resolved, the 1514 reference in the input string will be unchanged. 1515 Double $$ are reduced to a single $, which allows 1516 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1517 will produce the string literal "$(VAR_NAME)". Escaped 1518 references will never be expanded, regardless of 1519 whether the variable exists or not. Defaults to 1520 "".' 1521 type: string 1522 valueFrom: 1523 description: Source for the environment variable's 1524 value. Cannot be used if value is not empty. 1525 properties: 1526 configMapKeyRef: 1527 description: Selects a key of a ConfigMap. 1528 properties: 1529 key: 1530 description: The key to select. 1531 type: string 1532 name: 1533 description: 'Name of the referent. More info: 1534 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1535 TODO: Add other useful fields. apiVersion, 1536 kind, uid?' 1537 type: string 1538 optional: 1539 description: Specify whether the ConfigMap 1540 or its key must be defined 1541 type: boolean 1542 required: 1543 - key 1544 type: object 1545 fieldRef: 1546 description: 'Selects a field of the pod: supports 1547 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1548 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1549 spec.serviceAccountName, status.hostIP, status.podIP, 1550 status.podIPs.' 1551 properties: 1552 apiVersion: 1553 description: Version of the schema the FieldPath 1554 is written in terms of, defaults to "v1". 1555 type: string 1556 fieldPath: 1557 description: Path of the field to select in 1558 the specified API version. 1559 type: string 1560 required: 1561 - fieldPath 1562 type: object 1563 resourceFieldRef: 1564 description: 'Selects a resource of the container: 1565 only resources limits and requests (limits.cpu, 1566 limits.memory, limits.ephemeral-storage, requests.cpu, 1567 requests.memory and requests.ephemeral-storage) 1568 are currently supported.' 1569 properties: 1570 containerName: 1571 description: 'Container name: required for 1572 volumes, optional for env vars' 1573 type: string 1574 divisor: 1575 anyOf: 1576 - type: integer 1577 - type: string 1578 description: Specifies the output format of 1579 the exposed resources, defaults to "1" 1580 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1581 x-kubernetes-int-or-string: true 1582 resource: 1583 description: 'Required: resource to select' 1584 type: string 1585 required: 1586 - resource 1587 type: object 1588 secretKeyRef: 1589 description: Selects a key of a secret in the 1590 pod's namespace 1591 properties: 1592 key: 1593 description: The key of the secret to select 1594 from. Must be a valid secret key. 1595 type: string 1596 name: 1597 description: 'Name of the referent. More info: 1598 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1599 TODO: Add other useful fields. apiVersion, 1600 kind, uid?' 1601 type: string 1602 optional: 1603 description: Specify whether the Secret or 1604 its key must be defined 1605 type: boolean 1606 required: 1607 - key 1608 type: object 1609 type: object 1610 required: 1611 - name 1612 type: object 1613 type: array 1614 envFrom: 1615 description: List of sources to populate environment variables 1616 in the container. The keys defined within a source must 1617 be a C_IDENTIFIER. All invalid keys will be reported as 1618 an event when the container is starting. When a key exists 1619 in multiple sources, the value associated with the last 1620 source will take precedence. Values defined by an Env 1621 with a duplicate key will take precedence. Cannot be updated. 1622 items: 1623 description: EnvFromSource represents the source of a 1624 set of ConfigMaps 1625 properties: 1626 configMapRef: 1627 description: The ConfigMap to select from 1628 properties: 1629 name: 1630 description: 'Name of the referent. More info: 1631 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1632 TODO: Add other useful fields. apiVersion, kind, 1633 uid?' 1634 type: string 1635 optional: 1636 description: Specify whether the ConfigMap must 1637 be defined 1638 type: boolean 1639 type: object 1640 prefix: 1641 description: An optional identifier to prepend to 1642 each key in the ConfigMap. Must be a C_IDENTIFIER. 1643 type: string 1644 secretRef: 1645 description: The Secret to select from 1646 properties: 1647 name: 1648 description: 'Name of the referent. More info: 1649 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1650 TODO: Add other useful fields. apiVersion, kind, 1651 uid?' 1652 type: string 1653 optional: 1654 description: Specify whether the Secret must be 1655 defined 1656 type: boolean 1657 type: object 1658 type: object 1659 type: array 1660 image: 1661 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1662 This field is optional to allow higher level config management 1663 to default or override container images in workload controllers 1664 like Deployments and StatefulSets.' 1665 type: string 1666 imagePullPolicy: 1667 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1668 Defaults to Always if :latest tag is specified, or IfNotPresent 1669 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1670 type: string 1671 lifecycle: 1672 description: Actions that the management system should take 1673 in response to container lifecycle events. Cannot be updated. 1674 properties: 1675 postStart: 1676 description: 'PostStart is called immediately after 1677 a container is created. If the handler fails, the 1678 container is terminated and restarted according to 1679 its restart policy. Other management of the container 1680 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1681 properties: 1682 exec: 1683 description: Exec specifies the action to take. 1684 properties: 1685 command: 1686 description: Command is the command line to 1687 execute inside the container, the working 1688 directory for the command is root ('/') in 1689 the container's filesystem. The command is 1690 simply exec'd, it is not run inside a shell, 1691 so traditional shell instructions ('|', etc) 1692 won't work. To use a shell, you need to explicitly 1693 call out to that shell. Exit status of 0 is 1694 treated as live/healthy and non-zero is unhealthy. 1695 items: 1696 type: string 1697 type: array 1698 type: object 1699 httpGet: 1700 description: HTTPGet specifies the http request 1701 to perform. 1702 properties: 1703 host: 1704 description: Host name to connect to, defaults 1705 to the pod IP. You probably want to set "Host" 1706 in httpHeaders instead. 1707 type: string 1708 httpHeaders: 1709 description: Custom headers to set in the request. 1710 HTTP allows repeated headers. 1711 items: 1712 description: HTTPHeader describes a custom 1713 header to be used in HTTP probes 1714 properties: 1715 name: 1716 description: The header field name 1717 type: string 1718 value: 1719 description: The header field value 1720 type: string 1721 required: 1722 - name 1723 - value 1724 type: object 1725 type: array 1726 path: 1727 description: Path to access on the HTTP server. 1728 type: string 1729 port: 1730 anyOf: 1731 - type: integer 1732 - type: string 1733 description: Name or number of the port to access 1734 on the container. Number must be in the range 1735 1 to 65535. Name must be an IANA_SVC_NAME. 1736 x-kubernetes-int-or-string: true 1737 scheme: 1738 description: Scheme to use for connecting to 1739 the host. Defaults to HTTP. 1740 type: string 1741 required: 1742 - port 1743 type: object 1744 tcpSocket: 1745 description: Deprecated. TCPSocket is NOT supported 1746 as a LifecycleHandler and kept for the backward 1747 compatibility. There are no validation of this 1748 field and lifecycle hooks will fail in runtime 1749 when tcp handler is specified. 1750 properties: 1751 host: 1752 description: 'Optional: Host name to connect 1753 to, defaults to the pod IP.' 1754 type: string 1755 port: 1756 anyOf: 1757 - type: integer 1758 - type: string 1759 description: Number or name of the port to access 1760 on the container. Number must be in the range 1761 1 to 65535. Name must be an IANA_SVC_NAME. 1762 x-kubernetes-int-or-string: true 1763 required: 1764 - port 1765 type: object 1766 type: object 1767 preStop: 1768 description: 'PreStop is called immediately before a 1769 container is terminated due to an API request or management 1770 event such as liveness/startup probe failure, preemption, 1771 resource contention, etc. The handler is not called 1772 if the container crashes or exits. The Pod''s termination 1773 grace period countdown begins before the PreStop hook 1774 is executed. Regardless of the outcome of the handler, 1775 the container will eventually terminate within the 1776 Pod''s termination grace period (unless delayed by 1777 finalizers). Other management of the container blocks 1778 until the hook completes or until the termination 1779 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1780 properties: 1781 exec: 1782 description: Exec specifies the action to take. 1783 properties: 1784 command: 1785 description: Command is the command line to 1786 execute inside the container, the working 1787 directory for the command is root ('/') in 1788 the container's filesystem. The command is 1789 simply exec'd, it is not run inside a shell, 1790 so traditional shell instructions ('|', etc) 1791 won't work. To use a shell, you need to explicitly 1792 call out to that shell. Exit status of 0 is 1793 treated as live/healthy and non-zero is unhealthy. 1794 items: 1795 type: string 1796 type: array 1797 type: object 1798 httpGet: 1799 description: HTTPGet specifies the http request 1800 to perform. 1801 properties: 1802 host: 1803 description: Host name to connect to, defaults 1804 to the pod IP. You probably want to set "Host" 1805 in httpHeaders instead. 1806 type: string 1807 httpHeaders: 1808 description: Custom headers to set in the request. 1809 HTTP allows repeated headers. 1810 items: 1811 description: HTTPHeader describes a custom 1812 header to be used in HTTP probes 1813 properties: 1814 name: 1815 description: The header field name 1816 type: string 1817 value: 1818 description: The header field value 1819 type: string 1820 required: 1821 - name 1822 - value 1823 type: object 1824 type: array 1825 path: 1826 description: Path to access on the HTTP server. 1827 type: string 1828 port: 1829 anyOf: 1830 - type: integer 1831 - type: string 1832 description: Name or number of the port to access 1833 on the container. Number must be in the range 1834 1 to 65535. Name must be an IANA_SVC_NAME. 1835 x-kubernetes-int-or-string: true 1836 scheme: 1837 description: Scheme to use for connecting to 1838 the host. Defaults to HTTP. 1839 type: string 1840 required: 1841 - port 1842 type: object 1843 tcpSocket: 1844 description: Deprecated. TCPSocket is NOT supported 1845 as a LifecycleHandler and kept for the backward 1846 compatibility. There are no validation of this 1847 field and lifecycle hooks will fail in runtime 1848 when tcp handler is specified. 1849 properties: 1850 host: 1851 description: 'Optional: Host name to connect 1852 to, defaults to the pod IP.' 1853 type: string 1854 port: 1855 anyOf: 1856 - type: integer 1857 - type: string 1858 description: Number or name of the port to access 1859 on the container. Number must be in the range 1860 1 to 65535. Name must be an IANA_SVC_NAME. 1861 x-kubernetes-int-or-string: true 1862 required: 1863 - port 1864 type: object 1865 type: object 1866 type: object 1867 livenessProbe: 1868 description: 'Periodic probe of container liveness. Container 1869 will be restarted if the probe fails. Cannot be updated. 1870 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1871 properties: 1872 exec: 1873 description: Exec specifies the action to take. 1874 properties: 1875 command: 1876 description: Command is the command line to execute 1877 inside the container, the working directory for 1878 the command is root ('/') in the container's 1879 filesystem. The command is simply exec'd, it is 1880 not run inside a shell, so traditional shell instructions 1881 ('|', etc) won't work. To use a shell, you need 1882 to explicitly call out to that shell. Exit status 1883 of 0 is treated as live/healthy and non-zero is 1884 unhealthy. 1885 items: 1886 type: string 1887 type: array 1888 type: object 1889 failureThreshold: 1890 description: Minimum consecutive failures for the probe 1891 to be considered failed after having succeeded. Defaults 1892 to 3. Minimum value is 1. 1893 format: int32 1894 type: integer 1895 grpc: 1896 description: GRPC specifies an action involving a GRPC 1897 port. This is a beta field and requires enabling GRPCContainerProbe 1898 feature gate. 1899 properties: 1900 port: 1901 description: Port number of the gRPC service. Number 1902 must be in the range 1 to 65535. 1903 format: int32 1904 type: integer 1905 service: 1906 description: "Service is the name of the service 1907 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1908 \n If this is not specified, the default behavior 1909 is defined by gRPC." 1910 type: string 1911 required: 1912 - port 1913 type: object 1914 httpGet: 1915 description: HTTPGet specifies the http request to perform. 1916 properties: 1917 host: 1918 description: Host name to connect to, defaults to 1919 the pod IP. You probably want to set "Host" in 1920 httpHeaders instead. 1921 type: string 1922 httpHeaders: 1923 description: Custom headers to set in the request. 1924 HTTP allows repeated headers. 1925 items: 1926 description: HTTPHeader describes a custom header 1927 to be used in HTTP probes 1928 properties: 1929 name: 1930 description: The header field name 1931 type: string 1932 value: 1933 description: The header field value 1934 type: string 1935 required: 1936 - name 1937 - value 1938 type: object 1939 type: array 1940 path: 1941 description: Path to access on the HTTP server. 1942 type: string 1943 port: 1944 anyOf: 1945 - type: integer 1946 - type: string 1947 description: Name or number of the port to access 1948 on the container. Number must be in the range 1949 1 to 65535. Name must be an IANA_SVC_NAME. 1950 x-kubernetes-int-or-string: true 1951 scheme: 1952 description: Scheme to use for connecting to the 1953 host. Defaults to HTTP. 1954 type: string 1955 required: 1956 - port 1957 type: object 1958 initialDelaySeconds: 1959 description: 'Number of seconds after the container 1960 has started before liveness probes are initiated. 1961 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1962 format: int32 1963 type: integer 1964 periodSeconds: 1965 description: How often (in seconds) to perform the probe. 1966 Default to 10 seconds. Minimum value is 1. 1967 format: int32 1968 type: integer 1969 successThreshold: 1970 description: Minimum consecutive successes for the probe 1971 to be considered successful after having failed. Defaults 1972 to 1. Must be 1 for liveness and startup. Minimum 1973 value is 1. 1974 format: int32 1975 type: integer 1976 tcpSocket: 1977 description: TCPSocket specifies an action involving 1978 a TCP port. 1979 properties: 1980 host: 1981 description: 'Optional: Host name to connect to, 1982 defaults to the pod IP.' 1983 type: string 1984 port: 1985 anyOf: 1986 - type: integer 1987 - type: string 1988 description: Number or name of the port to access 1989 on the container. Number must be in the range 1990 1 to 65535. Name must be an IANA_SVC_NAME. 1991 x-kubernetes-int-or-string: true 1992 required: 1993 - port 1994 type: object 1995 terminationGracePeriodSeconds: 1996 description: Optional duration in seconds the pod needs 1997 to terminate gracefully upon probe failure. The grace 1998 period is the duration in seconds after the processes 1999 running in the pod are sent a termination signal and 2000 the time when the processes are forcibly halted with 2001 a kill signal. Set this value longer than the expected 2002 cleanup time for your process. If this value is nil, 2003 the pod's terminationGracePeriodSeconds will be used. 2004 Otherwise, this value overrides the value provided 2005 by the pod spec. Value must be non-negative integer. 2006 The value zero indicates stop immediately via the 2007 kill signal (no opportunity to shut down). This is 2008 a beta field and requires enabling ProbeTerminationGracePeriod 2009 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2010 is used if unset. 2011 format: int64 2012 type: integer 2013 timeoutSeconds: 2014 description: 'Number of seconds after which the probe 2015 times out. Defaults to 1 second. Minimum value is 2016 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2017 format: int32 2018 type: integer 2019 type: object 2020 name: 2021 description: Name of the container specified as a DNS_LABEL. 2022 Each container in a pod must have a unique name (DNS_LABEL). 2023 Cannot be updated. 2024 type: string 2025 ports: 2026 description: List of ports to expose from the container. 2027 Exposing a port here gives the system additional information 2028 about the network connections a container uses, but is 2029 primarily informational. Not specifying a port here DOES 2030 NOT prevent that port from being exposed. Any port which 2031 is listening on the default "0.0.0.0" address inside a 2032 container will be accessible from the network. Cannot 2033 be updated. 2034 items: 2035 description: ContainerPort represents a network port in 2036 a single container. 2037 properties: 2038 containerPort: 2039 description: Number of port to expose on the pod's 2040 IP address. This must be a valid port number, 0 2041 < x < 65536. 2042 format: int32 2043 type: integer 2044 hostIP: 2045 description: What host IP to bind the external port 2046 to. 2047 type: string 2048 hostPort: 2049 description: Number of port to expose on the host. 2050 If specified, this must be a valid port number, 2051 0 < x < 65536. If HostNetwork is specified, this 2052 must match ContainerPort. Most containers do not 2053 need this. 2054 format: int32 2055 type: integer 2056 name: 2057 description: If specified, this must be an IANA_SVC_NAME 2058 and unique within the pod. Each named port in a 2059 pod must have a unique name. Name for the port that 2060 can be referred to by services. 2061 type: string 2062 protocol: 2063 default: TCP 2064 description: Protocol for port. Must be UDP, TCP, 2065 or SCTP. Defaults to "TCP". 2066 type: string 2067 required: 2068 - containerPort 2069 type: object 2070 type: array 2071 x-kubernetes-list-map-keys: 2072 - containerPort 2073 - protocol 2074 x-kubernetes-list-type: map 2075 readinessProbe: 2076 description: 'Periodic probe of container service readiness. 2077 Container will be removed from service endpoints if the 2078 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2079 properties: 2080 exec: 2081 description: Exec specifies the action to take. 2082 properties: 2083 command: 2084 description: Command is the command line to execute 2085 inside the container, the working directory for 2086 the command is root ('/') in the container's 2087 filesystem. The command is simply exec'd, it is 2088 not run inside a shell, so traditional shell instructions 2089 ('|', etc) won't work. To use a shell, you need 2090 to explicitly call out to that shell. Exit status 2091 of 0 is treated as live/healthy and non-zero is 2092 unhealthy. 2093 items: 2094 type: string 2095 type: array 2096 type: object 2097 failureThreshold: 2098 description: Minimum consecutive failures for the probe 2099 to be considered failed after having succeeded. Defaults 2100 to 3. Minimum value is 1. 2101 format: int32 2102 type: integer 2103 grpc: 2104 description: GRPC specifies an action involving a GRPC 2105 port. This is a beta field and requires enabling GRPCContainerProbe 2106 feature gate. 2107 properties: 2108 port: 2109 description: Port number of the gRPC service. Number 2110 must be in the range 1 to 65535. 2111 format: int32 2112 type: integer 2113 service: 2114 description: "Service is the name of the service 2115 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2116 \n If this is not specified, the default behavior 2117 is defined by gRPC." 2118 type: string 2119 required: 2120 - port 2121 type: object 2122 httpGet: 2123 description: HTTPGet specifies the http request to perform. 2124 properties: 2125 host: 2126 description: Host name to connect to, defaults to 2127 the pod IP. You probably want to set "Host" in 2128 httpHeaders instead. 2129 type: string 2130 httpHeaders: 2131 description: Custom headers to set in the request. 2132 HTTP allows repeated headers. 2133 items: 2134 description: HTTPHeader describes a custom header 2135 to be used in HTTP probes 2136 properties: 2137 name: 2138 description: The header field name 2139 type: string 2140 value: 2141 description: The header field value 2142 type: string 2143 required: 2144 - name 2145 - value 2146 type: object 2147 type: array 2148 path: 2149 description: Path to access on the HTTP server. 2150 type: string 2151 port: 2152 anyOf: 2153 - type: integer 2154 - type: string 2155 description: Name or number of the port to access 2156 on the container. Number must be in the range 2157 1 to 65535. Name must be an IANA_SVC_NAME. 2158 x-kubernetes-int-or-string: true 2159 scheme: 2160 description: Scheme to use for connecting to the 2161 host. Defaults to HTTP. 2162 type: string 2163 required: 2164 - port 2165 type: object 2166 initialDelaySeconds: 2167 description: 'Number of seconds after the container 2168 has started before liveness probes are initiated. 2169 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2170 format: int32 2171 type: integer 2172 periodSeconds: 2173 description: How often (in seconds) to perform the probe. 2174 Default to 10 seconds. Minimum value is 1. 2175 format: int32 2176 type: integer 2177 successThreshold: 2178 description: Minimum consecutive successes for the probe 2179 to be considered successful after having failed. Defaults 2180 to 1. Must be 1 for liveness and startup. Minimum 2181 value is 1. 2182 format: int32 2183 type: integer 2184 tcpSocket: 2185 description: TCPSocket specifies an action involving 2186 a TCP port. 2187 properties: 2188 host: 2189 description: 'Optional: Host name to connect to, 2190 defaults to the pod IP.' 2191 type: string 2192 port: 2193 anyOf: 2194 - type: integer 2195 - type: string 2196 description: Number or name of the port to access 2197 on the container. Number must be in the range 2198 1 to 65535. Name must be an IANA_SVC_NAME. 2199 x-kubernetes-int-or-string: true 2200 required: 2201 - port 2202 type: object 2203 terminationGracePeriodSeconds: 2204 description: Optional duration in seconds the pod needs 2205 to terminate gracefully upon probe failure. The grace 2206 period is the duration in seconds after the processes 2207 running in the pod are sent a termination signal and 2208 the time when the processes are forcibly halted with 2209 a kill signal. Set this value longer than the expected 2210 cleanup time for your process. If this value is nil, 2211 the pod's terminationGracePeriodSeconds will be used. 2212 Otherwise, this value overrides the value provided 2213 by the pod spec. Value must be non-negative integer. 2214 The value zero indicates stop immediately via the 2215 kill signal (no opportunity to shut down). This is 2216 a beta field and requires enabling ProbeTerminationGracePeriod 2217 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2218 is used if unset. 2219 format: int64 2220 type: integer 2221 timeoutSeconds: 2222 description: 'Number of seconds after which the probe 2223 times out. Defaults to 1 second. Minimum value is 2224 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2225 format: int32 2226 type: integer 2227 type: object 2228 resources: 2229 description: 'Compute Resources required by this container. 2230 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2231 properties: 2232 limits: 2233 additionalProperties: 2234 anyOf: 2235 - type: integer 2236 - type: string 2237 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2238 x-kubernetes-int-or-string: true 2239 description: 'Limits describes the maximum amount of 2240 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2241 type: object 2242 requests: 2243 additionalProperties: 2244 anyOf: 2245 - type: integer 2246 - type: string 2247 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2248 x-kubernetes-int-or-string: true 2249 description: 'Requests describes the minimum amount 2250 of compute resources required. If Requests is omitted 2251 for a container, it defaults to Limits if that is 2252 explicitly specified, otherwise to an implementation-defined 2253 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2254 type: object 2255 type: object 2256 securityContext: 2257 description: 'SecurityContext defines the security options 2258 the container should be run with. If set, the fields of 2259 SecurityContext override the equivalent fields of PodSecurityContext. 2260 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2261 properties: 2262 allowPrivilegeEscalation: 2263 description: 'AllowPrivilegeEscalation controls whether 2264 a process can gain more privileges than its parent 2265 process. This bool directly controls if the no_new_privs 2266 flag will be set on the container process. AllowPrivilegeEscalation 2267 is true always when the container is: 1) run as Privileged 2268 2) has CAP_SYS_ADMIN Note that this field cannot be 2269 set when spec.os.name is windows.' 2270 type: boolean 2271 capabilities: 2272 description: The capabilities to add/drop when running 2273 containers. Defaults to the default set of capabilities 2274 granted by the container runtime. Note that this field 2275 cannot be set when spec.os.name is windows. 2276 properties: 2277 add: 2278 description: Added capabilities 2279 items: 2280 description: Capability represent POSIX capabilities 2281 type 2282 type: string 2283 type: array 2284 drop: 2285 description: Removed capabilities 2286 items: 2287 description: Capability represent POSIX capabilities 2288 type 2289 type: string 2290 type: array 2291 type: object 2292 privileged: 2293 description: Run container in privileged mode. Processes 2294 in privileged containers are essentially equivalent 2295 to root on the host. Defaults to false. Note that 2296 this field cannot be set when spec.os.name is windows. 2297 type: boolean 2298 procMount: 2299 description: procMount denotes the type of proc mount 2300 to use for the containers. The default is DefaultProcMount 2301 which uses the container runtime defaults for readonly 2302 paths and masked paths. This requires the ProcMountType 2303 feature flag to be enabled. Note that this field cannot 2304 be set when spec.os.name is windows. 2305 type: string 2306 readOnlyRootFilesystem: 2307 description: Whether this container has a read-only 2308 root filesystem. Default is false. Note that this 2309 field cannot be set when spec.os.name is windows. 2310 type: boolean 2311 runAsGroup: 2312 description: The GID to run the entrypoint of the container 2313 process. Uses runtime default if unset. May also be 2314 set in PodSecurityContext. If set in both SecurityContext 2315 and PodSecurityContext, the value specified in SecurityContext 2316 takes precedence. Note that this field cannot be set 2317 when spec.os.name is windows. 2318 format: int64 2319 type: integer 2320 runAsNonRoot: 2321 description: Indicates that the container must run as 2322 a non-root user. If true, the Kubelet will validate 2323 the image at runtime to ensure that it does not run 2324 as UID 0 (root) and fail to start the container if 2325 it does. If unset or false, no such validation will 2326 be performed. May also be set in PodSecurityContext. If 2327 set in both SecurityContext and PodSecurityContext, 2328 the value specified in SecurityContext takes precedence. 2329 type: boolean 2330 runAsUser: 2331 description: The UID to run the entrypoint of the container 2332 process. Defaults to user specified in image metadata 2333 if unspecified. May also be set in PodSecurityContext. If 2334 set in both SecurityContext and PodSecurityContext, 2335 the value specified in SecurityContext takes precedence. 2336 Note that this field cannot be set when spec.os.name 2337 is windows. 2338 format: int64 2339 type: integer 2340 seLinuxOptions: 2341 description: The SELinux context to be applied to the 2342 container. If unspecified, the container runtime will 2343 allocate a random SELinux context for each container. May 2344 also be set in PodSecurityContext. If set in both 2345 SecurityContext and PodSecurityContext, the value 2346 specified in SecurityContext takes precedence. Note 2347 that this field cannot be set when spec.os.name is 2348 windows. 2349 properties: 2350 level: 2351 description: Level is SELinux level label that applies 2352 to the container. 2353 type: string 2354 role: 2355 description: Role is a SELinux role label that applies 2356 to the container. 2357 type: string 2358 type: 2359 description: Type is a SELinux type label that applies 2360 to the container. 2361 type: string 2362 user: 2363 description: User is a SELinux user label that applies 2364 to the container. 2365 type: string 2366 type: object 2367 seccompProfile: 2368 description: The seccomp options to use by this container. 2369 If seccomp options are provided at both the pod & 2370 container level, the container options override the 2371 pod options. Note that this field cannot be set when 2372 spec.os.name is windows. 2373 properties: 2374 localhostProfile: 2375 description: localhostProfile indicates a profile 2376 defined in a file on the node should be used. 2377 The profile must be preconfigured on the node 2378 to work. Must be a descending path, relative to 2379 the kubelet's configured seccomp profile location. 2380 Must only be set if type is "Localhost". 2381 type: string 2382 type: 2383 description: "type indicates which kind of seccomp 2384 profile will be applied. Valid options are: \n 2385 Localhost - a profile defined in a file on the 2386 node should be used. RuntimeDefault - the container 2387 runtime default profile should be used. Unconfined 2388 - no profile should be applied." 2389 type: string 2390 required: 2391 - type 2392 type: object 2393 windowsOptions: 2394 description: The Windows specific settings applied to 2395 all containers. If unspecified, the options from the 2396 PodSecurityContext will be used. If set in both SecurityContext 2397 and PodSecurityContext, the value specified in SecurityContext 2398 takes precedence. Note that this field cannot be set 2399 when spec.os.name is linux. 2400 properties: 2401 gmsaCredentialSpec: 2402 description: GMSACredentialSpec is where the GMSA 2403 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2404 inlines the contents of the GMSA credential spec 2405 named by the GMSACredentialSpecName field. 2406 type: string 2407 gmsaCredentialSpecName: 2408 description: GMSACredentialSpecName is the name 2409 of the GMSA credential spec to use. 2410 type: string 2411 hostProcess: 2412 description: HostProcess determines if a container 2413 should be run as a 'Host Process' container. This 2414 field is alpha-level and will only be honored 2415 by components that enable the WindowsHostProcessContainers 2416 feature flag. Setting this field without the feature 2417 flag will result in errors when validating the 2418 Pod. All of a Pod's containers must have the same 2419 effective HostProcess value (it is not allowed 2420 to have a mix of HostProcess containers and non-HostProcess 2421 containers). In addition, if HostProcess is true 2422 then HostNetwork must also be set to true. 2423 type: boolean 2424 runAsUserName: 2425 description: The UserName in Windows to run the 2426 entrypoint of the container process. Defaults 2427 to the user specified in image metadata if unspecified. 2428 May also be set in PodSecurityContext. If set 2429 in both SecurityContext and PodSecurityContext, 2430 the value specified in SecurityContext takes precedence. 2431 type: string 2432 type: object 2433 type: object 2434 startupProbe: 2435 description: 'StartupProbe indicates that the Pod has successfully 2436 initialized. If specified, no other probes are executed 2437 until this completes successfully. If this probe fails, 2438 the Pod will be restarted, just as if the livenessProbe 2439 failed. This can be used to provide different probe parameters 2440 at the beginning of a Pod''s lifecycle, when it might 2441 take a long time to load data or warm a cache, than during 2442 steady-state operation. This cannot be updated. More info: 2443 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2444 properties: 2445 exec: 2446 description: Exec specifies the action to take. 2447 properties: 2448 command: 2449 description: Command is the command line to execute 2450 inside the container, the working directory for 2451 the command is root ('/') in the container's 2452 filesystem. The command is simply exec'd, it is 2453 not run inside a shell, so traditional shell instructions 2454 ('|', etc) won't work. To use a shell, you need 2455 to explicitly call out to that shell. Exit status 2456 of 0 is treated as live/healthy and non-zero is 2457 unhealthy. 2458 items: 2459 type: string 2460 type: array 2461 type: object 2462 failureThreshold: 2463 description: Minimum consecutive failures for the probe 2464 to be considered failed after having succeeded. Defaults 2465 to 3. Minimum value is 1. 2466 format: int32 2467 type: integer 2468 grpc: 2469 description: GRPC specifies an action involving a GRPC 2470 port. This is a beta field and requires enabling GRPCContainerProbe 2471 feature gate. 2472 properties: 2473 port: 2474 description: Port number of the gRPC service. Number 2475 must be in the range 1 to 65535. 2476 format: int32 2477 type: integer 2478 service: 2479 description: "Service is the name of the service 2480 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2481 \n If this is not specified, the default behavior 2482 is defined by gRPC." 2483 type: string 2484 required: 2485 - port 2486 type: object 2487 httpGet: 2488 description: HTTPGet specifies the http request to perform. 2489 properties: 2490 host: 2491 description: Host name to connect to, defaults to 2492 the pod IP. You probably want to set "Host" in 2493 httpHeaders instead. 2494 type: string 2495 httpHeaders: 2496 description: Custom headers to set in the request. 2497 HTTP allows repeated headers. 2498 items: 2499 description: HTTPHeader describes a custom header 2500 to be used in HTTP probes 2501 properties: 2502 name: 2503 description: The header field name 2504 type: string 2505 value: 2506 description: The header field value 2507 type: string 2508 required: 2509 - name 2510 - value 2511 type: object 2512 type: array 2513 path: 2514 description: Path to access on the HTTP server. 2515 type: string 2516 port: 2517 anyOf: 2518 - type: integer 2519 - type: string 2520 description: Name or number of the port to access 2521 on the container. Number must be in the range 2522 1 to 65535. Name must be an IANA_SVC_NAME. 2523 x-kubernetes-int-or-string: true 2524 scheme: 2525 description: Scheme to use for connecting to the 2526 host. Defaults to HTTP. 2527 type: string 2528 required: 2529 - port 2530 type: object 2531 initialDelaySeconds: 2532 description: 'Number of seconds after the container 2533 has started before liveness probes are initiated. 2534 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2535 format: int32 2536 type: integer 2537 periodSeconds: 2538 description: How often (in seconds) to perform the probe. 2539 Default to 10 seconds. Minimum value is 1. 2540 format: int32 2541 type: integer 2542 successThreshold: 2543 description: Minimum consecutive successes for the probe 2544 to be considered successful after having failed. Defaults 2545 to 1. Must be 1 for liveness and startup. Minimum 2546 value is 1. 2547 format: int32 2548 type: integer 2549 tcpSocket: 2550 description: TCPSocket specifies an action involving 2551 a TCP port. 2552 properties: 2553 host: 2554 description: 'Optional: Host name to connect to, 2555 defaults to the pod IP.' 2556 type: string 2557 port: 2558 anyOf: 2559 - type: integer 2560 - type: string 2561 description: Number or name of the port to access 2562 on the container. Number must be in the range 2563 1 to 65535. Name must be an IANA_SVC_NAME. 2564 x-kubernetes-int-or-string: true 2565 required: 2566 - port 2567 type: object 2568 terminationGracePeriodSeconds: 2569 description: Optional duration in seconds the pod needs 2570 to terminate gracefully upon probe failure. The grace 2571 period is the duration in seconds after the processes 2572 running in the pod are sent a termination signal and 2573 the time when the processes are forcibly halted with 2574 a kill signal. Set this value longer than the expected 2575 cleanup time for your process. If this value is nil, 2576 the pod's terminationGracePeriodSeconds will be used. 2577 Otherwise, this value overrides the value provided 2578 by the pod spec. Value must be non-negative integer. 2579 The value zero indicates stop immediately via the 2580 kill signal (no opportunity to shut down). This is 2581 a beta field and requires enabling ProbeTerminationGracePeriod 2582 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2583 is used if unset. 2584 format: int64 2585 type: integer 2586 timeoutSeconds: 2587 description: 'Number of seconds after which the probe 2588 times out. Defaults to 1 second. Minimum value is 2589 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2590 format: int32 2591 type: integer 2592 type: object 2593 stdin: 2594 description: Whether this container should allocate a buffer 2595 for stdin in the container runtime. If this is not set, 2596 reads from stdin in the container will always result in 2597 EOF. Default is false. 2598 type: boolean 2599 stdinOnce: 2600 description: Whether the container runtime should close 2601 the stdin channel after it has been opened by a single 2602 attach. When stdin is true the stdin stream will remain 2603 open across multiple attach sessions. If stdinOnce is 2604 set to true, stdin is opened on container start, is empty 2605 until the first client attaches to stdin, and then remains 2606 open and accepts data until the client disconnects, at 2607 which time stdin is closed and remains closed until the 2608 container is restarted. If this flag is false, a container 2609 processes that reads from stdin will never receive an 2610 EOF. Default is false 2611 type: boolean 2612 terminationMessagePath: 2613 description: 'Optional: Path at which the file to which 2614 the container''s termination message will be written is 2615 mounted into the container''s filesystem. Message written 2616 is intended to be brief final status, such as an assertion 2617 failure message. Will be truncated by the node if greater 2618 than 4096 bytes. The total message length across all containers 2619 will be limited to 12kb. Defaults to /dev/termination-log. 2620 Cannot be updated.' 2621 type: string 2622 terminationMessagePolicy: 2623 description: Indicate how the termination message should 2624 be populated. File will use the contents of terminationMessagePath 2625 to populate the container status message on both success 2626 and failure. FallbackToLogsOnError will use the last chunk 2627 of container log output if the termination message file 2628 is empty and the container exited with an error. The log 2629 output is limited to 2048 bytes or 80 lines, whichever 2630 is smaller. Defaults to File. Cannot be updated. 2631 type: string 2632 tty: 2633 description: Whether this container should allocate a TTY 2634 for itself, also requires 'stdin' to be true. Default 2635 is false. 2636 type: boolean 2637 volumeDevices: 2638 description: volumeDevices is the list of block devices 2639 to be used by the container. 2640 items: 2641 description: volumeDevice describes a mapping of a raw 2642 block device within a container. 2643 properties: 2644 devicePath: 2645 description: devicePath is the path inside of the 2646 container that the device will be mapped to. 2647 type: string 2648 name: 2649 description: name must match the name of a persistentVolumeClaim 2650 in the pod 2651 type: string 2652 required: 2653 - devicePath 2654 - name 2655 type: object 2656 type: array 2657 volumeMounts: 2658 description: Pod volumes to mount into the container's filesystem. 2659 Cannot be updated. 2660 items: 2661 description: VolumeMount describes a mounting of a Volume 2662 within a container. 2663 properties: 2664 mountPath: 2665 description: Path within the container at which the 2666 volume should be mounted. Must not contain ':'. 2667 type: string 2668 mountPropagation: 2669 description: mountPropagation determines how mounts 2670 are propagated from the host to container and the 2671 other way around. When not set, MountPropagationNone 2672 is used. This field is beta in 1.10. 2673 type: string 2674 name: 2675 description: This must match the Name of a Volume. 2676 type: string 2677 readOnly: 2678 description: Mounted read-only if true, read-write 2679 otherwise (false or unspecified). Defaults to false. 2680 type: boolean 2681 subPath: 2682 description: Path within the volume from which the 2683 container's volume should be mounted. Defaults to 2684 "" (volume's root). 2685 type: string 2686 subPathExpr: 2687 description: Expanded path within the volume from 2688 which the container's volume should be mounted. 2689 Behaves similarly to SubPath but environment variable 2690 references $(VAR_NAME) are expanded using the container's 2691 environment. Defaults to "" (volume's root). SubPathExpr 2692 and SubPath are mutually exclusive. 2693 type: string 2694 required: 2695 - mountPath 2696 - name 2697 type: object 2698 type: array 2699 workingDir: 2700 description: Container's working directory. If not specified, 2701 the container runtime's default will be used, which might 2702 be configured in the container image. Cannot be updated. 2703 type: string 2704 required: 2705 - name 2706 type: object 2707 type: array 2708 extraVolumeMounts: 2709 items: 2710 description: VolumeMount describes a mounting of a Volume within 2711 a container. 2712 properties: 2713 mountPath: 2714 description: Path within the container at which the volume 2715 should be mounted. Must not contain ':'. 2716 type: string 2717 mountPropagation: 2718 description: mountPropagation determines how mounts are 2719 propagated from the host to container and the other way 2720 around. When not set, MountPropagationNone is used. This 2721 field is beta in 1.10. 2722 type: string 2723 name: 2724 description: This must match the Name of a Volume. 2725 type: string 2726 readOnly: 2727 description: Mounted read-only if true, read-write otherwise 2728 (false or unspecified). Defaults to false. 2729 type: boolean 2730 subPath: 2731 description: Path within the volume from which the container's 2732 volume should be mounted. Defaults to "" (volume's root). 2733 type: string 2734 subPathExpr: 2735 description: Expanded path within the volume from which 2736 the container's volume should be mounted. Behaves similarly 2737 to SubPath but environment variable references $(VAR_NAME) 2738 are expanded using the container's environment. Defaults 2739 to "" (volume's root). SubPathExpr and SubPath are mutually 2740 exclusive. 2741 type: string 2742 required: 2743 - mountPath 2744 - name 2745 type: object 2746 type: array 2747 extraVolumes: 2748 items: 2749 description: Volume represents a named volume in a pod that 2750 may be accessed by any container in the pod. 2751 properties: 2752 awsElasticBlockStore: 2753 description: 'awsElasticBlockStore represents an AWS Disk 2754 resource that is attached to a kubelet''s host machine 2755 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2756 properties: 2757 fsType: 2758 description: 'fsType is the filesystem type of the volume 2759 that you want to mount. Tip: Ensure that the filesystem 2760 type is supported by the host operating system. Examples: 2761 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 2762 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 2763 TODO: how do we prevent errors in the filesystem from 2764 compromising the machine' 2765 type: string 2766 partition: 2767 description: 'partition is the partition in the volume 2768 that you want to mount. If omitted, the default is 2769 to mount by volume name. Examples: For volume /dev/sda1, 2770 you specify the partition as "1". Similarly, the volume 2771 partition for /dev/sda is "0" (or you can leave the 2772 property empty).' 2773 format: int32 2774 type: integer 2775 readOnly: 2776 description: 'readOnly value true will force the readOnly 2777 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2778 type: boolean 2779 volumeID: 2780 description: 'volumeID is unique ID of the persistent 2781 disk resource in AWS (Amazon EBS volume). More info: 2782 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2783 type: string 2784 required: 2785 - volumeID 2786 type: object 2787 azureDisk: 2788 description: azureDisk represents an Azure Data Disk mount 2789 on the host and bind mount to the pod. 2790 properties: 2791 cachingMode: 2792 description: 'cachingMode is the Host Caching mode: 2793 None, Read Only, Read Write.' 2794 type: string 2795 diskName: 2796 description: diskName is the Name of the data disk in 2797 the blob storage 2798 type: string 2799 diskURI: 2800 description: diskURI is the URI of data disk in the 2801 blob storage 2802 type: string 2803 fsType: 2804 description: fsType is Filesystem type to mount. Must 2805 be a filesystem type supported by the host operating 2806 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 2807 to be "ext4" if unspecified. 2808 type: string 2809 kind: 2810 description: 'kind expected values are Shared: multiple 2811 blob disks per storage account Dedicated: single 2812 blob disk per storage account Managed: azure managed 2813 data disk (only in managed availability set). defaults 2814 to shared' 2815 type: string 2816 readOnly: 2817 description: readOnly Defaults to false (read/write). 2818 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2819 type: boolean 2820 required: 2821 - diskName 2822 - diskURI 2823 type: object 2824 azureFile: 2825 description: azureFile represents an Azure File Service 2826 mount on the host and bind mount to the pod. 2827 properties: 2828 readOnly: 2829 description: readOnly defaults to false (read/write). 2830 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2831 type: boolean 2832 secretName: 2833 description: secretName is the name of secret that 2834 contains Azure Storage Account Name and Key 2835 type: string 2836 shareName: 2837 description: shareName is the azure share Name 2838 type: string 2839 required: 2840 - secretName 2841 - shareName 2842 type: object 2843 cephfs: 2844 description: cephFS represents a Ceph FS mount on the host 2845 that shares a pod's lifetime 2846 properties: 2847 monitors: 2848 description: 'monitors is Required: Monitors is a collection 2849 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2850 items: 2851 type: string 2852 type: array 2853 path: 2854 description: 'path is Optional: Used as the mounted 2855 root, rather than the full Ceph tree, default is /' 2856 type: string 2857 readOnly: 2858 description: 'readOnly is Optional: Defaults to false 2859 (read/write). ReadOnly here will force the ReadOnly 2860 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2861 type: boolean 2862 secretFile: 2863 description: 'secretFile is Optional: SecretFile is 2864 the path to key ring for User, default is /etc/ceph/user.secret 2865 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2866 type: string 2867 secretRef: 2868 description: 'secretRef is Optional: SecretRef is reference 2869 to the authentication secret for User, default is 2870 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2871 properties: 2872 name: 2873 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2874 TODO: Add other useful fields. apiVersion, kind, 2875 uid?' 2876 type: string 2877 type: object 2878 user: 2879 description: 'user is optional: User is the rados user 2880 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2881 type: string 2882 required: 2883 - monitors 2884 type: object 2885 cinder: 2886 description: 'cinder represents a cinder volume attached 2887 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2888 properties: 2889 fsType: 2890 description: 'fsType is the filesystem type to mount. 2891 Must be a filesystem type supported by the host operating 2892 system. Examples: "ext4", "xfs", "ntfs". Implicitly 2893 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2894 type: string 2895 readOnly: 2896 description: 'readOnly defaults to false (read/write). 2897 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2898 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2899 type: boolean 2900 secretRef: 2901 description: 'secretRef is optional: points to a secret 2902 object containing parameters used to connect to OpenStack.' 