github.com/spotahome/redis-operator@v1.2.4/manifests/databases.spotahome.com_redisfailovers.yaml (about) 1 2 --- 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: (devel) 8 creationTimestamp: null 9 name: redisfailovers.databases.spotahome.com 10 spec: 11 group: databases.spotahome.com 12 names: 13 kind: RedisFailover 14 listKind: RedisFailoverList 15 plural: redisfailovers 16 shortNames: 17 - rf 18 singular: redisfailover 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .metadata.name 23 name: NAME 24 type: string 25 - jsonPath: .spec.redis.replicas 26 name: REDIS 27 type: integer 28 - jsonPath: .spec.sentinel.replicas 29 name: SENTINELS 30 type: integer 31 - jsonPath: .metadata.creationTimestamp 32 name: AGE 33 type: date 34 name: v1 35 schema: 36 openAPIV3Schema: 37 description: RedisFailover represents a Redis failover 38 properties: 39 apiVersion: 40 description: 'APIVersion defines the versioned schema of this representation 41 of an object. Servers should convert recognized schemas to the latest 42 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 43 type: string 44 kind: 45 description: 'Kind is a string value representing the REST resource this 46 object represents. Servers may infer this from the endpoint the client 47 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 48 type: string 49 metadata: 50 type: object 51 spec: 52 description: RedisFailoverSpec represents a Redis failover spec 53 properties: 54 auth: 55 description: AuthSettings contains settings about auth 56 properties: 57 secretPath: 58 type: string 59 type: object 60 bootstrapNode: 61 description: BootstrapSettings contains settings about a potential 62 bootstrap node 63 properties: 64 allowSentinels: 65 type: boolean 66 host: 67 type: string 68 port: 69 type: string 70 type: object 71 labelWhitelist: 72 items: 73 type: string 74 type: array 75 redis: 76 description: RedisSettings defines the specification of the redis 77 cluster 78 properties: 79 affinity: 80 description: Affinity is a group of affinity scheduling rules. 81 properties: 82 nodeAffinity: 83 description: Describes node affinity scheduling rules for 84 the pod. 85 properties: 86 preferredDuringSchedulingIgnoredDuringExecution: 87 description: The scheduler will prefer to schedule pods 88 to nodes that satisfy the affinity expressions specified 89 by this field, but it may choose a node that violates 90 one or more of the expressions. The node that is most 91 preferred is the one with the greatest sum of weights, 92 i.e. for each node that meets all of the scheduling 93 requirements (resource request, requiredDuringScheduling 94 affinity expressions, etc.), compute a sum by iterating 95 through the elements of this field and adding "weight" 96 to the sum if the node matches the corresponding matchExpressions; 97 the node(s) with the highest sum are the most preferred. 98 items: 99 description: An empty preferred scheduling term matches 100 all objects with implicit weight 0 (i.e. it's a no-op). 101 A null preferred scheduling term matches no objects 102 (i.e. is also a no-op). 103 properties: 104 preference: 105 description: A node selector term, associated with 106 the corresponding weight. 107 properties: 108 matchExpressions: 109 description: A list of node selector requirements 110 by node's labels. 111 items: 112 description: A node selector requirement is 113 a selector that contains values, a key, 114 and an operator that relates the key and 115 values. 116 properties: 117 key: 118 description: The label key that the selector 119 applies to. 120 type: string 121 operator: 122 description: Represents a key's relationship 123 to a set of values. Valid operators 124 are In, NotIn, Exists, DoesNotExist. 125 Gt, and Lt. 126 type: string 127 values: 128 description: An array of string values. 129 If the operator is In or NotIn, the 130 values array must be non-empty. If the 131 operator is Exists or DoesNotExist, 132 the values array must be empty. If the 133 operator is Gt or Lt, the values array 134 must have a single element, which will 135 be interpreted as an integer. This array 136 is replaced during a strategic merge 137 patch. 138 items: 139 type: string 140 type: array 141 required: 142 - key 143 - operator 144 type: object 145 type: array 146 matchFields: 147 description: A list of node selector requirements 148 by node's fields. 149 items: 150 description: A node selector requirement is 151 a selector that contains values, a key, 152 and an operator that relates the key and 153 values. 154 properties: 155 key: 156 description: The label key that the selector 157 applies to. 158 type: string 159 operator: 160 description: Represents a key's relationship 161 to a set of values. Valid operators 162 are In, NotIn, Exists, DoesNotExist. 163 Gt, and Lt. 164 type: string 165 values: 166 description: An array of string values. 167 If the operator is In or NotIn, the 168 values array must be non-empty. If the 169 operator is Exists or DoesNotExist, 170 the values array must be empty. If the 171 operator is Gt or Lt, the values array 172 must have a single element, which will 173 be interpreted as an integer. This array 174 is replaced during a strategic merge 175 patch. 176 items: 177 type: string 178 type: array 179 required: 180 - key 181 - operator 182 type: object 183 type: array 184 type: object 185 weight: 186 description: Weight associated with matching the 187 corresponding nodeSelectorTerm, in the range 1-100. 188 format: int32 189 type: integer 190 required: 191 - preference 192 - weight 193 type: object 194 type: array 195 requiredDuringSchedulingIgnoredDuringExecution: 196 description: If the affinity requirements specified by 197 this field are not met at scheduling time, the pod will 198 not be scheduled onto the node. If the affinity requirements 199 specified by this field cease to be met at some point 200 during pod execution (e.g. due to an update), the system 201 may or may not try to eventually evict the pod from 202 its node. 203 properties: 204 nodeSelectorTerms: 205 description: Required. A list of node selector terms. 206 The terms are ORed. 207 items: 208 description: A null or empty node selector term 209 matches no objects. The requirements of them are 210 ANDed. The TopologySelectorTerm type implements 211 a subset of the NodeSelectorTerm. 212 properties: 213 matchExpressions: 214 description: A list of node selector requirements 215 by node's labels. 216 items: 217 description: A node selector requirement is 218 a selector that contains values, a key, 219 and an operator that relates the key and 220 values. 221 properties: 222 key: 223 description: The label key that the selector 224 applies to. 225 type: string 226 operator: 227 description: Represents a key's relationship 228 to a set of values. Valid operators 229 are In, NotIn, Exists, DoesNotExist. 230 Gt, and Lt. 231 type: string 232 values: 233 description: An array of string values. 234 If the operator is In or NotIn, the 235 values array must be non-empty. If the 236 operator is Exists or DoesNotExist, 237 the values array must be empty. If the 238 operator is Gt or Lt, the values array 239 must have a single element, which will 240 be interpreted as an integer. This array 241 is replaced during a strategic merge 242 patch. 243 items: 244 type: string 245 type: array 246 required: 247 - key 248 - operator 249 type: object 250 type: array 251 matchFields: 252 description: A list of node selector requirements 253 by node's fields. 254 items: 255 description: A node selector requirement is 256 a selector that contains values, a key, 257 and an operator that relates the key and 258 values. 259 properties: 260 key: 261 description: The label key that the selector 262 applies to. 263 type: string 264 operator: 265 description: Represents a key's relationship 266 to a set of values. Valid operators 267 are In, NotIn, Exists, DoesNotExist. 268 Gt, and Lt. 269 type: string 270 values: 271 description: An array of string values. 272 If the operator is In or NotIn, the 273 values array must be non-empty. If the 274 operator is Exists or DoesNotExist, 275 the values array must be empty. If the 276 operator is Gt or Lt, the values array 277 must have a single element, which will 278 be interpreted as an integer. This array 279 is replaced during a strategic merge 280 patch. 281 items: 282 type: string 283 type: array 284 required: 285 - key 286 - operator 287 type: object 288 type: array 289 type: object 290 type: array 291 required: 292 - nodeSelectorTerms 293 type: object 294 type: object 295 podAffinity: 296 description: Describes pod affinity scheduling rules (e.g. 297 co-locate this pod in the same node, zone, etc. as some 298 other pod(s)). 299 properties: 300 preferredDuringSchedulingIgnoredDuringExecution: 301 description: The scheduler will prefer to schedule pods 302 to nodes that satisfy the affinity expressions specified 303 by this field, but it may choose a node that violates 304 one or more of the expressions. The node that is most 305 preferred is the one with the greatest sum of weights, 306 i.e. for each node that meets all of the scheduling 307 requirements (resource request, requiredDuringScheduling 308 affinity expressions, etc.), compute a sum by iterating 309 through the elements of this field and adding "weight" 310 to the sum if the node has pods which matches the corresponding 311 podAffinityTerm; the node(s) with the highest sum are 312 the most preferred. 313 items: 314 description: The weights of all of the matched WeightedPodAffinityTerm 315 fields are added per-node to find the most preferred 316 node(s) 317 properties: 318 podAffinityTerm: 319 description: Required. A pod affinity term, associated 320 with the corresponding weight. 