2903 properties: 2904 name: 2905 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2906 TODO: Add other useful fields. apiVersion, kind, 2907 uid?' 2908 type: string 2909 type: object 2910 volumeID: 2911 description: 'volumeID used to identify the volume in 2912 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2913 type: string 2914 required: 2915 - volumeID 2916 type: object 2917 configMap: 2918 description: configMap represents a configMap that should 2919 populate this volume 2920 properties: 2921 defaultMode: 2922 description: 'defaultMode is optional: mode bits used 2923 to set permissions on created files by default. Must 2924 be an octal value between 0000 and 0777 or a decimal 2925 value between 0 and 511. YAML accepts both octal and 2926 decimal values, JSON requires decimal values for mode 2927 bits. Defaults to 0644. Directories within the path 2928 are not affected by this setting. This might be in 2929 conflict with other options that affect the file mode, 2930 like fsGroup, and the result can be other mode bits 2931 set.' 2932 format: int32 2933 type: integer 2934 items: 2935 description: items if unspecified, each key-value pair 2936 in the Data field of the referenced ConfigMap will 2937 be projected into the volume as a file whose name 2938 is the key and content is the value. If specified, 2939 the listed keys will be projected into the specified 2940 paths, and unlisted keys will not be present. If a 2941 key is specified which is not present in the ConfigMap, 2942 the volume setup will error unless it is marked optional. 2943 Paths must be relative and may not contain the '..' 2944 path or start with '..'. 2945 items: 2946 description: Maps a string key to a path within a 2947 volume. 2948 properties: 2949 key: 2950 description: key is the key to project. 2951 type: string 2952 mode: 2953 description: 'mode is Optional: mode bits used 2954 to set permissions on this file. Must be an 2955 octal value between 0000 and 0777 or a decimal 2956 value between 0 and 511. YAML accepts both octal 2957 and decimal values, JSON requires decimal values 2958 for mode bits. If not specified, the volume 2959 defaultMode will be used. This might be in conflict 2960 with other options that affect the file mode, 2961 like fsGroup, and the result can be other mode 2962 bits set.' 2963 format: int32 2964 type: integer 2965 path: 2966 description: path is the relative path of the 2967 file to map the key to. May not be an absolute 2968 path. May not contain the path element '..'. 2969 May not start with the string '..'. 2970 type: string 2971 required: 2972 - key 2973 - path 2974 type: object 2975 type: array 2976 name: 2977 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2978 TODO: Add other useful fields. apiVersion, kind, uid?' 2979 type: string 2980 optional: 2981 description: optional specify whether the ConfigMap 2982 or its keys must be defined 2983 type: boolean 2984 type: object 2985 csi: 2986 description: csi (Container Storage Interface) represents 2987 ephemeral storage that is handled by certain external 2988 CSI drivers (Beta feature). 2989 properties: 2990 driver: 2991 description: driver is the name of the CSI driver that 2992 handles this volume. Consult with your admin for the 2993 correct name as registered in the cluster. 2994 type: string 2995 fsType: 2996 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 2997 If not provided, the empty value is passed to the 2998 associated CSI driver which will determine the default 2999 filesystem to apply. 3000 type: string 3001 nodePublishSecretRef: 3002 description: nodePublishSecretRef is a reference to 3003 the secret object containing sensitive information 3004 to pass to the CSI driver to complete the CSI NodePublishVolume 3005 and NodeUnpublishVolume calls. This field is optional, 3006 and may be empty if no secret is required. If the 3007 secret object contains more than one secret, all secret 3008 references are passed. 3009 properties: 3010 name: 3011 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3012 TODO: Add other useful fields. apiVersion, kind, 3013 uid?' 3014 type: string 3015 type: object 3016 readOnly: 3017 description: readOnly specifies a read-only configuration 3018 for the volume. Defaults to false (read/write). 3019 type: boolean 3020 volumeAttributes: 3021 additionalProperties: 3022 type: string 3023 description: volumeAttributes stores driver-specific 3024 properties that are passed to the CSI driver. Consult 3025 your driver's documentation for supported values. 3026 type: object 3027 required: 3028 - driver 3029 type: object 3030 downwardAPI: 3031 description: downwardAPI represents downward API about the 3032 pod that should populate this volume 3033 properties: 3034 defaultMode: 3035 description: 'Optional: mode bits to use on created 3036 files by default. Must be a Optional: mode bits used 3037 to set permissions on created files by default. Must 3038 be an octal value between 0000 and 0777 or a decimal 3039 value between 0 and 511. YAML accepts both octal and 3040 decimal values, JSON requires decimal values for mode 3041 bits. Defaults to 0644. Directories within the path 3042 are not affected by this setting. This might be in 3043 conflict with other options that affect the file mode, 3044 like fsGroup, and the result can be other mode bits 3045 set.' 3046 format: int32 3047 type: integer 3048 items: 3049 description: Items is a list of downward API volume 3050 file 3051 items: 3052 description: DownwardAPIVolumeFile represents information 3053 to create the file containing the pod field 3054 properties: 3055 fieldRef: 3056 description: 'Required: Selects a field of the 3057 pod: only annotations, labels, name and namespace 3058 are supported.' 3059 properties: 3060 apiVersion: 3061 description: Version of the schema the FieldPath 3062 is written in terms of, defaults to "v1". 3063 type: string 3064 fieldPath: 3065 description: Path of the field to select in 3066 the specified API version. 3067 type: string 3068 required: 3069 - fieldPath 3070 type: object 3071 mode: 3072 description: 'Optional: mode bits used to set 3073 permissions on this file, must be an octal value 3074 between 0000 and 0777 or a decimal value between 3075 0 and 511. YAML accepts both octal and decimal 3076 values, JSON requires decimal values for mode 3077 bits. If not specified, the volume defaultMode 3078 will be used. This might be in conflict with 3079 other options that affect the file mode, like 3080 fsGroup, and the result can be other mode bits 3081 set.' 3082 format: int32 3083 type: integer 3084 path: 3085 description: 'Required: Path is the relative 3086 path name of the file to be created. Must not 3087 be absolute or contain the ''..'' path. Must 3088 be utf-8 encoded. The first item of the relative 3089 path must not start with ''..''' 3090 type: string 3091 resourceFieldRef: 3092 description: 'Selects a resource of the container: 3093 only resources limits and requests (limits.cpu, 3094 limits.memory, requests.cpu and requests.memory) 3095 are currently supported.' 3096 properties: 3097 containerName: 3098 description: 'Container name: required for 3099 volumes, optional for env vars' 3100 type: string 3101 divisor: 3102 anyOf: 3103 - type: integer 3104 - type: string 3105 description: Specifies the output format of 3106 the exposed resources, defaults to "1" 3107 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3108 x-kubernetes-int-or-string: true 3109 resource: 3110 description: 'Required: resource to select' 3111 type: string 3112 required: 3113 - resource 3114 type: object 3115 required: 3116 - path 3117 type: object 3118 type: array 3119 type: object 3120 emptyDir: 3121 description: 'emptyDir represents a temporary directory 3122 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3123 properties: 3124 medium: 3125 description: 'medium represents what type of storage 3126 medium should back this directory. The default is 3127 "" which means to use the node''s default medium. 3128 Must be an empty string (default) or Memory. More 3129 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3130 type: string 3131 sizeLimit: 3132 anyOf: 3133 - type: integer 3134 - type: string 3135 description: 'sizeLimit is the total amount of local 3136 storage required for this EmptyDir volume. The size 3137 limit is also applicable for memory medium. The maximum 3138 usage on memory medium EmptyDir would be the minimum 3139 value between the SizeLimit specified here and the 3140 sum of memory limits of all containers in a pod. The 3141 default is nil which means that the limit is undefined. 3142 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 3143 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3144 x-kubernetes-int-or-string: true 3145 type: object 3146 ephemeral: 3147 description: "ephemeral represents a volume that is handled 3148 by a cluster storage driver. The volume's lifecycle is 3149 tied to the pod that defines it - it will be created before 3150 the pod starts, and deleted when the pod is removed. \n 3151 Use this if: a) the volume is only needed while the pod 3152 runs, b) features of normal volumes like restoring from 3153 snapshot or capacity tracking are needed, c) the storage 3154 driver is specified through a storage class, and d) the 3155 storage driver supports dynamic volume provisioning through 3156 \ a PersistentVolumeClaim (see EphemeralVolumeSource 3157 for more information on the connection between this 3158 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 3159 or one of the vendor-specific APIs for volumes that persist 3160 for longer than the lifecycle of an individual pod. \n 3161 Use CSI for light-weight local ephemeral volumes if the 3162 CSI driver is meant to be used that way - see the documentation 3163 of the driver for more information. \n A pod can use both 3164 types of ephemeral volumes and persistent volumes at the 3165 same time." 3166 properties: 3167 volumeClaimTemplate: 3168 description: "Will be used to create a stand-alone PVC 3169 to provision the volume. The pod in which this EphemeralVolumeSource 3170 is embedded will be the owner of the PVC, i.e. the 3171 PVC will be deleted together with the pod. The name 3172 of the PVC will be `<pod name>-<volume name>` where 3173 `<volume name>` is the name from the `PodSpec.Volumes` 3174 array entry. Pod validation will reject the pod if 3175 the concatenated name is not valid for a PVC (for 3176 example, too long). \n An existing PVC with that name 3177 that is not owned by the pod will *not* be used for 3178 the pod to avoid using an unrelated volume by mistake. 3179 Starting the pod is then blocked until the unrelated 3180 PVC is removed. If such a pre-created PVC is meant 3181 to be used by the pod, the PVC has to updated with 3182 an owner reference to the pod once the pod exists. 3183 Normally this should not be necessary, but it may 3184 be useful when manually reconstructing a broken cluster. 3185 \n This field is read-only and no changes will be 3186 made by Kubernetes to the PVC after it has been created. 3187 \n Required, must not be nil." 3188 properties: 3189 metadata: 3190 description: May contain labels and annotations 3191 that will be copied into the PVC when creating 3192 it. No other fields are allowed and will be rejected 3193 during validation. 3194 type: object 3195 spec: 3196 description: The specification for the PersistentVolumeClaim. 3197 The entire content is copied unchanged into the 3198 PVC that gets created from this template. The 3199 same fields as in a PersistentVolumeClaim are 3200 also valid here. 3201 properties: 3202 accessModes: 3203 description: 'accessModes contains the desired 3204 access modes the volume should have. More 3205 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 3206 items: 3207 type: string 3208 type: array 3209 dataSource: 3210 description: 'dataSource field can be used to 3211 specify either: * An existing VolumeSnapshot 3212 object (snapshot.storage.k8s.io/VolumeSnapshot) 3213 * An existing PVC (PersistentVolumeClaim) 3214 If the provisioner or an external controller 3215 can support the specified data source, it 3216 will create a new volume based on the contents 3217 of the specified data source. If the AnyVolumeDataSource 3218 feature gate is enabled, this field will always 3219 have the same contents as the DataSourceRef 3220 field.' 3221 properties: 3222 apiGroup: 3223 description: APIGroup is the group for the 3224 resource being referenced. If APIGroup 3225 is not specified, the specified Kind must 3226 be in the core API group. For any other 3227 third-party types, APIGroup is required. 3228 type: string 3229 kind: 3230 description: Kind is the type of resource 3231 being referenced 3232 type: string 3233 name: 3234 description: Name is the name of resource 3235 being referenced 3236 type: string 3237 required: 3238 - kind 3239 - name 3240 type: object 3241 dataSourceRef: 3242 description: 'dataSourceRef specifies the object 3243 from which to populate the volume with data, 3244 if a non-empty volume is desired. This may 3245 be any local object from a non-empty API group 3246 (non core object) or a PersistentVolumeClaim 3247 object. When this field is specified, volume 3248 binding will only succeed if the type of the 3249 specified object matches some installed volume 3250 populator or dynamic provisioner. This field 3251 will replace the functionality of the DataSource 3252 field and as such if both fields are non-empty, 3253 they must have the same value. For backwards 3254 compatibility, both fields (DataSource and 3255 DataSourceRef) will be set to the same value 3256 automatically if one of them is empty and 3257 the other is non-empty. There are two important 3258 differences between DataSource and DataSourceRef: 3259 * While DataSource only allows two specific 3260 types of objects, DataSourceRef allows any 3261 non-core object, as well as PersistentVolumeClaim 3262 objects. * While DataSource ignores disallowed 3263 values (dropping them), DataSourceRef preserves 3264 all values, and generates an error if a disallowed 3265 value is specified. (Beta) Using this field 3266 requires the AnyVolumeDataSource feature gate 3267 to be enabled.' 3268 properties: 3269 apiGroup: 3270 description: APIGroup is the group for the 3271 resource being referenced. If APIGroup 3272 is not specified, the specified Kind must 3273 be in the core API group. For any other 3274 third-party types, APIGroup is required. 3275 type: string 3276 kind: 3277 description: Kind is the type of resource 3278 being referenced 3279 type: string 3280 name: 3281 description: Name is the name of resource 3282 being referenced 3283 type: string 3284 required: 3285 - kind 3286 - name 3287 type: object 3288 resources: 3289 description: 'resources represents the minimum 3290 resources the volume should have. If RecoverVolumeExpansionFailure 3291 feature is enabled users are allowed to specify 3292 resource requirements that are lower than 3293 previous value but must still be higher than 3294 capacity recorded in the status field of the 3295 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 3296 properties: 3297 limits: 3298 additionalProperties: 3299 anyOf: 3300 - type: integer 3301 - type: string 3302 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3303 x-kubernetes-int-or-string: true 3304 description: 'Limits describes the maximum 3305 amount of compute resources allowed. More 3306 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3307 type: object 3308 requests: 3309 additionalProperties: 3310 anyOf: 3311 - type: integer 3312 - type: string 3313 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3314 x-kubernetes-int-or-string: true 3315 description: 'Requests describes the minimum 3316 amount of compute resources required. 3317 If Requests is omitted for a container, 3318 it defaults to Limits if that is explicitly 3319 specified, otherwise to an implementation-defined 3320 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3321 type: object 3322 type: object 3323 selector: 3324 description: selector is a label query over 3325 volumes to consider for binding. 3326 properties: 3327 matchExpressions: 3328 description: matchExpressions is a list 3329 of label selector requirements. The requirements 3330 are ANDed. 3331 items: 3332 description: A label selector requirement 3333 is a selector that contains values, 3334 a key, and an operator that relates 3335 the key and values. 3336 properties: 3337 key: 3338 description: key is the label key 3339 that the selector applies to. 3340 type: string 3341 operator: 3342 description: operator represents a 3343 key's relationship to a set of values. 3344 Valid operators are In, NotIn, Exists 3345 and DoesNotExist. 3346 type: string 3347 values: 3348 description: values is an array of 3349 string values. If the operator is 3350 In or NotIn, the values array must 3351 be non-empty. If the operator is 3352 Exists or DoesNotExist, the values 3353 array must be empty. This array 3354 is replaced during a strategic merge 3355 patch. 3356 items: 3357 type: string 3358 type: array 3359 required: 3360 - key 3361 - operator 3362 type: object 3363 type: array 3364 matchLabels: 3365 additionalProperties: 3366 type: string 3367 description: matchLabels is a map of {key,value} 3368 pairs. A single {key,value} in the matchLabels 3369 map is equivalent to an element of matchExpressions, 3370 whose key field is "key", the operator 3371 is "In", and the values array contains 3372 only "value". The requirements are ANDed. 3373 type: object 3374 type: object 3375 storageClassName: 3376 description: 'storageClassName is the name of 3377 the StorageClass required by the claim. More 3378 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 3379 type: string 3380 volumeMode: 3381 description: volumeMode defines what type of 3382 volume is required by the claim. Value of 3383 Filesystem is implied when not included in 3384 claim spec. 3385 type: string 3386 volumeName: 3387 description: volumeName is the binding reference 3388 to the PersistentVolume backing this claim. 3389 type: string 3390 type: object 3391 required: 3392 - spec 3393 type: object 3394 type: object 3395 fc: 3396 description: fc represents a Fibre Channel resource that 3397 is attached to a kubelet's host machine and then exposed 3398 to the pod. 3399 properties: 3400 fsType: 3401 description: 'fsType is the filesystem type to mount. 3402 Must be a filesystem type supported by the host operating 3403 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 3404 to be "ext4" if unspecified. TODO: how do we prevent 3405 errors in the filesystem from compromising the machine' 3406 type: string 3407 lun: 3408 description: 'lun is Optional: FC target lun number' 3409 format: int32 3410 type: integer 3411 readOnly: 3412 description: 'readOnly is Optional: Defaults to false 3413 (read/write). ReadOnly here will force the ReadOnly 3414 setting in VolumeMounts.' 3415 type: boolean 3416 targetWWNs: 3417 description: 'targetWWNs is Optional: FC target worldwide 3418 names (WWNs)' 3419 items: 3420 type: string 3421 type: array 3422 wwids: 3423 description: 'wwids Optional: FC volume world wide identifiers 3424 (wwids) Either wwids or combination of targetWWNs 3425 and lun must be set, but not both simultaneously.' 3426 items: 3427 type: string 3428 type: array 3429 type: object 3430 flexVolume: 3431 description: flexVolume represents a generic volume resource 3432 that is provisioned/attached using an exec based plugin. 3433 properties: 3434 driver: 3435 description: driver is the name of the driver to use 3436 for this volume. 3437 type: string 3438 fsType: 3439 description: fsType is the filesystem type to mount. 3440 Must be a filesystem type supported by the host operating 3441 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 3442 depends on FlexVolume script. 3443 type: string 3444 options: 3445 additionalProperties: 3446 type: string 3447 description: 'options is Optional: this field holds 3448 extra command options if any.' 3449 type: object 3450 readOnly: 3451 description: 'readOnly is Optional: defaults to false 3452 (read/write). ReadOnly here will force the ReadOnly 3453 setting in VolumeMounts.' 3454 type: boolean 3455 secretRef: 3456 description: 'secretRef is Optional: secretRef is reference 3457 to the secret object containing sensitive information 3458 to pass to the plugin scripts. This may be empty if 3459 no secret object is specified. If the secret object 3460 contains more than one secret, all secrets are passed 3461 to the plugin scripts.' 3462 properties: 3463 name: 3464 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3465 TODO: Add other useful fields. apiVersion, kind, 3466 uid?' 3467 type: string 3468 type: object 3469 required: 3470 - driver 3471 type: object 3472 flocker: 3473 description: flocker represents a Flocker volume attached 3474 to a kubelet's host machine. This depends on the Flocker 3475 control service being running 3476 properties: 3477 datasetName: 3478 description: datasetName is Name of the dataset stored 3479 as metadata -> name on the dataset for Flocker should 3480 be considered as deprecated 3481 type: string 3482 datasetUUID: 3483 description: datasetUUID is the UUID of the dataset. 3484 This is unique identifier of a Flocker dataset 3485 type: string 3486 type: object 3487 gcePersistentDisk: 3488 description: 'gcePersistentDisk represents a GCE Disk resource 3489 that is attached to a kubelet''s host machine and then 3490 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3491 properties: 3492 fsType: 3493 description: 'fsType is filesystem type of the volume 3494 that you want to mount. Tip: Ensure that the filesystem 3495 type is supported by the host operating system. Examples: 3496 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3497 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 3498 TODO: how do we prevent errors in the filesystem from 3499 compromising the machine' 3500 type: string 3501 partition: 3502 description: 'partition is the partition in the volume 3503 that you want to mount. If omitted, the default is 3504 to mount by volume name. Examples: For volume /dev/sda1, 3505 you specify the partition as "1". Similarly, the volume 3506 partition for /dev/sda is "0" (or you can leave the 3507 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3508 format: int32 3509 type: integer 3510 pdName: 3511 description: 'pdName is unique name of the PD resource 3512 in GCE. Used to identify the disk in GCE. More info: 3513 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3514 type: string 3515 readOnly: 3516 description: 'readOnly here will force the ReadOnly 3517 setting in VolumeMounts. Defaults to false. More info: 3518 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3519 type: boolean 3520 required: 3521 - pdName 3522 type: object 3523 gitRepo: 3524 description: 'gitRepo represents a git repository at a particular 3525 revision. DEPRECATED: GitRepo is deprecated. To provision 3526 a container with a git repo, mount an EmptyDir into an 3527 InitContainer that clones the repo using git, then mount 3528 the EmptyDir into the Pod''s container.' 3529 properties: 3530 directory: 3531 description: directory is the target directory name. 3532 Must not contain or start with '..'. If '.' is supplied, 3533 the volume directory will be the git repository. Otherwise, 3534 if specified, the volume will contain the git repository 3535 in the subdirectory with the given name. 3536 type: string 3537 repository: 3538 description: repository is the URL 3539 type: string 3540 revision: 3541 description: revision is the commit hash for the specified 3542 revision. 3543 type: string 3544 required: 3545 - repository 3546 type: object 3547 glusterfs: 3548 description: 'glusterfs represents a Glusterfs mount on 3549 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 3550 properties: 3551 endpoints: 3552 description: 'endpoints is the endpoint name that details 3553 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3554 type: string 3555 path: 3556 description: 'path is the Glusterfs volume path. More 3557 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3558 type: string 3559 readOnly: 3560 description: 'readOnly here will force the Glusterfs 3561 volume to be mounted with read-only permissions. Defaults 3562 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3563 type: boolean 3564 required: 3565 - endpoints 3566 - path 3567 type: object 3568 hostPath: 3569 description: 'hostPath represents a pre-existing file or 3570 directory on the host machine that is directly exposed 3571 to the container. This is generally used for system agents 3572 or other privileged things that are allowed to see the 3573 host machine. Most containers will NOT need this. More 3574 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 3575 --- TODO(jonesdl) We need to restrict who can use host 3576 directory mounts and who can/can not mount host directories 3577 as read/write.' 3578 properties: 3579 path: 3580 description: 'path of the directory on the host. If 3581 the path is a symlink, it will follow the link to 3582 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3583 type: string 3584 type: 3585 description: 'type for HostPath Volume Defaults to "" 3586 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3587 type: string 3588 required: 3589 - path 3590 type: object 3591 iscsi: 3592 description: 'iscsi represents an ISCSI Disk resource that 3593 is attached to a kubelet''s host machine and then exposed 3594 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 3595 properties: 3596 chapAuthDiscovery: 3597 description: chapAuthDiscovery defines whether support 3598 iSCSI Discovery CHAP authentication 3599 type: boolean 3600 chapAuthSession: 3601 description: chapAuthSession defines whether support 3602 iSCSI Session CHAP authentication 3603 type: boolean 3604 fsType: 3605 description: 'fsType is the filesystem type of the volume 3606 that you want to mount. Tip: Ensure that the filesystem 3607 type is supported by the host operating system. Examples: 3608 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3609 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 3610 TODO: how do we prevent errors in the filesystem from 3611 compromising the machine' 3612 type: string 3613 initiatorName: 3614 description: initiatorName is the custom iSCSI Initiator 3615 Name. If initiatorName is specified with iscsiInterface 3616 simultaneously, new iSCSI interface <target portal>:<volume 3617 name> will be created for the connection. 3618 type: string 3619 iqn: 3620 description: iqn is the target iSCSI Qualified Name. 3621 type: string 3622 iscsiInterface: 3623 description: iscsiInterface is the interface Name that 3624 uses an iSCSI transport. Defaults to 'default' (tcp). 3625 type: string 3626 lun: 3627 description: lun represents iSCSI Target Lun number. 3628 format: int32 3629 type: integer 3630 portals: 3631 description: portals is the iSCSI Target Portal List. 3632 The portal is either an IP or ip_addr:port if the 3633 port is other than default (typically TCP ports 860 3634 and 3260). 3635 items: 3636 type: string 3637 type: array 3638 readOnly: 3639 description: readOnly here will force the ReadOnly setting 3640 in VolumeMounts. Defaults to false. 3641 type: boolean 3642 secretRef: 3643 description: secretRef is the CHAP Secret for iSCSI 3644 target and initiator authentication 3645 properties: 3646 name: 3647 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3648 TODO: Add other useful fields. apiVersion, kind, 3649 uid?' 3650 type: string 3651 type: object 3652 targetPortal: 3653 description: targetPortal is iSCSI Target Portal. The 3654 Portal is either an IP or ip_addr:port if the port 3655 is other than default (typically TCP ports 860 and 3656 3260). 3657 type: string 3658 required: 3659 - iqn 3660 - lun 3661 - targetPortal 3662 type: object 3663 name: 3664 description: 'name of the volume. Must be a DNS_LABEL and 3665 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 3666 type: string 3667 nfs: 3668 description: 'nfs represents an NFS mount on the host that 3669 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3670 properties: 3671 path: 3672 description: 'path that is exported by the NFS server. 3673 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3674 type: string 3675 readOnly: 3676 description: 'readOnly here will force the NFS export 3677 to be mounted with read-only permissions. Defaults 3678 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3679 type: boolean 3680 server: 3681 description: 'server is the hostname or IP address of 3682 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3683 type: string 3684 required: 3685 - path 3686 - server 3687 type: object 3688 persistentVolumeClaim: 3689 description: 'persistentVolumeClaimVolumeSource represents 3690 a reference to a PersistentVolumeClaim in the same namespace. 3691 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 3692 properties: 3693 claimName: 3694 description: 'claimName is the name of a PersistentVolumeClaim 3695 in the same namespace as the pod using this volume. 3696 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 3697 type: string 3698 readOnly: 3699 description: readOnly Will force the ReadOnly setting 3700 in VolumeMounts. Default false. 3701 type: boolean 3702 required: 3703 - claimName 3704 type: object 3705 photonPersistentDisk: 3706 description: photonPersistentDisk represents a PhotonController 3707 persistent disk attached and mounted on kubelets host 3708 machine 3709 properties: 3710 fsType: 3711 description: fsType is the filesystem type to mount. 3712 Must be a filesystem type supported by the host operating 3713 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 3714 to be "ext4" if unspecified. 3715 type: string 3716 pdID: 3717 description: pdID is the ID that identifies Photon Controller 3718 persistent disk 3719 type: string 3720 required: 3721 - pdID 3722 type: object 3723 portworxVolume: 3724 description: portworxVolume represents a portworx volume 3725 attached and mounted on kubelets host machine 3726 properties: 3727 fsType: 3728 description: fSType represents the filesystem type to 3729 mount Must be a filesystem type supported by the host 3730 operating system. Ex. "ext4", "xfs". Implicitly inferred 3731 to be "ext4" if unspecified. 3732 type: string 3733 readOnly: 3734 description: readOnly defaults to false (read/write). 3735 ReadOnly here will force the ReadOnly setting in VolumeMounts. 3736 type: boolean 3737 volumeID: 3738 description: volumeID uniquely identifies a Portworx 3739 volume 3740 type: string 3741 required: 3742 - volumeID 3743 type: object 3744 projected: 3745 description: projected items for all in one resources secrets, 3746 configmaps, and downward API 3747 properties: 3748 defaultMode: 3749 description: defaultMode are the mode bits used to set 3750 permissions on created files by default. Must be an 3751 octal value between 0000 and 0777 or a decimal value 3752 between 0 and 511. YAML accepts both octal and decimal 3753 values, JSON requires decimal values for mode bits. 3754 Directories within the path are not affected by this 3755 setting. This might be in conflict with other options 3756 that affect the file mode, like fsGroup, and the result 3757 can be other mode bits set. 3758 format: int32 3759 type: integer 3760 sources: 3761 description: sources is the list of volume projections 3762 items: 3763 description: Projection that may be projected along 3764 with other supported volume types 3765 properties: 3766 configMap: 3767 description: configMap information about the configMap 3768 data to project 3769 properties: 3770 items: 3771 description: items if unspecified, each key-value 3772 pair in the Data field of the referenced 3773 ConfigMap will be projected into the volume 3774 as a file whose name is the key and content 3775 is the value. If specified, the listed keys 3776 will be projected into the specified paths, 3777 and unlisted keys will not be present. If 3778 a key is specified which is not present 3779 in the ConfigMap, the volume setup will 3780 error unless it is marked optional. Paths 3781 must be relative and may not contain the 3782 '..' path or start with '..'. 3783 items: 3784 description: Maps a string key to a path 3785 within a volume. 3786 properties: 3787 key: 3788 description: key is the key to project. 3789 type: string 3790 mode: 3791 description: 'mode is Optional: mode 3792 bits used to set permissions on this 3793 file. Must be an octal value between 3794 0000 and 0777 or a decimal value between 3795 0 and 511. YAML accepts both octal 3796 and decimal values, JSON requires 3797 decimal values for mode bits. If not 3798 specified, the volume defaultMode 3799 will be used. This might be in conflict 3800 with other options that affect the 3801 file mode, like fsGroup, and the result 3802 can be other mode bits set.' 3803 format: int32 3804 type: integer 3805 path: 3806 description: path is the relative path 3807 of the file to map the key to. May 3808 not be an absolute path. May not contain 3809 the path element '..'. May not start 3810 with the string '..'. 3811 type: string 3812 required: 3813 - key 3814 - path 3815 type: object 3816 type: array 3817 name: 3818 description: 'Name of the referent. More info: 3819 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3820 TODO: Add other useful fields. apiVersion, 3821 kind, uid?' 3822 type: string 3823 optional: 3824 description: optional specify whether the 3825 ConfigMap or its keys must be defined 3826 type: boolean 3827 type: object 3828 downwardAPI: 3829 description: downwardAPI information about the 3830 downwardAPI data to project 3831 properties: 3832 items: 3833 description: Items is a list of DownwardAPIVolume 3834 file 3835 items: 3836 description: DownwardAPIVolumeFile represents 3837 information to create the file containing 3838 the pod field 3839 properties: 3840 fieldRef: 3841 description: 'Required: Selects a field 3842 of the pod: only annotations, labels, 3843 name and namespace are supported.' 3844 properties: 3845 apiVersion: 3846 description: Version of the schema 3847 the FieldPath is written in terms 3848 of, defaults to "v1". 3849 type: string 3850 fieldPath: 3851 description: Path of the field to 3852 select in the specified API version. 3853 type: string 3854 required: 3855 - fieldPath 3856 type: object 3857 mode: 3858 description: 'Optional: mode bits used 3859 to set permissions on this file, must 3860 be an octal value between 0000 and 3861 0777 or a decimal value between 0 3862 and 511. YAML accepts both octal and 3863 decimal values, JSON requires decimal 3864 values for mode bits. If not specified, 3865 the volume defaultMode will be used. 3866 This might be in conflict with other 3867 options that affect the file mode, 3868 like fsGroup, and the result can be 3869 other mode bits set.' 3870 format: int32 3871 type: integer 3872 path: 3873 description: 'Required: Path is the 3874 relative path name of the file to 3875 be created. Must not be absolute or 3876 contain the ''..'' path. Must be utf-8 3877 encoded. The first item of the relative 3878 path must not start with ''..''' 3879 type: string 3880 resourceFieldRef: 3881 description: 'Selects a resource of 3882 the container: only resources limits 3883 and requests (limits.cpu, limits.memory, 3884 requests.cpu and requests.memory) 3885 are currently supported.' 3886 properties: 3887 containerName: 3888 description: 'Container name: required 3889 for volumes, optional for env 3890 vars' 3891 type: string 3892 divisor: 3893 anyOf: 3894 - type: integer 3895 - type: string 3896 description: Specifies the output 3897 format of the exposed resources, 3898 defaults to "1" 3899 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3900 x-kubernetes-int-or-string: true 3901 resource: 3902 description: 'Required: resource 3903 to select' 3904 type: string 3905 required: 3906 - resource 3907 type: object 3908 required: 3909 - path 3910 type: object 3911 type: array 3912 type: object 3913 secret: 3914 description: secret information about the secret 3915 data to project 3916 properties: 3917 items: 3918 description: items if unspecified, each key-value 3919 pair in the Data field of the referenced 3920 Secret will be projected into the volume 3921 as a file whose name is the key and content 3922 is the value. If specified, the listed keys 3923 will be projected into the specified paths, 3924 and unlisted keys will not be present. If 3925 a key is specified which is not present 3926 in the Secret, the volume setup will error 3927 unless it is marked optional. Paths must 3928 be relative and may not contain the '..' 3929 path or start with '..'. 3930 items: 3931 description: Maps a string key to a path 3932 within a volume. 3933 properties: 3934 key: 3935 description: key is the key to project. 3936 type: string 3937 mode: 3938 description: 'mode is Optional: mode 3939 bits used to set permissions on this 3940 file. Must be an octal value between 3941 0000 and 0777 or a decimal value between 3942 0 and 511. YAML accepts both octal 3943 and decimal values, JSON requires 3944 decimal values for mode bits. If not 3945 specified, the volume defaultMode 3946 will be used. This might be in conflict 3947 with other options that affect the 3948 file mode, like fsGroup, and the result 3949 can be other mode bits set.' 3950 format: int32 3951 type: integer 3952 path: 3953 description: path is the relative path 3954 of the file to map the key to. May 3955 not be an absolute path. May not contain 3956 the path element '..'. May not start 3957 with the string '..'. 3958 type: string 3959 required: 3960 - key 3961 - path 3962 type: object 3963 type: array 3964 name: 3965 description: 'Name of the referent. More info: 3966 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3967 TODO: Add other useful fields. apiVersion, 3968 kind, uid?' 3969 type: string 3970 optional: 3971 description: optional field specify whether 3972 the Secret or its key must be defined 3973 type: boolean 3974 type: object 3975 serviceAccountToken: 3976 description: serviceAccountToken is information 3977 about the serviceAccountToken data to project 3978 properties: 3979 audience: 3980 description: audience is the intended audience 3981 of the token. A recipient of a token must 3982 identify itself with an identifier specified 3983 in the audience of the token, and otherwise 3984 should reject the token. The audience defaults 3985 to the identifier of the apiserver. 3986 type: string 3987 expirationSeconds: 3988 description: expirationSeconds is the requested 3989 duration of validity of the service account 3990 token. As the token approaches expiration, 3991 the kubelet volume plugin will proactively 3992 rotate the service account token. The kubelet 3993 will start trying to rotate the token if 3994 the token is older than 80 percent of its 3995 time to live or if the token is older than 3996 24 hours.Defaults to 1 hour and must be 3997 at least 10 minutes. 3998 format: int64 3999 type: integer 4000 path: 4001 description: path is the path relative to 4002 the mount point of the file to project the 4003 token into. 4004 type: string 4005 required: 4006 - path 4007 type: object 4008 type: object 4009 type: array 4010 type: object 4011 quobyte: 4012 description: quobyte represents a Quobyte mount on the host 4013 that shares a pod's lifetime 4014 properties: 4015 group: 4016 description: group to map volume access to Default is 4017 no group 4018 type: string 4019 readOnly: 4020 description: readOnly here will force the Quobyte volume 4021 to be mounted with read-only permissions. Defaults 4022 to false. 4023 type: boolean 4024 registry: 4025 description: registry represents a single or multiple 4026 Quobyte Registry services specified as a string as 4027 host:port pair (multiple entries are separated with 4028 commas) which acts as the central registry for volumes 4029 type: string 4030 tenant: 4031 description: tenant owning the given Quobyte volume 4032 in the Backend Used with dynamically provisioned Quobyte 4033 volumes, value is set by the plugin 4034 type: string 4035 user: 4036 description: user to map volume access to Defaults to 4037 serivceaccount user 4038 type: string 4039 volume: 4040 description: volume is a string that references an already 4041 created Quobyte volume by name. 4042 type: string 4043 required: 4044 - registry 4045 - volume 4046 type: object 4047 rbd: 4048 description: 'rbd represents a Rados Block Device mount 4049 on the host that shares a pod''s lifetime. More info: 4050 https://examples.k8s.io/volumes/rbd/README.md' 4051 properties: 4052 fsType: 4053 description: 'fsType is the filesystem type of the volume 4054 that you want to mount. Tip: Ensure that the filesystem 4055 type is supported by the host operating system. Examples: 4056 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4057 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 4058 TODO: how do we prevent errors in the filesystem from 4059 compromising the machine' 4060 type: string 4061 image: 4062 description: 'image is the rados image name. More info: 4063 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4064 type: string 4065 keyring: 4066 description: 'keyring is the path to key ring for RBDUser. 4067 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4068 type: string 4069 monitors: 4070 description: 'monitors is a collection of Ceph monitors. 4071 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4072 items: 4073 type: string 4074 type: array 4075 pool: 4076 description: 'pool is the rados pool name. Default is 4077 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4078 type: string 4079 readOnly: 4080 description: 'readOnly here will force the ReadOnly 4081 setting in VolumeMounts. Defaults to false. More info: 4082 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4083 type: boolean 4084 secretRef: 4085 description: 'secretRef is name of the authentication 4086 secret for RBDUser. If provided overrides keyring. 4087 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4088 properties: 4089 name: 4090 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4091 TODO: Add other useful fields. apiVersion, kind, 4092 uid?' 4093 type: string 4094 type: object 4095 user: 4096 description: 'user is the rados user name. Default is 4097 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4098 type: string 4099 required: 4100 - image 4101 - monitors 4102 type: object 4103 scaleIO: 4104 description: scaleIO represents a ScaleIO persistent volume 4105 attached and mounted on Kubernetes nodes. 4106 properties: 4107 fsType: 4108 description: fsType is the filesystem type to mount. 4109 Must be a filesystem type supported by the host operating 4110 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 4111 type: string 4112 gateway: 4113 description: gateway is the host address of the ScaleIO 4114 API Gateway. 4115 type: string 4116 protectionDomain: 4117 description: protectionDomain is the name of the ScaleIO 4118 Protection Domain for the configured storage. 4119 type: string 4120 readOnly: 4121 description: readOnly Defaults to false (read/write). 4122 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4123 type: boolean 4124 secretRef: 4125 description: secretRef references to the secret for 4126 ScaleIO user and other sensitive information. If this 4127 is not provided, Login operation will fail. 4128 properties: 4129 name: 4130 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4131 TODO: Add other useful fields. apiVersion, kind, 4132 uid?' 4133 type: string 4134 type: object 4135 sslEnabled: 4136 description: sslEnabled Flag enable/disable SSL communication 4137 with Gateway, default false 4138 type: boolean 4139 storageMode: 4140 description: storageMode indicates whether the storage 4141 for a volume should be ThickProvisioned or ThinProvisioned. 4142 Default is ThinProvisioned. 4143 type: string 4144 storagePool: 4145 description: storagePool is the ScaleIO Storage Pool 4146 associated with the protection domain. 4147 type: string 4148 system: 4149 description: system is the name of the storage system 4150 as configured in ScaleIO. 4151 type: string 4152 volumeName: 4153 description: volumeName is the name of a volume already 4154 created in the ScaleIO system that is associated with 4155 this volume source. 4156 type: string 4157 required: 4158 - gateway 4159 - secretRef 4160 - system 4161 type: object 4162 secret: 4163 description: 'secret represents a secret that should populate 4164 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4165 properties: 4166 defaultMode: 4167 description: 'defaultMode is Optional: mode bits used 4168 to set permissions on created files by default. Must 4169 be an octal value between 0000 and 0777 or a decimal 4170 value between 0 and 511. YAML accepts both octal and 4171 decimal values, JSON requires decimal values for mode 4172 bits. Defaults to 0644. Directories within the path 4173 are not affected by this setting. This might be in 4174 conflict with other options that affect the file mode, 4175 like fsGroup, and the result can be other mode bits 4176 set.' 4177 format: int32 4178 type: integer 4179 items: 4180 description: items If unspecified, each key-value pair 4181 in the Data field of the referenced Secret will be 4182 projected into the volume as a file whose name is 4183 the key and content is the value. If specified, the 4184 listed keys will be projected into the specified paths, 4185 and unlisted keys will not be present. If a key is 4186 specified which is not present in the Secret, the 4187 volume setup will error unless it is marked optional. 4188 Paths must be relative and may not contain the '..' 4189 path or start with '..'. 4190 items: 4191 description: Maps a string key to a path within a 4192 volume. 4193 properties: 4194 key: 4195 description: key is the key to project. 4196 type: string 4197 mode: 4198 description: 'mode is Optional: mode bits used 4199 to set permissions on this file. Must be an 4200 octal value between 0000 and 0777 or a decimal 4201 value between 0 and 511. YAML accepts both octal 4202 and decimal values, JSON requires decimal values 4203 for mode bits. If not specified, the volume 4204 defaultMode will be used. This might be in conflict 4205 with other options that affect the file mode, 4206 like fsGroup, and the result can be other mode 4207 bits set.' 4208 format: int32 4209 type: integer 4210 path: 4211 description: path is the relative path of the 4212 file to map the key to. May not be an absolute 4213 path. May not contain the path element '..'. 4214 May not start with the string '..'. 4215 type: string 4216 required: 4217 - key 4218 - path 4219 type: object 4220 type: array 4221 optional: 4222 description: optional field specify whether the Secret 4223 or its keys must be defined 4224 type: boolean 4225 secretName: 4226 description: 'secretName is the name of the secret in 4227 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4228 type: string 4229 type: object 4230 storageos: 4231 description: storageOS represents a StorageOS volume attached 4232 and mounted on Kubernetes nodes. 4233 properties: 4234 fsType: 4235 description: fsType is the filesystem type to mount. 4236 Must be a filesystem type supported by the host operating 4237 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 4238 to be "ext4" if unspecified. 4239 type: string 4240 readOnly: 4241 description: readOnly defaults to false (read/write). 4242 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4243 type: boolean 4244 secretRef: 4245 description: secretRef specifies the secret to use for 4246 obtaining the StorageOS API credentials. If not specified, 4247 default values will be attempted. 4248 properties: 4249 name: 4250 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4251 TODO: Add other useful fields. apiVersion, kind, 4252 uid?' 4253 type: string 4254 type: object 4255 volumeName: 4256 description: volumeName is the human-readable name of 4257 the StorageOS volume. Volume names are only unique 4258 within a namespace. 4259 type: string 4260 volumeNamespace: 4261 description: volumeNamespace specifies the scope of 4262 the volume within StorageOS. If no namespace is specified 4263 then the Pod's namespace will be used. This allows 4264 the Kubernetes name scoping to be mirrored within 4265 StorageOS for tighter integration. Set VolumeName 4266 to any name to override the default behaviour. Set 4267 to "default" if you are not using namespaces within 4268 StorageOS. Namespaces that do not pre-exist within 4269 StorageOS will be created. 4270 type: string 4271 type: object 4272 vsphereVolume: 4273 description: vsphereVolume represents a vSphere volume attached 4274 and mounted on kubelets host machine 4275 properties: 4276 fsType: 4277 description: fsType is filesystem type to mount. Must 4278 be a filesystem type supported by the host operating 4279 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 4280 to be "ext4" if unspecified. 4281 type: string 4282 storagePolicyID: 4283 description: storagePolicyID is the storage Policy Based 4284 Management (SPBM) profile ID associated with the StoragePolicyName. 