321 properties: 322 labelSelector: 323 description: A label query over a set of resources, 324 in this case pods. 325 properties: 326 matchExpressions: 327 description: matchExpressions is a list 328 of label selector requirements. The requirements 329 are ANDed. 330 items: 331 description: A label selector requirement 332 is a selector that contains values, 333 a key, and an operator that relates 334 the key and values. 335 properties: 336 key: 337 description: key is the label key 338 that the selector applies to. 339 type: string 340 operator: 341 description: operator represents a 342 key's relationship to a set of values. 343 Valid operators are In, NotIn, Exists 344 and DoesNotExist. 345 type: string 346 values: 347 description: values is an array of 348 string values. If the operator is 349 In or NotIn, the values array must 350 be non-empty. If the operator is 351 Exists or DoesNotExist, the values 352 array must be empty. This array 353 is replaced during a strategic merge 354 patch. 355 items: 356 type: string 357 type: array 358 required: 359 - key 360 - operator 361 type: object 362 type: array 363 matchLabels: 364 additionalProperties: 365 type: string 366 description: matchLabels is a map of {key,value} 367 pairs. A single {key,value} in the matchLabels 368 map is equivalent to an element of matchExpressions, 369 whose key field is "key", the operator 370 is "In", and the values array contains 371 only "value". The requirements are ANDed. 372 type: object 373 type: object 374 namespaceSelector: 375 description: A label query over the set of namespaces 376 that the term applies to. The term is applied 377 to the union of the namespaces selected by 378 this field and the ones listed in the namespaces 379 field. null selector and null or empty namespaces 380 list means "this pod's namespace". An empty 381 selector ({}) matches all namespaces. 382 properties: 383 matchExpressions: 384 description: matchExpressions is a list 385 of label selector requirements. The requirements 386 are ANDed. 387 items: 388 description: A label selector requirement 389 is a selector that contains values, 390 a key, and an operator that relates 391 the key and values. 392 properties: 393 key: 394 description: key is the label key 395 that the selector applies to. 396 type: string 397 operator: 398 description: operator represents a 399 key's relationship to a set of values. 400 Valid operators are In, NotIn, Exists 401 and DoesNotExist. 402 type: string 403 values: 404 description: values is an array of 405 string values. If the operator is 406 In or NotIn, the values array must 407 be non-empty. If the operator is 408 Exists or DoesNotExist, the values 409 array must be empty. This array 410 is replaced during a strategic merge 411 patch. 412 items: 413 type: string 414 type: array 415 required: 416 - key 417 - operator 418 type: object 419 type: array 420 matchLabels: 421 additionalProperties: 422 type: string 423 description: matchLabels is a map of {key,value} 424 pairs. A single {key,value} in the matchLabels 425 map is equivalent to an element of matchExpressions, 426 whose key field is "key", the operator 427 is "In", and the values array contains 428 only "value". The requirements are ANDed. 429 type: object 430 type: object 431 namespaces: 432 description: namespaces specifies a static list 433 of namespace names that the term applies to. 434 The term is applied to the union of the namespaces 435 listed in this field and the ones selected 436 by namespaceSelector. null or empty namespaces 437 list and null namespaceSelector means "this 438 pod's namespace". 439 items: 440 type: string 441 type: array 442 topologyKey: 443 description: This pod should be co-located (affinity) 444 or not co-located (anti-affinity) with the 445 pods matching the labelSelector in the specified 446 namespaces, where co-located is defined as 447 running on a node whose value of the label 448 with key topologyKey matches that of any node 449 on which any of the selected pods is running. 450 Empty topologyKey is not allowed. 451 type: string 452 required: 453 - topologyKey 454 type: object 455 weight: 456 description: weight associated with matching the 457 corresponding podAffinityTerm, in the range 1-100. 458 format: int32 459 type: integer 460 required: 461 - podAffinityTerm 462 - weight 463 type: object 464 type: array 465 requiredDuringSchedulingIgnoredDuringExecution: 466 description: If the affinity requirements specified by 467 this field are not met at scheduling time, the pod will 468 not be scheduled onto the node. If the affinity requirements 469 specified by this field cease to be met at some point 470 during pod execution (e.g. due to a pod label update), 471 the system may or may not try to eventually evict the 472 pod from its node. When there are multiple elements, 473 the lists of nodes corresponding to each podAffinityTerm 474 are intersected, i.e. all terms must be satisfied. 475 items: 476 description: Defines a set of pods (namely those matching 477 the labelSelector relative to the given namespace(s)) 478 that this pod should be co-located (affinity) or not 479 co-located (anti-affinity) with, where co-located 480 is defined as running on a node whose value of the 481 label with key <topologyKey> matches that of any node 482 on which a pod of the set of pods is running 483 properties: 484 labelSelector: 485 description: A label query over a set of resources, 486 in this case pods. 487 properties: 488 matchExpressions: 489 description: matchExpressions is a list of label 490 selector requirements. The requirements are 491 ANDed. 492 items: 493 description: A label selector requirement 494 is a selector that contains values, a key, 495 and an operator that relates the key and 496 values. 497 properties: 498 key: 499 description: key is the label key that 500 the selector applies to. 501 type: string 502 operator: 503 description: operator represents a key's 504 relationship to a set of values. Valid 505 operators are In, NotIn, Exists and 506 DoesNotExist. 507 type: string 508 values: 509 description: values is an array of string 510 values. If the operator is In or NotIn, 511 the values array must be non-empty. 512 If the operator is Exists or DoesNotExist, 513 the values array must be empty. This 514 array is replaced during a strategic 515 merge patch. 516 items: 517 type: string 518 type: array 519 required: 520 - key 521 - operator 522 type: object 523 type: array 524 matchLabels: 525 additionalProperties: 526 type: string 527 description: matchLabels is a map of {key,value} 528 pairs. A single {key,value} in the matchLabels 529 map is equivalent to an element of matchExpressions, 530 whose key field is "key", the operator is 531 "In", and the values array contains only "value". 532 The requirements are ANDed. 533 type: object 534 type: object 535 namespaceSelector: 536 description: A label query over the set of namespaces 537 that the term applies to. The term is applied 538 to the union of the namespaces selected by this 539 field and the ones listed in the namespaces field. 540 null selector and null or empty namespaces list 541 means "this pod's namespace". An empty selector 542 ({}) matches all namespaces. 543 properties: 544 matchExpressions: 545 description: matchExpressions is a list of label 546 selector requirements. The requirements are 547 ANDed. 548 items: 549 description: A label selector requirement 550 is a selector that contains values, a key, 551 and an operator that relates the key and 552 values. 553 properties: 554 key: 555 description: key is the label key that 556 the selector applies to. 557 type: string 558 operator: 559 description: operator represents a key's 560 relationship to a set of values. Valid 561 operators are In, NotIn, Exists and 562 DoesNotExist. 563 type: string 564 values: 565 description: values is an array of string 566 values. If the operator is In or NotIn, 567 the values array must be non-empty. 568 If the operator is Exists or DoesNotExist, 569 the values array must be empty. This 570 array is replaced during a strategic 571 merge patch. 572 items: 573 type: string 574 type: array 575 required: 576 - key 577 - operator 578 type: object 579 type: array 580 matchLabels: 581 additionalProperties: 582 type: string 583 description: matchLabels is a map of {key,value} 584 pairs. A single {key,value} in the matchLabels 585 map is equivalent to an element of matchExpressions, 586 whose key field is "key", the operator is 587 "In", and the values array contains only "value". 588 The requirements are ANDed. 589 type: object 590 type: object 591 namespaces: 592 description: namespaces specifies a static list 593 of namespace names that the term applies to. The 594 term is applied to the union of the namespaces 595 listed in this field and the ones selected by 596 namespaceSelector. null or empty namespaces list 597 and null namespaceSelector means "this pod's namespace". 598 items: 599 type: string 600 type: array 601 topologyKey: 602 description: This pod should be co-located (affinity) 603 or not co-located (anti-affinity) with the pods 604 matching the labelSelector in the specified namespaces, 605 where co-located is defined as running on a node 606 whose value of the label with key topologyKey 607 matches that of any node on which any of the selected 608 pods is running. Empty topologyKey is not allowed. 