4285 type: string 4286 storagePolicyName: 4287 description: storagePolicyName is the storage Policy 4288 Based Management (SPBM) profile name. 4289 type: string 4290 volumePath: 4291 description: volumePath is the path that identifies 4292 vSphere volume vmdk 4293 type: string 4294 required: 4295 - volumePath 4296 type: object 4297 required: 4298 - name 4299 type: object 4300 type: array 4301 hostNetwork: 4302 type: boolean 4303 image: 4304 type: string 4305 imagePullPolicy: 4306 description: PullPolicy describes a policy for if/when to pull 4307 a container image 4308 type: string 4309 imagePullSecrets: 4310 items: 4311 description: LocalObjectReference contains enough information 4312 to let you locate the referenced object inside the same namespace. 4313 properties: 4314 name: 4315 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4316 TODO: Add other useful fields. apiVersion, kind, uid?' 4317 type: string 4318 type: object 4319 type: array 4320 initContainers: 4321 items: 4322 description: A single application container that you want to 4323 run within a pod. 4324 properties: 4325 args: 4326 description: 'Arguments to the entrypoint. The container 4327 image''s CMD is used if this is not provided. Variable 4328 references $(VAR_NAME) are expanded using the container''s 4329 environment. If a variable cannot be resolved, the reference 4330 in the input string will be unchanged. Double $$ are reduced 4331 to a single $, which allows for escaping the $(VAR_NAME) 4332 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 4333 "$(VAR_NAME)". Escaped references will never be expanded, 4334 regardless of whether the variable exists or not. Cannot 4335 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4336 items: 4337 type: string 4338 type: array 4339 command: 4340 description: 'Entrypoint array. Not executed within a shell. 4341 The container image''s ENTRYPOINT is used if this is not 4342 provided. Variable references $(VAR_NAME) are expanded 4343 using the container''s environment. If a variable cannot 4344 be resolved, the reference in the input string will be 4345 unchanged. Double $$ are reduced to a single $, which 4346 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4347 will produce the string literal "$(VAR_NAME)". Escaped 4348 references will never be expanded, regardless of whether 4349 the variable exists or not. Cannot be updated. More info: 4350 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4351 items: 4352 type: string 4353 type: array 4354 env: 4355 description: List of environment variables to set in the 4356 container. Cannot be updated. 4357 items: 4358 description: EnvVar represents an environment variable 4359 present in a Container. 4360 properties: 4361 name: 4362 description: Name of the environment variable. Must 4363 be a C_IDENTIFIER. 4364 type: string 4365 value: 4366 description: 'Variable references $(VAR_NAME) are 4367 expanded using the previously defined environment 4368 variables in the container and any service environment 4369 variables. If a variable cannot be resolved, the 4370 reference in the input string will be unchanged. 4371 Double $$ are reduced to a single $, which allows 4372 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4373 will produce the string literal "$(VAR_NAME)". Escaped 4374 references will never be expanded, regardless of 4375 whether the variable exists or not. Defaults to 4376 "".' 4377 type: string 4378 valueFrom: 4379 description: Source for the environment variable's 4380 value. Cannot be used if value is not empty. 4381 properties: 4382 configMapKeyRef: 4383 description: Selects a key of a ConfigMap. 4384 properties: 4385 key: 4386 description: The key to select. 4387 type: string 4388 name: 4389 description: 'Name of the referent. More info: 4390 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4391 TODO: Add other useful fields. apiVersion, 4392 kind, uid?' 4393 type: string 4394 optional: 4395 description: Specify whether the ConfigMap 4396 or its key must be defined 4397 type: boolean 4398 required: 4399 - key 4400 type: object 4401 fieldRef: 4402 description: 'Selects a field of the pod: supports 4403 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 4404 `metadata.annotations[''<KEY>'']`, spec.nodeName, 4405 spec.serviceAccountName, status.hostIP, status.podIP, 4406 status.podIPs.' 4407 properties: 4408 apiVersion: 4409 description: Version of the schema the FieldPath 4410 is written in terms of, defaults to "v1". 4411 type: string 4412 fieldPath: 4413 description: Path of the field to select in 4414 the specified API version. 4415 type: string 4416 required: 4417 - fieldPath 4418 type: object 4419 resourceFieldRef: 4420 description: 'Selects a resource of the container: 4421 only resources limits and requests (limits.cpu, 4422 limits.memory, limits.ephemeral-storage, requests.cpu, 4423 requests.memory and requests.ephemeral-storage) 4424 are currently supported.' 4425 properties: 4426 containerName: 4427 description: 'Container name: required for 4428 volumes, optional for env vars' 4429 type: string 4430 divisor: 4431 anyOf: 4432 - type: integer 4433 - type: string 4434 description: Specifies the output format of 4435 the exposed resources, defaults to "1" 4436 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4437 x-kubernetes-int-or-string: true 4438 resource: 4439 description: 'Required: resource to select' 4440 type: string 4441 required: 4442 - resource 4443 type: object 4444 secretKeyRef: 4445 description: Selects a key of a secret in the 4446 pod's namespace 4447 properties: 4448 key: 4449 description: The key of the secret to select 4450 from. Must be a valid secret key. 4451 type: string 4452 name: 4453 description: 'Name of the referent. More info: 4454 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4455 TODO: Add other useful fields. apiVersion, 4456 kind, uid?' 4457 type: string 4458 optional: 4459 description: Specify whether the Secret or 4460 its key must be defined 4461 type: boolean 4462 required: 4463 - key 4464 type: object 4465 type: object 4466 required: 4467 - name 4468 type: object 4469 type: array 4470 envFrom: 4471 description: List of sources to populate environment variables 4472 in the container. The keys defined within a source must 4473 be a C_IDENTIFIER. All invalid keys will be reported as 4474 an event when the container is starting. When a key exists 4475 in multiple sources, the value associated with the last 4476 source will take precedence. Values defined by an Env 4477 with a duplicate key will take precedence. Cannot be updated. 4478 items: 4479 description: EnvFromSource represents the source of a 4480 set of ConfigMaps 4481 properties: 4482 configMapRef: 4483 description: The ConfigMap to select from 4484 properties: 4485 name: 4486 description: 'Name of the referent. More info: 4487 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4488 TODO: Add other useful fields. apiVersion, kind, 4489 uid?' 4490 type: string 4491 optional: 4492 description: Specify whether the ConfigMap must 4493 be defined 4494 type: boolean 4495 type: object 4496 prefix: 4497 description: An optional identifier to prepend to 4498 each key in the ConfigMap. Must be a C_IDENTIFIER. 4499 type: string 4500 secretRef: 4501 description: The Secret to select from 4502 properties: 4503 name: 4504 description: 'Name of the referent. More info: 4505 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4506 TODO: Add other useful fields. apiVersion, kind, 4507 uid?' 4508 type: string 4509 optional: 4510 description: Specify whether the Secret must be 4511 defined 4512 type: boolean 4513 type: object 4514 type: object 4515 type: array 4516 image: 4517 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 4518 This field is optional to allow higher level config management 4519 to default or override container images in workload controllers 4520 like Deployments and StatefulSets.' 4521 type: string 4522 imagePullPolicy: 4523 description: 'Image pull policy. One of Always, Never, IfNotPresent. 4524 Defaults to Always if :latest tag is specified, or IfNotPresent 4525 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4526 type: string 4527 lifecycle: 4528 description: Actions that the management system should take 4529 in response to container lifecycle events. Cannot be updated. 4530 properties: 4531 postStart: 4532 description: 'PostStart is called immediately after 4533 a container is created. If the handler fails, the 4534 container is terminated and restarted according to 4535 its restart policy. Other management of the container 4536 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4537 properties: 4538 exec: 4539 description: Exec specifies the action to take. 4540 properties: 4541 command: 4542 description: Command is the command line to 4543 execute inside the container, the working 4544 directory for the command is root ('/') in 4545 the container's filesystem. The command is 4546 simply exec'd, it is not run inside a shell, 4547 so traditional shell instructions ('|', etc) 4548 won't work. To use a shell, you need to explicitly 4549 call out to that shell. Exit status of 0 is 4550 treated as live/healthy and non-zero is unhealthy. 4551 items: 4552 type: string 4553 type: array 4554 type: object 4555 httpGet: 4556 description: HTTPGet specifies the http request 4557 to perform. 4558 properties: 4559 host: 4560 description: Host name to connect to, defaults 4561 to the pod IP. You probably want to set "Host" 4562 in httpHeaders instead. 4563 type: string 4564 httpHeaders: 4565 description: Custom headers to set in the request. 4566 HTTP allows repeated headers. 4567 items: 4568 description: HTTPHeader describes a custom 4569 header to be used in HTTP probes 4570 properties: 4571 name: 4572 description: The header field name 4573 type: string 4574 value: 4575 description: The header field value 4576 type: string 4577 required: 4578 - name 4579 - value 4580 type: object 4581 type: array 4582 path: 4583 description: Path to access on the HTTP server. 4584 type: string 4585 port: 4586 anyOf: 4587 - type: integer 4588 - type: string 4589 description: Name or number of the port to access 4590 on the container. Number must be in the range 4591 1 to 65535. Name must be an IANA_SVC_NAME. 4592 x-kubernetes-int-or-string: true 4593 scheme: 4594 description: Scheme to use for connecting to 4595 the host. Defaults to HTTP. 4596 type: string 4597 required: 4598 - port 4599 type: object 4600 tcpSocket: 4601 description: Deprecated. TCPSocket is NOT supported 4602 as a LifecycleHandler and kept for the backward 4603 compatibility. There are no validation of this 4604 field and lifecycle hooks will fail in runtime 4605 when tcp handler is specified. 4606 properties: 4607 host: 4608 description: 'Optional: Host name to connect 4609 to, defaults to the pod IP.' 4610 type: string 4611 port: 4612 anyOf: 4613 - type: integer 4614 - type: string 4615 description: Number or name of the port to access 4616 on the container. Number must be in the range 4617 1 to 65535. Name must be an IANA_SVC_NAME. 4618 x-kubernetes-int-or-string: true 4619 required: 4620 - port 4621 type: object 4622 type: object 4623 preStop: 4624 description: 'PreStop is called immediately before a 4625 container is terminated due to an API request or management 4626 event such as liveness/startup probe failure, preemption, 4627 resource contention, etc. The handler is not called 4628 if the container crashes or exits. The Pod''s termination 4629 grace period countdown begins before the PreStop hook 4630 is executed. Regardless of the outcome of the handler, 4631 the container will eventually terminate within the 4632 Pod''s termination grace period (unless delayed by 4633 finalizers). Other management of the container blocks 4634 until the hook completes or until the termination 4635 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4636 properties: 4637 exec: 4638 description: Exec specifies the action to take. 4639 properties: 4640 command: 4641 description: Command is the command line to 4642 execute inside the container, the working 4643 directory for the command is root ('/') in 4644 the container's filesystem. The command is 4645 simply exec'd, it is not run inside a shell, 4646 so traditional shell instructions ('|', etc) 4647 won't work. To use a shell, you need to explicitly 4648 call out to that shell. Exit status of 0 is 4649 treated as live/healthy and non-zero is unhealthy. 4650 items: 4651 type: string 4652 type: array 4653 type: object 4654 httpGet: 4655 description: HTTPGet specifies the http request 4656 to perform. 4657 properties: 4658 host: 4659 description: Host name to connect to, defaults 4660 to the pod IP. You probably want to set "Host" 4661 in httpHeaders instead. 4662 type: string 4663 httpHeaders: 4664 description: Custom headers to set in the request. 4665 HTTP allows repeated headers. 4666 items: 4667 description: HTTPHeader describes a custom 4668 header to be used in HTTP probes 4669 properties: 4670 name: 4671 description: The header field name 4672 type: string 4673 value: 4674 description: The header field value 4675 type: string 4676 required: 4677 - name 4678 - value 4679 type: object 4680 type: array 4681 path: 4682 description: Path to access on the HTTP server. 4683 type: string 4684 port: 4685 anyOf: 4686 - type: integer 4687 - type: string 4688 description: Name or number of the port to access 4689 on the container. Number must be in the range 4690 1 to 65535. Name must be an IANA_SVC_NAME. 4691 x-kubernetes-int-or-string: true 4692 scheme: 4693 description: Scheme to use for connecting to 4694 the host. Defaults to HTTP. 4695 type: string 4696 required: 4697 - port 4698 type: object 4699 tcpSocket: 4700 description: Deprecated. TCPSocket is NOT supported 4701 as a LifecycleHandler and kept for the backward 4702 compatibility. There are no validation of this 4703 field and lifecycle hooks will fail in runtime 4704 when tcp handler is specified. 4705 properties: 4706 host: 4707 description: 'Optional: Host name to connect 4708 to, defaults to the pod IP.' 4709 type: string 4710 port: 4711 anyOf: 4712 - type: integer 4713 - type: string 4714 description: Number or name of the port to access 4715 on the container. Number must be in the range 4716 1 to 65535. Name must be an IANA_SVC_NAME. 4717 x-kubernetes-int-or-string: true 4718 required: 4719 - port 4720 type: object 4721 type: object 4722 type: object 4723 livenessProbe: 4724 description: 'Periodic probe of container liveness. Container 4725 will be restarted if the probe fails. Cannot be updated. 4726 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4727 properties: 4728 exec: 4729 description: Exec specifies the action to take. 4730 properties: 4731 command: 4732 description: Command is the command line to execute 4733 inside the container, the working directory for 4734 the command is root ('/') in the container's 4735 filesystem. The command is simply exec'd, it is 4736 not run inside a shell, so traditional shell instructions 4737 ('|', etc) won't work. To use a shell, you need 4738 to explicitly call out to that shell. Exit status 4739 of 0 is treated as live/healthy and non-zero is 4740 unhealthy. 4741 items: 4742 type: string 4743 type: array 4744 type: object 4745 failureThreshold: 4746 description: Minimum consecutive failures for the probe 4747 to be considered failed after having succeeded. Defaults 4748 to 3. Minimum value is 1. 4749 format: int32 4750 type: integer 4751 grpc: 4752 description: GRPC specifies an action involving a GRPC 4753 port. This is a beta field and requires enabling GRPCContainerProbe 4754 feature gate. 4755 properties: 4756 port: 4757 description: Port number of the gRPC service. Number 4758 must be in the range 1 to 65535. 4759 format: int32 4760 type: integer 4761 service: 4762 description: "Service is the name of the service 4763 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4764 \n If this is not specified, the default behavior 4765 is defined by gRPC." 4766 type: string 4767 required: 4768 - port 4769 type: object 4770 httpGet: 4771 description: HTTPGet specifies the http request to perform. 4772 properties: 4773 host: 4774 description: Host name to connect to, defaults to 4775 the pod IP. You probably want to set "Host" in 4776 httpHeaders instead. 4777 type: string 4778 httpHeaders: 4779 description: Custom headers to set in the request. 4780 HTTP allows repeated headers. 4781 items: 4782 description: HTTPHeader describes a custom header 4783 to be used in HTTP probes 4784 properties: 4785 name: 4786 description: The header field name 4787 type: string 4788 value: 4789 description: The header field value 4790 type: string 4791 required: 4792 - name 4793 - value 4794 type: object 4795 type: array 4796 path: 4797 description: Path to access on the HTTP server. 4798 type: string 4799 port: 4800 anyOf: 4801 - type: integer 4802 - type: string 4803 description: Name or number of the port to access 4804 on the container. Number must be in the range 4805 1 to 65535. Name must be an IANA_SVC_NAME. 4806 x-kubernetes-int-or-string: true 4807 scheme: 4808 description: Scheme to use for connecting to the 4809 host. Defaults to HTTP. 4810 type: string 4811 required: 4812 - port 4813 type: object 4814 initialDelaySeconds: 4815 description: 'Number of seconds after the container 4816 has started before liveness probes are initiated. 4817 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4818 format: int32 4819 type: integer 4820 periodSeconds: 4821 description: How often (in seconds) to perform the probe. 4822 Default to 10 seconds. Minimum value is 1. 4823 format: int32 4824 type: integer 4825 successThreshold: 4826 description: Minimum consecutive successes for the probe 4827 to be considered successful after having failed. Defaults 4828 to 1. Must be 1 for liveness and startup. Minimum 4829 value is 1. 4830 format: int32 4831 type: integer 4832 tcpSocket: 4833 description: TCPSocket specifies an action involving 4834 a TCP port. 4835 properties: 4836 host: 4837 description: 'Optional: Host name to connect to, 4838 defaults to the pod IP.' 4839 type: string 4840 port: 4841 anyOf: 4842 - type: integer 4843 - type: string 4844 description: Number or name of the port to access 4845 on the container. Number must be in the range 4846 1 to 65535. Name must be an IANA_SVC_NAME. 4847 x-kubernetes-int-or-string: true 4848 required: 4849 - port 4850 type: object 4851 terminationGracePeriodSeconds: 4852 description: Optional duration in seconds the pod needs 4853 to terminate gracefully upon probe failure. The grace 4854 period is the duration in seconds after the processes 4855 running in the pod are sent a termination signal and 4856 the time when the processes are forcibly halted with 4857 a kill signal. Set this value longer than the expected 4858 cleanup time for your process. If this value is nil, 4859 the pod's terminationGracePeriodSeconds will be used. 4860 Otherwise, this value overrides the value provided 4861 by the pod spec. Value must be non-negative integer. 4862 The value zero indicates stop immediately via the 4863 kill signal (no opportunity to shut down). This is 4864 a beta field and requires enabling ProbeTerminationGracePeriod 4865 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4866 is used if unset. 4867 format: int64 4868 type: integer 4869 timeoutSeconds: 4870 description: 'Number of seconds after which the probe 4871 times out. Defaults to 1 second. Minimum value is 4872 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4873 format: int32 4874 type: integer 4875 type: object 4876 name: 4877 description: Name of the container specified as a DNS_LABEL. 4878 Each container in a pod must have a unique name (DNS_LABEL). 4879 Cannot be updated. 4880 type: string 4881 ports: 4882 description: List of ports to expose from the container. 4883 Exposing a port here gives the system additional information 4884 about the network connections a container uses, but is 4885 primarily informational. Not specifying a port here DOES 4886 NOT prevent that port from being exposed. Any port which 4887 is listening on the default "0.0.0.0" address inside a 4888 container will be accessible from the network. Cannot 4889 be updated. 4890 items: 4891 description: ContainerPort represents a network port in 4892 a single container. 4893 properties: 4894 containerPort: 4895 description: Number of port to expose on the pod's 4896 IP address. This must be a valid port number, 0 4897 < x < 65536. 4898 format: int32 4899 type: integer 4900 hostIP: 4901 description: What host IP to bind the external port 4902 to. 4903 type: string 4904 hostPort: 4905 description: Number of port to expose on the host. 4906 If specified, this must be a valid port number, 4907 0 < x < 65536. If HostNetwork is specified, this 4908 must match ContainerPort. Most containers do not 4909 need this. 4910 format: int32 4911 type: integer 4912 name: 4913 description: If specified, this must be an IANA_SVC_NAME 4914 and unique within the pod. Each named port in a 4915 pod must have a unique name. Name for the port that 4916 can be referred to by services. 4917 type: string 4918 protocol: 4919 default: TCP 4920 description: Protocol for port. Must be UDP, TCP, 4921 or SCTP. Defaults to "TCP". 4922 type: string 4923 required: 4924 - containerPort 4925 type: object 4926 type: array 4927 x-kubernetes-list-map-keys: 4928 - containerPort 4929 - protocol 4930 x-kubernetes-list-type: map 4931 readinessProbe: 4932 description: 'Periodic probe of container service readiness. 4933 Container will be removed from service endpoints if the 4934 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4935 properties: 4936 exec: 4937 description: Exec specifies the action to take. 4938 properties: 4939 command: 4940 description: Command is the command line to execute 4941 inside the container, the working directory for 4942 the command is root ('/') in the container's 4943 filesystem. The command is simply exec'd, it is 4944 not run inside a shell, so traditional shell instructions 4945 ('|', etc) won't work. To use a shell, you need 4946 to explicitly call out to that shell. Exit status 4947 of 0 is treated as live/healthy and non-zero is 4948 unhealthy. 4949 items: 4950 type: string 4951 type: array 4952 type: object 4953 failureThreshold: 4954 description: Minimum consecutive failures for the probe 4955 to be considered failed after having succeeded. Defaults 4956 to 3. Minimum value is 1. 4957 format: int32 4958 type: integer 4959 grpc: 4960 description: GRPC specifies an action involving a GRPC 4961 port. This is a beta field and requires enabling GRPCContainerProbe 4962 feature gate. 4963 properties: 4964 port: 4965 description: Port number of the gRPC service. Number 4966 must be in the range 1 to 65535. 4967 format: int32 4968 type: integer 4969 service: 4970 description: "Service is the name of the service 4971 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4972 \n If this is not specified, the default behavior 4973 is defined by gRPC." 4974 type: string 4975 required: 4976 - port 4977 type: object 4978 httpGet: 4979 description: HTTPGet specifies the http request to perform. 4980 properties: 4981 host: 4982 description: Host name to connect to, defaults to 4983 the pod IP. You probably want to set "Host" in 4984 httpHeaders instead. 4985 type: string 4986 httpHeaders: 4987 description: Custom headers to set in the request. 4988 HTTP allows repeated headers. 4989 items: 4990 description: HTTPHeader describes a custom header 4991 to be used in HTTP probes 4992 properties: 4993 name: 4994 description: The header field name 4995 type: string 4996 value: 4997 description: The header field value 4998 type: string 4999 required: 5000 - name 5001 - value 5002 type: object 5003 type: array 5004 path: 5005 description: Path to access on the HTTP server. 5006 type: string 5007 port: 5008 anyOf: 5009 - type: integer 5010 - type: string 5011 description: Name or number of the port to access 5012 on the container. Number must be in the range 5013 1 to 65535. Name must be an IANA_SVC_NAME. 5014 x-kubernetes-int-or-string: true 5015 scheme: 5016 description: Scheme to use for connecting to the 5017 host. Defaults to HTTP. 5018 type: string 5019 required: 5020 - port 5021 type: object 5022 initialDelaySeconds: 5023 description: 'Number of seconds after the container 5024 has started before liveness probes are initiated. 5025 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5026 format: int32 5027 type: integer 5028 periodSeconds: 5029 description: How often (in seconds) to perform the probe. 5030 Default to 10 seconds. Minimum value is 1. 5031 format: int32 5032 type: integer 5033 successThreshold: 5034 description: Minimum consecutive successes for the probe 5035 to be considered successful after having failed. Defaults 5036 to 1. Must be 1 for liveness and startup. Minimum 5037 value is 1. 5038 format: int32 5039 type: integer 5040 tcpSocket: 5041 description: TCPSocket specifies an action involving 5042 a TCP port. 5043 properties: 5044 host: 5045 description: 'Optional: Host name to connect to, 5046 defaults to the pod IP.' 5047 type: string 5048 port: 5049 anyOf: 5050 - type: integer 5051 - type: string 5052 description: Number or name of the port to access 5053 on the container. Number must be in the range 5054 1 to 65535. Name must be an IANA_SVC_NAME. 5055 x-kubernetes-int-or-string: true 5056 required: 5057 - port 5058 type: object 5059 terminationGracePeriodSeconds: 5060 description: Optional duration in seconds the pod needs 5061 to terminate gracefully upon probe failure. The grace 5062 period is the duration in seconds after the processes 5063 running in the pod are sent a termination signal and 5064 the time when the processes are forcibly halted with 5065 a kill signal. Set this value longer than the expected 5066 cleanup time for your process. If this value is nil, 5067 the pod's terminationGracePeriodSeconds will be used. 5068 Otherwise, this value overrides the value provided 5069 by the pod spec. Value must be non-negative integer. 5070 The value zero indicates stop immediately via the 5071 kill signal (no opportunity to shut down). This is 5072 a beta field and requires enabling ProbeTerminationGracePeriod 5073 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5074 is used if unset. 5075 format: int64 5076 type: integer 5077 timeoutSeconds: 5078 description: 'Number of seconds after which the probe 5079 times out. Defaults to 1 second. Minimum value is 5080 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5081 format: int32 5082 type: integer 5083 type: object 5084 resources: 5085 description: 'Compute Resources required by this container. 5086 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5087 properties: 5088 limits: 5089 additionalProperties: 5090 anyOf: 5091 - type: integer 5092 - type: string 5093 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5094 x-kubernetes-int-or-string: true 5095 description: 'Limits describes the maximum amount of 5096 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5097 type: object 5098 requests: 5099 additionalProperties: 5100 anyOf: 5101 - type: integer 5102 - type: string 5103 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5104 x-kubernetes-int-or-string: true 5105 description: 'Requests describes the minimum amount 5106 of compute resources required. If Requests is omitted 5107 for a container, it defaults to Limits if that is 5108 explicitly specified, otherwise to an implementation-defined 5109 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5110 type: object 5111 type: object 5112 securityContext: 5113 description: 'SecurityContext defines the security options 5114 the container should be run with. If set, the fields of 5115 SecurityContext override the equivalent fields of PodSecurityContext. 5116 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5117 properties: 5118 allowPrivilegeEscalation: 5119 description: 'AllowPrivilegeEscalation controls whether 5120 a process can gain more privileges than its parent 5121 process. This bool directly controls if the no_new_privs 5122 flag will be set on the container process. AllowPrivilegeEscalation 5123 is true always when the container is: 1) run as Privileged 5124 2) has CAP_SYS_ADMIN Note that this field cannot be 5125 set when spec.os.name is windows.' 5126 type: boolean 5127 capabilities: 5128 description: The capabilities to add/drop when running 5129 containers. Defaults to the default set of capabilities 5130 granted by the container runtime. Note that this field 5131 cannot be set when spec.os.name is windows. 5132 properties: 5133 add: 5134 description: Added capabilities 5135 items: 5136 description: Capability represent POSIX capabilities 5137 type 5138 type: string 5139 type: array 5140 drop: 5141 description: Removed capabilities 5142 items: 5143 description: Capability represent POSIX capabilities 5144 type 5145 type: string 5146 type: array 5147 type: object 5148 privileged: 5149 description: Run container in privileged mode. Processes 5150 in privileged containers are essentially equivalent 5151 to root on the host. Defaults to false. Note that 5152 this field cannot be set when spec.os.name is windows. 5153 type: boolean 5154 procMount: 5155 description: procMount denotes the type of proc mount 5156 to use for the containers. The default is DefaultProcMount 5157 which uses the container runtime defaults for readonly 5158 paths and masked paths. This requires the ProcMountType 5159 feature flag to be enabled. Note that this field cannot 5160 be set when spec.os.name is windows. 5161 type: string 5162 readOnlyRootFilesystem: 5163 description: Whether this container has a read-only 5164 root filesystem. Default is false. Note that this 5165 field cannot be set when spec.os.name is windows. 5166 type: boolean 5167 runAsGroup: 5168 description: The GID to run the entrypoint of the container 5169 process. Uses runtime default if unset. May also be 5170 set in PodSecurityContext. If set in both SecurityContext 5171 and PodSecurityContext, the value specified in SecurityContext 5172 takes precedence. Note that this field cannot be set 5173 when spec.os.name is windows. 5174 format: int64 5175 type: integer 5176 runAsNonRoot: 5177 description: Indicates that the container must run as 5178 a non-root user. If true, the Kubelet will validate 5179 the image at runtime to ensure that it does not run 5180 as UID 0 (root) and fail to start the container if 5181 it does. If unset or false, no such validation will 5182 be performed. May also be set in PodSecurityContext. If 5183 set in both SecurityContext and PodSecurityContext, 5184 the value specified in SecurityContext takes precedence. 5185 type: boolean 5186 runAsUser: 5187 description: The UID to run the entrypoint of the container 5188 process. Defaults to user specified in image metadata 5189 if unspecified. May also be set in PodSecurityContext. If 5190 set in both SecurityContext and PodSecurityContext, 5191 the value specified in SecurityContext takes precedence. 5192 Note that this field cannot be set when spec.os.name 5193 is windows. 5194 format: int64 5195 type: integer 5196 seLinuxOptions: 5197 description: The SELinux context to be applied to the 5198 container. If unspecified, the container runtime will 5199 allocate a random SELinux context for each container. May 5200 also be set in PodSecurityContext. If set in both 5201 SecurityContext and PodSecurityContext, the value 5202 specified in SecurityContext takes precedence. Note 5203 that this field cannot be set when spec.os.name is 5204 windows. 5205 properties: 5206 level: 5207 description: Level is SELinux level label that applies 5208 to the container. 5209 type: string 5210 role: 5211 description: Role is a SELinux role label that applies 5212 to the container. 5213 type: string 5214 type: 5215 description: Type is a SELinux type label that applies 5216 to the container. 5217 type: string 5218 user: 5219 description: User is a SELinux user label that applies 5220 to the container. 5221 type: string 5222 type: object 5223 seccompProfile: 5224 description: The seccomp options to use by this container. 5225 If seccomp options are provided at both the pod & 5226 container level, the container options override the 5227 pod options. Note that this field cannot be set when 5228 spec.os.name is windows. 5229 properties: 5230 localhostProfile: 5231 description: localhostProfile indicates a profile 5232 defined in a file on the node should be used. 5233 The profile must be preconfigured on the node 5234 to work. Must be a descending path, relative to 5235 the kubelet's configured seccomp profile location. 5236 Must only be set if type is "Localhost". 5237 type: string 5238 type: 5239 description: "type indicates which kind of seccomp 5240 profile will be applied. Valid options are: \n 5241 Localhost - a profile defined in a file on the 5242 node should be used. RuntimeDefault - the container 5243 runtime default profile should be used. Unconfined 5244 - no profile should be applied." 5245 type: string 5246 required: 5247 - type 5248 type: object 5249 windowsOptions: 5250 description: The Windows specific settings applied to 5251 all containers. If unspecified, the options from the 5252 PodSecurityContext will be used. If set in both SecurityContext 5253 and PodSecurityContext, the value specified in SecurityContext 5254 takes precedence. Note that this field cannot be set 5255 when spec.os.name is linux. 5256 properties: 5257 gmsaCredentialSpec: 5258 description: GMSACredentialSpec is where the GMSA 5259 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5260 inlines the contents of the GMSA credential spec 5261 named by the GMSACredentialSpecName field. 5262 type: string 5263 gmsaCredentialSpecName: 5264 description: GMSACredentialSpecName is the name 5265 of the GMSA credential spec to use. 5266 type: string 5267 hostProcess: 5268 description: HostProcess determines if a container 5269 should be run as a 'Host Process' container. This 5270 field is alpha-level and will only be honored 5271 by components that enable the WindowsHostProcessContainers 5272 feature flag. Setting this field without the feature 5273 flag will result in errors when validating the 5274 Pod. All of a Pod's containers must have the same 5275 effective HostProcess value (it is not allowed 5276 to have a mix of HostProcess containers and non-HostProcess 5277 containers). In addition, if HostProcess is true 5278 then HostNetwork must also be set to true. 5279 type: boolean 5280 runAsUserName: 5281 description: The UserName in Windows to run the 5282 entrypoint of the container process. Defaults 5283 to the user specified in image metadata if unspecified. 5284 May also be set in PodSecurityContext. If set 5285 in both SecurityContext and PodSecurityContext, 5286 the value specified in SecurityContext takes precedence. 5287 type: string 5288 type: object 5289 type: object 5290 startupProbe: 5291 description: 'StartupProbe indicates that the Pod has successfully 5292 initialized. If specified, no other probes are executed 5293 until this completes successfully. If this probe fails, 5294 the Pod will be restarted, just as if the livenessProbe 5295 failed. This can be used to provide different probe parameters 5296 at the beginning of a Pod''s lifecycle, when it might 5297 take a long time to load data or warm a cache, than during 5298 steady-state operation. This cannot be updated. More info: 5299 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5300 properties: 5301 exec: 5302 description: Exec specifies the action to take. 5303 properties: 5304 command: 5305 description: Command is the command line to execute 5306 inside the container, the working directory for 5307 the command is root ('/') in the container's 5308 filesystem. The command is simply exec'd, it is 5309 not run inside a shell, so traditional shell instructions 5310 ('|', etc) won't work. To use a shell, you need 5311 to explicitly call out to that shell. Exit status 5312 of 0 is treated as live/healthy and non-zero is 5313 unhealthy. 5314 items: 5315 type: string 5316 type: array 5317 type: object 5318 failureThreshold: 5319 description: Minimum consecutive failures for the probe 5320 to be considered failed after having succeeded. Defaults 5321 to 3. Minimum value is 1. 5322 format: int32 5323 type: integer 5324 grpc: 5325 description: GRPC specifies an action involving a GRPC 5326 port. This is a beta field and requires enabling GRPCContainerProbe 5327 feature gate. 5328 properties: 5329 port: 5330 description: Port number of the gRPC service. Number 5331 must be in the range 1 to 65535. 5332 format: int32 5333 type: integer 5334 service: 5335 description: "Service is the name of the service 5336 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5337 \n If this is not specified, the default behavior 5338 is defined by gRPC." 5339 type: string 5340 required: 5341 - port 5342 type: object 5343 httpGet: 5344 description: HTTPGet specifies the http request to perform. 5345 properties: 5346 host: 5347 description: Host name to connect to, defaults to 5348 the pod IP. You probably want to set "Host" in 5349 httpHeaders instead. 5350 type: string 5351 httpHeaders: 5352 description: Custom headers to set in the request. 5353 HTTP allows repeated headers. 5354 items: 5355 description: HTTPHeader describes a custom header 5356 to be used in HTTP probes 5357 properties: 5358 name: 5359 description: The header field name 5360 type: string 5361 value: 5362 description: The header field value 5363 type: string 5364 required: 5365 - name 5366 - value 5367 type: object 5368 type: array 5369 path: 5370 description: Path to access on the HTTP server. 5371 type: string 5372 port: 5373 anyOf: 5374 - type: integer 5375 - type: string 5376 description: Name or number of the port to access 5377 on the container. Number must be in the range 5378 1 to 65535. Name must be an IANA_SVC_NAME. 5379 x-kubernetes-int-or-string: true 5380 scheme: 5381 description: Scheme to use for connecting to the 5382 host. Defaults to HTTP. 5383 type: string 5384 required: 5385 - port 5386 type: object 5387 initialDelaySeconds: 5388 description: 'Number of seconds after the container 5389 has started before liveness probes are initiated. 5390 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5391 format: int32 5392 type: integer 5393 periodSeconds: 5394 description: How often (in seconds) to perform the probe. 5395 Default to 10 seconds. Minimum value is 1. 5396 format: int32 5397 type: integer 5398 successThreshold: 5399 description: Minimum consecutive successes for the probe 5400 to be considered successful after having failed. Defaults 5401 to 1. Must be 1 for liveness and startup. Minimum 5402 value is 1. 5403 format: int32 5404 type: integer 5405 tcpSocket: 5406 description: TCPSocket specifies an action involving 5407 a TCP port. 5408 properties: 5409 host: 5410 description: 'Optional: Host name to connect to, 5411 defaults to the pod IP.' 5412 type: string 5413 port: 5414 anyOf: 5415 - type: integer 5416 - type: string 5417 description: Number or name of the port to access 5418 on the container. Number must be in the range 5419 1 to 65535. Name must be an IANA_SVC_NAME. 5420 x-kubernetes-int-or-string: true 5421 required: 5422 - port 5423 type: object 5424 terminationGracePeriodSeconds: 5425 description: Optional duration in seconds the pod needs 5426 to terminate gracefully upon probe failure. The grace 5427 period is the duration in seconds after the processes 5428 running in the pod are sent a termination signal and 5429 the time when the processes are forcibly halted with 5430 a kill signal. Set this value longer than the expected 5431 cleanup time for your process. If this value is nil, 5432 the pod's terminationGracePeriodSeconds will be used. 5433 Otherwise, this value overrides the value provided 5434 by the pod spec. Value must be non-negative integer. 5435 The value zero indicates stop immediately via the 5436 kill signal (no opportunity to shut down). This is 5437 a beta field and requires enabling ProbeTerminationGracePeriod 5438 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5439 is used if unset. 5440 format: int64 5441 type: integer 5442 timeoutSeconds: 5443 description: 'Number of seconds after which the probe 5444 times out. Defaults to 1 second. Minimum value is 5445 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5446 format: int32 5447 type: integer 5448 type: object 5449 stdin: 5450 description: Whether this container should allocate a buffer 5451 for stdin in the container runtime. If this is not set, 5452 reads from stdin in the container will always result in 5453 EOF. Default is false. 5454 type: boolean 5455 stdinOnce: 5456 description: Whether the container runtime should close 5457 the stdin channel after it has been opened by a single 5458 attach. When stdin is true the stdin stream will remain 5459 open across multiple attach sessions. If stdinOnce is 5460 set to true, stdin is opened on container start, is empty 5461 until the first client attaches to stdin, and then remains 5462 open and accepts data until the client disconnects, at 5463 which time stdin is closed and remains closed until the 5464 container is restarted. If this flag is false, a container 5465 processes that reads from stdin will never receive an 5466 EOF. Default is false 5467 type: boolean 5468 terminationMessagePath: 5469 description: 'Optional: Path at which the file to which 5470 the container''s termination message will be written is 5471 mounted into the container''s filesystem. Message written 5472 is intended to be brief final status, such as an assertion 5473 failure message. Will be truncated by the node if greater 5474 than 4096 bytes. The total message length across all containers 5475 will be limited to 12kb. Defaults to /dev/termination-log. 5476 Cannot be updated.' 5477 type: string 5478 terminationMessagePolicy: 5479 description: Indicate how the termination message should 5480 be populated. File will use the contents of terminationMessagePath 5481 to populate the container status message on both success 5482 and failure. FallbackToLogsOnError will use the last chunk 5483 of container log output if the termination message file 5484 is empty and the container exited with an error. The log 5485 output is limited to 2048 bytes or 80 lines, whichever 5486 is smaller. Defaults to File. Cannot be updated. 5487 type: string 5488 tty: 5489 description: Whether this container should allocate a TTY 5490 for itself, also requires 'stdin' to be true. Default 5491 is false. 5492 type: boolean 5493 volumeDevices: 5494 description: volumeDevices is the list of block devices 5495 to be used by the container. 5496 items: 5497 description: volumeDevice describes a mapping of a raw 5498 block device within a container. 5499 properties: 5500 devicePath: 5501 description: devicePath is the path inside of the 5502 container that the device will be mapped to. 5503 type: string 5504 name: 5505 description: name must match the name of a persistentVolumeClaim 5506 in the pod 5507 type: string 5508 required: 5509 - devicePath 5510 - name 5511 type: object 5512 type: array 5513 volumeMounts: 5514 description: Pod volumes to mount into the container's filesystem. 5515 Cannot be updated. 5516 items: 5517 description: VolumeMount describes a mounting of a Volume 5518 within a container. 5519 properties: 5520 mountPath: 5521 description: Path within the container at which the 5522 volume should be mounted. Must not contain ':'. 5523 type: string 5524 mountPropagation: 5525 description: mountPropagation determines how mounts 5526 are propagated from the host to container and the 5527 other way around. When not set, MountPropagationNone 5528 is used. This field is beta in 1.10. 5529 type: string 5530 name: 5531 description: This must match the Name of a Volume. 5532 type: string 5533 readOnly: 5534 description: Mounted read-only if true, read-write 5535 otherwise (false or unspecified). Defaults to false. 5536 type: boolean 5537 subPath: 5538 description: Path within the volume from which the 5539 container's volume should be mounted. Defaults to 5540 "" (volume's root). 5541 type: string 5542 subPathExpr: 5543 description: Expanded path within the volume from 5544 which the container's volume should be mounted. 5545 Behaves similarly to SubPath but environment variable 5546 references $(VAR_NAME) are expanded using the container's 5547 environment. Defaults to "" (volume's root). SubPathExpr 5548 and SubPath are mutually exclusive. 5549 type: string 5550 required: 5551 - mountPath 5552 - name 5553 type: object 5554 type: array 5555 workingDir: 5556 description: Container's working directory. If not specified, 5557 the container runtime's default will be used, which might 5558 be configured in the container image. Cannot be updated. 5559 type: string 5560 required: 5561 - name 5562 type: object 5563 type: array 5564 nodeSelector: 5565 additionalProperties: 5566 type: string 5567 type: object 5568 podAnnotations: 5569 additionalProperties: 5570 type: string 5571 type: object 5572 port: 5573 format: int32 5574 type: integer 5575 priorityClassName: 5576 type: string 5577 replicas: 5578 format: int32 5579 type: integer 5580 resources: 5581 description: ResourceRequirements describes the compute resource 5582 requirements. 5583 properties: 5584 limits: 5585 additionalProperties: 5586 anyOf: 5587 - type: integer 5588 - type: string 5589 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5590 x-kubernetes-int-or-string: true 5591 description: 'Limits describes the maximum amount of compute 5592 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5593 type: object 5594 requests: 5595 additionalProperties: 5596 anyOf: 5597 - type: integer 5598 - type: string 5599 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5600 x-kubernetes-int-or-string: true 5601 description: 'Requests describes the minimum amount of compute 5602 resources required. If Requests is omitted for a container, 5603 it defaults to Limits if that is explicitly specified, otherwise 5604 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5605 type: object 5606 type: object 5607 securityContext: 5608 description: PodSecurityContext holds pod-level security attributes 5609 and common container settings. Some fields are also present 5610 in container.securityContext. Field values of container.securityContext 5611 take precedence over field values of PodSecurityContext. 5612 properties: 5613 fsGroup: 5614 description: "A special supplemental group that applies to 5615 all containers in a pod. Some volume types allow the Kubelet 5616 to change the ownership of that volume to be owned by the 5617 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 5618 bit is set (new files created in the volume will be owned 5619 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 5620 \n If unset, the Kubelet will not modify the ownership and 5621 permissions of any volume. Note that this field cannot be 5622 set when spec.os.name is windows." 5623 format: int64 5624 type: integer 5625 fsGroupChangePolicy: 5626 description: 'fsGroupChangePolicy defines behavior of changing 5627 ownership and permission of the volume before being exposed 5628 inside Pod. This field will only apply to volume types which 5629 support fsGroup based ownership(and permissions). It will 5630 have no effect on ephemeral volume types such as: secret, 5631 configmaps and emptydir. Valid values are "OnRootMismatch" 5632 and "Always". If not specified, "Always" is used. Note that 5633 this field cannot be set when spec.os.name is windows.' 5634 type: string 5635 runAsGroup: 5636 description: The GID to run the entrypoint of the container 5637 process. Uses runtime default if unset. May also be set 5638 in SecurityContext. If set in both SecurityContext and 5639 PodSecurityContext, the value specified in SecurityContext 5640 takes precedence for that container. Note that this field 5641 cannot be set when spec.os.name is windows. 5642 format: int64 5643 type: integer 5644 runAsNonRoot: 5645 description: Indicates that the container must run as a non-root 5646 user. If true, the Kubelet will validate the image at runtime 5647 to ensure that it does not run as UID 0 (root) and fail 5648 to start the container if it does. If unset or false, no 5649 such validation will be performed. May also be set in SecurityContext. If 5650 set in both SecurityContext and PodSecurityContext, the 5651 value specified in SecurityContext takes precedence. 5652 type: boolean 5653 runAsUser: 5654 description: The UID to run the entrypoint of the container 5655 process. Defaults to user specified in image metadata if 5656 unspecified. May also be set in SecurityContext. If set 5657 in both SecurityContext and PodSecurityContext, the value 5658 specified in SecurityContext takes precedence for that container. 5659 Note that this field cannot be set when spec.os.name is 5660 windows. 5661 format: int64 5662 type: integer 5663 seLinuxOptions: 5664 description: The SELinux context to be applied to all containers. 5665 If unspecified, the container runtime will allocate a random 5666 SELinux context for each container. May also be set in 5667 SecurityContext. If set in both SecurityContext and PodSecurityContext, 5668 the value specified in SecurityContext takes precedence 5669 for that container. Note that this field cannot be set when 5670 spec.os.name is windows. 5671 properties: 5672 level: 5673 description: Level is SELinux level label that applies 5674 to the container. 5675 type: string 5676 role: 5677 description: Role is a SELinux role label that applies 5678 to the container. 5679 type: string 5680 type: 5681 description: Type is a SELinux type label that applies 5682 to the container. 5683 type: string 5684 user: 5685 description: User is a SELinux user label that applies 5686 to the container. 5687 type: string 5688 type: object 5689 seccompProfile: 5690 description: The seccomp options to use by the containers 5691 in this pod. Note that this field cannot be set when spec.os.name 5692 is windows. 5693 properties: 5694 localhostProfile: 5695 description: localhostProfile indicates a profile defined 5696 in a file on the node should be used. The profile must 5697 be preconfigured on the node to work. Must be a descending 5698 path, relative to the kubelet's configured seccomp profile 5699 location. Must only be set if type is "Localhost". 5700 type: string 5701 type: 5702 description: "type indicates which kind of seccomp profile 5703 will be applied. Valid options are: \n Localhost - a 5704 profile defined in a file on the node should be used. 5705 RuntimeDefault - the container runtime default profile 5706 should be used. Unconfined - no profile should be applied." 5707 type: string 5708 required: 5709 - type 5710 type: object 5711 supplementalGroups: 5712 description: A list of groups applied to the first process 5713 run in each container, in addition to the container's primary 5714 GID. If unspecified, no groups will be added to any container. 5715 Note that this field cannot be set when spec.os.name is 5716 windows. 5717 items: 5718 format: int64 5719 type: integer 5720 type: array 5721 sysctls: 5722 description: Sysctls hold a list of namespaced sysctls used 5723 for the pod. Pods with unsupported sysctls (by the container 5724 runtime) might fail to launch. Note that this field cannot 5725 be set when spec.os.name is windows. 5726 items: 5727 description: Sysctl defines a kernel parameter to be set 5728 properties: 5729 name: 5730 description: Name of a property to set 5731 type: string 5732 value: 5733 description: Value of a property to set 5734 type: string 5735 required: 5736 - name 5737 - value 5738 type: object 5739 type: array 5740 windowsOptions: 5741 description: The Windows specific settings applied to all 5742 containers. If unspecified, the options within a container's 5743 SecurityContext will be used. If set in both SecurityContext 5744 and PodSecurityContext, the value specified in SecurityContext 5745 takes precedence. Note that this field cannot be set when 5746 spec.os.name is linux. 5747 properties: 5748 gmsaCredentialSpec: 5749 description: GMSACredentialSpec is where the GMSA admission 5750 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5751 inlines the contents of the GMSA credential spec named 5752 by the GMSACredentialSpecName field. 5753 type: string 5754 gmsaCredentialSpecName: 5755 description: GMSACredentialSpecName is the name of the 5756 GMSA credential spec to use. 5757 type: string 5758 hostProcess: 5759 description: HostProcess determines if a container should 5760 be run as a 'Host Process' container. This field is 5761 alpha-level and will only be honored by components that 5762 enable the WindowsHostProcessContainers feature flag. 5763 Setting this field without the feature flag will result 5764 in errors when validating the Pod. All of a Pod's containers 5765 must have the same effective HostProcess value (it is 5766 not allowed to have a mix of HostProcess containers 5767 and non-HostProcess containers). In addition, if HostProcess 5768 is true then HostNetwork must also be set to true. 5769 type: boolean 5770 runAsUserName: 5771 description: The UserName in Windows to run the entrypoint 5772 of the container process. Defaults to the user specified 5773 in image metadata if unspecified. May also be set in 5774 PodSecurityContext. If set in both SecurityContext and 5775 PodSecurityContext, the value specified in SecurityContext 5776 takes precedence. 5777 type: string 5778 type: object 5779 type: object 5780 serviceAccountName: 5781 type: string 5782 serviceAnnotations: 5783 additionalProperties: 5784 type: string 5785 type: object 5786 shutdownConfigMap: 5787 type: string 5788 storage: 5789 description: RedisStorage defines the structure used to store 5790 the Redis Data 5791 properties: 5792 emptyDir: 5793 description: Represents an empty directory for a pod. Empty 5794 directory volumes support ownership management and SELinux 5795 relabeling. 5796 properties: 5797 medium: 5798 description: 'medium represents what type of storage medium 5799 should back this directory. The default is "" which 5800 means to use the node''s default medium. Must be an 5801 empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 5802 type: string 5803 sizeLimit: 5804 anyOf: 5805 - type: integer 5806 - type: string 5807 description: 'sizeLimit is the total amount of local storage 5808 required for this EmptyDir volume. The size limit is 5809 also applicable for memory medium. The maximum usage 5810 on memory medium EmptyDir would be the minimum value 5811 between the SizeLimit specified here and the sum of 5812 memory limits of all containers in a pod. The default 5813 is nil which means that the limit is undefined. More 5814 info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 5815 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5816 x-kubernetes-int-or-string: true 5817 type: object 5818 keepAfterDeletion: 5819 type: boolean 5820 persistentVolumeClaim: 5821 description: EmbeddedPersistentVolumeClaim is an embedded 5822 version of k8s.io/api/core/v1.PersistentVolumeClaim. It 5823 contains TypeMeta and a reduced ObjectMeta. 5824 properties: 5825 apiVersion: 5826 description: 'APIVersion defines the versioned schema 5827 of this representation of an object. Servers should 5828 convert recognized schemas to the latest internal value, 5829 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5830 type: string 5831 kind: 5832 description: 'Kind is a string value representing the 5833 REST resource this object represents. Servers may infer 5834 this from the endpoint the client submits requests to. 5835 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5836 type: string 5837 metadata: 5838 description: EmbeddedMetadata contains metadata relevant 5839 to an EmbeddedResource. 5840 properties: 5841 annotations: 5842 additionalProperties: 5843 type: string 5844 description: 'Annotations is an unstructured key value 5845 map stored with a resource that may be set by external 5846 tools to store and retrieve arbitrary metadata. 5847 They are not queryable and should be preserved when 5848 modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 5849 type: object 5850 labels: 5851 additionalProperties: 5852 type: string 5853 description: 'Map of string keys and values that can 5854 be used to organize and categorize (scope and select) 5855 objects. May match selectors of replication controllers 5856 and services. More info: http://kubernetes.io/docs/user-guide/labels' 5857 type: object 5858 name: 5859 description: 'Name must be unique within a namespace. 5860 Is required when creating resources, although some 5861 resources may allow a client to request the generation 5862 of an appropriate name automatically. Name is primarily 5863 intended for creation idempotence and configuration 5864 definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 5865 type: string 5866 type: object 5867 spec: 5868 description: 'Spec defines the desired characteristics 5869 of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 5870 properties: 5871 accessModes: 5872 description: 'accessModes contains the desired access 5873 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 5874 items: 5875 type: string 5876 type: array 5877 dataSource: 5878 description: 'dataSource field can be used to specify 5879 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 5880 * An existing PVC (PersistentVolumeClaim) If the 5881 provisioner or an external controller can support 5882 the specified data source, it will create a new 5883 volume based on the contents of the specified data 5884 source. If the AnyVolumeDataSource feature gate 5885 is enabled, this field will always have the same 5886 contents as the DataSourceRef field.' 5887 properties: 5888 apiGroup: 5889 description: APIGroup is the group for the resource 5890 being referenced. If APIGroup is not specified, 5891 the specified Kind must be in the core API group. 5892 For any other third-party types, APIGroup is 5893 required. 5894 type: string 5895 kind: 5896 description: Kind is the type of resource being 5897 referenced 5898 type: string 5899 name: 5900 description: Name is the name of resource being 5901 referenced 5902 type: string 5903 required: 5904 - kind 5905 - name 5906 type: object 5907 dataSourceRef: 5908 description: 'dataSourceRef specifies the object from 5909 which to populate the volume with data, if a non-empty 5910 volume is desired. This may be any local object 5911 from a non-empty API group (non core object) or 5912 a PersistentVolumeClaim object. When this field 5913 is specified, volume binding will only succeed if 5914 the type of the specified object matches some installed 5915 volume populator or dynamic provisioner. This field 5916 will replace the functionality of the DataSource 5917 field and as such if both fields are non-empty, 5918 they must have the same value. For backwards compatibility, 5919 both fields (DataSource and DataSourceRef) will 5920 be set to the same value automatically if one of 5921 them is empty and the other is non-empty. There 5922 are two important differences between DataSource 5923 and DataSourceRef: * While DataSource only allows 5924 two specific types of objects, DataSourceRef allows 5925 any non-core object, as well as PersistentVolumeClaim 5926 objects. * While DataSource ignores disallowed values 5927 (dropping them), DataSourceRef preserves all values, 5928 and generates an error if a disallowed value is specified. 5929 (Beta) Using this field requires the AnyVolumeDataSource 5930 feature gate to be enabled.' 5931 properties: 5932 apiGroup: 5933 description: APIGroup is the group for the resource 5934 being referenced. If APIGroup is not specified, 5935 the specified Kind must be in the core API group. 5936 For any other third-party types, APIGroup is 5937 required. 5938 type: string 5939 kind: 5940 description: Kind is the type of resource being 5941 referenced 5942 type: string 5943 name: 5944 description: Name is the name of resource being 5945 referenced 5946 type: string 5947 required: 5948 - kind 5949 - name 5950 type: object 5951 resources: 5952 description: 'resources represents the minimum resources 5953 the volume should have. If RecoverVolumeExpansionFailure 5954 feature is enabled users are allowed to specify 5955 resource requirements that are lower than previous 5956 value but must still be higher than capacity recorded 5957 in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 5958 properties: 5959 limits: 5960 additionalProperties: 5961 anyOf: 5962 - type: integer 5963 - type: string 5964 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5965 x-kubernetes-int-or-string: true 5966 description: 'Limits describes the maximum amount 5967 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5968 type: object 5969 requests: 5970 additionalProperties: 5971 anyOf: 5972 - type: integer 5973 - type: string 5974 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5975 x-kubernetes-int-or-string: true 5976 description: 'Requests describes the minimum amount 5977 of compute resources required. If Requests is 5978 omitted for a container, it defaults to Limits 5979 if that is explicitly specified, otherwise to 5980 an implementation-defined value. More info: 5981 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5982 type: object 5983 type: object 5984 selector: 5985 description: selector is a label query over volumes 5986 to consider for binding. 5987 properties: 5988 matchExpressions: 5989 description: matchExpressions is a list of label 5990 selector requirements. The requirements are 5991 ANDed. 5992 items: 5993 description: A label selector requirement is 5994 a selector that contains values, a key, and 5995 an operator that relates the key and values. 5996 properties: 5997 key: 5998 description: key is the label key that the 5999 selector applies to. 6000 type: string 6001 operator: 6002 description: operator represents a key's 6003 relationship to a set of values. Valid 6004 operators are In, NotIn, Exists and DoesNotExist. 6005 type: string 6006 values: 6007 description: values is an array of string 6008 values. If the operator is In or NotIn, 6009 the values array must be non-empty. If 6010 the operator is Exists or DoesNotExist, 6011 the values array must be empty. This array 6012 is replaced during a strategic merge patch. 6013 items: 6014 type: string 6015 type: array 6016 required: 6017 - key 6018 - operator 6019 type: object 6020 type: array 6021 matchLabels: 6022 additionalProperties: 6023 type: string 6024 description: matchLabels is a map of {key,value} 6025 pairs. A single {key,value} in the matchLabels 6026 map is equivalent to an element of matchExpressions, 6027 whose key field is "key", the operator is "In", 6028 and the values array contains only "value". 6029 The requirements are ANDed. 6030 type: object 6031 type: object 6032 storageClassName: 6033 description: 'storageClassName is the name of the 6034 StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6035 type: string 6036 volumeMode: 6037 description: volumeMode defines what type of volume 6038 is required by the claim. Value of Filesystem is 6039 implied when not included in claim spec. 6040 type: string 6041 volumeName: 6042 description: volumeName is the binding reference to 6043 the PersistentVolume backing this claim. 6044 type: string 6045 type: object 6046 status: 6047 description: 'Status represents the current information/status 6048 of a persistent volume claim. Read-only. More info: 6049 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6050 properties: 6051 accessModes: 6052 description: 'accessModes contains the actual access 6053 modes the volume backing the PVC has. More info: 6054 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6055 items: 6056 type: string 6057 type: array 6058 allocatedResources: 6059 additionalProperties: 6060 anyOf: 6061 - type: integer 6062 - type: string 6063 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6064 x-kubernetes-int-or-string: true 6065 description: allocatedResources is the storage resource 6066 within AllocatedResources tracks the capacity allocated 6067 to a PVC. It may be larger than the actual capacity 6068 when a volume expansion operation is requested. 6069 For storage quota, the larger value from allocatedResources 6070 and PVC.spec.resources is used. If allocatedResources 6071 is not set, PVC.spec.resources alone is used for 6072 quota calculation. If a volume expansion capacity 6073 request is lowered, allocatedResources is only lowered 6074 if there are no expansion operations in progress 6075 and if the actual volume capacity is equal or lower 6076 than the requested capacity. This is an alpha field 6077 and requires enabling RecoverVolumeExpansionFailure 6078 feature. 6079 type: object 6080 capacity: 6081 additionalProperties: 6082 anyOf: 6083 - type: integer 6084 - type: string 6085 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6086 x-kubernetes-int-or-string: true 6087 description: capacity represents the actual resources 6088 of the underlying volume. 6089 type: object 6090 conditions: 6091 description: conditions is the current Condition of 6092 persistent volume claim. If underlying persistent 6093 volume is being resized then the Condition will 6094 be set to 'ResizeStarted'. 6095 items: 6096 description: PersistentVolumeClaimCondition contails 6097 details about state of pvc 6098 properties: 6099 lastProbeTime: 6100 description: lastProbeTime is the time we probed 6101 the condition. 6102 format: date-time 6103 type: string 6104 lastTransitionTime: 6105 description: lastTransitionTime is the time 6106 the condition transitioned from one status 6107 to another. 6108 format: date-time 6109 type: string 6110 message: 6111 description: message is the human-readable message 6112 indicating details about last transition. 6113 type: string 6114 reason: 6115 description: reason is a unique, this should 6116 be a short, machine understandable string 6117 that gives the reason for condition's last 6118 transition. If it reports "ResizeStarted" 6119 that means the underlying persistent volume 6120 is being resized. 6121 type: string 6122 status: 6123 type: string 6124 type: 6125 description: PersistentVolumeClaimConditionType 6126 is a valid value of PersistentVolumeClaimCondition.Type 6127 type: string 6128 required: 6129 - status 6130 - type 6131 type: object 6132 type: array 6133 phase: 6134 description: phase represents the current phase of 6135 PersistentVolumeClaim. 6136 type: string 6137 resizeStatus: 6138 description: resizeStatus stores status of resize 6139 operation. ResizeStatus is not set by default but 6140 when expansion is complete resizeStatus is set to 6141 empty string by resize controller or kubelet. This 6142 is an alpha field and requires enabling RecoverVolumeExpansionFailure 6143 feature. 6144 type: string 6145 type: object 6146 type: object 6147 type: object 6148 terminationGracePeriod: 6149 format: int64 6150 type: integer 6151 tolerations: 6152 items: 6153 description: The pod this Toleration is attached to tolerates 6154 any taint that matches the triple <key,value,effect> using 6155 the matching operator <operator>. 6156 properties: 6157 effect: 6158 description: Effect indicates the taint effect to match. 6159 Empty means match all taint effects. When specified, allowed 6160 values are NoSchedule, PreferNoSchedule and NoExecute. 6161 type: string 6162 key: 6163 description: Key is the taint key that the toleration applies 6164 to. Empty means match all taint keys. If the key is empty, 6165 operator must be Exists; this combination means to match 6166 all values and all keys. 6167 type: string 6168 operator: 6169 description: Operator represents a key's relationship to 6170 the value. Valid operators are Exists and Equal. Defaults 6171 to Equal. Exists is equivalent to wildcard for value, 6172 so that a pod can tolerate all taints of a particular 6173 category. 6174 type: string 6175 tolerationSeconds: 6176 description: TolerationSeconds represents the period of 6177 time the toleration (which must be of effect NoExecute, 6178 otherwise this field is ignored) tolerates the taint. 6179 By default, it is not set, which means tolerate the taint 6180 forever (do not evict). Zero and negative values will 6181 be treated as 0 (evict immediately) by the system. 6182 format: int64 6183 type: integer 6184 value: 6185 description: Value is the taint value the toleration matches 6186 to. If the operator is Exists, the value should be empty, 6187 otherwise just a regular string. 6188 type: string 6189 type: object 6190 type: array 6191 topologySpreadConstraints: 6192 items: 6193 description: TopologySpreadConstraint specifies how to spread 6194 matching pods among the given topology. 6195 properties: 6196 labelSelector: 6197 description: LabelSelector is used to find matching pods. 6198 Pods that match this label selector are counted to determine 6199 the number of pods in their corresponding topology domain. 6200 properties: 6201 matchExpressions: 6202 description: matchExpressions is a list of label selector 6203 requirements. The requirements are ANDed. 6204 items: 6205 description: A label selector requirement is a selector 6206 that contains values, a key, and an operator that 6207 relates the key and values. 6208 properties: 6209 key: 6210 description: key is the label key that the selector 6211 applies to. 6212 type: string 6213 operator: 6214 description: operator represents a key's relationship 6215 to a set of values. Valid operators are In, 6216 NotIn, Exists and DoesNotExist. 6217 type: string 6218 values: 6219 description: values is an array of string values. 6220 If the operator is In or NotIn, the values array 6221 must be non-empty. If the operator is Exists 6222 or DoesNotExist, the values array must be empty. 6223 This array is replaced during a strategic merge 6224 patch. 6225 items: 6226 type: string 6227 type: array 6228 required: 6229 - key 6230 - operator 6231 type: object 6232 type: array 6233 matchLabels: 6234 additionalProperties: 6235 type: string 6236 description: matchLabels is a map of {key,value} pairs. 6237 A single {key,value} in the matchLabels map is equivalent 6238 to an element of matchExpressions, whose key field 6239 is "key", the operator is "In", and the values array 6240 contains only "value". The requirements are ANDed. 6241 type: object 6242 type: object 6243 maxSkew: 6244 description: 'MaxSkew describes the degree to which pods 6245 may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 6246 it is the maximum permitted difference between the number 6247 of matching pods in the target topology and the global 6248 minimum. The global minimum is the minimum number of matching 6249 pods in an eligible domain or zero if the number of eligible 6250 domains is less than MinDomains. For example, in a 3-zone 6251 cluster, MaxSkew is set to 1, and pods with the same labelSelector 6252 spread as 2/2/1: In this case, the global minimum is 1. 6253 | zone1 | zone2 | zone3 | | P P | P P | P | - 6254 if MaxSkew is 1, incoming pod can only be scheduled to 6255 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 6256 would make the ActualSkew(3-1) on zone1(zone2) violate 6257 MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled 6258 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 6259 it is used to give higher precedence to topologies that 6260 satisfy it. It''s a required field. Default value is 1 6261 and 0 is not allowed.' 6262 format: int32 6263 type: integer 6264 minDomains: 6265 description: "MinDomains indicates a minimum number of eligible 6266 domains. When the number of eligible domains with matching 6267 topology keys is less than minDomains, Pod Topology Spread 6268 treats \"global minimum\" as 0, and then the calculation 6269 of Skew is performed. And when the number of eligible 6270 domains with matching topology keys equals or greater 6271 than minDomains, this value has no effect on scheduling. 6272 As a result, when the number of eligible domains is less 6273 than minDomains, scheduler won't schedule more than maxSkew 6274 Pods to those domains. If value is nil, the constraint 6275 behaves as if MinDomains is equal to 1. Valid values are 6276 integers greater than 0. When value is not nil, WhenUnsatisfiable 6277 must be DoNotSchedule. \n For example, in a 3-zone cluster, 6278 MaxSkew is set to 2, MinDomains is set to 5 and pods with 6279 the same labelSelector spread as 2/2/2: | zone1 | zone2 6280 | zone3 | | P P | P P | P P | The number of domains 6281 is less than 5(MinDomains), so \"global minimum\" is treated 6282 as 0. In this situation, new pod with the same labelSelector 6283 cannot be scheduled, because computed skew will be 3(3 6284 - 0) if new Pod is scheduled to any of the three zones, 6285 it will violate MaxSkew. \n This is an alpha field and 6286 requires enabling MinDomainsInPodTopologySpread feature 6287 gate." 6288 format: int32 6289 type: integer 6290 topologyKey: 6291 description: TopologyKey is the key of node labels. Nodes 6292 that have a label with this key and identical values are 6293 considered to be in the same topology. We consider each 6294 <key, value> as a "bucket", and try to put balanced number 6295 of pods into each bucket. We define a domain as a particular 6296 instance of a topology. Also, we define an eligible domain 6297 as a domain whose nodes match the node selector. e.g. 6298 If TopologyKey is "kubernetes.io/hostname", each Node 6299 is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", 6300 each zone is a domain of that topology. It's a required 6301 field. 6302 type: string 6303 whenUnsatisfiable: 6304 description: 'WhenUnsatisfiable indicates how to deal with 6305 a pod if it doesn''t satisfy the spread constraint. - 6306 DoNotSchedule (default) tells the scheduler not to schedule 6307 it. - ScheduleAnyway tells the scheduler to schedule the 6308 pod in any location, but giving higher precedence to 6309 topologies that would help reduce the skew. A constraint 6310 is considered "Unsatisfiable" for an incoming pod if and 6311 only if every possible node assignment for that pod would 6312 violate "MaxSkew" on some topology. For example, in a 6313 3-zone cluster, MaxSkew is set to 1, and pods with the 6314 same labelSelector spread as 3/1/1: | zone1 | zone2 | 6315 zone3 | | P P P | P | P | If WhenUnsatisfiable 6316 is set to DoNotSchedule, incoming pod can only be scheduled 6317 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 6318 on zone2(zone3) satisfies MaxSkew(1). In other words, 6319 the cluster can still be imbalanced, but scheduler won''t 6320 make it *more* imbalanced. It''s a required field.' 6321 type: string 6322 required: 6323 - maxSkew 6324 - topologyKey 6325 - whenUnsatisfiable 6326 type: object 6327 type: array 6328 type: object 6329 sentinel: 6330 description: SentinelSettings defines the specification of the sentinel 6331 cluster 6332 properties: 6333 affinity: 6334 description: Affinity is a group of affinity scheduling rules. 6335 properties: 6336 nodeAffinity: 6337 description: Describes node affinity scheduling rules for 6338 the pod. 6339 properties: 6340 preferredDuringSchedulingIgnoredDuringExecution: 6341 description: The scheduler will prefer to schedule pods 6342 to nodes that satisfy the affinity expressions specified 6343 by this field, but it may choose a node that violates 6344 one or more of the expressions. The node that is most 6345 preferred is the one with the greatest sum of weights, 6346 i.e. for each node that meets all of the scheduling 6347 requirements (resource request, requiredDuringScheduling 6348 affinity expressions, etc.), compute a sum by iterating 6349 through the elements of this field and adding "weight" 6350 to the sum if the node matches the corresponding matchExpressions; 6351 the node(s) with the highest sum are the most preferred. 6352 items: 6353 description: An empty preferred scheduling term matches 6354 all objects with implicit weight 0 (i.e. it's a no-op). 6355 A null preferred scheduling term matches no objects 6356 (i.e. is also a no-op). 6357 properties: 6358 preference: 6359 description: A node selector term, associated with 6360 the corresponding weight. 6361 properties: 6362 matchExpressions: 6363 description: A list of node selector requirements 6364 by node's labels. 6365 items: 6366 description: A node selector requirement is 6367 a selector that contains values, a key, 6368 and an operator that relates the key and 6369 values. 6370 properties: 6371 key: 6372 description: The label key that the selector 6373 applies to. 6374 type: string 6375 operator: 6376 description: Represents a key's relationship 6377 to a set of values. Valid operators 6378 are In, NotIn, Exists, DoesNotExist. 6379 Gt, and Lt. 6380 type: string 6381 values: 6382 description: An array of string values. 6383 If the operator is In or NotIn, the 6384 values array must be non-empty. If the 6385 operator is Exists or DoesNotExist, 6386 the values array must be empty. If the 6387 operator is Gt or Lt, the values array 6388 must have a single element, which will 6389 be interpreted as an integer. This array 6390 is replaced during a strategic merge 6391 patch. 6392 items: 6393 type: string 6394 type: array 6395 required: 6396 - key 6397 - operator 6398 type: object 6399 type: array 6400 matchFields: 6401 description: A list of node selector requirements 6402 by node's fields. 6403 items: 6404 description: A node selector requirement is 6405 a selector that contains values, a key, 6406 and an operator that relates the key and 6407 values. 6408 properties: 6409 key: 6410 description: The label key that the selector 6411 applies to. 6412 type: string 6413 operator: 6414 description: Represents a key's relationship 6415 to a set of values. Valid operators 6416 are In, NotIn, Exists, DoesNotExist. 6417 Gt, and Lt. 6418 type: string 6419 values: 6420 description: An array of string values. 6421 If the operator is In or NotIn, the 6422 values array must be non-empty. If the 6423 operator is Exists or DoesNotExist, 6424 the values array must be empty. If the 6425 operator is Gt or Lt, the values array 6426 must have a single element, which will 6427 be interpreted as an integer. This array 6428 is replaced during a strategic merge 6429 patch. 6430 items: 6431 type: string 6432 type: array 6433 required: 6434 - key 6435 - operator 6436 type: object 6437 type: array 6438 type: object 6439 weight: 6440 description: Weight associated with matching the 6441 corresponding nodeSelectorTerm, in the range 1-100. 6442 format: int32 6443 type: integer 6444 required: 6445 - preference 6446 - weight 6447 type: object 6448 type: array 6449 requiredDuringSchedulingIgnoredDuringExecution: 6450 description: If the affinity requirements specified by 6451 this field are not met at scheduling time, the pod will 6452 not be scheduled onto the node. If the affinity requirements 6453 specified by this field cease to be met at some point 6454 during pod execution (e.g. due to an update), the system 6455 may or may not try to eventually evict the pod from 6456 its node. 6457 properties: 6458 nodeSelectorTerms: 6459 description: Required. A list of node selector terms. 6460 The terms are ORed. 6461 items: 6462 description: A null or empty node selector term 6463 matches no objects. The requirements of them are 6464 ANDed. The TopologySelectorTerm type implements 6465 a subset of the NodeSelectorTerm. 6466 properties: 6467 matchExpressions: 6468 description: A list of node selector requirements 6469 by node's labels. 6470 items: 6471 description: A node selector requirement is 6472 a selector that contains values, a key, 6473 and an operator that relates the key and 6474 values. 6475 properties: 6476 key: 6477 description: The label key that the selector 6478 applies to. 6479 type: string 6480 operator: 6481 description: Represents a key's relationship 6482 to a set of values. Valid operators 6483 are In, NotIn, Exists, DoesNotExist. 6484 Gt, and Lt. 6485 type: string 6486 values: 6487 description: An array of string values. 6488 If the operator is In or NotIn, the 6489 values array must be non-empty. If the 6490 operator is Exists or DoesNotExist, 6491 the values array must be empty. If the 6492 operator is Gt or Lt, the values array 6493 must have a single element, which will 6494 be interpreted as an integer. This array 6495 is replaced during a strategic merge 6496 patch. 6497 items: 6498 type: string 6499 type: array 6500 required: 6501 - key 6502 - operator 6503 type: object 6504 type: array 6505 matchFields: 6506 description: A list of node selector requirements 6507 by node's fields. 6508 items: 6509 description: A node selector requirement is 6510 a selector that contains values, a key, 6511 and an operator that relates the key and 6512 values. 6513 properties: 6514 key: 6515 description: The label key that the selector 6516 applies to. 6517 type: string 6518 operator: 6519 description: Represents a key's relationship 6520 to a set of values. Valid operators 6521 are In, NotIn, Exists, DoesNotExist. 6522 Gt, and Lt. 6523 type: string 6524 values: 6525 description: An array of string values. 6526 If the operator is In or NotIn, the 6527 values array must be non-empty. If the 6528 operator is Exists or DoesNotExist, 6529 the values array must be empty. If the 6530 operator is Gt or Lt, the values array 6531 must have a single element, which will 6532 be interpreted as an integer. This array 6533 is replaced during a strategic merge 6534 patch. 6535 items: 6536 type: string 6537 type: array 6538 required: 6539 - key 6540 - operator 6541 type: object 6542 type: array 6543 type: object 6544 type: array 6545 required: 6546 - nodeSelectorTerms 6547 type: object 6548 type: object 6549 podAffinity: 6550 description: Describes pod affinity scheduling rules (e.g. 6551 co-locate this pod in the same node, zone, etc. as some 6552 other pod(s)). 6553 properties: 6554 preferredDuringSchedulingIgnoredDuringExecution: 6555 description: The scheduler will prefer to schedule pods 6556 to nodes that satisfy the affinity expressions specified 6557 by this field, but it may choose a node that violates 6558 one or more of the expressions. The node that is most 6559 preferred is the one with the greatest sum of weights, 6560 i.e. for each node that meets all of the scheduling 6561 requirements (resource request, requiredDuringScheduling 6562 affinity expressions, etc.), compute a sum by iterating 6563 through the elements of this field and adding "weight" 6564 to the sum if the node has pods which matches the corresponding 6565 podAffinityTerm; the node(s) with the highest sum are 6566 the most preferred. 6567 items: 6568 description: The weights of all of the matched WeightedPodAffinityTerm 6569 fields are added per-node to find the most preferred 6570 node(s) 6571 properties: 6572 podAffinityTerm: 6573 description: Required. A pod affinity term, associated 6574 with the corresponding weight. 6575 properties: 6576 labelSelector: 6577 description: A label query over a set of resources, 6578 in this case pods. 6579 properties: 6580 matchExpressions: 6581 description: matchExpressions is a list 6582 of label selector requirements. The requirements 6583 are ANDed. 6584 items: 6585 description: A label selector requirement 6586 is a selector that contains values, 6587 a key, and an operator that relates 6588 the key and values. 6589 properties: 6590 key: 6591 description: key is the label key 6592 that the selector applies to. 6593 type: string 6594 operator: 6595 description: operator represents a 6596 key's relationship to a set of values. 6597 Valid operators are In, NotIn, Exists 6598 and DoesNotExist. 6599 type: string 6600 values: 6601 description: values is an array of 6602 string values. If the operator is 6603 In or NotIn, the values array must 6604 be non-empty. If the operator is 6605 Exists or DoesNotExist, the values 6606 array must be empty. This array 6607 is replaced during a strategic merge 6608 patch. 6609 items: 6610 type: string 6611 type: array 6612 required: 6613 - key 6614 - operator 6615 type: object 6616 type: array 6617 matchLabels: 6618 additionalProperties: 6619 type: string 6620 description: matchLabels is a map of {key,value} 6621 pairs. A single {key,value} in the matchLabels 6622 map is equivalent to an element of matchExpressions, 6623 whose key field is "key", the operator 6624 is "In", and the values array contains 6625 only "value". The requirements are ANDed. 6626 type: object 6627 type: object 6628 namespaceSelector: 6629 description: A label query over the set of namespaces 6630 that the term applies to. The term is applied 6631 to the union of the namespaces selected by 6632 this field and the ones listed in the namespaces 6633 field. null selector and null or empty namespaces 6634 list means "this pod's namespace". An empty 6635 selector ({}) matches all namespaces. 6636 properties: 6637 matchExpressions: 6638 description: matchExpressions is a list 6639 of label selector requirements. The requirements 6640 are ANDed. 6641 items: 6642 description: A label selector requirement 6643 is a selector that contains values, 6644 a key, and an operator that relates 6645 the key and values. 6646 properties: 6647 key: 6648 description: key is the label key 6649 that the selector applies to. 6650 type: string 6651 operator: 6652 description: operator represents a 6653 key's relationship to a set of values. 6654 Valid operators are In, NotIn, Exists 6655 and DoesNotExist. 6656 type: string 6657 values: 6658 description: values is an array of 6659 string values. If the operator is 6660 In or NotIn, the values array must 6661 be non-empty. If the operator is 6662 Exists or DoesNotExist, the values 6663 array must be empty. This array 6664 is replaced during a strategic merge 6665 patch. 6666 items: 6667 type: string 6668 type: array 6669 required: 6670 - key 6671 - operator 6672 type: object 6673 type: array 6674 matchLabels: 6675 additionalProperties: 6676 type: string 6677 description: matchLabels is a map of {key,value} 6678 pairs. A single {key,value} in the matchLabels 6679 map is equivalent to an element of matchExpressions, 6680 whose key field is "key", the operator 6681 is "In", and the values array contains 6682 only "value". The requirements are ANDed. 6683 type: object 6684 type: object 6685 namespaces: 6686 description: namespaces specifies a static list 6687 of namespace names that the term applies to. 6688 The term is applied to the union of the namespaces 6689 listed in this field and the ones selected 6690 by namespaceSelector. null or empty namespaces 6691 list and null namespaceSelector means "this 6692 pod's namespace". 6693 items: 6694 type: string 6695 type: array 6696 topologyKey: 6697 description: This pod should be co-located (affinity) 6698 or not co-located (anti-affinity) with the 6699 pods matching the labelSelector in the specified 6700 namespaces, where co-located is defined as 6701 running on a node whose value of the label 6702 with key topologyKey matches that of any node 6703 on which any of the selected pods is running. 6704 Empty topologyKey is not allowed. 6705 type: string 6706 required: 6707 - topologyKey 6708 type: object 6709 weight: 6710 description: weight associated with matching the 6711 corresponding podAffinityTerm, in the range 1-100. 6712 format: int32 6713 type: integer 6714 required: 6715 - podAffinityTerm 6716 - weight 6717 type: object 6718 type: array 6719 requiredDuringSchedulingIgnoredDuringExecution: 6720 description: If the affinity requirements specified by 6721 this field are not met at scheduling time, the pod will 6722 not be scheduled onto the node. If the affinity requirements 6723 specified by this field cease to be met at some point 6724 during pod execution (e.g. due to a pod label update), 6725 the system may or may not try to eventually evict the 6726 pod from its node. When there are multiple elements, 6727 the lists of nodes corresponding to each podAffinityTerm 6728 are intersected, i.e. all terms must be satisfied. 6729 items: 6730 description: Defines a set of pods (namely those matching 6731 the labelSelector relative to the given namespace(s)) 6732 that this pod should be co-located (affinity) or not 6733 co-located (anti-affinity) with, where co-located 6734 is defined as running on a node whose value of the 6735 label with key <topologyKey> matches that of any node 6736 on which a pod of the set of pods is running 6737 properties: 6738 labelSelector: 6739 description: A label query over a set of resources, 6740 in this case pods. 6741 properties: 6742 matchExpressions: 6743 description: matchExpressions is a list of label 6744 selector requirements. The requirements are 6745 ANDed. 6746 items: 6747 description: A label selector requirement 6748 is a selector that contains values, a key, 6749 and an operator that relates the key and 6750 values. 6751 properties: 6752 key: 6753 description: key is the label key that 6754 the selector applies to. 6755 type: string 6756 operator: 6757 description: operator represents a key's 6758 relationship to a set of values. Valid 6759 operators are In, NotIn, Exists and 6760 DoesNotExist. 6761 type: string 6762 values: 6763 description: values is an array of string 6764 values. If the operator is In or NotIn, 6765 the values array must be non-empty. 6766 If the operator is Exists or DoesNotExist, 6767 the values array must be empty. This 6768 array is replaced during a strategic 6769 merge patch. 6770 items: 6771 type: string 6772 type: array 6773 required: 6774 - key 6775 - operator 6776 type: object 6777 type: array 6778 matchLabels: 6779 additionalProperties: 6780 type: string 6781 description: matchLabels is a map of {key,value} 6782 pairs. A single {key,value} in the matchLabels 6783 map is equivalent to an element of matchExpressions, 6784 whose key field is "key", the operator is 6785 "In", and the values array contains only "value". 6786 The requirements are ANDed. 6787 type: object 6788 type: object 6789 namespaceSelector: 6790 description: A label query over the set of namespaces 6791 that the term applies to. The term is applied 6792 to the union of the namespaces selected by this 6793 field and the ones listed in the namespaces field. 6794 null selector and null or empty namespaces list 6795 means "this pod's namespace". An empty selector 6796 ({}) matches all namespaces. 6797 properties: 6798 matchExpressions: 6799 description: matchExpressions is a list of label 6800 selector requirements. The requirements are 6801 ANDed. 6802 items: 6803 description: A label selector requirement 6804 is a selector that contains values, a key, 6805 and an operator that relates the key and 6806 values. 6807 properties: 6808 key: 6809 description: key is the label key that 6810 the selector applies to. 6811 type: string 6812 operator: 6813 description: operator represents a key's 6814 relationship to a set of values. Valid 6815 operators are In, NotIn, Exists and 6816 DoesNotExist. 6817 type: string 6818 values: 6819 description: values is an array of string 6820 values. If the operator is In or NotIn, 6821 the values array must be non-empty. 6822 If the operator is Exists or DoesNotExist, 6823 the values array must be empty. This 6824 array is replaced during a strategic 6825 merge patch. 6826 items: 6827 type: string 6828 type: array 6829 required: 6830 - key 6831 - operator 6832 type: object 6833 type: array 6834 matchLabels: 6835 additionalProperties: 6836 type: string 6837 description: matchLabels is a map of {key,value} 6838 pairs. A single {key,value} in the matchLabels 6839 map is equivalent to an element of matchExpressions, 6840 whose key field is "key", the operator is 6841 "In", and the values array contains only "value". 6842 The requirements are ANDed. 6843 type: object 6844 type: object 6845 namespaces: 6846 description: namespaces specifies a static list 6847 of namespace names that the term applies to. The 6848 term is applied to the union of the namespaces 6849 listed in this field and the ones selected by 6850 namespaceSelector. null or empty namespaces list 6851 and null namespaceSelector means "this pod's namespace". 6852 items: 6853 type: string 6854 type: array 6855 topologyKey: 6856 description: This pod should be co-located (affinity) 6857 or not co-located (anti-affinity) with the pods 6858 matching the labelSelector in the specified namespaces, 6859 where co-located is defined as running on a node 6860 whose value of the label with key topologyKey 6861 matches that of any node on which any of the selected 6862 pods is running. Empty topologyKey is not allowed. 6863 type: string 6864 required: 6865 - topologyKey 6866 type: object 6867 type: array 6868 type: object 6869 podAntiAffinity: 6870 description: Describes pod anti-affinity scheduling rules 6871 (e.g. avoid putting this pod in the same node, zone, etc. 6872 as some other pod(s)). 6873 properties: 6874 preferredDuringSchedulingIgnoredDuringExecution: 6875 description: The scheduler will prefer to schedule pods 6876 to nodes that satisfy the anti-affinity expressions 6877 specified by this field, but it may choose a node that 6878 violates one or more of the expressions. The node that 6879 is most preferred is the one with the greatest sum of 6880 weights, i.e. for each node that meets all of the scheduling 6881 requirements (resource request, requiredDuringScheduling 6882 anti-affinity expressions, etc.), compute a sum by iterating 6883 through the elements of this field and adding "weight" 6884 to the sum if the node has pods which matches the corresponding 6885 podAffinityTerm; the node(s) with the highest sum are 6886 the most preferred. 6887 items: 6888 description: The weights of all of the matched WeightedPodAffinityTerm 6889 fields are added per-node to find the most preferred 6890 node(s) 6891 properties: 6892 podAffinityTerm: 6893 description: Required. A pod affinity term, associated 6894 with the corresponding weight. 6895 properties: 6896 labelSelector: 6897 description: A label query over a set of resources, 6898 in this case pods. 6899 properties: 6900 matchExpressions: 6901 description: matchExpressions is a list 6902 of label selector requirements. The requirements 6903 are ANDed. 6904 items: 6905 description: A label selector requirement 6906 is a selector that contains values, 6907 a key, and an operator that relates 6908 the key and values. 6909 properties: 6910 key: 6911 description: key is the label key 6912 that the selector applies to. 6913 type: string 6914 operator: 6915 description: operator represents a 6916 key's relationship to a set of values. 6917 Valid operators are In, NotIn, Exists 6918 and DoesNotExist. 6919 type: string 6920 values: 6921 description: values is an array of 6922 string values. If the operator is 6923 In or NotIn, the values array must 6924 be non-empty. If the operator is 6925 Exists or DoesNotExist, the values 6926 array must be empty. This array 6927 is replaced during a strategic merge 6928 patch. 6929 items: 6930 type: string 6931 type: array 6932 required: 6933 - key 6934 - operator 6935 type: object 6936 type: array 6937 matchLabels: 6938 additionalProperties: 6939 type: string 6940 description: matchLabels is a map of {key,value} 6941 pairs. A single {key,value} in the matchLabels 6942 map is equivalent to an element of matchExpressions, 6943 whose key field is "key", the operator 6944 is "In", and the values array contains 6945 only "value". The requirements are ANDed. 6946 type: object 6947 type: object 6948 namespaceSelector: 6949 description: A label query over the set of namespaces 6950 that the term applies to. The term is applied 6951 to the union of the namespaces selected by 6952 this field and the ones listed in the namespaces 6953 field. null selector and null or empty namespaces 6954 list means "this pod's namespace". An empty 6955 selector ({}) matches all namespaces. 6956 properties: 6957 matchExpressions: 6958 description: matchExpressions is a list 6959 of label selector requirements. The requirements 6960 are ANDed. 6961 items: 6962 description: A label selector requirement 6963 is a selector that contains values, 6964 a key, and an operator that relates 6965 the key and values. 6966 properties: 6967 key: 6968 description: key is the label key 6969 that the selector applies to. 6970 type: string 6971 operator: 6972 description: operator represents a 6973 key's relationship to a set of values. 6974 Valid operators are In, NotIn, Exists 6975 and DoesNotExist. 6976 type: string 6977 values: 6978 description: values is an array of 6979 string values. If the operator is 6980 In or NotIn, the values array must 6981 be non-empty. If the operator is 6982 Exists or DoesNotExist, the values 6983 array must be empty. This array 6984 is replaced during a strategic merge 6985 patch. 6986 items: 6987 type: string 6988 type: array 6989 required: 6990 - key 6991 - operator 6992 type: object 6993 type: array 6994 matchLabels: 6995 additionalProperties: 6996 type: string 6997 description: matchLabels is a map of {key,value} 6998 pairs. A single {key,value} in the matchLabels 6999 map is equivalent to an element of matchExpressions, 7000 whose key field is "key", the operator 7001 is "In", and the values array contains 7002 only "value". The requirements are ANDed. 7003 type: object 7004 type: object 7005 namespaces: 7006 description: namespaces specifies a static list 7007 of namespace names that the term applies to. 7008 The term is applied to the union of the namespaces 7009 listed in this field and the ones selected 7010 by namespaceSelector. null or empty namespaces 7011 list and null namespaceSelector means "this 7012 pod's namespace". 7013 items: 7014 type: string 7015 type: array 7016 topologyKey: 7017 description: This pod should be co-located (affinity) 7018 or not co-located (anti-affinity) with the 7019 pods matching the labelSelector in the specified 7020 namespaces, where co-located is defined as 7021 running on a node whose value of the label 7022 with key topologyKey matches that of any node 7023 on which any of the selected pods is running. 7024 Empty topologyKey is not allowed. 7025 type: string 7026 required: 7027 - topologyKey 7028 type: object 7029 weight: 7030 description: weight associated with matching the 7031 corresponding podAffinityTerm, in the range 1-100. 