609 type: string 610 required: 611 - topologyKey 612 type: object 613 type: array 614 type: object 615 podAntiAffinity: 616 description: Describes pod anti-affinity scheduling rules 617 (e.g. avoid putting this pod in the same node, zone, etc. 618 as some other pod(s)). 619 properties: 620 preferredDuringSchedulingIgnoredDuringExecution: 621 description: The scheduler will prefer to schedule pods 622 to nodes that satisfy the anti-affinity expressions 623 specified by this field, but it may choose a node that 624 violates one or more of the expressions. The node that 625 is most preferred is the one with the greatest sum of 626 weights, i.e. for each node that meets all of the scheduling 627 requirements (resource request, requiredDuringScheduling 628 anti-affinity expressions, etc.), compute a sum by iterating 629 through the elements of this field and adding "weight" 630 to the sum if the node has pods which matches the corresponding 631 podAffinityTerm; the node(s) with the highest sum are 632 the most preferred. 633 items: 634 description: The weights of all of the matched WeightedPodAffinityTerm 635 fields are added per-node to find the most preferred 636 node(s) 637 properties: 638 podAffinityTerm: 639 description: Required. A pod affinity term, associated 640 with the corresponding weight. 641 properties: 642 labelSelector: 643 description: A label query over a set of resources, 644 in this case pods. 645 properties: 646 matchExpressions: 647 description: matchExpressions is a list 648 of label selector requirements. The requirements 649 are ANDed. 650 items: 651 description: A label selector requirement 652 is a selector that contains values, 653 a key, and an operator that relates 654 the key and values. 655 properties: 656 key: 657 description: key is the label key 658 that the selector applies to. 659 type: string 660 operator: 661 description: operator represents a 662 key's relationship to a set of values. 663 Valid operators are In, NotIn, Exists 664 and DoesNotExist. 665 type: string 666 values: 667 description: values is an array of 668 string values. If the operator is 669 In or NotIn, the values array must 670 be non-empty. If the operator is 671 Exists or DoesNotExist, the values 672 array must be empty. This array 673 is replaced during a strategic merge 674 patch. 675 items: 676 type: string 677 type: array 678 required: 679 - key 680 - operator 681 type: object 682 type: array 683 matchLabels: 684 additionalProperties: 685 type: string 686 description: matchLabels is a map of {key,value} 687 pairs. A single {key,value} in the matchLabels 688 map is equivalent to an element of matchExpressions, 689 whose key field is "key", the operator 690 is "In", and the values array contains 691 only "value". The requirements are ANDed. 692 type: object 693 type: object 694 namespaceSelector: 695 description: A label query over the set of namespaces 696 that the term applies to. The term is applied 697 to the union of the namespaces selected by 698 this field and the ones listed in the namespaces 699 field. null selector and null or empty namespaces 700 list means "this pod's namespace". An empty 701 selector ({}) matches all namespaces. 702 properties: 703 matchExpressions: 704 description: matchExpressions is a list 705 of label selector requirements. The requirements 706 are ANDed. 707 items: 708 description: A label selector requirement 709 is a selector that contains values, 710 a key, and an operator that relates 711 the key and values. 712 properties: 713 key: 714 description: key is the label key 715 that the selector applies to. 716 type: string 717 operator: 718 description: operator represents a 719 key's relationship to a set of values. 720 Valid operators are In, NotIn, Exists 721 and DoesNotExist. 722 type: string 723 values: 724 description: values is an array of 725 string values. If the operator is 726 In or NotIn, the values array must 727 be non-empty. If the operator is 728 Exists or DoesNotExist, the values 729 array must be empty. This array 730 is replaced during a strategic merge 731 patch. 732 items: 733 type: string 734 type: array 735 required: 736 - key 737 - operator 738 type: object 739 type: array 740 matchLabels: 741 additionalProperties: 742 type: string 743 description: matchLabels is a map of {key,value} 744 pairs. A single {key,value} in the matchLabels 745 map is equivalent to an element of matchExpressions, 746 whose key field is "key", the operator 747 is "In", and the values array contains 748 only "value". The requirements are ANDed. 749 type: object 750 type: object 751 namespaces: 752 description: namespaces specifies a static list 753 of namespace names that the term applies to. 754 The term is applied to the union of the namespaces 755 listed in this field and the ones selected 756 by namespaceSelector. null or empty namespaces 757 list and null namespaceSelector means "this 758 pod's namespace". 