7032 format: int32 7033 type: integer 7034 required: 7035 - podAffinityTerm 7036 - weight 7037 type: object 7038 type: array 7039 requiredDuringSchedulingIgnoredDuringExecution: 7040 description: If the anti-affinity requirements specified 7041 by this field are not met at scheduling time, the pod 7042 will not be scheduled onto the node. If the anti-affinity 7043 requirements specified by this field cease to be met 7044 at some point during pod execution (e.g. due to a pod 7045 label update), the system may or may not try to eventually 7046 evict the pod from its node. When there are multiple 7047 elements, the lists of nodes corresponding to each podAffinityTerm 7048 are intersected, i.e. all terms must be satisfied. 7049 items: 7050 description: Defines a set of pods (namely those matching 7051 the labelSelector relative to the given namespace(s)) 7052 that this pod should be co-located (affinity) or not 7053 co-located (anti-affinity) with, where co-located 7054 is defined as running on a node whose value of the 7055 label with key <topologyKey> matches that of any node 7056 on which a pod of the set of pods is running 7057 properties: 7058 labelSelector: 7059 description: A label query over a set of resources, 7060 in this case pods. 7061 properties: 7062 matchExpressions: 7063 description: matchExpressions is a list of label 7064 selector requirements. The requirements are 7065 ANDed. 7066 items: 7067 description: A label selector requirement 7068 is a selector that contains values, a key, 7069 and an operator that relates the key and 7070 values. 7071 properties: 7072 key: 7073 description: key is the label key that 7074 the selector applies to. 7075 type: string 7076 operator: 7077 description: operator represents a key's 7078 relationship to a set of values. Valid 7079 operators are In, NotIn, Exists and 7080 DoesNotExist. 7081 type: string 7082 values: 7083 description: values is an array of string 7084 values. If the operator is In or NotIn, 7085 the values array must be non-empty. 7086 If the operator is Exists or DoesNotExist, 7087 the values array must be empty. This 7088 array is replaced during a strategic 7089 merge patch. 7090 items: 7091 type: string 7092 type: array 7093 required: 7094 - key 7095 - operator 7096 type: object 7097 type: array 7098 matchLabels: 7099 additionalProperties: 7100 type: string 7101 description: matchLabels is a map of {key,value} 7102 pairs. A single {key,value} in the matchLabels 7103 map is equivalent to an element of matchExpressions, 7104 whose key field is "key", the operator is 7105 "In", and the values array contains only "value". 7106 The requirements are ANDed. 7107 type: object 7108 type: object 7109 namespaceSelector: 7110 description: A label query over the set of namespaces 7111 that the term applies to. The term is applied 7112 to the union of the namespaces selected by this 7113 field and the ones listed in the namespaces field. 7114 null selector and null or empty namespaces list 7115 means "this pod's namespace". An empty selector 7116 ({}) matches all namespaces. 7117 properties: 7118 matchExpressions: 7119 description: matchExpressions is a list of label 7120 selector requirements. The requirements are 7121 ANDed. 7122 items: 7123 description: A label selector requirement 7124 is a selector that contains values, a key, 7125 and an operator that relates the key and 7126 values. 7127 properties: 7128 key: 7129 description: key is the label key that 7130 the selector applies to. 7131 type: string 7132 operator: 7133 description: operator represents a key's 7134 relationship to a set of values. Valid 7135 operators are In, NotIn, Exists and 7136 DoesNotExist. 7137 type: string 7138 values: 7139 description: values is an array of string 7140 values. If the operator is In or NotIn, 7141 the values array must be non-empty. 7142 If the operator is Exists or DoesNotExist, 7143 the values array must be empty. This 7144 array is replaced during a strategic 7145 merge patch. 7146 items: 7147 type: string 7148 type: array 7149 required: 7150 - key 7151 - operator 7152 type: object 7153 type: array 7154 matchLabels: 7155 additionalProperties: 7156 type: string 7157 description: matchLabels is a map of {key,value} 7158 pairs. A single {key,value} in the matchLabels 7159 map is equivalent to an element of matchExpressions, 7160 whose key field is "key", the operator is 7161 "In", and the values array contains only "value". 7162 The requirements are ANDed. 7163 type: object 7164 type: object 7165 namespaces: 7166 description: namespaces specifies a static list 7167 of namespace names that the term applies to. The 7168 term is applied to the union of the namespaces 7169 listed in this field and the ones selected by 7170 namespaceSelector. null or empty namespaces list 7171 and null namespaceSelector means "this pod's namespace". 7172 items: 7173 type: string 7174 type: array 7175 topologyKey: 7176 description: This pod should be co-located (affinity) 7177 or not co-located (anti-affinity) with the pods 7178 matching the labelSelector in the specified namespaces, 7179 where co-located is defined as running on a node 7180 whose value of the label with key topologyKey 7181 matches that of any node on which any of the selected 7182 pods is running. Empty topologyKey is not allowed. 7183 type: string 7184 required: 7185 - topologyKey 7186 type: object 7187 type: array 7188 type: object 7189 type: object 7190 command: 7191 items: 7192 type: string 7193 type: array 7194 configCopy: 7195 description: SentinelConfigCopy defines the specification for 7196 the sentinel exporter 7197 properties: 7198 containerSecurityContext: 7199 description: SecurityContext holds security configuration 7200 that will be applied to a container. Some fields are present 7201 in both SecurityContext and PodSecurityContext. When both 7202 are set, the values in SecurityContext take precedence. 7203 properties: 7204 allowPrivilegeEscalation: 7205 description: 'AllowPrivilegeEscalation controls whether 7206 a process can gain more privileges than its parent process. 7207 This bool directly controls if the no_new_privs flag 7208 will be set on the container process. AllowPrivilegeEscalation 7209 is true always when the container is: 1) run as Privileged 7210 2) has CAP_SYS_ADMIN Note that this field cannot be 7211 set when spec.os.name is windows.' 7212 type: boolean 7213 capabilities: 7214 description: The capabilities to add/drop when running 7215 containers. Defaults to the default set of capabilities 7216 granted by the container runtime. Note that this field 7217 cannot be set when spec.os.name is windows. 7218 properties: 7219 add: 7220 description: Added capabilities 7221 items: 7222 description: Capability represent POSIX capabilities 7223 type 7224 type: string 7225 type: array 7226 drop: 7227 description: Removed capabilities 7228 items: 7229 description: Capability represent POSIX capabilities 7230 type 7231 type: string 7232 type: array 7233 type: object 7234 privileged: 7235 description: Run container in privileged mode. Processes 7236 in privileged containers are essentially equivalent 7237 to root on the host. Defaults to false. Note that this 7238 field cannot be set when spec.os.name is windows. 7239 type: boolean 7240 procMount: 7241 description: procMount denotes the type of proc mount 7242 to use for the containers. The default is DefaultProcMount 7243 which uses the container runtime defaults for readonly 7244 paths and masked paths. This requires the ProcMountType 7245 feature flag to be enabled. Note that this field cannot 7246 be set when spec.os.name is windows. 7247 type: string 7248 readOnlyRootFilesystem: 7249 description: Whether this container has a read-only root 7250 filesystem. Default is false. Note that this field cannot 7251 be set when spec.os.name is windows. 7252 type: boolean 7253 runAsGroup: 7254 description: The GID to run the entrypoint of the container 7255 process. Uses runtime default if unset. May also be 7256 set in PodSecurityContext. If set in both SecurityContext 7257 and PodSecurityContext, the value specified in SecurityContext 7258 takes precedence. Note that this field cannot be set 7259 when spec.os.name is windows. 7260 format: int64 7261 type: integer 7262 runAsNonRoot: 7263 description: Indicates that the container must run as 7264 a non-root user. If true, the Kubelet will validate 7265 the image at runtime to ensure that it does not run 7266 as UID 0 (root) and fail to start the container if it 7267 does. If unset or false, no such validation will be 7268 performed. May also be set in PodSecurityContext. If 7269 set in both SecurityContext and PodSecurityContext, 7270 the value specified in SecurityContext takes precedence. 7271 type: boolean 7272 runAsUser: 7273 description: The UID to run the entrypoint of the container 7274 process. Defaults to user specified in image metadata 7275 if unspecified. May also be set in PodSecurityContext. If 7276 set in both SecurityContext and PodSecurityContext, 7277 the value specified in SecurityContext takes precedence. 7278 Note that this field cannot be set when spec.os.name 7279 is windows. 7280 format: int64 7281 type: integer 7282 seLinuxOptions: 7283 description: The SELinux context to be applied to the 7284 container. If unspecified, the container runtime will 7285 allocate a random SELinux context for each container. May 7286 also be set in PodSecurityContext. If set in both SecurityContext 7287 and PodSecurityContext, the value specified in SecurityContext 7288 takes precedence. Note that this field cannot be set 7289 when spec.os.name is windows. 7290 properties: 7291 level: 7292 description: Level is SELinux level label that applies 7293 to the container. 7294 type: string 7295 role: 7296 description: Role is a SELinux role label that applies 7297 to the container. 7298 type: string 7299 type: 7300 description: Type is a SELinux type label that applies 7301 to the container. 7302 type: string 7303 user: 7304 description: User is a SELinux user label that applies 7305 to the container. 7306 type: string 7307 type: object 7308 seccompProfile: 7309 description: The seccomp options to use by this container. 7310 If seccomp options are provided at both the pod & container 7311 level, the container options override the pod options. 7312 Note that this field cannot be set when spec.os.name 7313 is windows. 7314 properties: 7315 localhostProfile: 7316 description: localhostProfile indicates a profile 7317 defined in a file on the node should be used. The 7318 profile must be preconfigured on the node to work. 7319 Must be a descending path, relative to the kubelet's 7320 configured seccomp profile location. Must only be 7321 set if type is "Localhost". 7322 type: string 7323 type: 7324 description: "type indicates which kind of seccomp 7325 profile will be applied. Valid options are: \n Localhost 7326 - a profile defined in a file on the node should 7327 be used. RuntimeDefault - the container runtime 7328 default profile should be used. Unconfined - no 7329 profile should be applied." 7330 type: string 7331 required: 7332 - type 7333 type: object 7334 windowsOptions: 7335 description: The Windows specific settings applied to 7336 all containers. If unspecified, the options from the 7337 PodSecurityContext will be used. If set in both SecurityContext 7338 and PodSecurityContext, the value specified in SecurityContext 7339 takes precedence. Note that this field cannot be set 7340 when spec.os.name is linux. 7341 properties: 7342 gmsaCredentialSpec: 7343 description: GMSACredentialSpec is where the GMSA 7344 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7345 inlines the contents of the GMSA credential spec 7346 named by the GMSACredentialSpecName field. 7347 type: string 7348 gmsaCredentialSpecName: 7349 description: GMSACredentialSpecName is the name of 7350 the GMSA credential spec to use. 7351 type: string 7352 hostProcess: 7353 description: HostProcess determines if a container 7354 should be run as a 'Host Process' container. This 7355 field is alpha-level and will only be honored by 7356 components that enable the WindowsHostProcessContainers 7357 feature flag. Setting this field without the feature 7358 flag will result in errors when validating the Pod. 7359 All of a Pod's containers must have the same effective 7360 HostProcess value (it is not allowed to have a mix 7361 of HostProcess containers and non-HostProcess containers). In 7362 addition, if HostProcess is true then HostNetwork 7363 must also be set to true. 7364 type: boolean 7365 runAsUserName: 7366 description: The UserName in Windows to run the entrypoint 7367 of the container process. Defaults to the user specified 7368 in image metadata if unspecified. May also be set 7369 in PodSecurityContext. If set in both SecurityContext 7370 and PodSecurityContext, the value specified in SecurityContext 7371 takes precedence. 7372 type: string 7373 type: object 7374 type: object 7375 type: object 7376 containerSecurityContext: 7377 description: SecurityContext holds security configuration that 7378 will be applied to a container. Some fields are present in both 7379 SecurityContext and PodSecurityContext. When both are set, 7380 the values in SecurityContext take precedence. 7381 properties: 7382 allowPrivilegeEscalation: 7383 description: 'AllowPrivilegeEscalation controls whether a 7384 process can gain more privileges than its parent process. 7385 This bool directly controls if the no_new_privs flag will 7386 be set on the container process. AllowPrivilegeEscalation 7387 is true always when the container is: 1) run as Privileged 7388 2) has CAP_SYS_ADMIN Note that this field cannot be set 7389 when spec.os.name is windows.' 7390 type: boolean 7391 capabilities: 7392 description: The capabilities to add/drop when running containers. 7393 Defaults to the default set of capabilities granted by the 7394 container runtime. Note that this field cannot be set when 7395 spec.os.name is windows. 7396 properties: 7397 add: 7398 description: Added capabilities 7399 items: 7400 description: Capability represent POSIX capabilities 7401 type 7402 type: string 7403 type: array 7404 drop: 7405 description: Removed capabilities 7406 items: 7407 description: Capability represent POSIX capabilities 7408 type 7409 type: string 7410 type: array 7411 type: object 7412 privileged: 7413 description: Run container in privileged mode. Processes in 7414 privileged containers are essentially equivalent to root 7415 on the host. Defaults to false. Note that this field cannot 7416 be set when spec.os.name is windows. 7417 type: boolean 7418 procMount: 7419 description: procMount denotes the type of proc mount to use 7420 for the containers. The default is DefaultProcMount which 7421 uses the container runtime defaults for readonly paths and 7422 masked paths. This requires the ProcMountType feature flag 7423 to be enabled. Note that this field cannot be set when spec.os.name 7424 is windows. 7425 type: string 7426 readOnlyRootFilesystem: 7427 description: Whether this container has a read-only root filesystem. 7428 Default is false. Note that this field cannot be set when 7429 spec.os.name is windows. 7430 type: boolean 7431 runAsGroup: 7432 description: The GID to run the entrypoint of the container 7433 process. Uses runtime default if unset. May also be set 7434 in PodSecurityContext. If set in both SecurityContext and 7435 PodSecurityContext, the value specified in SecurityContext 7436 takes precedence. Note that this field cannot be set when 7437 spec.os.name is windows. 7438 format: int64 7439 type: integer 7440 runAsNonRoot: 7441 description: Indicates that the container must run as a non-root 7442 user. If true, the Kubelet will validate the image at runtime 7443 to ensure that it does not run as UID 0 (root) and fail 7444 to start the container if it does. If unset or false, no 7445 such validation will be performed. May also be set in PodSecurityContext. If 7446 set in both SecurityContext and PodSecurityContext, the 7447 value specified in SecurityContext takes precedence. 7448 type: boolean 7449 runAsUser: 7450 description: The UID to run the entrypoint of the container 7451 process. Defaults to user specified in image metadata if 7452 unspecified. May also be set in PodSecurityContext. If 7453 set in both SecurityContext and PodSecurityContext, the 7454 value specified in SecurityContext takes precedence. Note 7455 that this field cannot be set when spec.os.name is windows. 7456 format: int64 7457 type: integer 7458 seLinuxOptions: 7459 description: The SELinux context to be applied to the container. 7460 If unspecified, the container runtime will allocate a random 7461 SELinux context for each container. May also be set in 7462 PodSecurityContext. If set in both SecurityContext and 7463 PodSecurityContext, the value specified in SecurityContext 7464 takes precedence. Note that this field cannot be set when 7465 spec.os.name is windows. 7466 properties: 7467 level: 7468 description: Level is SELinux level label that applies 7469 to the container. 7470 type: string 7471 role: 7472 description: Role is a SELinux role label that applies 7473 to the container. 7474 type: string 7475 type: 7476 description: Type is a SELinux type label that applies 7477 to the container. 7478 type: string 7479 user: 7480 description: User is a SELinux user label that applies 7481 to the container. 7482 type: string 7483 type: object 7484 seccompProfile: 7485 description: The seccomp options to use by this container. 7486 If seccomp options are provided at both the pod & container 7487 level, the container options override the pod options. Note 7488 that this field cannot be set when spec.os.name is windows. 7489 properties: 7490 localhostProfile: 7491 description: localhostProfile indicates a profile defined 7492 in a file on the node should be used. The profile must 7493 be preconfigured on the node to work. Must be a descending 7494 path, relative to the kubelet's configured seccomp profile 7495 location. Must only be set if type is "Localhost". 7496 type: string 7497 type: 7498 description: "type indicates which kind of seccomp profile 7499 will be applied. Valid options are: \n Localhost - a 7500 profile defined in a file on the node should be used. 7501 RuntimeDefault - the container runtime default profile 7502 should be used. Unconfined - no profile should be applied." 7503 type: string 7504 required: 7505 - type 7506 type: object 7507 windowsOptions: 7508 description: The Windows specific settings applied to all 7509 containers. If unspecified, the options from the PodSecurityContext 7510 will be used. If set in both SecurityContext and PodSecurityContext, 7511 the value specified in SecurityContext takes precedence. 7512 Note that this field cannot be set when spec.os.name is 7513 linux. 7514 properties: 7515 gmsaCredentialSpec: 7516 description: GMSACredentialSpec is where the GMSA admission 7517 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7518 inlines the contents of the GMSA credential spec named 7519 by the GMSACredentialSpecName field. 7520 type: string 7521 gmsaCredentialSpecName: 7522 description: GMSACredentialSpecName is the name of the 7523 GMSA credential spec to use. 7524 type: string 7525 hostProcess: 7526 description: HostProcess determines if a container should 7527 be run as a 'Host Process' container. This field is 7528 alpha-level and will only be honored by components that 7529 enable the WindowsHostProcessContainers feature flag. 7530 Setting this field without the feature flag will result 7531 in errors when validating the Pod. All of a Pod's containers 7532 must have the same effective HostProcess value (it is 7533 not allowed to have a mix of HostProcess containers 7534 and non-HostProcess containers). In addition, if HostProcess 7535 is true then HostNetwork must also be set to true. 7536 type: boolean 7537 runAsUserName: 7538 description: The UserName in Windows to run the entrypoint 7539 of the container process. Defaults to the user specified 7540 in image metadata if unspecified. May also be set in 7541 PodSecurityContext. If set in both SecurityContext and 7542 PodSecurityContext, the value specified in SecurityContext 7543 takes precedence. 7544 type: string 7545 type: object 7546 type: object 7547 customConfig: 7548 items: 7549 type: string 7550 type: array 7551 dnsPolicy: 7552 description: DNSPolicy defines how a pod's DNS will be configured. 7553 type: string 7554 exporter: 7555 description: Exporter defines the specification for the redis/sentinel 7556 exporter 7557 properties: 7558 args: 7559 items: 7560 type: string 7561 type: array 7562 containerSecurityContext: 7563 description: SecurityContext holds security configuration 7564 that will be applied to a container. Some fields are present 7565 in both SecurityContext and PodSecurityContext. When both 7566 are set, the values in SecurityContext take precedence. 7567 properties: 7568 allowPrivilegeEscalation: 7569 description: 'AllowPrivilegeEscalation controls whether 7570 a process can gain more privileges than its parent process. 7571 This bool directly controls if the no_new_privs flag 7572 will be set on the container process. AllowPrivilegeEscalation 7573 is true always when the container is: 1) run as Privileged 7574 2) has CAP_SYS_ADMIN Note that this field cannot be 7575 set when spec.os.name is windows.' 7576 type: boolean 7577 capabilities: 7578 description: The capabilities to add/drop when running 7579 containers. Defaults to the default set of capabilities 7580 granted by the container runtime. Note that this field 7581 cannot be set when spec.os.name is windows. 7582 properties: 7583 add: 7584 description: Added capabilities 7585 items: 7586 description: Capability represent POSIX capabilities 7587 type 7588 type: string 7589 type: array 7590 drop: 7591 description: Removed capabilities 7592 items: 7593 description: Capability represent POSIX capabilities 7594 type 7595 type: string 7596 type: array 7597 type: object 7598 privileged: 7599 description: Run container in privileged mode. Processes 7600 in privileged containers are essentially equivalent 7601 to root on the host. Defaults to false. Note that this 7602 field cannot be set when spec.os.name is windows. 7603 type: boolean 7604 procMount: 7605 description: procMount denotes the type of proc mount 7606 to use for the containers. The default is DefaultProcMount 7607 which uses the container runtime defaults for readonly 7608 paths and masked paths. This requires the ProcMountType 7609 feature flag to be enabled. Note that this field cannot 7610 be set when spec.os.name is windows. 7611 type: string 7612 readOnlyRootFilesystem: 7613 description: Whether this container has a read-only root 7614 filesystem. Default is false. Note that this field cannot 7615 be set when spec.os.name is windows. 7616 type: boolean 7617 runAsGroup: 7618 description: The GID to run the entrypoint of the container 7619 process. Uses runtime default if unset. May also be 7620 set in PodSecurityContext. If set in both SecurityContext 7621 and PodSecurityContext, the value specified in SecurityContext 7622 takes precedence. Note that this field cannot be set 7623 when spec.os.name is windows. 7624 format: int64 7625 type: integer 7626 runAsNonRoot: 7627 description: Indicates that the container must run as 7628 a non-root user. If true, the Kubelet will validate 7629 the image at runtime to ensure that it does not run 7630 as UID 0 (root) and fail to start the container if it 7631 does. If unset or false, no such validation will be 7632 performed. May also be set in PodSecurityContext. If 7633 set in both SecurityContext and PodSecurityContext, 7634 the value specified in SecurityContext takes precedence. 7635 type: boolean 7636 runAsUser: 7637 description: The UID to run the entrypoint of the container 7638 process. Defaults to user specified in image metadata 7639 if unspecified. May also be set in PodSecurityContext. If 7640 set in both SecurityContext and PodSecurityContext, 7641 the value specified in SecurityContext takes precedence. 7642 Note that this field cannot be set when spec.os.name 7643 is windows. 7644 format: int64 7645 type: integer 7646 seLinuxOptions: 7647 description: The SELinux context to be applied to the 7648 container. If unspecified, the container runtime will 7649 allocate a random SELinux context for each container. May 7650 also be set in PodSecurityContext. If set in both SecurityContext 7651 and PodSecurityContext, the value specified in SecurityContext 7652 takes precedence. Note that this field cannot be set 7653 when spec.os.name is windows. 7654 properties: 7655 level: 7656 description: Level is SELinux level label that applies 7657 to the container. 7658 type: string 7659 role: 7660 description: Role is a SELinux role label that applies 7661 to the container. 7662 type: string 7663 type: 7664 description: Type is a SELinux type label that applies 7665 to the container. 7666 type: string 7667 user: 7668 description: User is a SELinux user label that applies 7669 to the container. 7670 type: string 7671 type: object 7672 seccompProfile: 7673 description: The seccomp options to use by this container. 7674 If seccomp options are provided at both the pod & container 7675 level, the container options override the pod options. 7676 Note that this field cannot be set when spec.os.name 7677 is windows. 7678 properties: 7679 localhostProfile: 7680 description: localhostProfile indicates a profile 7681 defined in a file on the node should be used. The 7682 profile must be preconfigured on the node to work. 7683 Must be a descending path, relative to the kubelet's 7684 configured seccomp profile location. Must only be 7685 set if type is "Localhost". 7686 type: string 7687 type: 7688 description: "type indicates which kind of seccomp 7689 profile will be applied. Valid options are: \n Localhost 7690 - a profile defined in a file on the node should 7691 be used. RuntimeDefault - the container runtime 7692 default profile should be used. Unconfined - no 7693 profile should be applied." 7694 type: string 7695 required: 7696 - type 7697 type: object 7698 windowsOptions: 7699 description: The Windows specific settings applied to 7700 all containers. If unspecified, the options from the 7701 PodSecurityContext will be used. If set in both SecurityContext 7702 and PodSecurityContext, the value specified in SecurityContext 7703 takes precedence. Note that this field cannot be set 7704 when spec.os.name is linux. 7705 properties: 7706 gmsaCredentialSpec: 7707 description: GMSACredentialSpec is where the GMSA 7708 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7709 inlines the contents of the GMSA credential spec 7710 named by the GMSACredentialSpecName field. 7711 type: string 7712 gmsaCredentialSpecName: 7713 description: GMSACredentialSpecName is the name of 7714 the GMSA credential spec to use. 7715 type: string 7716 hostProcess: 7717 description: HostProcess determines if a container 7718 should be run as a 'Host Process' container. This 7719 field is alpha-level and will only be honored by 7720 components that enable the WindowsHostProcessContainers 7721 feature flag. Setting this field without the feature 7722 flag will result in errors when validating the Pod. 7723 All of a Pod's containers must have the same effective 7724 HostProcess value (it is not allowed to have a mix 7725 of HostProcess containers and non-HostProcess containers). In 7726 addition, if HostProcess is true then HostNetwork 7727 must also be set to true. 7728 type: boolean 7729 runAsUserName: 7730 description: The UserName in Windows to run the entrypoint 7731 of the container process. Defaults to the user specified 7732 in image metadata if unspecified. May also be set 7733 in PodSecurityContext. If set in both SecurityContext 7734 and PodSecurityContext, the value specified in SecurityContext 7735 takes precedence. 7736 type: string 7737 type: object 7738 type: object 7739 enabled: 7740 type: boolean 7741 env: 7742 items: 7743 description: EnvVar represents an environment variable present 7744 in a Container. 7745 properties: 7746 name: 7747 description: Name of the environment variable. Must 7748 be a C_IDENTIFIER. 7749 type: string 7750 value: 7751 description: 'Variable references $(VAR_NAME) are expanded 7752 using the previously defined environment variables 7753 in the container and any service environment variables. 7754 If a variable cannot be resolved, the reference in 7755 the input string will be unchanged. Double $$ are 7756 reduced to a single $, which allows for escaping the 7757 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 7758 the string literal "$(VAR_NAME)". Escaped references 7759 will never be expanded, regardless of whether the 7760 variable exists or not. Defaults to "".' 7761 type: string 7762 valueFrom: 7763 description: Source for the environment variable's value. 7764 Cannot be used if value is not empty. 7765 properties: 7766 configMapKeyRef: 7767 description: Selects a key of a ConfigMap. 7768 properties: 7769 key: 7770 description: The key to select. 7771 type: string 7772 name: 7773 description: 'Name of the referent. More info: 7774 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7775 TODO: Add other useful fields. apiVersion, 7776 kind, uid?' 7777 type: string 7778 optional: 7779 description: Specify whether the ConfigMap or 7780 its key must be defined 7781 type: boolean 7782 required: 7783 - key 7784 type: object 7785 fieldRef: 7786 description: 'Selects a field of the pod: supports 7787 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 7788 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7789 spec.serviceAccountName, status.hostIP, status.podIP, 7790 status.podIPs.' 7791 properties: 7792 apiVersion: 7793 description: Version of the schema the FieldPath 7794 is written in terms of, defaults to "v1". 7795 type: string 7796 fieldPath: 7797 description: Path of the field to select in 7798 the specified API version. 7799 type: string 7800 required: 7801 - fieldPath 7802 type: object 7803 resourceFieldRef: 7804 description: 'Selects a resource of the container: 7805 only resources limits and requests (limits.cpu, 7806 limits.memory, limits.ephemeral-storage, requests.cpu, 7807 requests.memory and requests.ephemeral-storage) 7808 are currently supported.' 7809 properties: 7810 containerName: 7811 description: 'Container name: required for volumes, 7812 optional for env vars' 7813 type: string 7814 divisor: 7815 anyOf: 7816 - type: integer 7817 - type: string 7818 description: Specifies the output format of 7819 the exposed resources, defaults to "1" 7820 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7821 x-kubernetes-int-or-string: true 7822 resource: 7823 description: 'Required: resource to select' 7824 type: string 7825 required: 7826 - resource 7827 type: object 7828 secretKeyRef: 7829 description: Selects a key of a secret in the pod's 7830 namespace 7831 properties: 7832 key: 7833 description: The key of the secret to select 7834 from. Must be a valid secret key. 7835 type: string 7836 name: 7837 description: 'Name of the referent. More info: 7838 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7839 TODO: Add other useful fields. apiVersion, 7840 kind, uid?' 7841 type: string 7842 optional: 7843 description: Specify whether the Secret or its 7844 key must be defined 7845 type: boolean 7846 required: 7847 - key 7848 type: object 7849 type: object 7850 required: 7851 - name 7852 type: object 7853 type: array 7854 image: 7855 type: string 7856 imagePullPolicy: 7857 description: PullPolicy describes a policy for if/when to 7858 pull a container image 7859 type: string 7860 resources: 7861 description: ResourceRequirements describes the compute resource 7862 requirements. 7863 properties: 7864 limits: 7865 additionalProperties: 7866 anyOf: 7867 - type: integer 7868 - type: string 7869 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7870 x-kubernetes-int-or-string: true 7871 description: 'Limits describes the maximum amount of compute 7872 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7873 type: object 7874 requests: 7875 additionalProperties: 7876 anyOf: 7877 - type: integer 7878 - type: string 7879 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7880 x-kubernetes-int-or-string: true 7881 description: 'Requests describes the minimum amount of 7882 compute resources required. If Requests is omitted for 7883 a container, it defaults to Limits if that is explicitly 7884 specified, otherwise to an implementation-defined value. 7885 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7886 type: object 7887 type: object 7888 type: object 7889 extraContainers: 7890 items: 7891 description: A single application container that you want to 7892 run within a pod. 7893 properties: 7894 args: 7895 description: 'Arguments to the entrypoint. The container 7896 image''s CMD is used if this is not provided. Variable 7897 references $(VAR_NAME) are expanded using the container''s 7898 environment. If a variable cannot be resolved, the reference 7899 in the input string will be unchanged. Double $$ are reduced 7900 to a single $, which allows for escaping the $(VAR_NAME) 7901 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 7902 "$(VAR_NAME)". Escaped references will never be expanded, 7903 regardless of whether the variable exists or not. Cannot 7904 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 7905 items: 7906 type: string 7907 type: array 7908 command: 7909 description: 'Entrypoint array. Not executed within a shell. 7910 The container image''s ENTRYPOINT is used if this is not 7911 provided. Variable references $(VAR_NAME) are expanded 7912 using the container''s environment. If a variable cannot 7913 be resolved, the reference in the input string will be 7914 unchanged. Double $$ are reduced to a single $, which 7915 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 7916 will produce the string literal "$(VAR_NAME)". Escaped 7917 references will never be expanded, regardless of whether 7918 the variable exists or not. Cannot be updated. More info: 7919 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 7920 items: 7921 type: string 7922 type: array 7923 env: 7924 description: List of environment variables to set in the 7925 container. Cannot be updated. 7926 items: 7927 description: EnvVar represents an environment variable 7928 present in a Container. 7929 properties: 7930 name: 7931 description: Name of the environment variable. Must 7932 be a C_IDENTIFIER. 7933 type: string 7934 value: 7935 description: 'Variable references $(VAR_NAME) are 7936 expanded using the previously defined environment 7937 variables in the container and any service environment 7938 variables. If a variable cannot be resolved, the 7939 reference in the input string will be unchanged. 7940 Double $$ are reduced to a single $, which allows 7941 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 7942 will produce the string literal "$(VAR_NAME)". Escaped 7943 references will never be expanded, regardless of 7944 whether the variable exists or not. Defaults to 7945 "".' 7946 type: string 7947 valueFrom: 7948 description: Source for the environment variable's 7949 value. Cannot be used if value is not empty. 7950 properties: 7951 configMapKeyRef: 7952 description: Selects a key of a ConfigMap. 7953 properties: 7954 key: 7955 description: The key to select. 7956 type: string 7957 name: 7958 description: 'Name of the referent. More info: 7959 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7960 TODO: Add other useful fields. apiVersion, 7961 kind, uid?' 7962 type: string 7963 optional: 7964 description: Specify whether the ConfigMap 7965 or its key must be defined 7966 type: boolean 7967 required: 7968 - key 7969 type: object 7970 fieldRef: 7971 description: 'Selects a field of the pod: supports 7972 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 7973 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7974 spec.serviceAccountName, status.hostIP, status.podIP, 7975 status.podIPs.' 7976 properties: 7977 apiVersion: 7978 description: Version of the schema the FieldPath 7979 is written in terms of, defaults to "v1". 7980 type: string 7981 fieldPath: 7982 description: Path of the field to select in 7983 the specified API version. 7984 type: string 7985 required: 7986 - fieldPath 7987 type: object 7988 resourceFieldRef: 7989 description: 'Selects a resource of the container: 7990 only resources limits and requests (limits.cpu, 7991 limits.memory, limits.ephemeral-storage, requests.cpu, 7992 requests.memory and requests.ephemeral-storage) 7993 are currently supported.' 7994 properties: 7995 containerName: 7996 description: 'Container name: required for 7997 volumes, optional for env vars' 7998 type: string 7999 divisor: 8000 anyOf: 8001 - type: integer 8002 - type: string 8003 description: Specifies the output format of 8004 the exposed resources, defaults to "1" 8005 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8006 x-kubernetes-int-or-string: true 8007 resource: 8008 description: 'Required: resource to select' 8009 type: string 8010 required: 8011 - resource 8012 type: object 8013 secretKeyRef: 8014 description: Selects a key of a secret in the 8015 pod's namespace 8016 properties: 8017 key: 8018 description: The key of the secret to select 8019 from. Must be a valid secret key. 8020 type: string 8021 name: 8022 description: 'Name of the referent. More info: 8023 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8024 TODO: Add other useful fields. apiVersion, 8025 kind, uid?' 8026 type: string 8027 optional: 8028 description: Specify whether the Secret or 8029 its key must be defined 8030 type: boolean 8031 required: 8032 - key 8033 type: object 8034 type: object 8035 required: 8036 - name 8037 type: object 8038 type: array 8039 envFrom: 8040 description: List of sources to populate environment variables 8041 in the container. The keys defined within a source must 8042 be a C_IDENTIFIER. All invalid keys will be reported as 8043 an event when the container is starting. When a key exists 8044 in multiple sources, the value associated with the last 8045 source will take precedence. Values defined by an Env 8046 with a duplicate key will take precedence. Cannot be updated. 8047 items: 8048 description: EnvFromSource represents the source of a 8049 set of ConfigMaps 8050 properties: 8051 configMapRef: 8052 description: The ConfigMap to select from 8053 properties: 8054 name: 8055 description: 'Name of the referent. More info: 8056 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8057 TODO: Add other useful fields. apiVersion, kind, 8058 uid?' 8059 type: string 8060 optional: 8061 description: Specify whether the ConfigMap must 8062 be defined 8063 type: boolean 8064 type: object 8065 prefix: 8066 description: An optional identifier to prepend to 8067 each key in the ConfigMap. Must be a C_IDENTIFIER. 8068 type: string 8069 secretRef: 8070 description: The Secret to select from 8071 properties: 8072 name: 8073 description: 'Name of the referent. More info: 8074 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8075 TODO: Add other useful fields. apiVersion, kind, 8076 uid?' 8077 type: string 8078 optional: 8079 description: Specify whether the Secret must be 8080 defined 8081 type: boolean 8082 type: object 8083 type: object 8084 type: array 8085 image: 8086 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 8087 This field is optional to allow higher level config management 8088 to default or override container images in workload controllers 8089 like Deployments and StatefulSets.' 8090 type: string 8091 imagePullPolicy: 8092 description: 'Image pull policy. One of Always, Never, IfNotPresent. 8093 Defaults to Always if :latest tag is specified, or IfNotPresent 8094 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 8095 type: string 8096 lifecycle: 8097 description: Actions that the management system should take 8098 in response to container lifecycle events. Cannot be updated. 8099 properties: 8100 postStart: 8101 description: 'PostStart is called immediately after 8102 a container is created. If the handler fails, the 8103 container is terminated and restarted according to 8104 its restart policy. Other management of the container 8105 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8106 properties: 8107 exec: 8108 description: Exec specifies the action to take. 8109 properties: 8110 command: 8111 description: Command is the command line to 8112 execute inside the container, the working 8113 directory for the command is root ('/') in 8114 the container's filesystem. The command is 8115 simply exec'd, it is not run inside a shell, 8116 so traditional shell instructions ('|', etc) 8117 won't work. To use a shell, you need to explicitly 8118 call out to that shell. Exit status of 0 is 8119 treated as live/healthy and non-zero is unhealthy. 8120 items: 8121 type: string 8122 type: array 8123 type: object 8124 httpGet: 8125 description: HTTPGet specifies the http request 8126 to perform. 8127 properties: 8128 host: 8129 description: Host name to connect to, defaults 8130 to the pod IP. You probably want to set "Host" 8131 in httpHeaders instead. 8132 type: string 8133 httpHeaders: 8134 description: Custom headers to set in the request. 8135 HTTP allows repeated headers. 8136 items: 8137 description: HTTPHeader describes a custom 8138 header to be used in HTTP probes 8139 properties: 8140 name: 8141 description: The header field name 8142 type: string 8143 value: 8144 description: The header field value 8145 type: string 8146 required: 8147 - name 8148 - value 8149 type: object 8150 type: array 8151 path: 8152 description: Path to access on the HTTP server. 8153 type: string 8154 port: 8155 anyOf: 8156 - type: integer 8157 - type: string 8158 description: Name or number of the port to access 8159 on the container. Number must be in the range 8160 1 to 65535. Name must be an IANA_SVC_NAME. 8161 x-kubernetes-int-or-string: true 8162 scheme: 8163 description: Scheme to use for connecting to 8164 the host. Defaults to HTTP. 8165 type: string 8166 required: 8167 - port 8168 type: object 8169 tcpSocket: 8170 description: Deprecated. TCPSocket is NOT supported 8171 as a LifecycleHandler and kept for the backward 8172 compatibility. There are no validation of this 8173 field and lifecycle hooks will fail in runtime 8174 when tcp handler is specified. 8175 properties: 8176 host: 8177 description: 'Optional: Host name to connect 8178 to, defaults to the pod IP.' 8179 type: string 8180 port: 8181 anyOf: 8182 - type: integer 8183 - type: string 8184 description: Number or name of the port to access 8185 on the container. Number must be in the range 8186 1 to 65535. Name must be an IANA_SVC_NAME. 8187 x-kubernetes-int-or-string: true 8188 required: 8189 - port 8190 type: object 8191 type: object 8192 preStop: 8193 description: 'PreStop is called immediately before a 8194 container is terminated due to an API request or management 8195 event such as liveness/startup probe failure, preemption, 8196 resource contention, etc. The handler is not called 8197 if the container crashes or exits. The Pod''s termination 8198 grace period countdown begins before the PreStop hook 8199 is executed. Regardless of the outcome of the handler, 8200 the container will eventually terminate within the 8201 Pod''s termination grace period (unless delayed by 8202 finalizers). Other management of the container blocks 8203 until the hook completes or until the termination 8204 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8205 properties: 8206 exec: 8207 description: Exec specifies the action to take. 8208 properties: 8209 command: 8210 description: Command is the command line to 8211 execute inside the container, the working 8212 directory for the command is root ('/') in 8213 the container's filesystem. The command is 8214 simply exec'd, it is not run inside a shell, 8215 so traditional shell instructions ('|', etc) 8216 won't work. To use a shell, you need to explicitly 8217 call out to that shell. Exit status of 0 is 8218 treated as live/healthy and non-zero is unhealthy. 8219 items: 8220 type: string 8221 type: array 8222 type: object 8223 httpGet: 8224 description: HTTPGet specifies the http request 8225 to perform. 8226 properties: 8227 host: 8228 description: Host name to connect to, defaults 8229 to the pod IP. You probably want to set "Host" 8230 in httpHeaders instead. 8231 type: string 8232 httpHeaders: 8233 description: Custom headers to set in the request. 8234 HTTP allows repeated headers. 8235 items: 8236 description: HTTPHeader describes a custom 8237 header to be used in HTTP probes 8238 properties: 8239 name: 8240 description: The header field name 8241 type: string 8242 value: 8243 description: The header field value 8244 type: string 8245 required: 8246 - name 8247 - value 8248 type: object 8249 type: array 8250 path: 8251 description: Path to access on the HTTP server. 8252 type: string 8253 port: 8254 anyOf: 8255 - type: integer 8256 - type: string 8257 description: Name or number of the port to access 8258 on the container. Number must be in the range 8259 1 to 65535. Name must be an IANA_SVC_NAME. 8260 x-kubernetes-int-or-string: true 8261 scheme: 8262 description: Scheme to use for connecting to 8263 the host. Defaults to HTTP. 8264 type: string 8265 required: 8266 - port 8267 type: object 8268 tcpSocket: 8269 description: Deprecated. TCPSocket is NOT supported 8270 as a LifecycleHandler and kept for the backward 8271 compatibility. There are no validation of this 8272 field and lifecycle hooks will fail in runtime 8273 when tcp handler is specified. 8274 properties: 8275 host: 8276 description: 'Optional: Host name to connect 8277 to, defaults to the pod IP.' 8278 type: string 8279 port: 8280 anyOf: 8281 - type: integer 8282 - type: string 8283 description: Number or name of the port to access 8284 on the container. Number must be in the range 8285 1 to 65535. Name must be an IANA_SVC_NAME. 8286 x-kubernetes-int-or-string: true 8287 required: 8288 - port 8289 type: object 8290 type: object 8291 type: object 8292 livenessProbe: 8293 description: 'Periodic probe of container liveness. Container 8294 will be restarted if the probe fails. Cannot be updated. 8295 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8296 properties: 8297 exec: 8298 description: Exec specifies the action to take. 8299 properties: 8300 command: 8301 description: Command is the command line to execute 8302 inside the container, the working directory for 8303 the command is root ('/') in the container's 8304 filesystem. The command is simply exec'd, it is 8305 not run inside a shell, so traditional shell instructions 8306 ('|', etc) won't work. To use a shell, you need 8307 to explicitly call out to that shell. Exit status 8308 of 0 is treated as live/healthy and non-zero is 8309 unhealthy. 8310 items: 8311 type: string 8312 type: array 8313 type: object 8314 failureThreshold: 8315 description: Minimum consecutive failures for the probe 8316 to be considered failed after having succeeded. Defaults 8317 to 3. Minimum value is 1. 8318 format: int32 8319 type: integer 8320 grpc: 8321 description: GRPC specifies an action involving a GRPC 8322 port. This is a beta field and requires enabling GRPCContainerProbe 8323 feature gate. 8324 properties: 8325 port: 8326 description: Port number of the gRPC service. Number 8327 must be in the range 1 to 65535. 8328 format: int32 8329 type: integer 8330 service: 8331 description: "Service is the name of the service 8332 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8333 \n If this is not specified, the default behavior 8334 is defined by gRPC." 8335 type: string 8336 required: 8337 - port 8338 type: object 8339 httpGet: 8340 description: HTTPGet specifies the http request to perform. 8341 properties: 8342 host: 8343 description: Host name to connect to, defaults to 8344 the pod IP. You probably want to set "Host" in 8345 httpHeaders instead. 8346 type: string 8347 httpHeaders: 8348 description: Custom headers to set in the request. 8349 HTTP allows repeated headers. 8350 items: 8351 description: HTTPHeader describes a custom header 8352 to be used in HTTP probes 8353 properties: 8354 name: 8355 description: The header field name 8356 type: string 8357 value: 8358 description: The header field value 8359 type: string 8360 required: 8361 - name 8362 - value 8363 type: object 8364 type: array 8365 path: 8366 description: Path to access on the HTTP server. 8367 type: string 8368 port: 8369 anyOf: 8370 - type: integer 8371 - type: string 8372 description: Name or number of the port to access 8373 on the container. Number must be in the range 8374 1 to 65535. Name must be an IANA_SVC_NAME. 8375 x-kubernetes-int-or-string: true 8376 scheme: 8377 description: Scheme to use for connecting to the 8378 host. Defaults to HTTP. 8379 type: string 8380 required: 8381 - port 8382 type: object 8383 initialDelaySeconds: 8384 description: 'Number of seconds after the container 8385 has started before liveness probes are initiated. 8386 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8387 format: int32 8388 type: integer 8389 periodSeconds: 8390 description: How often (in seconds) to perform the probe. 8391 Default to 10 seconds. Minimum value is 1. 8392 format: int32 8393 type: integer 8394 successThreshold: 8395 description: Minimum consecutive successes for the probe 8396 to be considered successful after having failed. Defaults 8397 to 1. Must be 1 for liveness and startup. Minimum 8398 value is 1. 8399 format: int32 8400 type: integer 8401 tcpSocket: 8402 description: TCPSocket specifies an action involving 8403 a TCP port. 8404 properties: 8405 host: 8406 description: 'Optional: Host name to connect to, 8407 defaults to the pod IP.' 8408 type: string 8409 port: 8410 anyOf: 8411 - type: integer 8412 - type: string 8413 description: Number or name of the port to access 8414 on the container. Number must be in the range 8415 1 to 65535. Name must be an IANA_SVC_NAME. 8416 x-kubernetes-int-or-string: true 8417 required: 8418 - port 8419 type: object 8420 terminationGracePeriodSeconds: 8421 description: Optional duration in seconds the pod needs 8422 to terminate gracefully upon probe failure. The grace 8423 period is the duration in seconds after the processes 8424 running in the pod are sent a termination signal and 8425 the time when the processes are forcibly halted with 8426 a kill signal. Set this value longer than the expected 8427 cleanup time for your process. If this value is nil, 8428 the pod's terminationGracePeriodSeconds will be used. 8429 Otherwise, this value overrides the value provided 8430 by the pod spec. Value must be non-negative integer. 8431 The value zero indicates stop immediately via the 8432 kill signal (no opportunity to shut down). This is 8433 a beta field and requires enabling ProbeTerminationGracePeriod 8434 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 8435 is used if unset. 8436 format: int64 8437 type: integer 8438 timeoutSeconds: 8439 description: 'Number of seconds after which the probe 8440 times out. Defaults to 1 second. Minimum value is 8441 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8442 format: int32 8443 type: integer 8444 type: object 8445 name: 8446 description: Name of the container specified as a DNS_LABEL. 8447 Each container in a pod must have a unique name (DNS_LABEL). 8448 Cannot be updated. 8449 type: string 8450 ports: 8451 description: List of ports to expose from the container. 8452 Exposing a port here gives the system additional information 8453 about the network connections a container uses, but is 8454 primarily informational. Not specifying a port here DOES 8455 NOT prevent that port from being exposed. Any port which 8456 is listening on the default "0.0.0.0" address inside a 8457 container will be accessible from the network. Cannot 8458 be updated. 8459 items: 8460 description: ContainerPort represents a network port in 8461 a single container. 8462 properties: 8463 containerPort: 8464 description: Number of port to expose on the pod's 8465 IP address. This must be a valid port number, 0 8466 < x < 65536. 8467 format: int32 8468 type: integer 8469 hostIP: 8470 description: What host IP to bind the external port 8471 to. 8472 type: string 8473 hostPort: 8474 description: Number of port to expose on the host. 8475 If specified, this must be a valid port number, 8476 0 < x < 65536. If HostNetwork is specified, this 8477 must match ContainerPort. Most containers do not 8478 need this. 8479 format: int32 8480 type: integer 8481 name: 8482 description: If specified, this must be an IANA_SVC_NAME 8483 and unique within the pod. Each named port in a 8484 pod must have a unique name. Name for the port that 8485 can be referred to by services. 8486 type: string 8487 protocol: 8488 default: TCP 8489 description: Protocol for port. Must be UDP, TCP, 8490 or SCTP. Defaults to "TCP". 8491 type: string 8492 required: 8493 - containerPort 8494 type: object 8495 type: array 8496 x-kubernetes-list-map-keys: 8497 - containerPort 8498 - protocol 8499 x-kubernetes-list-type: map 8500 readinessProbe: 8501 description: 'Periodic probe of container service readiness. 8502 Container will be removed from service endpoints if the 8503 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8504 properties: 8505 exec: 8506 description: Exec specifies the action to take. 8507 properties: 8508 command: 8509 description: Command is the command line to execute 8510 inside the container, the working directory for 8511 the command is root ('/') in the container's 8512 filesystem. The command is simply exec'd, it is 8513 not run inside a shell, so traditional shell instructions 8514 ('|', etc) won't work. To use a shell, you need 8515 to explicitly call out to that shell. Exit status 8516 of 0 is treated as live/healthy and non-zero is 8517 unhealthy. 8518 items: 8519 type: string 8520 type: array 8521 type: object 8522 failureThreshold: 8523 description: Minimum consecutive failures for the probe 8524 to be considered failed after having succeeded. Defaults 8525 to 3. Minimum value is 1. 8526 format: int32 8527 type: integer 8528 grpc: 8529 description: GRPC specifies an action involving a GRPC 8530 port. This is a beta field and requires enabling GRPCContainerProbe 8531 feature gate. 8532 properties: 8533 port: 8534 description: Port number of the gRPC service. Number 8535 must be in the range 1 to 65535. 8536 format: int32 8537 type: integer 8538 service: 8539 description: "Service is the name of the service 8540 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8541 \n If this is not specified, the default behavior 8542 is defined by gRPC." 8543 type: string 8544 required: 8545 - port 8546 type: object 8547 httpGet: 8548 description: HTTPGet specifies the http request to perform. 8549 properties: 8550 host: 8551 description: Host name to connect to, defaults to 8552 the pod IP. You probably want to set "Host" in 8553 httpHeaders instead. 8554 type: string 8555 httpHeaders: 8556 description: Custom headers to set in the request. 8557 HTTP allows repeated headers. 8558 items: 8559 description: HTTPHeader describes a custom header 8560 to be used in HTTP probes 8561 properties: 8562 name: 8563 description: The header field name 8564 type: string 8565 value: 8566 description: The header field value 8567 type: string 8568 required: 8569 - name 8570 - value 8571 type: object 8572 type: array 8573 path: 8574 description: Path to access on the HTTP server. 8575 type: string 8576 port: 8577 anyOf: 8578 - type: integer 8579 - type: string 8580 description: Name or number of the port to access 8581 on the container. Number must be in the range 8582 1 to 65535. Name must be an IANA_SVC_NAME. 8583 x-kubernetes-int-or-string: true 8584 scheme: 8585 description: Scheme to use for connecting to the 8586 host. Defaults to HTTP. 8587 type: string 8588 required: 8589 - port 8590 type: object 8591 initialDelaySeconds: 8592 description: 'Number of seconds after the container 8593 has started before liveness probes are initiated. 8594 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8595 format: int32 8596 type: integer 8597 periodSeconds: 8598 description: How often (in seconds) to perform the probe. 8599 Default to 10 seconds. Minimum value is 1. 8600 format: int32 8601 type: integer 8602 successThreshold: 8603 description: Minimum consecutive successes for the probe 8604 to be considered successful after having failed. Defaults 8605 to 1. Must be 1 for liveness and startup. Minimum 8606 value is 1. 8607 format: int32 8608 type: integer 8609 tcpSocket: 8610 description: TCPSocket specifies an action involving 8611 a TCP port. 8612 properties: 8613 host: 8614 description: 'Optional: Host name to connect to, 8615 defaults to the pod IP.' 8616 type: string 8617 port: 8618 anyOf: 8619 - type: integer 8620 - type: string 8621 description: Number or name of the port to access 8622 on the container. Number must be in the range 8623 1 to 65535. Name must be an IANA_SVC_NAME. 8624 x-kubernetes-int-or-string: true 8625 required: 8626 - port 8627 type: object 8628 terminationGracePeriodSeconds: 8629 description: Optional duration in seconds the pod needs 8630 to terminate gracefully upon probe failure. The grace 8631 period is the duration in seconds after the processes 8632 running in the pod are sent a termination signal and 8633 the time when the processes are forcibly halted with 8634 a kill signal. Set this value longer than the expected 8635 cleanup time for your process. If this value is nil, 8636 the pod's terminationGracePeriodSeconds will be used. 8637 Otherwise, this value overrides the value provided 8638 by the pod spec. Value must be non-negative integer. 8639 The value zero indicates stop immediately via the 8640 kill signal (no opportunity to shut down). This is 8641 a beta field and requires enabling ProbeTerminationGracePeriod 8642 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 8643 is used if unset. 8644 format: int64 8645 type: integer 8646 timeoutSeconds: 8647 description: 'Number of seconds after which the probe 8648 times out. Defaults to 1 second. Minimum value is 8649 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8650 format: int32 8651 type: integer 8652 type: object 8653 resources: 8654 description: 'Compute Resources required by this container. 8655 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8656 properties: 8657 limits: 8658 additionalProperties: 8659 anyOf: 8660 - type: integer 8661 - type: string 8662 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8663 x-kubernetes-int-or-string: true 8664 description: 'Limits describes the maximum amount of 8665 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8666 type: object 8667 requests: 8668 additionalProperties: 8669 anyOf: 8670 - type: integer 8671 - type: string 8672 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8673 x-kubernetes-int-or-string: true 8674 description: 'Requests describes the minimum amount 8675 of compute resources required. If Requests is omitted 8676 for a container, it defaults to Limits if that is 8677 explicitly specified, otherwise to an implementation-defined 8678 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8679 type: object 8680 type: object 8681 securityContext: 8682 description: 'SecurityContext defines the security options 8683 the container should be run with. If set, the fields of 8684 SecurityContext override the equivalent fields of PodSecurityContext. 8685 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 8686 properties: 8687 allowPrivilegeEscalation: 8688 description: 'AllowPrivilegeEscalation controls whether 8689 a process can gain more privileges than its parent 8690 process. This bool directly controls if the no_new_privs 8691 flag will be set on the container process. AllowPrivilegeEscalation 8692 is true always when the container is: 1) run as Privileged 8693 2) has CAP_SYS_ADMIN Note that this field cannot be 8694 set when spec.os.name is windows.' 8695 type: boolean 8696 capabilities: 8697 description: The capabilities to add/drop when running 8698 containers. Defaults to the default set of capabilities 8699 granted by the container runtime. Note that this field 8700 cannot be set when spec.os.name is windows. 8701 properties: 8702 add: 8703 description: Added capabilities 8704 items: 8705 description: Capability represent POSIX capabilities 8706 type 8707 type: string 8708 type: array 8709 drop: 8710 description: Removed capabilities 8711 items: 8712 description: Capability represent POSIX capabilities 8713 type 8714 type: string 8715 type: array 8716 type: object 8717 privileged: 8718 description: Run container in privileged mode. Processes 8719 in privileged containers are essentially equivalent 8720 to root on the host. Defaults to false. Note that 8721 this field cannot be set when spec.os.name is windows. 8722 type: boolean 8723 procMount: 8724 description: procMount denotes the type of proc mount 8725 to use for the containers. The default is DefaultProcMount 8726 which uses the container runtime defaults for readonly 8727 paths and masked paths. This requires the ProcMountType 8728 feature flag to be enabled. Note that this field cannot 8729 be set when spec.os.name is windows. 8730 type: string 8731 readOnlyRootFilesystem: 8732 description: Whether this container has a read-only 8733 root filesystem. Default is false. Note that this 8734 field cannot be set when spec.os.name is windows. 8735 type: boolean 8736 runAsGroup: 8737 description: The GID to run the entrypoint of the container 8738 process. Uses runtime default if unset. May also be 8739 set in PodSecurityContext. If set in both SecurityContext 8740 and PodSecurityContext, the value specified in SecurityContext 8741 takes precedence. Note that this field cannot be set 8742 when spec.os.name is windows. 8743 format: int64 8744 type: integer 8745 runAsNonRoot: 8746 description: Indicates that the container must run as 8747 a non-root user. If true, the Kubelet will validate 8748 the image at runtime to ensure that it does not run 8749 as UID 0 (root) and fail to start the container if 8750 it does. If unset or false, no such validation will 8751 be performed. May also be set in PodSecurityContext. If 8752 set in both SecurityContext and PodSecurityContext, 8753 the value specified in SecurityContext takes precedence. 8754 type: boolean 8755 runAsUser: 8756 description: The UID to run the entrypoint of the container 8757 process. Defaults to user specified in image metadata 8758 if unspecified. May also be set in PodSecurityContext. If 8759 set in both SecurityContext and PodSecurityContext, 8760 the value specified in SecurityContext takes precedence. 8761 Note that this field cannot be set when spec.os.name 8762 is windows. 8763 format: int64 8764 type: integer 8765 seLinuxOptions: 8766 description: The SELinux context to be applied to the 8767 container. If unspecified, the container runtime will 8768 allocate a random SELinux context for each container. May 8769 also be set in PodSecurityContext. If set in both 8770 SecurityContext and PodSecurityContext, the value 8771 specified in SecurityContext takes precedence. Note 8772 that this field cannot be set when spec.os.name is 8773 windows. 8774 properties: 8775 level: 8776 description: Level is SELinux level label that applies 8777 to the container. 8778 type: string 8779 role: 8780 description: Role is a SELinux role label that applies 8781 to the container. 8782 type: string 8783 type: 8784 description: Type is a SELinux type label that applies 8785 to the container. 8786 type: string 8787 user: 8788 description: User is a SELinux user label that applies 8789 to the container. 8790 type: string 8791 type: object 8792 seccompProfile: 8793 description: The seccomp options to use by this container. 8794 If seccomp options are provided at both the pod & 8795 container level, the container options override the 8796 pod options. Note that this field cannot be set when 8797 spec.os.name is windows. 8798 properties: 8799 localhostProfile: 8800 description: localhostProfile indicates a profile 8801 defined in a file on the node should be used. 8802 The profile must be preconfigured on the node 8803 to work. Must be a descending path, relative to 8804 the kubelet's configured seccomp profile location. 8805 Must only be set if type is "Localhost". 8806 type: string 8807 type: 8808 description: "type indicates which kind of seccomp 8809 profile will be applied. Valid options are: \n 8810 Localhost - a profile defined in a file on the 8811 node should be used. RuntimeDefault - the container 8812 runtime default profile should be used. Unconfined 8813 - no profile should be applied." 8814 type: string 8815 required: 8816 - type 8817 type: object 8818 windowsOptions: 8819 description: The Windows specific settings applied to 8820 all containers. If unspecified, the options from the 8821 PodSecurityContext will be used. If set in both SecurityContext 8822 and PodSecurityContext, the value specified in SecurityContext 8823 takes precedence. Note that this field cannot be set 8824 when spec.os.name is linux. 8825 properties: 8826 gmsaCredentialSpec: 8827 description: GMSACredentialSpec is where the GMSA 8828 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 8829 inlines the contents of the GMSA credential spec 8830 named by the GMSACredentialSpecName field. 8831 type: string 8832 gmsaCredentialSpecName: 8833 description: GMSACredentialSpecName is the name 8834 of the GMSA credential spec to use. 8835 type: string 8836 hostProcess: 8837 description: HostProcess determines if a container 8838 should be run as a 'Host Process' container. This 8839 field is alpha-level and will only be honored 8840 by components that enable the WindowsHostProcessContainers 8841 feature flag. Setting this field without the feature 8842 flag will result in errors when validating the 8843 Pod. All of a Pod's containers must have the same 8844 effective HostProcess value (it is not allowed 8845 to have a mix of HostProcess containers and non-HostProcess 8846 containers). In addition, if HostProcess is true 8847 then HostNetwork must also be set to true. 8848 type: boolean 8849 runAsUserName: 8850 description: The UserName in Windows to run the 8851 entrypoint of the container process. Defaults 8852 to the user specified in image metadata if unspecified. 8853 May also be set in PodSecurityContext. If set 8854 in both SecurityContext and PodSecurityContext, 8855 the value specified in SecurityContext takes precedence. 8856 type: string 8857 type: object 8858 type: object 8859 startupProbe: 8860 description: 'StartupProbe indicates that the Pod has successfully 8861 initialized. If specified, no other probes are executed 8862 until this completes successfully. If this probe fails, 8863 the Pod will be restarted, just as if the livenessProbe 8864 failed. This can be used to provide different probe parameters 8865 at the beginning of a Pod''s lifecycle, when it might 8866 take a long time to load data or warm a cache, than during 8867 steady-state operation. This cannot be updated. More info: 8868 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8869 properties: 8870 exec: 8871 description: Exec specifies the action to take. 8872 properties: 8873 command: 8874 description: Command is the command line to execute 8875 inside the container, the working directory for 8876 the command is root ('/') in the container's 8877 filesystem. The command is simply exec'd, it is 8878 not run inside a shell, so traditional shell instructions 8879 ('|', etc) won't work. To use a shell, you need 8880 to explicitly call out to that shell. Exit status 8881 of 0 is treated as live/healthy and non-zero is 8882 unhealthy. 8883 items: 8884 type: string 8885 type: array 8886 type: object 8887 failureThreshold: 8888 description: Minimum consecutive failures for the probe 8889 to be considered failed after having succeeded. Defaults 8890 to 3. Minimum value is 1. 8891 format: int32 8892 type: integer 8893 grpc: 8894 description: GRPC specifies an action involving a GRPC 8895 port. This is a beta field and requires enabling GRPCContainerProbe 8896 feature gate. 8897 properties: 8898 port: 8899 description: Port number of the gRPC service. Number 8900 must be in the range 1 to 65535. 8901 format: int32 8902 type: integer 8903 service: 8904 description: "Service is the name of the service 8905 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8906 \n If this is not specified, the default behavior 8907 is defined by gRPC." 8908 type: string 8909 required: 8910 - port 8911 type: object 8912 httpGet: 8913 description: HTTPGet specifies the http request to perform. 8914 properties: 8915 host: 8916 description: Host name to connect to, defaults to 8917 the pod IP. You probably want to set "Host" in 8918 httpHeaders instead. 8919 type: string 8920 httpHeaders: 8921 description: Custom headers to set in the request. 8922 HTTP allows repeated headers. 8923 items: 8924 description: HTTPHeader describes a custom header 8925 to be used in HTTP probes 8926 properties: 8927 name: 8928 description: The header field name 8929 type: string 8930 value: 8931 description: The header field value 8932 type: string 8933 required: 8934 - name 8935 - value 8936 type: object 8937 type: array 8938 path: 8939 description: Path to access on the HTTP server. 8940 type: string 8941 port: 8942 anyOf: 8943 - type: integer 8944 - type: string 8945 description: Name or number of the port to access 8946 on the container. Number must be in the range 8947 1 to 65535. Name must be an IANA_SVC_NAME. 8948 x-kubernetes-int-or-string: true 8949 scheme: 8950 description: Scheme to use for connecting to the 8951 host. Defaults to HTTP. 8952 type: string 8953 required: 8954 - port 8955 type: object 8956 initialDelaySeconds: 8957 description: 'Number of seconds after the container 8958 has started before liveness probes are initiated. 8959 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8960 format: int32 8961 type: integer 8962 periodSeconds: 8963 description: How often (in seconds) to perform the probe. 8964 Default to 10 seconds. Minimum value is 1. 8965 format: int32 8966 type: integer 8967 successThreshold: 8968 description: Minimum consecutive successes for the probe 8969 to be considered successful after having failed. Defaults 8970 to 1. Must be 1 for liveness and startup. Minimum 8971 value is 1. 8972 format: int32 8973 type: integer 8974 tcpSocket: 8975 description: TCPSocket specifies an action involving 8976 a TCP port. 8977 properties: 8978 host: 8979 description: 'Optional: Host name to connect to, 8980 defaults to the pod IP.' 8981 type: string 8982 port: 8983 anyOf: 8984 - type: integer 8985 - type: string 8986 description: Number or name of the port to access 8987 on the container. Number must be in the range 8988 1 to 65535. Name must be an IANA_SVC_NAME. 8989 x-kubernetes-int-or-string: true 8990 required: 8991 - port 8992 type: object 8993 terminationGracePeriodSeconds: 8994 description: Optional duration in seconds the pod needs 8995 to terminate gracefully upon probe failure. The grace 8996 period is the duration in seconds after the processes 8997 running in the pod are sent a termination signal and 8998 the time when the processes are forcibly halted with 8999 a kill signal. Set this value longer than the expected 9000 cleanup time for your process. If this value is nil, 9001 the pod's terminationGracePeriodSeconds will be used. 9002 Otherwise, this value overrides the value provided 9003 by the pod spec. Value must be non-negative integer. 9004 The value zero indicates stop immediately via the 9005 kill signal (no opportunity to shut down). This is 9006 a beta field and requires enabling ProbeTerminationGracePeriod 9007 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9008 is used if unset. 9009 format: int64 9010 type: integer 9011 timeoutSeconds: 9012 description: 'Number of seconds after which the probe 9013 times out. Defaults to 1 second. Minimum value is 9014 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9015 format: int32 9016 type: integer 9017 type: object 9018 stdin: 9019 description: Whether this container should allocate a buffer 9020 for stdin in the container runtime. If this is not set, 9021 reads from stdin in the container will always result in 9022 EOF. Default is false. 9023 type: boolean 9024 stdinOnce: 9025 description: Whether the container runtime should close 9026 the stdin channel after it has been opened by a single 9027 attach. When stdin is true the stdin stream will remain 9028 open across multiple attach sessions. If stdinOnce is 9029 set to true, stdin is opened on container start, is empty 9030 until the first client attaches to stdin, and then remains 9031 open and accepts data until the client disconnects, at 9032 which time stdin is closed and remains closed until the 9033 container is restarted. If this flag is false, a container 9034 processes that reads from stdin will never receive an 9035 EOF. Default is false 9036 type: boolean 9037 terminationMessagePath: 9038 description: 'Optional: Path at which the file to which 9039 the container''s termination message will be written is 9040 mounted into the container''s filesystem. Message written 9041 is intended to be brief final status, such as an assertion 9042 failure message. Will be truncated by the node if greater 9043 than 4096 bytes. The total message length across all containers 9044 will be limited to 12kb. Defaults to /dev/termination-log. 9045 Cannot be updated.' 9046 type: string 9047 terminationMessagePolicy: 9048 description: Indicate how the termination message should 9049 be populated. File will use the contents of terminationMessagePath 9050 to populate the container status message on both success 9051 and failure. FallbackToLogsOnError will use the last chunk 9052 of container log output if the termination message file 9053 is empty and the container exited with an error. The log 9054 output is limited to 2048 bytes or 80 lines, whichever 9055 is smaller. Defaults to File. Cannot be updated. 9056 type: string 9057 tty: 9058 description: Whether this container should allocate a TTY 9059 for itself, also requires 'stdin' to be true. Default 9060 is false. 9061 type: boolean 9062 volumeDevices: 9063 description: volumeDevices is the list of block devices 9064 to be used by the container. 9065 items: 9066 description: volumeDevice describes a mapping of a raw 9067 block device within a container. 9068 properties: 9069 devicePath: 9070 description: devicePath is the path inside of the 9071 container that the device will be mapped to. 9072 type: string 9073 name: 9074 description: name must match the name of a persistentVolumeClaim 9075 in the pod 9076 type: string 9077 required: 9078 - devicePath 9079 - name 9080 type: object 9081 type: array 9082 volumeMounts: 9083 description: Pod volumes to mount into the container's filesystem. 9084 Cannot be updated. 9085 items: 9086 description: VolumeMount describes a mounting of a Volume 9087 within a container. 9088 properties: 9089 mountPath: 9090 description: Path within the container at which the 9091 volume should be mounted. Must not contain ':'. 9092 type: string 9093 mountPropagation: 9094 description: mountPropagation determines how mounts 9095 are propagated from the host to container and the 9096 other way around. When not set, MountPropagationNone 9097 is used. This field is beta in 1.10. 9098 type: string 9099 name: 9100 description: This must match the Name of a Volume. 9101 type: string 9102 readOnly: 9103 description: Mounted read-only if true, read-write 9104 otherwise (false or unspecified). Defaults to false. 9105 type: boolean 9106 subPath: 9107 description: Path within the volume from which the 9108 container's volume should be mounted. Defaults to 9109 "" (volume's root). 9110 type: string 9111 subPathExpr: 9112 description: Expanded path within the volume from 9113 which the container's volume should be mounted. 9114 Behaves similarly to SubPath but environment variable 9115 references $(VAR_NAME) are expanded using the container's 9116 environment. Defaults to "" (volume's root). SubPathExpr 9117 and SubPath are mutually exclusive. 9118 type: string 9119 required: 9120 - mountPath 9121 - name 9122 type: object 9123 type: array 9124 workingDir: 9125 description: Container's working directory. If not specified, 9126 the container runtime's default will be used, which might 9127 be configured in the container image. Cannot be updated. 9128 type: string 9129 required: 9130 - name 9131 type: object 9132 type: array 9133 extraVolumeMounts: 9134 items: 9135 description: VolumeMount describes a mounting of a Volume within 9136 a container. 9137 properties: 9138 mountPath: 9139 description: Path within the container at which the volume 9140 should be mounted. Must not contain ':'. 9141 type: string 9142 mountPropagation: 9143 description: mountPropagation determines how mounts are 9144 propagated from the host to container and the other way 9145 around. When not set, MountPropagationNone is used. This 9146 field is beta in 1.10. 9147 type: string 9148 name: 9149 description: This must match the Name of a Volume. 9150 type: string 9151 readOnly: 9152 description: Mounted read-only if true, read-write otherwise 9153 (false or unspecified). Defaults to false. 9154 type: boolean 9155 subPath: 9156 description: Path within the volume from which the container's 9157 volume should be mounted. Defaults to "" (volume's root). 9158 type: string 9159 subPathExpr: 9160 description: Expanded path within the volume from which 9161 the container's volume should be mounted. Behaves similarly 9162 to SubPath but environment variable references $(VAR_NAME) 9163 are expanded using the container's environment. Defaults 9164 to "" (volume's root). SubPathExpr and SubPath are mutually 9165 exclusive. 9166 type: string 9167 required: 9168 - mountPath 9169 - name 9170 type: object 9171 type: array 9172 extraVolumes: 9173 items: 9174 description: Volume represents a named volume in a pod that 9175 may be accessed by any container in the pod. 9176 properties: 9177 awsElasticBlockStore: 9178 description: 'awsElasticBlockStore represents an AWS Disk 9179 resource that is attached to a kubelet''s host machine 9180 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9181 properties: 9182 fsType: 9183 description: 'fsType is the filesystem type of the volume 9184 that you want to mount. Tip: Ensure that the filesystem 9185 type is supported by the host operating system. Examples: 9186 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 9187 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 9188 TODO: how do we prevent errors in the filesystem from 9189 compromising the machine' 9190 type: string 9191 partition: 9192 description: 'partition is the partition in the volume 9193 that you want to mount. If omitted, the default is 9194 to mount by volume name. Examples: For volume /dev/sda1, 9195 you specify the partition as "1". Similarly, the volume 9196 partition for /dev/sda is "0" (or you can leave the 9197 property empty).' 9198 format: int32 9199 type: integer 9200 readOnly: 9201 description: 'readOnly value true will force the readOnly 9202 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9203 type: boolean 9204 volumeID: 9205 description: 'volumeID is unique ID of the persistent 9206 disk resource in AWS (Amazon EBS volume). More info: 9207 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9208 type: string 9209 required: 9210 - volumeID 9211 type: object 9212 azureDisk: 9213 description: azureDisk represents an Azure Data Disk mount 9214 on the host and bind mount to the pod. 9215 properties: 9216 cachingMode: 9217 description: 'cachingMode is the Host Caching mode: 9218 None, Read Only, Read Write.' 9219 type: string 9220 diskName: 9221 description: diskName is the Name of the data disk in 9222 the blob storage 9223 type: string 9224 diskURI: 9225 description: diskURI is the URI of data disk in the 9226 blob storage 9227 type: string 9228 fsType: 9229 description: fsType is Filesystem type to mount. Must 9230 be a filesystem type supported by the host operating 9231 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 9232 to be "ext4" if unspecified. 9233 type: string 9234 kind: 9235 description: 'kind expected values are Shared: multiple 9236 blob disks per storage account Dedicated: single 9237 blob disk per storage account Managed: azure managed 9238 data disk (only in managed availability set). defaults 9239 to shared' 9240 type: string 9241 readOnly: 9242 description: readOnly Defaults to false (read/write). 9243 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9244 type: boolean 9245 required: 9246 - diskName 9247 - diskURI 9248 type: object 9249 azureFile: 9250 description: azureFile represents an Azure File Service 9251 mount on the host and bind mount to the pod. 9252 properties: 9253 readOnly: 9254 description: readOnly defaults to false (read/write). 9255 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9256 type: boolean 9257 secretName: 9258 description: secretName is the name of secret that 9259 contains Azure Storage Account Name and Key 9260 type: string 9261 shareName: 9262 description: shareName is the azure share Name 9263 type: string 9264 required: 9265 - secretName 9266 - shareName 9267 type: object 9268 cephfs: 9269 description: cephFS represents a Ceph FS mount on the host 9270 that shares a pod's lifetime 9271 properties: 9272 monitors: 9273 description: 'monitors is Required: Monitors is a collection 9274 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9275 items: 9276 type: string 9277 type: array 9278 path: 9279 description: 'path is Optional: Used as the mounted 9280 root, rather than the full Ceph tree, default is /' 9281 type: string 9282 readOnly: 9283 description: 'readOnly is Optional: Defaults to false 9284 (read/write). ReadOnly here will force the ReadOnly 9285 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9286 type: boolean 9287 secretFile: 9288 description: 'secretFile is Optional: SecretFile is 9289 the path to key ring for User, default is /etc/ceph/user.secret 9290 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9291 type: string 9292 secretRef: 9293 description: 'secretRef is Optional: SecretRef is reference 9294 to the authentication secret for User, default is 9295 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9296 properties: 9297 name: 9298 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9299 TODO: Add other useful fields. apiVersion, kind, 9300 uid?' 9301 type: string 9302 type: object 9303 user: 9304 description: 'user is optional: User is the rados user 9305 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9306 type: string 9307 required: 9308 - monitors 9309 type: object 9310 cinder: 9311 description: 'cinder represents a cinder volume attached 9312 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9313 properties: 9314 fsType: 9315 description: 'fsType is the filesystem type to mount. 9316 Must be a filesystem type supported by the host operating 9317 system. Examples: "ext4", "xfs", "ntfs". Implicitly 9318 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9319 type: string 9320 readOnly: 9321 description: 'readOnly defaults to false (read/write). 9322 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9323 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9324 type: boolean 9325 secretRef: 9326 description: 'secretRef is optional: points to a secret 9327 object containing parameters used to connect to OpenStack.' 9328 properties: 9329 name: 9330 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9331 TODO: Add other useful fields. apiVersion, kind, 9332 uid?' 9333 type: string 9334 type: object 9335 volumeID: 9336 description: 'volumeID used to identify the volume in 9337 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9338 type: string 9339 required: 9340 - volumeID 9341 type: object 9342 configMap: 9343 description: configMap represents a configMap that should 9344 populate this volume 9345 properties: 9346 defaultMode: 9347 description: 'defaultMode is optional: mode bits used 9348 to set permissions on created files by default. Must 9349 be an octal value between 0000 and 0777 or a decimal 9350 value between 0 and 511. YAML accepts both octal and 9351 decimal values, JSON requires decimal values for mode 9352 bits. Defaults to 0644. Directories within the path 9353 are not affected by this setting. This might be in 9354 conflict with other options that affect the file mode, 9355 like fsGroup, and the result can be other mode bits 9356 set.' 9357 format: int32 9358 type: integer 9359 items: 9360 description: items if unspecified, each key-value pair 9361 in the Data field of the referenced ConfigMap will 9362 be projected into the volume as a file whose name 9363 is the key and content is the value. If specified, 9364 the listed keys will be projected into the specified 9365 paths, and unlisted keys will not be present. If a 9366 key is specified which is not present in the ConfigMap, 9367 the volume setup will error unless it is marked optional. 9368 Paths must be relative and may not contain the '..' 9369 path or start with '..'. 9370 items: 9371 description: Maps a string key to a path within a 9372 volume. 9373 properties: 9374 key: 9375 description: key is the key to project. 9376 type: string 9377 mode: 9378 description: 'mode is Optional: mode bits used 9379 to set permissions on this file. Must be an 9380 octal value between 0000 and 0777 or a decimal 9381 value between 0 and 511. YAML accepts both octal 9382 and decimal values, JSON requires decimal values 9383 for mode bits. If not specified, the volume 9384 defaultMode will be used. This might be in conflict 9385 with other options that affect the file mode, 9386 like fsGroup, and the result can be other mode 9387 bits set.' 9388 format: int32 9389 type: integer 9390 path: 9391 description: path is the relative path of the 9392 file to map the key to. May not be an absolute 9393 path. May not contain the path element '..'. 9394 May not start with the string '..'. 9395 type: string 9396 required: 9397 - key 9398 - path 9399 type: object 9400 type: array 9401 name: 9402 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9403 TODO: Add other useful fields. apiVersion, kind, uid?' 9404 type: string 9405 optional: 9406 description: optional specify whether the ConfigMap 9407 or its keys must be defined 9408 type: boolean 9409 type: object 9410 csi: 9411 description: csi (Container Storage Interface) represents 9412 ephemeral storage that is handled by certain external 9413 CSI drivers (Beta feature). 9414 properties: 9415 driver: 9416 description: driver is the name of the CSI driver that 9417 handles this volume. Consult with your admin for the 9418 correct name as registered in the cluster. 9419 type: string 9420 fsType: 9421 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 9422 If not provided, the empty value is passed to the 9423 associated CSI driver which will determine the default 9424 filesystem to apply. 9425 type: string 9426 nodePublishSecretRef: 9427 description: nodePublishSecretRef is a reference to 9428 the secret object containing sensitive information 9429 to pass to the CSI driver to complete the CSI NodePublishVolume 9430 and NodeUnpublishVolume calls. This field is optional, 9431 and may be empty if no secret is required. If the 9432 secret object contains more than one secret, all secret 9433 references are passed. 9434 properties: 9435 name: 9436 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9437 TODO: Add other useful fields. apiVersion, kind, 9438 uid?' 9439 type: string 9440 type: object 9441 readOnly: 9442 description: readOnly specifies a read-only configuration 9443 for the volume. Defaults to false (read/write). 9444 type: boolean 9445 volumeAttributes: 9446 additionalProperties: 9447 type: string 9448 description: volumeAttributes stores driver-specific 9449 properties that are passed to the CSI driver. Consult 9450 your driver's documentation for supported values. 9451 type: object 9452 required: 9453 - driver 9454 type: object 9455 downwardAPI: 9456 description: downwardAPI represents downward API about the 9457 pod that should populate this volume 9458 properties: 9459 defaultMode: 9460 description: 'Optional: mode bits to use on created 9461 files by default. Must be a Optional: mode bits used 9462 to set permissions on created files by default. Must 9463 be an octal value between 0000 and 0777 or a decimal 9464 value between 0 and 511. YAML accepts both octal and 9465 decimal values, JSON requires decimal values for mode 9466 bits. Defaults to 0644. Directories within the path 9467 are not affected by this setting. This might be in 9468 conflict with other options that affect the file mode, 9469 like fsGroup, and the result can be other mode bits 9470 set.' 9471 format: int32 9472 type: integer 9473 items: 9474 description: Items is a list of downward API volume 9475 file 9476 items: 9477 description: DownwardAPIVolumeFile represents information 9478 to create the file containing the pod field 9479 properties: 9480 fieldRef: 9481 description: 'Required: Selects a field of the 9482 pod: only annotations, labels, name and namespace 9483 are supported.' 9484 properties: 9485 apiVersion: 9486 description: Version of the schema the FieldPath 9487 is written in terms of, defaults to "v1". 9488 type: string 9489 fieldPath: 9490 description: Path of the field to select in 9491 the specified API version. 9492 type: string 9493 required: 9494 - fieldPath 9495 type: object 9496 mode: 9497 description: 'Optional: mode bits used to set 9498 permissions on this file, must be an octal value 9499 between 0000 and 0777 or a decimal value between 9500 0 and 511. YAML accepts both octal and decimal 9501 values, JSON requires decimal values for mode 9502 bits. If not specified, the volume defaultMode 9503 will be used. This might be in conflict with 9504 other options that affect the file mode, like 9505 fsGroup, and the result can be other mode bits 9506 set.' 9507 format: int32 9508 type: integer 9509 path: 9510 description: 'Required: Path is the relative 9511 path name of the file to be created. Must not 9512 be absolute or contain the ''..'' path. Must 9513 be utf-8 encoded. The first item of the relative 9514 path must not start with ''..''' 9515 type: string 9516 resourceFieldRef: 9517 description: 'Selects a resource of the container: 9518 only resources limits and requests (limits.cpu, 9519 limits.memory, requests.cpu and requests.memory) 9520 are currently supported.' 9521 properties: 9522 containerName: 9523 description: 'Container name: required for 9524 volumes, optional for env vars' 9525 type: string 9526 divisor: 9527 anyOf: 9528 - type: integer 9529 - type: string 9530 description: Specifies the output format of 9531 the exposed resources, defaults to "1" 9532 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9533 x-kubernetes-int-or-string: true 9534 resource: 9535 description: 'Required: resource to select' 9536 type: string 9537 required: 9538 - resource 9539 type: object 9540 required: 9541 - path 9542 type: object 9543 type: array 9544 type: object 9545 emptyDir: 9546 description: 'emptyDir represents a temporary directory 9547 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 9548 properties: 9549 medium: 9550 description: 'medium represents what type of storage 9551 medium should back this directory. The default is 9552 "" which means to use the node''s default medium. 9553 Must be an empty string (default) or Memory. More 9554 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 9555 type: string 9556 sizeLimit: 9557 anyOf: 9558 - type: integer 9559 - type: string 9560 description: 'sizeLimit is the total amount of local 9561 storage required for this EmptyDir volume. The size 9562 limit is also applicable for memory medium. The maximum 9563 usage on memory medium EmptyDir would be the minimum 9564 value between the SizeLimit specified here and the 9565 sum of memory limits of all containers in a pod. The 9566 default is nil which means that the limit is undefined. 9567 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 9568 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9569 x-kubernetes-int-or-string: true 9570 type: object 9571 ephemeral: 9572 description: "ephemeral represents a volume that is handled 9573 by a cluster storage driver. The volume's lifecycle is 9574 tied to the pod that defines it - it will be created before 9575 the pod starts, and deleted when the pod is removed. \n 9576 Use this if: a) the volume is only needed while the pod 9577 runs, b) features of normal volumes like restoring from 9578 snapshot or capacity tracking are needed, c) the storage 9579 driver is specified through a storage class, and d) the 9580 storage driver supports dynamic volume provisioning through 9581 \ a PersistentVolumeClaim (see EphemeralVolumeSource 9582 for more information on the connection between this 9583 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 9584 or one of the vendor-specific APIs for volumes that persist 9585 for longer than the lifecycle of an individual pod. \n 9586 Use CSI for light-weight local ephemeral volumes if the 9587 CSI driver is meant to be used that way - see the documentation 9588 of the driver for more information. \n A pod can use both 9589 types of ephemeral volumes and persistent volumes at the 9590 same time." 9591 properties: 9592 volumeClaimTemplate: 9593 description: "Will be used to create a stand-alone PVC 9594 to provision the volume. The pod in which this EphemeralVolumeSource 9595 is embedded will be the owner of the PVC, i.e. the 9596 PVC will be deleted together with the pod. The name 9597 of the PVC will be `<pod name>-<volume name>` where 9598 `<volume name>` is the name from the `PodSpec.Volumes` 9599 array entry. Pod validation will reject the pod if 9600 the concatenated name is not valid for a PVC (for 9601 example, too long). \n An existing PVC with that name 9602 that is not owned by the pod will *not* be used for 9603 the pod to avoid using an unrelated volume by mistake. 9604 Starting the pod is then blocked until the unrelated 9605 PVC is removed. If such a pre-created PVC is meant 9606 to be used by the pod, the PVC has to updated with 9607 an owner reference to the pod once the pod exists. 9608 Normally this should not be necessary, but it may 9609 be useful when manually reconstructing a broken cluster. 9610 \n This field is read-only and no changes will be 9611 made by Kubernetes to the PVC after it has been created. 9612 \n Required, must not be nil." 9613 properties: 9614 metadata: 9615 description: May contain labels and annotations 9616 that will be copied into the PVC when creating 9617 it. No other fields are allowed and will be rejected 9618 during validation. 9619 type: object 9620 spec: 9621 description: The specification for the PersistentVolumeClaim. 9622 The entire content is copied unchanged into the 9623 PVC that gets created from this template. The 9624 same fields as in a PersistentVolumeClaim are 9625 also valid here. 9626 properties: 9627 accessModes: 9628 description: 'accessModes contains the desired 9629 access modes the volume should have. More 9630 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 9631 items: 9632 type: string 9633 type: array 9634 dataSource: 9635 description: 'dataSource field can be used to 9636 specify either: * An existing VolumeSnapshot 9637 object (snapshot.storage.k8s.io/VolumeSnapshot) 9638 * An existing PVC (PersistentVolumeClaim) 9639 If the provisioner or an external controller 9640 can support the specified data source, it 9641 will create a new volume based on the contents 9642 of the specified data source. If the AnyVolumeDataSource 9643 feature gate is enabled, this field will always 9644 have the same contents as the DataSourceRef 9645 field.' 9646 properties: 9647 apiGroup: 9648 description: APIGroup is the group for the 9649 resource being referenced. If APIGroup 9650 is not specified, the specified Kind must 9651 be in the core API group. For any other 9652 third-party types, APIGroup is required. 9653 type: string 9654 kind: 9655 description: Kind is the type of resource 9656 being referenced 9657 type: string 9658 name: 9659 description: Name is the name of resource 9660 being referenced 9661 type: string 9662 required: 9663 - kind 9664 - name 9665 type: object 9666 dataSourceRef: 9667 description: 'dataSourceRef specifies the object 9668 from which to populate the volume with data, 9669 if a non-empty volume is desired. This may 9670 be any local object from a non-empty API group 9671 (non core object) or a PersistentVolumeClaim 9672 object. When this field is specified, volume 9673 binding will only succeed if the type of the 9674 specified object matches some installed volume 9675 populator or dynamic provisioner. This field 9676 will replace the functionality of the DataSource 9677 field and as such if both fields are non-empty, 9678 they must have the same value. For backwards 9679 compatibility, both fields (DataSource and 9680 DataSourceRef) will be set to the same value 9681 automatically if one of them is empty and 9682 the other is non-empty. There are two important 9683 differences between DataSource and DataSourceRef: 9684 * While DataSource only allows two specific 9685 types of objects, DataSourceRef allows any 9686 non-core object, as well as PersistentVolumeClaim 9687 objects. * While DataSource ignores disallowed 9688 values (dropping them), DataSourceRef preserves 9689 all values, and generates an error if a disallowed 9690 value is specified. (Beta) Using this field 9691 requires the AnyVolumeDataSource feature gate 9692 to be enabled.' 9693 properties: 9694 apiGroup: 9695 description: APIGroup is the group for the 9696 resource being referenced. If APIGroup 9697 is not specified, the specified Kind must 9698 be in the core API group. For any other 9699 third-party types, APIGroup is required. 9700 type: string 9701 kind: 9702 description: Kind is the type of resource 9703 being referenced 9704 type: string 9705 name: 9706 description: Name is the name of resource 9707 being referenced 9708 type: string 9709 required: 9710 - kind 9711 - name 9712 type: object 9713 resources: 9714 description: 'resources represents the minimum 9715 resources the volume should have. If RecoverVolumeExpansionFailure 9716 feature is enabled users are allowed to specify 9717 resource requirements that are lower than 9718 previous value but must still be higher than 9719 capacity recorded in the status field of the 9720 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 9721 properties: 9722 limits: 9723 additionalProperties: 9724 anyOf: 9725 - type: integer 9726 - type: string 9727 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9728 x-kubernetes-int-or-string: true 9729 description: 'Limits describes the maximum 9730 amount of compute resources allowed. More 9731 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9732 type: object 9733 requests: 9734 additionalProperties: 9735 anyOf: 9736 - type: integer 9737 - type: string 9738 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9739 x-kubernetes-int-or-string: true 9740 description: 'Requests describes the minimum 9741 amount of compute resources required. 9742 If Requests is omitted for a container, 9743 it defaults to Limits if that is explicitly 9744 specified, otherwise to an implementation-defined 9745 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9746 type: object 9747 type: object 9748 selector: 9749 description: selector is a label query over 9750 volumes to consider for binding. 9751 properties: 9752 matchExpressions: 9753 description: matchExpressions is a list 9754 of label selector requirements. The requirements 9755 are ANDed. 9756 items: 9757 description: A label selector requirement 9758 is a selector that contains values, 9759 a key, and an operator that relates 9760 the key and values. 9761 properties: 9762 key: 9763 description: key is the label key 9764 that the selector applies to. 9765 type: string 9766 operator: 9767 description: operator represents a 9768 key's relationship to a set of values. 9769 Valid operators are In, NotIn, Exists 9770 and DoesNotExist. 9771 type: string 9772 values: 9773 description: values is an array of 9774 string values. If the operator is 9775 In or NotIn, the values array must 9776 be non-empty. If the operator is 9777 Exists or DoesNotExist, the values 9778 array must be empty. This array 9779 is replaced during a strategic merge 9780 patch. 9781 items: 9782 type: string 9783 type: array 9784 required: 9785 - key 9786 - operator 9787 type: object 9788 type: array 9789 matchLabels: 9790 additionalProperties: 9791 type: string 9792 description: matchLabels is a map of {key,value} 9793 pairs. A single {key,value} in the matchLabels 9794 map is equivalent to an element of matchExpressions, 9795 whose key field is "key", the operator 9796 is "In", and the values array contains 9797 only "value". The requirements are ANDed. 9798 type: object 9799 type: object 9800 storageClassName: 9801 description: 'storageClassName is the name of 9802 the StorageClass required by the claim. More 9803 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 9804 type: string 9805 volumeMode: 9806 description: volumeMode defines what type of 9807 volume is required by the claim. Value of 9808 Filesystem is implied when not included in 9809 claim spec. 9810 type: string 9811 volumeName: 9812 description: volumeName is the binding reference 9813 to the PersistentVolume backing this claim. 9814 type: string 9815 type: object 9816 required: 9817 - spec 9818 type: object 9819 type: object 9820 fc: 9821 description: fc represents a Fibre Channel resource that 9822 is attached to a kubelet's host machine and then exposed 9823 to the pod. 9824 properties: 9825 fsType: 9826 description: 'fsType is the filesystem type to mount. 9827 Must be a filesystem type supported by the host operating 9828 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 9829 to be "ext4" if unspecified. TODO: how do we prevent 9830 errors in the filesystem from compromising the machine' 9831 type: string 9832 lun: 9833 description: 'lun is Optional: FC target lun number' 9834 format: int32 9835 type: integer 9836 readOnly: 9837 description: 'readOnly is Optional: Defaults to false 9838 (read/write). ReadOnly here will force the ReadOnly 9839 setting in VolumeMounts.' 9840 type: boolean 9841 targetWWNs: 9842 description: 'targetWWNs is Optional: FC target worldwide 9843 names (WWNs)' 9844 items: 9845 type: string 9846 type: array 9847 wwids: 9848 description: 'wwids Optional: FC volume world wide identifiers 9849 (wwids) Either wwids or combination of targetWWNs 9850 and lun must be set, but not both simultaneously.' 9851 items: 9852 type: string 9853 type: array 9854 type: object 9855 flexVolume: 9856 description: flexVolume represents a generic volume resource 9857 that is provisioned/attached using an exec based plugin. 9858 properties: 9859 driver: 9860 description: driver is the name of the driver to use 9861 for this volume. 9862 type: string 9863 fsType: 9864 description: fsType is the filesystem type to mount. 9865 Must be a filesystem type supported by the host operating 9866 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 9867 depends on FlexVolume script. 9868 type: string 9869 options: 9870 additionalProperties: 9871 type: string 9872 description: 'options is Optional: this field holds 9873 extra command options if any.' 9874 type: object 9875 readOnly: 9876 description: 'readOnly is Optional: defaults to false 9877 (read/write). ReadOnly here will force the ReadOnly 9878 setting in VolumeMounts.' 9879 type: boolean 9880 secretRef: 9881 description: 'secretRef is Optional: secretRef is reference 9882 to the secret object containing sensitive information 9883 to pass to the plugin scripts. This may be empty if 9884 no secret object is specified. If the secret object 9885 contains more than one secret, all secrets are passed 9886 to the plugin scripts.' 9887 properties: 9888 name: 9889 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9890 TODO: Add other useful fields. apiVersion, kind, 9891 uid?' 9892 type: string 9893 type: object 9894 required: 9895 - driver 9896 type: object 9897 flocker: 9898 description: flocker represents a Flocker volume attached 9899 to a kubelet's host machine. This depends on the Flocker 9900 control service being running 9901 properties: 9902 datasetName: 9903 description: datasetName is Name of the dataset stored 9904 as metadata -> name on the dataset for Flocker should 9905 be considered as deprecated 9906 type: string 9907 datasetUUID: 9908 description: datasetUUID is the UUID of the dataset. 9909 This is unique identifier of a Flocker dataset 9910 type: string 9911 type: object 9912 gcePersistentDisk: 9913 description: 'gcePersistentDisk represents a GCE Disk resource 9914 that is attached to a kubelet''s host machine and then 9915 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9916 properties: 9917 fsType: 9918 description: 'fsType is filesystem type of the volume 9919 that you want to mount. Tip: Ensure that the filesystem 9920 type is supported by the host operating system. Examples: 9921 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 9922 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 9923 TODO: how do we prevent errors in the filesystem from 9924 compromising the machine' 9925 type: string 9926 partition: 9927 description: 'partition is the partition in the volume 9928 that you want to mount. If omitted, the default is 9929 to mount by volume name. Examples: For volume /dev/sda1, 9930 you specify the partition as "1". Similarly, the volume 9931 partition for /dev/sda is "0" (or you can leave the 9932 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9933 format: int32 9934 type: integer 9935 pdName: 9936 description: 'pdName is unique name of the PD resource 9937 in GCE. Used to identify the disk in GCE. More info: 9938 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9939 type: string 9940 readOnly: 9941 description: 'readOnly here will force the ReadOnly 9942 setting in VolumeMounts. Defaults to false. More info: 9943 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9944 type: boolean 9945 required: 9946 - pdName 9947 type: object 9948 gitRepo: 9949 description: 'gitRepo represents a git repository at a particular 9950 revision. DEPRECATED: GitRepo is deprecated. To provision 9951 a container with a git repo, mount an EmptyDir into an 9952 InitContainer that clones the repo using git, then mount 9953 the EmptyDir into the Pod''s container.' 9954 properties: 9955 directory: 9956 description: directory is the target directory name. 9957 Must not contain or start with '..'. If '.' is supplied, 9958 the volume directory will be the git repository. Otherwise, 9959 if specified, the volume will contain the git repository 9960 in the subdirectory with the given name. 9961 type: string 9962 repository: 9963 description: repository is the URL 9964 type: string 9965 revision: 9966 description: revision is the commit hash for the specified 9967 revision. 9968 type: string 9969 required: 9970 - repository 9971 type: object 9972 glusterfs: 9973 description: 'glusterfs represents a Glusterfs mount on 9974 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 9975 properties: 9976 endpoints: 9977 description: 'endpoints is the endpoint name that details 9978 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9979 type: string 9980 path: 9981 description: 'path is the Glusterfs volume path. More 9982 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9983 type: string 9984 readOnly: 9985 description: 'readOnly here will force the Glusterfs 9986 volume to be mounted with read-only permissions. Defaults 9987 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9988 type: boolean 9989 required: 9990 - endpoints 9991 - path 9992 type: object 9993 hostPath: 9994 description: 'hostPath represents a pre-existing file or 9995 directory on the host machine that is directly exposed 9996 to the container. This is generally used for system agents 9997 or other privileged things that are allowed to see the 9998 host machine. Most containers will NOT need this. More 9999 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 10000 --- TODO(jonesdl) We need to restrict who can use host 10001 directory mounts and who can/can not mount host directories 10002 as read/write.' 10003 properties: 10004 path: 10005 description: 'path of the directory on the host. If 10006 the path is a symlink, it will follow the link to 10007 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 10008 type: string 10009 type: 10010 description: 'type for HostPath Volume Defaults to "" 10011 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 10012 type: string 10013 required: 10014 - path 10015 type: object 10016 iscsi: 10017 description: 'iscsi represents an ISCSI Disk resource that 10018 is attached to a kubelet''s host machine and then exposed 10019 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 10020 properties: 10021 chapAuthDiscovery: 10022 description: chapAuthDiscovery defines whether support 10023 iSCSI Discovery CHAP authentication 10024 type: boolean 10025 chapAuthSession: 10026 description: chapAuthSession defines whether support 10027 iSCSI Session CHAP authentication 10028 type: boolean 10029 fsType: 10030 description: 'fsType is the filesystem type of the volume 10031 that you want to mount. Tip: Ensure that the filesystem 10032 type is supported by the host operating system. Examples: 10033 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 10034 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 10035 TODO: how do we prevent errors in the filesystem from 10036 compromising the machine' 10037 type: string 10038 initiatorName: 10039 description: initiatorName is the custom iSCSI Initiator 10040 Name. If initiatorName is specified with iscsiInterface 10041 simultaneously, new iSCSI interface <target portal>:<volume 10042 name> will be created for the connection. 10043 type: string 10044 iqn: 10045 description: iqn is the target iSCSI Qualified Name. 10046 type: string 10047 iscsiInterface: 10048 description: iscsiInterface is the interface Name that 10049 uses an iSCSI transport. Defaults to 'default' (tcp). 10050 type: string 10051 lun: 10052 description: lun represents iSCSI Target Lun number. 10053 format: int32 10054 type: integer 10055 portals: 10056 description: portals is the iSCSI Target Portal List. 10057 The portal is either an IP or ip_addr:port if the 10058 port is other than default (typically TCP ports 860 10059 and 3260). 10060 items: 10061 type: string 10062 type: array 10063 readOnly: 10064 description: readOnly here will force the ReadOnly setting 10065 in VolumeMounts. Defaults to false. 10066 type: boolean 10067 secretRef: 10068 description: secretRef is the CHAP Secret for iSCSI 10069 target and initiator authentication 10070 properties: 10071 name: 10072 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10073 TODO: Add other useful fields. apiVersion, kind, 10074 uid?' 10075 type: string 10076 type: object 10077 targetPortal: 10078 description: targetPortal is iSCSI Target Portal. The 10079 Portal is either an IP or ip_addr:port if the port 10080 is other than default (typically TCP ports 860 and 10081 3260). 10082 type: string 10083 required: 10084 - iqn 10085 - lun 10086 - targetPortal 10087 type: object 10088 name: 10089 description: 'name of the volume. Must be a DNS_LABEL and 10090 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 10091 type: string 10092 nfs: 10093 description: 'nfs represents an NFS mount on the host that 10094 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10095 properties: 10096 path: 10097 description: 'path that is exported by the NFS server. 10098 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10099 type: string 10100 readOnly: 10101 description: 'readOnly here will force the NFS export 10102 to be mounted with read-only permissions. Defaults 10103 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10104 type: boolean 10105 server: 10106 description: 'server is the hostname or IP address of 10107 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10108 type: string 10109 required: 10110 - path 10111 - server 10112 type: object 10113 persistentVolumeClaim: 10114 description: 'persistentVolumeClaimVolumeSource represents 10115 a reference to a PersistentVolumeClaim in the same namespace. 10116 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 10117 properties: 10118 claimName: 10119 description: 'claimName is the name of a PersistentVolumeClaim 10120 in the same namespace as the pod using this volume. 10121 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 10122 type: string 10123 readOnly: 10124 description: readOnly Will force the ReadOnly setting 10125 in VolumeMounts. Default false. 10126 type: boolean 10127 required: 10128 - claimName 10129 type: object 10130 photonPersistentDisk: 10131 description: photonPersistentDisk represents a PhotonController 10132 persistent disk attached and mounted on kubelets host 10133 machine 10134 properties: 10135 fsType: 10136 description: fsType is the filesystem type to mount. 10137 Must be a filesystem type supported by the host operating 10138 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10139 to be "ext4" if unspecified. 10140 type: string 10141 pdID: 10142 description: pdID is the ID that identifies Photon Controller 10143 persistent disk 10144 type: string 10145 required: 10146 - pdID 10147 type: object 10148 portworxVolume: 10149 description: portworxVolume represents a portworx volume 10150 attached and mounted on kubelets host machine 10151 properties: 10152 fsType: 10153 description: fSType represents the filesystem type to 10154 mount Must be a filesystem type supported by the host 10155 operating system. Ex. "ext4", "xfs". Implicitly inferred 10156 to be "ext4" if unspecified. 10157 type: string 10158 readOnly: 10159 description: readOnly defaults to false (read/write). 10160 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10161 type: boolean 10162 volumeID: 10163 description: volumeID uniquely identifies a Portworx 10164 volume 10165 type: string 10166 required: 10167 - volumeID 10168 type: object 10169 projected: 10170 description: projected items for all in one resources secrets, 10171 configmaps, and downward API 10172 properties: 10173 defaultMode: 10174 description: defaultMode are the mode bits used to set 10175 permissions on created files by default. Must be an 10176 octal value between 0000 and 0777 or a decimal value 10177 between 0 and 511. YAML accepts both octal and decimal 10178 values, JSON requires decimal values for mode bits. 10179 Directories within the path are not affected by this 10180 setting. This might be in conflict with other options 10181 that affect the file mode, like fsGroup, and the result 10182 can be other mode bits set. 10183 format: int32 10184 type: integer 10185 sources: 10186 description: sources is the list of volume projections 10187 items: 10188 description: Projection that may be projected along 10189 with other supported volume types 10190 properties: 10191 configMap: 10192 description: configMap information about the configMap 10193 data to project 10194 properties: 10195 items: 10196 description: items if unspecified, each key-value 10197 pair in the Data field of the referenced 10198 ConfigMap will be projected into the volume 10199 as a file whose name is the key and content 10200 is the value. If specified, the listed keys 10201 will be projected into the specified paths, 10202 and unlisted keys will not be present. If 10203 a key is specified which is not present 10204 in the ConfigMap, the volume setup will 10205 error unless it is marked optional. Paths 10206 must be relative and may not contain the 10207 '..' path or start with '..'. 10208 items: 10209 description: Maps a string key to a path 10210 within a volume. 10211 properties: 10212 key: 10213 description: key is the key to project. 10214 type: string 10215 mode: 10216 description: 'mode is Optional: mode 10217 bits used to set permissions on this 10218 file. Must be an octal value between 10219 0000 and 0777 or a decimal value between 10220 0 and 511. YAML accepts both octal 10221 and decimal values, JSON requires 10222 decimal values for mode bits. If not 10223 specified, the volume defaultMode 10224 will be used. This might be in conflict 10225 with other options that affect the 10226 file mode, like fsGroup, and the result 10227 can be other mode bits set.' 10228 format: int32 10229 type: integer 10230 path: 10231 description: path is the relative path 10232 of the file to map the key to. May 10233 not be an absolute path. May not contain 10234 the path element '..'. May not start 10235 with the string '..'. 10236 type: string 10237 required: 10238 - key 10239 - path 10240 type: object 10241 type: array 10242 name: 10243 description: 'Name of the referent. More info: 10244 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10245 TODO: Add other useful fields. apiVersion, 10246 kind, uid?' 10247 type: string 10248 optional: 10249 description: optional specify whether the 10250 ConfigMap or its keys must be defined 10251 type: boolean 10252 type: object 10253 downwardAPI: 10254 description: downwardAPI information about the 10255 downwardAPI data to project 10256 properties: 10257 items: 10258 description: Items is a list of DownwardAPIVolume 10259 file 10260 items: 10261 description: DownwardAPIVolumeFile represents 10262 information to create the file containing 10263 the pod field 10264 properties: 10265 fieldRef: 10266 description: 'Required: Selects a field 10267 of the pod: only annotations, labels, 10268 name and namespace are supported.' 10269 properties: 10270 apiVersion: 10271 description: Version of the schema 10272 the FieldPath is written in terms 10273 of, defaults to "v1". 10274 type: string 10275 fieldPath: 10276 description: Path of the field to 10277 select in the specified API version. 10278 type: string 10279 required: 10280 - fieldPath 10281 type: object 10282 mode: 10283 description: 'Optional: mode bits used 10284 to set permissions on this file, must 10285 be an octal value between 0000 and 10286 0777 or a decimal value between 0 10287 and 511. YAML accepts both octal and 10288 decimal values, JSON requires decimal 10289 values for mode bits. If not specified, 10290 the volume defaultMode will be used. 10291 This might be in conflict with other 10292 options that affect the file mode, 10293 like fsGroup, and the result can be 10294 other mode bits set.' 10295 format: int32 10296 type: integer 10297 path: 10298 description: 'Required: Path is the 10299 relative path name of the file to 10300 be created. Must not be absolute or 10301 contain the ''..'' path. Must be utf-8 10302 encoded. The first item of the relative 10303 path must not start with ''..''' 10304 type: string 10305 resourceFieldRef: 10306 description: 'Selects a resource of 10307 the container: only resources limits 10308 and requests (limits.cpu, limits.memory, 10309 requests.cpu and requests.memory) 10310 are currently supported.' 10311 properties: 10312 containerName: 10313 description: 'Container name: required 10314 for volumes, optional for env 10315 vars' 10316 type: string 10317 divisor: 10318 anyOf: 10319 - type: integer 10320 - type: string 10321 description: Specifies the output 10322 format of the exposed resources, 10323 defaults to "1" 10324 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10325 x-kubernetes-int-or-string: true 10326 resource: 10327 description: 'Required: resource 10328 to select' 10329 type: string 10330 required: 10331 - resource 10332 type: object 10333 required: 10334 - path 10335 type: object 10336 type: array 10337 type: object 10338 secret: 10339 description: secret information about the secret 10340 data to project 10341 properties: 10342 items: 10343 description: items if unspecified, each key-value 10344 pair in the Data field of the referenced 10345 Secret will be projected into the volume 10346 as a file whose name is the key and content 10347 is the value. If specified, the listed keys 10348 will be projected into the specified paths, 10349 and unlisted keys will not be present. If 10350 a key is specified which is not present 10351 in the Secret, the volume setup will error 10352 unless it is marked optional. Paths must 10353 be relative and may not contain the '..' 10354 path or start with '..'. 10355 items: 10356 description: Maps a string key to a path 10357 within a volume. 10358 properties: 10359 key: 10360 description: key is the key to project. 10361 type: string 10362 mode: 10363 description: 'mode is Optional: mode 10364 bits used to set permissions on this 10365 file. Must be an octal value between 10366 0000 and 0777 or a decimal value between 10367 0 and 511. YAML accepts both octal 10368 and decimal values, JSON requires 10369 decimal values for mode bits. If not 10370 specified, the volume defaultMode 10371 will be used. This might be in conflict 10372 with other options that affect the 10373 file mode, like fsGroup, and the result 10374 can be other mode bits set.' 10375 format: int32 10376 type: integer 10377 path: 10378 description: path is the relative path 10379 of the file to map the key to. May 10380 not be an absolute path. May not contain 10381 the path element '..'. May not start 10382 with the string '..'. 10383 type: string 10384 required: 10385 - key 10386 - path 10387 type: object 10388 type: array 10389 name: 10390 description: 'Name of the referent. More info: 10391 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10392 TODO: Add other useful fields. apiVersion, 10393 kind, uid?' 10394 type: string 10395 optional: 10396 description: optional field specify whether 10397 the Secret or its key must be defined 10398 type: boolean 10399 type: object 10400 serviceAccountToken: 10401 description: serviceAccountToken is information 10402 about the serviceAccountToken data to project 10403 properties: 10404 audience: 10405 description: audience is the intended audience 10406 of the token. A recipient of a token must 10407 identify itself with an identifier specified 10408 in the audience of the token, and otherwise 10409 should reject the token. The audience defaults 10410 to the identifier of the apiserver. 10411 type: string 10412 expirationSeconds: 10413 description: expirationSeconds is the requested 10414 duration of validity of the service account 10415 token. As the token approaches expiration, 10416 the kubelet volume plugin will proactively 10417 rotate the service account token. The kubelet 10418 will start trying to rotate the token if 10419 the token is older than 80 percent of its 10420 time to live or if the token is older than 10421 24 hours.Defaults to 1 hour and must be 10422 at least 10 minutes. 10423 format: int64 10424 type: integer 10425 path: 10426 description: path is the path relative to 10427 the mount point of the file to project the 10428 token into. 10429 type: string 10430 required: 10431 - path 10432 type: object 10433 type: object 10434 type: array 10435 type: object 10436 quobyte: 10437 description: quobyte represents a Quobyte mount on the host 10438 that shares a pod's lifetime 10439 properties: 10440 group: 10441 description: group to map volume access to Default is 10442 no group 10443 type: string 10444 readOnly: 10445 description: readOnly here will force the Quobyte volume 10446 to be mounted with read-only permissions. Defaults 10447 to false. 10448 type: boolean 10449 registry: 10450 description: registry represents a single or multiple 10451 Quobyte Registry services specified as a string as 10452 host:port pair (multiple entries are separated with 10453 commas) which acts as the central registry for volumes 10454 type: string 10455 tenant: 10456 description: tenant owning the given Quobyte volume 10457 in the Backend Used with dynamically provisioned Quobyte 10458 volumes, value is set by the plugin 10459 type: string 10460 user: 10461 description: user to map volume access to Defaults to 10462 serivceaccount user 10463 type: string 10464 volume: 10465 description: volume is a string that references an already 10466 created Quobyte volume by name. 10467 type: string 10468 required: 10469 - registry 10470 - volume 10471 type: object 10472 rbd: 10473 description: 'rbd represents a Rados Block Device mount 10474 on the host that shares a pod''s lifetime. More info: 10475 https://examples.k8s.io/volumes/rbd/README.md' 10476 properties: 10477 fsType: 10478 description: 'fsType is the filesystem type of the volume 10479 that you want to mount. Tip: Ensure that the filesystem 10480 type is supported by the host operating system. Examples: 10481 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 10482 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 10483 TODO: how do we prevent errors in the filesystem from 10484 compromising the machine' 10485 type: string 10486 image: 10487 description: 'image is the rados image name. More info: 10488 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10489 type: string 10490 keyring: 10491 description: 'keyring is the path to key ring for RBDUser. 10492 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10493 type: string 10494 monitors: 10495 description: 'monitors is a collection of Ceph monitors. 10496 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10497 items: 10498 type: string 10499 type: array 10500 pool: 10501 description: 'pool is the rados pool name. Default is 10502 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10503 type: string 10504 readOnly: 10505 description: 'readOnly here will force the ReadOnly 10506 setting in VolumeMounts. Defaults to false. More info: 10507 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10508 type: boolean 10509 secretRef: 10510 description: 'secretRef is name of the authentication 10511 secret for RBDUser. If provided overrides keyring. 10512 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10513 properties: 10514 name: 10515 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10516 TODO: Add other useful fields. apiVersion, kind, 10517 uid?' 10518 type: string 10519 type: object 10520 user: 10521 description: 'user is the rados user name. Default is 10522 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10523 type: string 10524 required: 10525 - image 10526 - monitors 10527 type: object 10528 scaleIO: 10529 description: scaleIO represents a ScaleIO persistent volume 10530 attached and mounted on Kubernetes nodes. 10531 properties: 10532 fsType: 10533 description: fsType is the filesystem type to mount. 10534 Must be a filesystem type supported by the host operating 10535 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 10536 type: string 10537 gateway: 10538 description: gateway is the host address of the ScaleIO 10539 API Gateway. 10540 type: string 10541 protectionDomain: 10542 description: protectionDomain is the name of the ScaleIO 10543 Protection Domain for the configured storage. 10544 type: string 10545 readOnly: 10546 description: readOnly Defaults to false (read/write). 10547 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10548 type: boolean 10549 secretRef: 10550 description: secretRef references to the secret for 10551 ScaleIO user and other sensitive information. If this 10552 is not provided, Login operation will fail. 10553 properties: 10554 name: 10555 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10556 TODO: Add other useful fields. apiVersion, kind, 10557 uid?' 10558 type: string 10559 type: object 10560 sslEnabled: 10561 description: sslEnabled Flag enable/disable SSL communication 10562 with Gateway, default false 10563 type: boolean 10564 storageMode: 10565 description: storageMode indicates whether the storage 10566 for a volume should be ThickProvisioned or ThinProvisioned. 10567 Default is ThinProvisioned. 10568 type: string 10569 storagePool: 10570 description: storagePool is the ScaleIO Storage Pool 10571 associated with the protection domain. 10572 type: string 10573 system: 10574 description: system is the name of the storage system 10575 as configured in ScaleIO. 10576 type: string 10577 volumeName: 10578 description: volumeName is the name of a volume already 10579 created in the ScaleIO system that is associated with 10580 this volume source. 10581 type: string 10582 required: 10583 - gateway 10584 - secretRef 10585 - system 10586 type: object 10587 secret: 10588 description: 'secret represents a secret that should populate 10589 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 10590 properties: 10591 defaultMode: 10592 description: 'defaultMode is Optional: mode bits used 10593 to set permissions on created files by default. Must 10594 be an octal value between 0000 and 0777 or a decimal 10595 value between 0 and 511. YAML accepts both octal and 10596 decimal values, JSON requires decimal values for mode 10597 bits. Defaults to 0644. Directories within the path 10598 are not affected by this setting. This might be in 10599 conflict with other options that affect the file mode, 10600 like fsGroup, and the result can be other mode bits 10601 set.' 10602 format: int32 10603 type: integer 10604 items: 10605 description: items If unspecified, each key-value pair 10606 in the Data field of the referenced Secret will be 10607 projected into the volume as a file whose name is 10608 the key and content is the value. If specified, the 10609 listed keys will be projected into the specified paths, 10610 and unlisted keys will not be present. If a key is 10611 specified which is not present in the Secret, the 10612 volume setup will error unless it is marked optional. 10613 Paths must be relative and may not contain the '..' 10614 path or start with '..'. 10615 items: 10616 description: Maps a string key to a path within a 10617 volume. 10618 properties: 10619 key: 10620 description: key is the key to project. 10621 type: string 10622 mode: 10623 description: 'mode is Optional: mode bits used 10624 to set permissions on this file. Must be an 10625 octal value between 0000 and 0777 or a decimal 10626 value between 0 and 511. YAML accepts both octal 10627 and decimal values, JSON requires decimal values 10628 for mode bits. If not specified, the volume 10629 defaultMode will be used. This might be in conflict 10630 with other options that affect the file mode, 10631 like fsGroup, and the result can be other mode 10632 bits set.' 10633 format: int32 10634 type: integer 10635 path: 10636 description: path is the relative path of the 10637 file to map the key to. May not be an absolute 10638 path. May not contain the path element '..'. 10639 May not start with the string '..'. 10640 type: string 10641 required: 10642 - key 10643 - path 10644 type: object 10645 type: array 10646 optional: 10647 description: optional field specify whether the Secret 10648 or its keys must be defined 10649 type: boolean 10650 secretName: 10651 description: 'secretName is the name of the secret in 10652 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 10653 type: string 10654 type: object 10655 storageos: 10656 description: storageOS represents a StorageOS volume attached 10657 and mounted on Kubernetes nodes. 10658 properties: 10659 fsType: 10660 description: fsType is the filesystem type to mount. 10661 Must be a filesystem type supported by the host operating 10662 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10663 to be "ext4" if unspecified. 10664 type: string 10665 readOnly: 10666 description: readOnly defaults to false (read/write). 10667 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10668 type: boolean 10669 secretRef: 10670 description: secretRef specifies the secret to use for 10671 obtaining the StorageOS API credentials. If not specified, 10672 default values will be attempted. 10673 properties: 10674 name: 10675 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10676 TODO: Add other useful fields. apiVersion, kind, 10677 uid?' 10678 type: string 10679 type: object 10680 volumeName: 10681 description: volumeName is the human-readable name of 10682 the StorageOS volume. Volume names are only unique 10683 within a namespace. 10684 type: string 10685 volumeNamespace: 10686 description: volumeNamespace specifies the scope of 10687 the volume within StorageOS. If no namespace is specified 10688 then the Pod's namespace will be used. This allows 10689 the Kubernetes name scoping to be mirrored within 10690 StorageOS for tighter integration. Set VolumeName 10691 to any name to override the default behaviour. Set 10692 to "default" if you are not using namespaces within 10693 StorageOS. Namespaces that do not pre-exist within 10694 StorageOS will be created. 10695 type: string 10696 type: object 10697 vsphereVolume: 10698 description: vsphereVolume represents a vSphere volume attached 10699 and mounted on kubelets host machine 10700 properties: 10701 fsType: 10702 description: fsType is filesystem type to mount. Must 10703 be a filesystem type supported by the host operating 10704 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10705 to be "ext4" if unspecified. 10706 type: string 10707 storagePolicyID: 10708 description: storagePolicyID is the storage Policy Based 10709 Management (SPBM) profile ID associated with the StoragePolicyName. 10710 type: string 10711 storagePolicyName: 10712 description: storagePolicyName is the storage Policy 10713 Based Management (SPBM) profile name. 10714 type: string 10715 volumePath: 10716 description: volumePath is the path that identifies 10717 vSphere volume vmdk 10718 type: string 10719 required: 10720 - volumePath 10721 type: object 10722 required: 10723 - name 10724 type: object 10725 type: array 10726 hostNetwork: 10727 type: boolean 10728 image: 10729 type: string 10730 imagePullPolicy: 10731 description: PullPolicy describes a policy for if/when to pull 10732 a container image 10733 type: string 10734 imagePullSecrets: 10735 items: 10736 description: LocalObjectReference contains enough information 10737 to let you locate the referenced object inside the same namespace. 10738 properties: 10739 name: 10740 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10741 TODO: Add other useful fields. apiVersion, kind, uid?' 10742 type: string 10743 type: object 10744 type: array 10745 initContainers: 10746 items: 10747 description: A single application container that you want to 10748 run within a pod. 10749 properties: 10750 args: 10751 description: 'Arguments to the entrypoint. The container 10752 image''s CMD is used if this is not provided. Variable 10753 references $(VAR_NAME) are expanded using the container''s 10754 environment. If a variable cannot be resolved, the reference 10755 in the input string will be unchanged. Double $$ are reduced 10756 to a single $, which allows for escaping the $(VAR_NAME) 10757 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 10758 "$(VAR_NAME)". Escaped references will never be expanded, 10759 regardless of whether the variable exists or not. Cannot 10760 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10761 items: 10762 type: string 10763 type: array 10764 command: 10765 description: 'Entrypoint array. Not executed within a shell. 10766 The container image''s ENTRYPOINT is used if this is not 10767 provided. Variable references $(VAR_NAME) are expanded 10768 using the container''s environment. If a variable cannot 10769 be resolved, the reference in the input string will be 10770 unchanged. Double $$ are reduced to a single $, which 10771 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10772 will produce the string literal "$(VAR_NAME)". Escaped 10773 references will never be expanded, regardless of whether 10774 the variable exists or not. Cannot be updated. More info: 10775 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10776 items: 10777 type: string 10778 type: array 10779 env: 10780 description: List of environment variables to set in the 10781 container. Cannot be updated. 10782 items: 10783 description: EnvVar represents an environment variable 10784 present in a Container. 10785 properties: 10786 name: 10787 description: Name of the environment variable. Must 10788 be a C_IDENTIFIER. 10789 type: string 10790 value: 10791 description: 'Variable references $(VAR_NAME) are 10792 expanded using the previously defined environment 10793 variables in the container and any service environment 10794 variables. If a variable cannot be resolved, the 10795 reference in the input string will be unchanged. 10796 Double $$ are reduced to a single $, which allows 10797 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10798 will produce the string literal "$(VAR_NAME)". Escaped 10799 references will never be expanded, regardless of 10800 whether the variable exists or not. Defaults to 10801 "".' 10802 type: string 10803 valueFrom: 10804 description: Source for the environment variable's 10805 value. Cannot be used if value is not empty. 10806 properties: 10807 configMapKeyRef: 10808 description: Selects a key of a ConfigMap. 10809 properties: 10810 key: 10811 description: The key to select. 10812 type: string 10813 name: 10814 description: 'Name of the referent. More info: 10815 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10816 TODO: Add other useful fields. apiVersion, 10817 kind, uid?' 10818 type: string 10819 optional: 10820 description: Specify whether the ConfigMap 10821 or its key must be defined 10822 type: boolean 10823 required: 10824 - key 10825 type: object 10826 fieldRef: 10827 description: 'Selects a field of the pod: supports 10828 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 10829 `metadata.annotations[''<KEY>'']`, spec.nodeName, 10830 spec.serviceAccountName, status.hostIP, status.podIP, 10831 status.podIPs.' 10832 properties: 10833 apiVersion: 10834 description: Version of the schema the FieldPath 10835 is written in terms of, defaults to "v1". 10836 type: string 10837 fieldPath: 10838 description: Path of the field to select in 10839 the specified API version. 10840 type: string 10841 required: 10842 - fieldPath 10843 type: object 10844 resourceFieldRef: 10845 description: 'Selects a resource of the container: 10846 only resources limits and requests (limits.cpu, 10847 limits.memory, limits.ephemeral-storage, requests.cpu, 10848 requests.memory and requests.ephemeral-storage) 10849 are currently supported.' 10850 properties: 10851 containerName: 10852 description: 'Container name: required for 10853 volumes, optional for env vars' 10854 type: string 10855 divisor: 10856 anyOf: 10857 - type: integer 10858 - type: string 10859 description: Specifies the output format of 10860 the exposed resources, defaults to "1" 10861 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10862 x-kubernetes-int-or-string: true 10863 resource: 10864 description: 'Required: resource to select' 10865 type: string 10866 required: 10867 - resource 10868 type: object 10869 secretKeyRef: 10870 description: Selects a key of a secret in the 10871 pod's namespace 10872 properties: 10873 key: 10874 description: The key of the secret to select 10875 from. Must be a valid secret key. 10876 type: string 10877 name: 10878 description: 'Name of the referent. More info: 10879 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10880 TODO: Add other useful fields. apiVersion, 10881 kind, uid?' 10882 type: string 10883 optional: 10884 description: Specify whether the Secret or 10885 its key must be defined 10886 type: boolean 10887 required: 10888 - key 10889 type: object 10890 type: object 10891 required: 10892 - name 10893 type: object 10894 type: array 10895 envFrom: 10896 description: List of sources to populate environment variables 10897 in the container. The keys defined within a source must 10898 be a C_IDENTIFIER. All invalid keys will be reported as 10899 an event when the container is starting. When a key exists 10900 in multiple sources, the value associated with the last 10901 source will take precedence. Values defined by an Env 10902 with a duplicate key will take precedence. Cannot be updated. 10903 items: 10904 description: EnvFromSource represents the source of a 10905 set of ConfigMaps 10906 properties: 10907 configMapRef: 10908 description: The ConfigMap to select from 10909 properties: 10910 name: 10911 description: 'Name of the referent. More info: 10912 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10913 TODO: Add other useful fields. apiVersion, kind, 10914 uid?' 10915 type: string 10916 optional: 10917 description: Specify whether the ConfigMap must 10918 be defined 10919 type: boolean 10920 type: object 10921 prefix: 10922 description: An optional identifier to prepend to 10923 each key in the ConfigMap. Must be a C_IDENTIFIER. 10924 type: string 10925 secretRef: 10926 description: The Secret to select from 10927 properties: 10928 name: 10929 description: 'Name of the referent. More info: 10930 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10931 TODO: Add other useful fields. apiVersion, kind, 10932 uid?' 10933 type: string 10934 optional: 10935 description: Specify whether the Secret must be 10936 defined 10937 type: boolean 10938 type: object 10939 type: object 10940 type: array 10941 image: 10942 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 10943 This field is optional to allow higher level config management 10944 to default or override container images in workload controllers 10945 like Deployments and StatefulSets.' 10946 type: string 10947 imagePullPolicy: 10948 description: 'Image pull policy. One of Always, Never, IfNotPresent. 10949 Defaults to Always if :latest tag is specified, or IfNotPresent 10950 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 10951 type: string 10952 lifecycle: 10953 description: Actions that the management system should take 10954 in response to container lifecycle events. Cannot be updated. 10955 properties: 10956 postStart: 10957 description: 'PostStart is called immediately after 10958 a container is created. If the handler fails, the 10959 container is terminated and restarted according to 10960 its restart policy. Other management of the container 10961 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10962 properties: 10963 exec: 10964 description: Exec specifies the action to take. 10965 properties: 10966 command: 10967 description: Command is the command line to 10968 execute inside the container, the working 10969 directory for the command is root ('/') in 10970 the container's filesystem. The command is 10971 simply exec'd, it is not run inside a shell, 10972 so traditional shell instructions ('|', etc) 10973 won't work. To use a shell, you need to explicitly 10974 call out to that shell. Exit status of 0 is 10975 treated as live/healthy and non-zero is unhealthy. 10976 items: 10977 type: string 10978 type: array 10979 type: object 10980 httpGet: 10981 description: HTTPGet specifies the http request 10982 to perform. 10983 properties: 10984 host: 10985 description: Host name to connect to, defaults 10986 to the pod IP. You probably want to set "Host" 10987 in httpHeaders instead. 10988 type: string 10989 httpHeaders: 10990 description: Custom headers to set in the request. 10991 HTTP allows repeated headers. 10992 items: 10993 description: HTTPHeader describes a custom 10994 header to be used in HTTP probes 10995 properties: 10996 name: 10997 description: The header field name 10998 type: string 10999 value: 11000 description: The header field value 11001 type: string 11002 required: 11003 - name 11004 - value 11005 type: object 11006 type: array 11007 path: 11008 description: Path to access on the HTTP server. 11009 type: string 11010 port: 11011 anyOf: 11012 - type: integer 11013 - type: string 11014 description: Name or number of the port to access 11015 on the container. Number must be in the range 11016 1 to 65535. Name must be an IANA_SVC_NAME. 11017 x-kubernetes-int-or-string: true 11018 scheme: 11019 description: Scheme to use for connecting to 11020 the host. Defaults to HTTP. 11021 type: string 11022 required: 11023 - port 11024 type: object 11025 tcpSocket: 11026 description: Deprecated. TCPSocket is NOT supported 11027 as a LifecycleHandler and kept for the backward 11028 compatibility. There are no validation of this 11029 field and lifecycle hooks will fail in runtime 11030 when tcp handler is specified. 11031 properties: 11032 host: 11033 description: 'Optional: Host name to connect 11034 to, defaults to the pod IP.' 11035 type: string 11036 port: 11037 anyOf: 11038 - type: integer 11039 - type: string 11040 description: Number or name of the port to access 11041 on the container. Number must be in the range 11042 1 to 65535. Name must be an IANA_SVC_NAME. 11043 x-kubernetes-int-or-string: true 11044 required: 11045 - port 11046 type: object 11047 type: object 11048 preStop: 11049 description: 'PreStop is called immediately before a 11050 container is terminated due to an API request or management 11051 event such as liveness/startup probe failure, preemption, 11052 resource contention, etc. The handler is not called 11053 if the container crashes or exits. The Pod''s termination 11054 grace period countdown begins before the PreStop hook 11055 is executed. Regardless of the outcome of the handler, 11056 the container will eventually terminate within the 11057 Pod''s termination grace period (unless delayed by 11058 finalizers). Other management of the container blocks 11059 until the hook completes or until the termination 11060 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 11061 properties: 11062 exec: 11063 description: Exec specifies the action to take. 11064 properties: 11065 command: 11066 description: Command is the command line to 11067 execute inside the container, the working 11068 directory for the command is root ('/') in 11069 the container's filesystem. The command is 11070 simply exec'd, it is not run inside a shell, 11071 so traditional shell instructions ('|', etc) 11072 won't work. To use a shell, you need to explicitly 11073 call out to that shell. Exit status of 0 is 11074 treated as live/healthy and non-zero is unhealthy. 11075 items: 11076 type: string 11077 type: array 11078 type: object 11079 httpGet: 11080 description: HTTPGet specifies the http request 11081 to perform. 11082 properties: 11083 host: 11084 description: Host name to connect to, defaults 11085 to the pod IP. You probably want to set "Host" 11086 in httpHeaders instead. 11087 type: string 11088 httpHeaders: 11089 description: Custom headers to set in the request. 11090 HTTP allows repeated headers. 11091 items: 11092 description: HTTPHeader describes a custom 11093 header to be used in HTTP probes 11094 properties: 11095 name: 11096 description: The header field name 11097 type: string 11098 value: 11099 description: The header field value 11100 type: string 11101 required: 11102 - name 11103 - value 11104 type: object 11105 type: array 11106 path: 11107 description: Path to access on the HTTP server. 11108 type: string 11109 port: 11110 anyOf: 11111 - type: integer 11112 - type: string 11113 description: Name or number of the port to access 11114 on the container. Number must be in the range 11115 1 to 65535. Name must be an IANA_SVC_NAME. 11116 x-kubernetes-int-or-string: true 11117 scheme: 11118 description: Scheme to use for connecting to 11119 the host. Defaults to HTTP. 11120 type: string 11121 required: 11122 - port 11123 type: object 11124 tcpSocket: 11125 description: Deprecated. TCPSocket is NOT supported 11126 as a LifecycleHandler and kept for the backward 11127 compatibility. There are no validation of this 11128 field and lifecycle hooks will fail in runtime 11129 when tcp handler is specified. 11130 properties: 11131 host: 11132 description: 'Optional: Host name to connect 11133 to, defaults to the pod IP.' 11134 type: string 11135 port: 11136 anyOf: 11137 - type: integer 11138 - type: string 11139 description: Number or name of the port to access 11140 on the container. Number must be in the range 11141 1 to 65535. Name must be an IANA_SVC_NAME. 11142 x-kubernetes-int-or-string: true 11143 required: 11144 - port 11145 type: object 11146 type: object 11147 type: object 11148 livenessProbe: 11149 description: 'Periodic probe of container liveness. Container 11150 will be restarted if the probe fails. Cannot be updated. 11151 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11152 properties: 11153 exec: 11154 description: Exec specifies the action to take. 11155 properties: 11156 command: 11157 description: Command is the command line to execute 11158 inside the container, the working directory for 11159 the command is root ('/') in the container's 11160 filesystem. The command is simply exec'd, it is 11161 not run inside a shell, so traditional shell instructions 11162 ('|', etc) won't work. To use a shell, you need 11163 to explicitly call out to that shell. Exit status 11164 of 0 is treated as live/healthy and non-zero is 11165 unhealthy. 11166 items: 11167 type: string 11168 type: array 11169 type: object 11170 failureThreshold: 11171 description: Minimum consecutive failures for the probe 11172 to be considered failed after having succeeded. Defaults 11173 to 3. Minimum value is 1. 11174 format: int32 11175 type: integer 11176 grpc: 11177 description: GRPC specifies an action involving a GRPC 11178 port. This is a beta field and requires enabling GRPCContainerProbe 11179 feature gate. 11180 properties: 11181 port: 11182 description: Port number of the gRPC service. Number 11183 must be in the range 1 to 65535. 11184 format: int32 11185 type: integer 11186 service: 11187 description: "Service is the name of the service 11188 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11189 \n If this is not specified, the default behavior 11190 is defined by gRPC." 11191 type: string 11192 required: 11193 - port 11194 type: object 11195 httpGet: 11196 description: HTTPGet specifies the http request to perform. 11197 properties: 11198 host: 11199 description: Host name to connect to, defaults to 11200 the pod IP. You probably want to set "Host" in 11201 httpHeaders instead. 11202 type: string 11203 httpHeaders: 11204 description: Custom headers to set in the request. 11205 HTTP allows repeated headers. 11206 items: 11207 description: HTTPHeader describes a custom header 11208 to be used in HTTP probes 11209 properties: 11210 name: 11211 description: The header field name 11212 type: string 11213 value: 11214 description: The header field value 11215 type: string 11216 required: 11217 - name 11218 - value 11219 type: object 11220 type: array 11221 path: 11222 description: Path to access on the HTTP server. 11223 type: string 11224 port: 11225 anyOf: 11226 - type: integer 11227 - type: string 11228 description: Name or number of the port to access 11229 on the container. Number must be in the range 11230 1 to 65535. Name must be an IANA_SVC_NAME. 11231 x-kubernetes-int-or-string: true 11232 scheme: 11233 description: Scheme to use for connecting to the 11234 host. Defaults to HTTP. 11235 type: string 11236 required: 11237 - port 11238 type: object 11239 initialDelaySeconds: 11240 description: 'Number of seconds after the container 11241 has started before liveness probes are initiated. 11242 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11243 format: int32 11244 type: integer 11245 periodSeconds: 11246 description: How often (in seconds) to perform the probe. 11247 Default to 10 seconds. Minimum value is 1. 11248 format: int32 11249 type: integer 11250 successThreshold: 11251 description: Minimum consecutive successes for the probe 11252 to be considered successful after having failed. Defaults 11253 to 1. Must be 1 for liveness and startup. Minimum 11254 value is 1. 11255 format: int32 11256 type: integer 11257 tcpSocket: 11258 description: TCPSocket specifies an action involving 11259 a TCP port. 11260 properties: 11261 host: 11262 description: 'Optional: Host name to connect to, 11263 defaults to the pod IP.' 11264 type: string 11265 port: 11266 anyOf: 11267 - type: integer 11268 - type: string 11269 description: Number or name of the port to access 11270 on the container. Number must be in the range 11271 1 to 65535. Name must be an IANA_SVC_NAME. 11272 x-kubernetes-int-or-string: true 11273 required: 11274 - port 11275 type: object 11276 terminationGracePeriodSeconds: 11277 description: Optional duration in seconds the pod needs 11278 to terminate gracefully upon probe failure. The grace 11279 period is the duration in seconds after the processes 11280 running in the pod are sent a termination signal and 11281 the time when the processes are forcibly halted with 11282 a kill signal. Set this value longer than the expected 11283 cleanup time for your process. If this value is nil, 11284 the pod's terminationGracePeriodSeconds will be used. 11285 Otherwise, this value overrides the value provided 11286 by the pod spec. Value must be non-negative integer. 11287 The value zero indicates stop immediately via the 11288 kill signal (no opportunity to shut down). This is 11289 a beta field and requires enabling ProbeTerminationGracePeriod 11290 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11291 is used if unset. 11292 format: int64 11293 type: integer 11294 timeoutSeconds: 11295 description: 'Number of seconds after which the probe 11296 times out. Defaults to 1 second. Minimum value is 11297 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11298 format: int32 11299 type: integer 11300 type: object 11301 name: 11302 description: Name of the container specified as a DNS_LABEL. 11303 Each container in a pod must have a unique name (DNS_LABEL). 11304 Cannot be updated. 11305 type: string 11306 ports: 11307 description: List of ports to expose from the container. 11308 Exposing a port here gives the system additional information 11309 about the network connections a container uses, but is 11310 primarily informational. Not specifying a port here DOES 11311 NOT prevent that port from being exposed. Any port which 11312 is listening on the default "0.0.0.0" address inside a 11313 container will be accessible from the network. Cannot 11314 be updated. 11315 items: 11316 description: ContainerPort represents a network port in 11317 a single container. 11318 properties: 11319 containerPort: 11320 description: Number of port to expose on the pod's 11321 IP address. This must be a valid port number, 0 11322 < x < 65536. 11323 format: int32 11324 type: integer 11325 hostIP: 11326 description: What host IP to bind the external port 11327 to. 11328 type: string 11329 hostPort: 11330 description: Number of port to expose on the host. 11331 If specified, this must be a valid port number, 11332 0 < x < 65536. If HostNetwork is specified, this 11333 must match ContainerPort. Most containers do not 11334 need this. 11335 format: int32 11336 type: integer 11337 name: 11338 description: If specified, this must be an IANA_SVC_NAME 11339 and unique within the pod. Each named port in a 11340 pod must have a unique name. Name for the port that 11341 can be referred to by services. 11342 type: string 11343 protocol: 11344 default: TCP 11345 description: Protocol for port. Must be UDP, TCP, 11346 or SCTP. Defaults to "TCP". 11347 type: string 11348 required: 11349 - containerPort 11350 type: object 11351 type: array 11352 x-kubernetes-list-map-keys: 11353 - containerPort 11354 - protocol 11355 x-kubernetes-list-type: map 11356 readinessProbe: 11357 description: 'Periodic probe of container service readiness. 11358 Container will be removed from service endpoints if the 11359 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11360 properties: 11361 exec: 11362 description: Exec specifies the action to take. 11363 properties: 11364 command: 11365 description: Command is the command line to execute 11366 inside the container, the working directory for 11367 the command is root ('/') in the container's 11368 filesystem. The command is simply exec'd, it is 11369 not run inside a shell, so traditional shell instructions 11370 ('|', etc) won't work. To use a shell, you need 11371 to explicitly call out to that shell. Exit status 11372 of 0 is treated as live/healthy and non-zero is 11373 unhealthy. 11374 items: 11375 type: string 11376 type: array 11377 type: object 11378 failureThreshold: 11379 description: Minimum consecutive failures for the probe 11380 to be considered failed after having succeeded. Defaults 11381 to 3. Minimum value is 1. 11382 format: int32 11383 type: integer 11384 grpc: 11385 description: GRPC specifies an action involving a GRPC 11386 port. This is a beta field and requires enabling GRPCContainerProbe 11387 feature gate. 11388 properties: 11389 port: 11390 description: Port number of the gRPC service. Number 11391 must be in the range 1 to 65535. 11392 format: int32 11393 type: integer 11394 service: 11395 description: "Service is the name of the service 11396 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11397 \n If this is not specified, the default behavior 11398 is defined by gRPC." 11399 type: string 11400 required: 11401 - port 11402 type: object 11403 httpGet: 11404 description: HTTPGet specifies the http request to perform. 11405 properties: 11406 host: 11407 description: Host name to connect to, defaults to 11408 the pod IP. You probably want to set "Host" in 11409 httpHeaders instead. 11410 type: string 11411 httpHeaders: 11412 description: Custom headers to set in the request. 11413 HTTP allows repeated headers. 11414 items: 11415 description: HTTPHeader describes a custom header 11416 to be used in HTTP probes 11417 properties: 11418 name: 11419 description: The header field name 11420 type: string 11421 value: 11422 description: The header field value 11423 type: string 11424 required: 11425 - name 11426 - value 11427 type: object 11428 type: array 11429 path: 11430 description: Path to access on the HTTP server. 11431 type: string 11432 port: 11433 anyOf: 11434 - type: integer 11435 - type: string 11436 description: Name or number of the port to access 11437 on the container. Number must be in the range 11438 1 to 65535. Name must be an IANA_SVC_NAME. 11439 x-kubernetes-int-or-string: true 11440 scheme: 11441 description: Scheme to use for connecting to the 11442 host. Defaults to HTTP. 11443 type: string 11444 required: 11445 - port 11446 type: object 11447 initialDelaySeconds: 11448 description: 'Number of seconds after the container 11449 has started before liveness probes are initiated. 11450 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11451 format: int32 11452 type: integer 11453 periodSeconds: 11454 description: How often (in seconds) to perform the probe. 11455 Default to 10 seconds. Minimum value is 1. 11456 format: int32 11457 type: integer 11458 successThreshold: 11459 description: Minimum consecutive successes for the probe 11460 to be considered successful after having failed. Defaults 11461 to 1. Must be 1 for liveness and startup. Minimum 11462 value is 1. 11463 format: int32 11464 type: integer 11465 tcpSocket: 11466 description: TCPSocket specifies an action involving 11467 a TCP port. 11468 properties: 11469 host: 11470 description: 'Optional: Host name to connect to, 11471 defaults to the pod IP.' 11472 type: string 11473 port: 11474 anyOf: 11475 - type: integer 11476 - type: string 11477 description: Number or name of the port to access 11478 on the container. Number must be in the range 11479 1 to 65535. Name must be an IANA_SVC_NAME. 11480 x-kubernetes-int-or-string: true 11481 required: 11482 - port 11483 type: object 11484 terminationGracePeriodSeconds: 11485 description: Optional duration in seconds the pod needs 11486 to terminate gracefully upon probe failure. The grace 11487 period is the duration in seconds after the processes 11488 running in the pod are sent a termination signal and 11489 the time when the processes are forcibly halted with 11490 a kill signal. Set this value longer than the expected 11491 cleanup time for your process. If this value is nil, 11492 the pod's terminationGracePeriodSeconds will be used. 11493 Otherwise, this value overrides the value provided 11494 by the pod spec. Value must be non-negative integer. 11495 The value zero indicates stop immediately via the 11496 kill signal (no opportunity to shut down). This is 11497 a beta field and requires enabling ProbeTerminationGracePeriod 11498 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11499 is used if unset. 11500 format: int64 11501 type: integer 11502 timeoutSeconds: 11503 description: 'Number of seconds after which the probe 11504 times out. Defaults to 1 second. Minimum value is 11505 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11506 format: int32 11507 type: integer 11508 type: object 11509 resources: 11510 description: 'Compute Resources required by this container. 11511 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11512 properties: 11513 limits: 11514 additionalProperties: 11515 anyOf: 11516 - type: integer 11517 - type: string 11518 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11519 x-kubernetes-int-or-string: true 11520 description: 'Limits describes the maximum amount of 11521 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11522 type: object 11523 requests: 11524 additionalProperties: 11525 anyOf: 11526 - type: integer 11527 - type: string 11528 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11529 x-kubernetes-int-or-string: true 11530 description: 'Requests describes the minimum amount 11531 of compute resources required. If Requests is omitted 11532 for a container, it defaults to Limits if that is 11533 explicitly specified, otherwise to an implementation-defined 11534 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11535 type: object 11536 type: object 11537 securityContext: 11538 description: 'SecurityContext defines the security options 11539 the container should be run with. If set, the fields of 11540 SecurityContext override the equivalent fields of PodSecurityContext. 11541 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 11542 properties: 11543 allowPrivilegeEscalation: 11544 description: 'AllowPrivilegeEscalation controls whether 11545 a process can gain more privileges than its parent 11546 process. This bool directly controls if the no_new_privs 11547 flag will be set on the container process. AllowPrivilegeEscalation 11548 is true always when the container is: 1) run as Privileged 11549 2) has CAP_SYS_ADMIN Note that this field cannot be 11550 set when spec.os.name is windows.' 11551 type: boolean 11552 capabilities: 11553 description: The capabilities to add/drop when running 11554 containers. Defaults to the default set of capabilities 11555 granted by the container runtime. Note that this field 11556 cannot be set when spec.os.name is windows. 11557 properties: 11558 add: 11559 description: Added capabilities 11560 items: 11561 description: Capability represent POSIX capabilities 11562 type 11563 type: string 11564 type: array 11565 drop: 11566 description: Removed capabilities 11567 items: 11568 description: Capability represent POSIX capabilities 11569 type 11570 type: string 11571 type: array 11572 type: object 11573 privileged: 11574 description: Run container in privileged mode. Processes 11575 in privileged containers are essentially equivalent 11576 to root on the host. Defaults to false. Note that 11577 this field cannot be set when spec.os.name is windows. 11578 type: boolean 11579 procMount: 11580 description: procMount denotes the type of proc mount 11581 to use for the containers. The default is DefaultProcMount 11582 which uses the container runtime defaults for readonly 11583 paths and masked paths. This requires the ProcMountType 11584 feature flag to be enabled. Note that this field cannot 11585 be set when spec.os.name is windows. 11586 type: string 11587 readOnlyRootFilesystem: 11588 description: Whether this container has a read-only 11589 root filesystem. Default is false. Note that this 11590 field cannot be set when spec.os.name is windows. 11591 type: boolean 11592 runAsGroup: 11593 description: The GID to run the entrypoint of the container 11594 process. Uses runtime default if unset. May also be 11595 set in PodSecurityContext. If set in both SecurityContext 11596 and PodSecurityContext, the value specified in SecurityContext 11597 takes precedence. Note that this field cannot be set 11598 when spec.os.name is windows. 11599 format: int64 11600 type: integer 11601 runAsNonRoot: 11602 description: Indicates that the container must run as 11603 a non-root user. If true, the Kubelet will validate 11604 the image at runtime to ensure that it does not run 11605 as UID 0 (root) and fail to start the container if 11606 it does. If unset or false, no such validation will 11607 be performed. May also be set in PodSecurityContext. If 11608 set in both SecurityContext and PodSecurityContext, 11609 the value specified in SecurityContext takes precedence. 11610 type: boolean 11611 runAsUser: 11612 description: The UID to run the entrypoint of the container 11613 process. Defaults to user specified in image metadata 11614 if unspecified. May also be set in PodSecurityContext. If 11615 set in both SecurityContext and PodSecurityContext, 11616 the value specified in SecurityContext takes precedence. 11617 Note that this field cannot be set when spec.os.name 11618 is windows. 11619 format: int64 11620 type: integer 11621 seLinuxOptions: 11622 description: The SELinux context to be applied to the 11623 container. If unspecified, the container runtime will 11624 allocate a random SELinux context for each container. May 11625 also be set in PodSecurityContext. If set in both 11626 SecurityContext and PodSecurityContext, the value 11627 specified in SecurityContext takes precedence. Note 11628 that this field cannot be set when spec.os.name is 11629 windows. 11630 properties: 11631 level: 11632 description: Level is SELinux level label that applies 11633 to the container. 11634 type: string 11635 role: 11636 description: Role is a SELinux role label that applies 11637 to the container. 11638 type: string 11639 type: 11640 description: Type is a SELinux type label that applies 11641 to the container. 11642 type: string 11643 user: 11644 description: User is a SELinux user label that applies 11645 to the container. 11646 type: string 11647 type: object 11648 seccompProfile: 11649 description: The seccomp options to use by this container. 11650 If seccomp options are provided at both the pod & 11651 container level, the container options override the 11652 pod options. Note that this field cannot be set when 11653 spec.os.name is windows. 11654 properties: 11655 localhostProfile: 11656 description: localhostProfile indicates a profile 11657 defined in a file on the node should be used. 11658 The profile must be preconfigured on the node 11659 to work. Must be a descending path, relative to 11660 the kubelet's configured seccomp profile location. 11661 Must only be set if type is "Localhost". 11662 type: string 11663 type: 11664 description: "type indicates which kind of seccomp 11665 profile will be applied. Valid options are: \n 11666 Localhost - a profile defined in a file on the 11667 node should be used. RuntimeDefault - the container 11668 runtime default profile should be used. Unconfined 11669 - no profile should be applied." 11670 type: string 11671 required: 11672 - type 11673 type: object 11674 windowsOptions: 11675 description: The Windows specific settings applied to 11676 all containers. If unspecified, the options from the 11677 PodSecurityContext will be used. If set in both SecurityContext 11678 and PodSecurityContext, the value specified in SecurityContext 11679 takes precedence. Note that this field cannot be set 11680 when spec.os.name is linux. 11681 properties: 11682 gmsaCredentialSpec: 11683 description: GMSACredentialSpec is where the GMSA 11684 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 11685 inlines the contents of the GMSA credential spec 11686 named by the GMSACredentialSpecName field. 11687 type: string 11688 gmsaCredentialSpecName: 11689 description: GMSACredentialSpecName is the name 11690 of the GMSA credential spec to use. 11691 type: string 11692 hostProcess: 11693 description: HostProcess determines if a container 11694 should be run as a 'Host Process' container. This 11695 field is alpha-level and will only be honored 11696 by components that enable the WindowsHostProcessContainers 11697 feature flag. Setting this field without the feature 11698 flag will result in errors when validating the 11699 Pod. All of a Pod's containers must have the same 11700 effective HostProcess value (it is not allowed 11701 to have a mix of HostProcess containers and non-HostProcess 11702 containers). In addition, if HostProcess is true 11703 then HostNetwork must also be set to true. 11704 type: boolean 11705 runAsUserName: 11706 description: The UserName in Windows to run the 11707 entrypoint of the container process. Defaults 11708 to the user specified in image metadata if unspecified. 11709 May also be set in PodSecurityContext. If set 11710 in both SecurityContext and PodSecurityContext, 11711 the value specified in SecurityContext takes precedence. 11712 type: string 11713 type: object 11714 type: object 11715 startupProbe: 11716 description: 'StartupProbe indicates that the Pod has successfully 11717 initialized. If specified, no other probes are executed 11718 until this completes successfully. If this probe fails, 11719 the Pod will be restarted, just as if the livenessProbe 11720 failed. This can be used to provide different probe parameters 11721 at the beginning of a Pod''s lifecycle, when it might 11722 take a long time to load data or warm a cache, than during 11723 steady-state operation. This cannot be updated. More info: 11724 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11725 properties: 11726 exec: 11727 description: Exec specifies the action to take. 11728 properties: 11729 command: 11730 description: Command is the command line to execute 11731 inside the container, the working directory for 11732 the command is root ('/') in the container's 11733 filesystem. The command is simply exec'd, it is 11734 not run inside a shell, so traditional shell instructions 11735 ('|', etc) won't work. To use a shell, you need 11736 to explicitly call out to that shell. Exit status 11737 of 0 is treated as live/healthy and non-zero is 11738 unhealthy. 11739 items: 11740 type: string 11741 type: array 11742 type: object 11743 failureThreshold: 11744 description: Minimum consecutive failures for the probe 11745 to be considered failed after having succeeded. Defaults 11746 to 3. Minimum value is 1. 11747 format: int32 11748 type: integer 11749 grpc: 11750 description: GRPC specifies an action involving a GRPC 11751 port. This is a beta field and requires enabling GRPCContainerProbe 11752 feature gate. 11753 properties: 11754 port: 11755 description: Port number of the gRPC service. Number 11756 must be in the range 1 to 65535. 11757 format: int32 11758 type: integer 11759 service: 11760 description: "Service is the name of the service 11761 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11762 \n If this is not specified, the default behavior 11763 is defined by gRPC." 11764 type: string 11765 required: 11766 - port 11767 type: object 11768 httpGet: 11769 description: HTTPGet specifies the http request to perform. 11770 properties: 11771 host: 11772 description: Host name to connect to, defaults to 11773 the pod IP. You probably want to set "Host" in 11774 httpHeaders instead. 11775 type: string 11776 httpHeaders: 11777 description: Custom headers to set in the request. 11778 HTTP allows repeated headers. 11779 items: 11780 description: HTTPHeader describes a custom header 11781 to be used in HTTP probes 11782 properties: 11783 name: 11784 description: The header field name 11785 type: string 11786 value: 11787 description: The header field value 11788 type: string 11789 required: 11790 - name 11791 - value 11792 type: object 11793 type: array 11794 path: 11795 description: Path to access on the HTTP server. 11796 type: string 11797 port: 11798 anyOf: 11799 - type: integer 11800 - type: string 11801 description: Name or number of the port to access 11802 on the container. Number must be in the range 11803 1 to 65535. Name must be an IANA_SVC_NAME. 11804 x-kubernetes-int-or-string: true 11805 scheme: 11806 description: Scheme to use for connecting to the 11807 host. Defaults to HTTP. 11808 type: string 11809 required: 11810 - port 11811 type: object 11812 initialDelaySeconds: 11813 description: 'Number of seconds after the container 11814 has started before liveness probes are initiated. 11815 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11816 format: int32 11817 type: integer 11818 periodSeconds: 11819 description: How often (in seconds) to perform the probe. 11820 Default to 10 seconds. Minimum value is 1. 11821 format: int32 11822 type: integer 11823 successThreshold: 11824 description: Minimum consecutive successes for the probe 11825 to be considered successful after having failed. Defaults 11826 to 1. Must be 1 for liveness and startup. Minimum 11827 value is 1. 11828 format: int32 11829 type: integer 11830 tcpSocket: 11831 description: TCPSocket specifies an action involving 11832 a TCP port. 11833 properties: 11834 host: 11835 description: 'Optional: Host name to connect to, 11836 defaults to the pod IP.' 11837 type: string 11838 port: 11839 anyOf: 11840 - type: integer 11841 - type: string 11842 description: Number or name of the port to access 11843 on the container. Number must be in the range 11844 1 to 65535. Name must be an IANA_SVC_NAME. 11845 x-kubernetes-int-or-string: true 11846 required: 11847 - port 11848 type: object 11849 terminationGracePeriodSeconds: 11850 description: Optional duration in seconds the pod needs 11851 to terminate gracefully upon probe failure. The grace 11852 period is the duration in seconds after the processes 11853 running in the pod are sent a termination signal and 11854 the time when the processes are forcibly halted with 11855 a kill signal. Set this value longer than the expected 11856 cleanup time for your process. If this value is nil, 11857 the pod's terminationGracePeriodSeconds will be used. 11858 Otherwise, this value overrides the value provided 11859 by the pod spec. Value must be non-negative integer. 11860 The value zero indicates stop immediately via the 11861 kill signal (no opportunity to shut down). This is 11862 a beta field and requires enabling ProbeTerminationGracePeriod 11863 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11864 is used if unset. 11865 format: int64 11866 type: integer 11867 timeoutSeconds: 11868 description: 'Number of seconds after which the probe 11869 times out. Defaults to 1 second. Minimum value is 11870 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11871 format: int32 11872 type: integer 11873 type: object 11874 stdin: 11875 description: Whether this container should allocate a buffer 11876 for stdin in the container runtime. If this is not set, 11877 reads from stdin in the container will always result in 11878 EOF. Default is false. 11879 type: boolean 11880 stdinOnce: 11881 description: Whether the container runtime should close 11882 the stdin channel after it has been opened by a single 11883 attach. When stdin is true the stdin stream will remain 11884 open across multiple attach sessions. If stdinOnce is 11885 set to true, stdin is opened on container start, is empty 11886 until the first client attaches to stdin, and then remains 11887 open and accepts data until the client disconnects, at 11888 which time stdin is closed and remains closed until the 11889 container is restarted. If this flag is false, a container 11890 processes that reads from stdin will never receive an 11891 EOF. Default is false 11892 type: boolean 11893 terminationMessagePath: 11894 description: 'Optional: Path at which the file to which 11895 the container''s termination message will be written is 11896 mounted into the container''s filesystem. Message written 11897 is intended to be brief final status, such as an assertion 11898 failure message. Will be truncated by the node if greater 11899 than 4096 bytes. The total message length across all containers 11900 will be limited to 12kb. Defaults to /dev/termination-log. 11901 Cannot be updated.' 11902 type: string 11903 terminationMessagePolicy: 11904 description: Indicate how the termination message should 11905 be populated. File will use the contents of terminationMessagePath 11906 to populate the container status message on both success 11907 and failure. FallbackToLogsOnError will use the last chunk 11908 of container log output if the termination message file 11909 is empty and the container exited with an error. The log 11910 output is limited to 2048 bytes or 80 lines, whichever 11911 is smaller. Defaults to File. Cannot be updated. 11912 type: string 11913 tty: 11914 description: Whether this container should allocate a TTY 11915 for itself, also requires 'stdin' to be true. Default 11916 is false. 11917 type: boolean 11918 volumeDevices: 11919 description: volumeDevices is the list of block devices 11920 to be used by the container. 11921 items: 11922 description: volumeDevice describes a mapping of a raw 11923 block device within a container. 11924 properties: 11925 devicePath: 11926 description: devicePath is the path inside of the 11927 container that the device will be mapped to. 11928 type: string 11929 name: 11930 description: name must match the name of a persistentVolumeClaim 11931 in the pod 11932 type: string 11933 required: 11934 - devicePath 11935 - name 11936 type: object 11937 type: array 11938 volumeMounts: 11939 description: Pod volumes to mount into the container's filesystem. 11940 Cannot be updated. 11941 items: 11942 description: VolumeMount describes a mounting of a Volume 11943 within a container. 11944 properties: 11945 mountPath: 11946 description: Path within the container at which the 11947 volume should be mounted. Must not contain ':'. 11948 type: string 11949 mountPropagation: 11950 description: mountPropagation determines how mounts 11951 are propagated from the host to container and the 11952 other way around. When not set, MountPropagationNone 11953 is used. This field is beta in 1.10. 11954 type: string 11955 name: 11956 description: This must match the Name of a Volume. 11957 type: string 11958 readOnly: 11959 description: Mounted read-only if true, read-write 11960 otherwise (false or unspecified). Defaults to false. 11961 type: boolean 11962 subPath: 11963 description: Path within the volume from which the 11964 container's volume should be mounted. Defaults to 11965 "" (volume's root). 11966 type: string 11967 subPathExpr: 11968 description: Expanded path within the volume from 11969 which the container's volume should be mounted. 11970 Behaves similarly to SubPath but environment variable 11971 references $(VAR_NAME) are expanded using the container's 11972 environment. Defaults to "" (volume's root). SubPathExpr 11973 and SubPath are mutually exclusive. 11974 type: string 11975 required: 11976 - mountPath 11977 - name 11978 type: object 11979 type: array 11980 workingDir: 11981 description: Container's working directory. If not specified, 11982 the container runtime's default will be used, which might 11983 be configured in the container image. Cannot be updated. 11984 type: string 11985 required: 11986 - name 11987 type: object 11988 type: array 11989 nodeSelector: 11990 additionalProperties: 11991 type: string 11992 type: object 11993 podAnnotations: 11994 additionalProperties: 11995 type: string 11996 type: object 11997 priorityClassName: 11998 type: string 11999 replicas: 12000 format: int32 12001 type: integer 12002 resources: 12003 description: ResourceRequirements describes the compute resource 12004 requirements. 12005 properties: 12006 limits: 12007 additionalProperties: 12008 anyOf: 12009 - type: integer 12010 - type: string 12011 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12012 x-kubernetes-int-or-string: true 12013 description: 'Limits describes the maximum amount of compute 12014 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12015 type: object 12016 requests: 12017 additionalProperties: 12018 anyOf: 12019 - type: integer 12020 - type: string 12021 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12022 x-kubernetes-int-or-string: true 12023 description: 'Requests describes the minimum amount of compute 12024 resources required. If Requests is omitted for a container, 12025 it defaults to Limits if that is explicitly specified, otherwise 12026 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12027 type: object 12028 type: object 12029 securityContext: 12030 description: PodSecurityContext holds pod-level security attributes 12031 and common container settings. Some fields are also present 12032 in container.securityContext. Field values of container.securityContext 12033 take precedence over field values of PodSecurityContext. 12034 properties: 12035 fsGroup: 12036 description: "A special supplemental group that applies to 12037 all containers in a pod. Some volume types allow the Kubelet 12038 to change the ownership of that volume to be owned by the 12039 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 12040 bit is set (new files created in the volume will be owned 12041 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 12042 \n If unset, the Kubelet will not modify the ownership and 12043 permissions of any volume. Note that this field cannot be 12044 set when spec.os.name is windows." 12045 format: int64 12046 type: integer 12047 fsGroupChangePolicy: 12048 description: 'fsGroupChangePolicy defines behavior of changing 12049 ownership and permission of the volume before being exposed 12050 inside Pod. This field will only apply to volume types which 12051 support fsGroup based ownership(and permissions). It will 12052 have no effect on ephemeral volume types such as: secret, 12053 configmaps and emptydir. Valid values are "OnRootMismatch" 12054 and "Always". If not specified, "Always" is used. Note that 12055 this field cannot be set when spec.os.name is windows.' 12056 type: string 12057 runAsGroup: 12058 description: The GID to run the entrypoint of the container 12059 process. Uses runtime default if unset. May also be set 12060 in SecurityContext. If set in both SecurityContext and 12061 PodSecurityContext, the value specified in SecurityContext 12062 takes precedence for that container. Note that this field 12063 cannot be set when spec.os.name is windows. 12064 format: int64 12065 type: integer 12066 runAsNonRoot: 12067 description: Indicates that the container must run as a non-root 12068 user. If true, the Kubelet will validate the image at runtime 12069 to ensure that it does not run as UID 0 (root) and fail 12070 to start the container if it does. If unset or false, no 12071 such validation will be performed. May also be set in SecurityContext. If 12072 set in both SecurityContext and PodSecurityContext, the 12073 value specified in SecurityContext takes precedence. 12074 type: boolean 12075 runAsUser: 12076 description: The UID to run the entrypoint of the container 12077 process. Defaults to user specified in image metadata if 12078 unspecified. May also be set in SecurityContext. If set 12079 in both SecurityContext and PodSecurityContext, the value 12080 specified in SecurityContext takes precedence for that container. 12081 Note that this field cannot be set when spec.os.name is 12082 windows. 12083 format: int64 12084 type: integer 12085 seLinuxOptions: 12086 description: The SELinux context to be applied to all containers. 12087 If unspecified, the container runtime will allocate a random 12088 SELinux context for each container. May also be set in 12089 SecurityContext. If set in both SecurityContext and PodSecurityContext, 12090 the value specified in SecurityContext takes precedence 12091 for that container. Note that this field cannot be set when 12092 spec.os.name is windows. 12093 properties: 12094 level: 12095 description: Level is SELinux level label that applies 12096 to the container. 12097 type: string 12098 role: 12099 description: Role is a SELinux role label that applies 12100 to the container. 12101 type: string 12102 type: 12103 description: Type is a SELinux type label that applies 12104 to the container. 12105 type: string 12106 user: 12107 description: User is a SELinux user label that applies 12108 to the container. 12109 type: string 12110 type: object 12111 seccompProfile: 12112 description: The seccomp options to use by the containers 12113 in this pod. Note that this field cannot be set when spec.os.name 12114 is windows. 12115 properties: 12116 localhostProfile: 12117 description: localhostProfile indicates a profile defined 12118 in a file on the node should be used. The profile must 12119 be preconfigured on the node to work. Must be a descending 12120 path, relative to the kubelet's configured seccomp profile 12121 location. Must only be set if type is "Localhost". 12122 type: string 12123 type: 12124 description: "type indicates which kind of seccomp profile 12125 will be applied. Valid options are: \n Localhost - a 12126 profile defined in a file on the node should be used. 12127 RuntimeDefault - the container runtime default profile 12128 should be used. Unconfined - no profile should be applied." 12129 type: string 12130 required: 12131 - type 12132 type: object 12133 supplementalGroups: 12134 description: A list of groups applied to the first process 12135 run in each container, in addition to the container's primary 12136 GID. If unspecified, no groups will be added to any container. 12137 Note that this field cannot be set when spec.os.name is 12138 windows. 12139 items: 12140 format: int64 12141 type: integer 12142 type: array 12143 sysctls: 12144 description: Sysctls hold a list of namespaced sysctls used 12145 for the pod. Pods with unsupported sysctls (by the container 12146 runtime) might fail to launch. Note that this field cannot 12147 be set when spec.os.name is windows. 12148 items: 12149 description: Sysctl defines a kernel parameter to be set 12150 properties: 12151 name: 12152 description: Name of a property to set 12153 type: string 12154 value: 12155 description: Value of a property to set 12156 type: string 12157 required: 12158 - name 12159 - value 12160 type: object 12161 type: array 12162 windowsOptions: 12163 description: The Windows specific settings applied to all 12164 containers. If unspecified, the options within a container's 12165 SecurityContext will be used. If set in both SecurityContext 12166 and PodSecurityContext, the value specified in SecurityContext 12167 takes precedence. Note that this field cannot be set when 12168 spec.os.name is linux. 12169 properties: 12170 gmsaCredentialSpec: 12171 description: GMSACredentialSpec is where the GMSA admission 12172 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 12173 inlines the contents of the GMSA credential spec named 12174 by the GMSACredentialSpecName field. 12175 type: string 12176 gmsaCredentialSpecName: 12177 description: GMSACredentialSpecName is the name of the 12178 GMSA credential spec to use. 12179 type: string 12180 hostProcess: 12181 description: HostProcess determines if a container should 12182 be run as a 'Host Process' container. This field is 12183 alpha-level and will only be honored by components that 12184 enable the WindowsHostProcessContainers feature flag. 12185 Setting this field without the feature flag will result 12186 in errors when validating the Pod. All of a Pod's containers 12187 must have the same effective HostProcess value (it is 12188 not allowed to have a mix of HostProcess containers 12189 and non-HostProcess containers). In addition, if HostProcess 12190 is true then HostNetwork must also be set to true. 12191 type: boolean 12192 runAsUserName: 12193 description: The UserName in Windows to run the entrypoint 12194 of the container process. Defaults to the user specified 12195 in image metadata if unspecified. May also be set in 12196 PodSecurityContext. If set in both SecurityContext and 12197 PodSecurityContext, the value specified in SecurityContext 12198 takes precedence. 12199 type: string 12200 type: object 12201 type: object 12202 serviceAccountName: 12203 type: string 12204 serviceAnnotations: 12205 additionalProperties: 12206 type: string 12207 type: object 12208 tolerations: 12209 items: 12210 description: The pod this Toleration is attached to tolerates 12211 any taint that matches the triple <key,value,effect> using 12212 the matching operator <operator>. 12213 properties: 12214 effect: 12215 description: Effect indicates the taint effect to match. 12216 Empty means match all taint effects. When specified, allowed 12217 values are NoSchedule, PreferNoSchedule and NoExecute. 12218 type: string 12219 key: 12220 description: Key is the taint key that the toleration applies 12221 to. Empty means match all taint keys. If the key is empty, 12222 operator must be Exists; this combination means to match 12223 all values and all keys. 12224 type: string 12225 operator: 12226 description: Operator represents a key's relationship to 12227 the value. Valid operators are Exists and Equal. Defaults 12228 to Equal. Exists is equivalent to wildcard for value, 12229 so that a pod can tolerate all taints of a particular 12230 category. 12231 type: string 12232 tolerationSeconds: 12233 description: TolerationSeconds represents the period of 12234 time the toleration (which must be of effect NoExecute, 12235 otherwise this field is ignored) tolerates the taint. 12236 By default, it is not set, which means tolerate the taint 12237 forever (do not evict). Zero and negative values will 12238 be treated as 0 (evict immediately) by the system. 12239 format: int64 12240 type: integer 12241 value: 12242 description: Value is the taint value the toleration matches 12243 to. If the operator is Exists, the value should be empty, 12244 otherwise just a regular string. 12245 type: string 12246 type: object 12247 type: array 12248 topologySpreadConstraints: 12249 items: 12250 description: TopologySpreadConstraint specifies how to spread 12251 matching pods among the given topology. 12252 properties: 12253 labelSelector: 12254 description: LabelSelector is used to find matching pods. 12255 Pods that match this label selector are counted to determine 12256 the number of pods in their corresponding topology domain. 12257 properties: 12258 matchExpressions: 12259 description: matchExpressions is a list of label selector 12260 requirements. The requirements are ANDed. 12261 items: 12262 description: A label selector requirement is a selector 12263 that contains values, a key, and an operator that 12264 relates the key and values. 12265 properties: 12266 key: 12267 description: key is the label key that the selector 12268 applies to. 12269 type: string 12270 operator: 12271 description: operator represents a key's relationship 12272 to a set of values. Valid operators are In, 12273 NotIn, Exists and DoesNotExist. 12274 type: string 12275 values: 12276 description: values is an array of string values. 12277 If the operator is In or NotIn, the values array 12278 must be non-empty. If the operator is Exists 12279 or DoesNotExist, the values array must be empty. 12280 This array is replaced during a strategic merge 12281 patch. 12282 items: 12283 type: string 12284 type: array 12285 required: 12286 - key 12287 - operator 12288 type: object 12289 type: array 12290 matchLabels: 12291 additionalProperties: 12292 type: string 12293 description: matchLabels is a map of {key,value} pairs. 12294 A single {key,value} in the matchLabels map is equivalent 12295 to an element of matchExpressions, whose key field 12296 is "key", the operator is "In", and the values array 12297 contains only "value". The requirements are ANDed. 12298 type: object 12299 type: object 12300 maxSkew: 12301 description: 'MaxSkew describes the degree to which pods 12302 may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 12303 it is the maximum permitted difference between the number 12304 of matching pods in the target topology and the global 12305 minimum. The global minimum is the minimum number of matching 12306 pods in an eligible domain or zero if the number of eligible 12307 domains is less than MinDomains. For example, in a 3-zone 12308 cluster, MaxSkew is set to 1, and pods with the same labelSelector 12309 spread as 2/2/1: In this case, the global minimum is 1. 12310 | zone1 | zone2 | zone3 | | P P | P P | P | - 12311 if MaxSkew is 1, incoming pod can only be scheduled to 12312 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 12313 would make the ActualSkew(3-1) on zone1(zone2) violate 12314 MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled 12315 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 12316 it is used to give higher precedence to topologies that 12317 satisfy it. It''s a required field. Default value is 1 12318 and 0 is not allowed.' 12319 format: int32 12320 type: integer 12321 minDomains: 12322 description: "MinDomains indicates a minimum number of eligible 12323 domains. When the number of eligible domains with matching 12324 topology keys is less than minDomains, Pod Topology Spread 12325 treats \"global minimum\" as 0, and then the calculation 12326 of Skew is performed. And when the number of eligible 12327 domains with matching topology keys equals or greater 12328 than minDomains, this value has no effect on scheduling. 12329 As a result, when the number of eligible domains is less 12330 than minDomains, scheduler won't schedule more than maxSkew 12331 Pods to those domains. If value is nil, the constraint 12332 behaves as if MinDomains is equal to 1. Valid values are 12333 integers greater than 0. When value is not nil, WhenUnsatisfiable 12334 must be DoNotSchedule. \n For example, in a 3-zone cluster, 12335 MaxSkew is set to 2, MinDomains is set to 5 and pods with 12336 the same labelSelector spread as 2/2/2: | zone1 | zone2 12337 | zone3 | | P P | P P | P P | The number of domains 12338 is less than 5(MinDomains), so \"global minimum\" is treated 12339 as 0. In this situation, new pod with the same labelSelector 12340 cannot be scheduled, because computed skew will be 3(3 12341 - 0) if new Pod is scheduled to any of the three zones, 12342 it will violate MaxSkew. \n This is an alpha field and 12343 requires enabling MinDomainsInPodTopologySpread feature 12344 gate." 12345 format: int32 12346 type: integer 12347 topologyKey: 12348 description: TopologyKey is the key of node labels. Nodes 12349 that have a label with this key and identical values are 12350 considered to be in the same topology. We consider each 12351 <key, value> as a "bucket", and try to put balanced number 12352 of pods into each bucket. We define a domain as a particular 12353 instance of a topology. Also, we define an eligible domain 12354 as a domain whose nodes match the node selector. e.g. 12355 If TopologyKey is "kubernetes.io/hostname", each Node 12356 is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", 12357 each zone is a domain of that topology. It's a required 12358 field. 12359 type: string 12360 whenUnsatisfiable: 12361 description: 'WhenUnsatisfiable indicates how to deal with 12362 a pod if it doesn''t satisfy the spread constraint. - 12363 DoNotSchedule (default) tells the scheduler not to schedule 12364 it. - ScheduleAnyway tells the scheduler to schedule the 12365 pod in any location, but giving higher precedence to 12366 topologies that would help reduce the skew. A constraint 12367 is considered "Unsatisfiable" for an incoming pod if and 12368 only if every possible node assignment for that pod would 12369 violate "MaxSkew" on some topology. For example, in a 12370 3-zone cluster, MaxSkew is set to 1, and pods with the 12371 same labelSelector spread as 3/1/1: | zone1 | zone2 | 12372 zone3 | | P P P | P | P | If WhenUnsatisfiable 12373 is set to DoNotSchedule, incoming pod can only be scheduled 12374 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 12375 on zone2(zone3) satisfies MaxSkew(1). In other words, 12376 the cluster can still be imbalanced, but scheduler won''t 12377 make it *more* imbalanced. It''s a required field.' 12378 type: string 12379 required: 12380 - maxSkew 12381 - topologyKey 12382 - whenUnsatisfiable 12383 type: object 12384 type: array 12385 type: object 12386 type: object 12387 required: 12388 - spec 12389 type: object 12390 served: true 12391 storage: true 12392 subresources: {} 12393 status: 12394 acceptedNames: 12395 kind: "" 12396 plural: "" 12397 conditions: [] 12398 storedVersions: []