759 items: 760 type: string 761 type: array 762 topologyKey: 763 description: This pod should be co-located (affinity) 764 or not co-located (anti-affinity) with the 765 pods matching the labelSelector in the specified 766 namespaces, where co-located is defined as 767 running on a node whose value of the label 768 with key topologyKey matches that of any node 769 on which any of the selected pods is running. 770 Empty topologyKey is not allowed. 771 type: string 772 required: 773 - topologyKey 774 type: object 775 weight: 776 description: weight associated with matching the 777 corresponding podAffinityTerm, in the range 1-100. 778 format: int32 779 type: integer 780 required: 781 - podAffinityTerm 782 - weight 783 type: object 784 type: array 785 requiredDuringSchedulingIgnoredDuringExecution: 786 description: If the anti-affinity requirements specified 787 by this field are not met at scheduling time, the pod 788 will not be scheduled onto the node. If the anti-affinity 789 requirements specified by this field cease to be met 790 at some point during pod execution (e.g. due to a pod 791 label update), the system may or may not try to eventually 792 evict the pod from its node. When there are multiple 793 elements, the lists of nodes corresponding to each podAffinityTerm 794 are intersected, i.e. all terms must be satisfied. 795 items: 796 description: Defines a set of pods (namely those matching 797 the labelSelector relative to the given namespace(s)) 798 that this pod should be co-located (affinity) or not 799 co-located (anti-affinity) with, where co-located 800 is defined as running on a node whose value of the 801 label with key <topologyKey> matches that of any node 802 on which a pod of the set of pods is running 803 properties: 804 labelSelector: 805 description: A label query over a set of resources, 806 in this case pods. 807 properties: 808 matchExpressions: 809 description: matchExpressions is a list of label 810 selector requirements. The requirements are 811 ANDed. 812 items: 813 description: A label selector requirement 814 is a selector that contains values, a key, 815 and an operator that relates the key and 816 values. 817 properties: 818 key: 819 description: key is the label key that 820 the selector applies to. 821 type: string 822 operator: 823 description: operator represents a key's 824 relationship to a set of values. Valid 825 operators are In, NotIn, Exists and 826 DoesNotExist. 827 type: string 828 values: 829 description: values is an array of string 830 values. If the operator is In or NotIn, 831 the values array must be non-empty. 832 If the operator is Exists or DoesNotExist, 833 the values array must be empty. This 834 array is replaced during a strategic 835 merge patch. 836 items: 837 type: string 838 type: array 839 required: 840 - key 841 - operator 842 type: object 843 type: array 844 matchLabels: 845 additionalProperties: 846 type: string 847 description: matchLabels is a map of {key,value} 848 pairs. A single {key,value} in the matchLabels 849 map is equivalent to an element of matchExpressions, 850 whose key field is "key", the operator is 851 "In", and the values array contains only "value". 852 The requirements are ANDed. 853 type: object 854 type: object 855 namespaceSelector: 856 description: A label query over the set of namespaces 857 that the term applies to. The term is applied 858 to the union of the namespaces selected by this 859 field and the ones listed in the namespaces field. 860 null selector and null or empty namespaces list 861 means "this pod's namespace". An empty selector 862 ({}) matches all namespaces. 863 properties: 864 matchExpressions: 865 description: matchExpressions is a list of label 866 selector requirements. The requirements are 867 ANDed. 868 items: 869 description: A label selector requirement 870 is a selector that contains values, a key, 871 and an operator that relates the key and 872 values. 873 properties: 874 key: 875 description: key is the label key that 876 the selector applies to. 877 type: string 878 operator: 879 description: operator represents a key's 880 relationship to a set of values. Valid 881 operators are In, NotIn, Exists and 882 DoesNotExist. 883 type: string 884 values: 885 description: values is an array of string 886 values. If the operator is In or NotIn, 887 the values array must be non-empty. 888 If the operator is Exists or DoesNotExist, 889 the values array must be empty. This 890 array is replaced during a strategic 891 merge patch. 892 items: 893 type: string 894 type: array 895 required: 896 - key 897 - operator 898 type: object 899 type: array 900 matchLabels: 901 additionalProperties: 902 type: string 903 description: matchLabels is a map of {key,value} 904 pairs. A single {key,value} in the matchLabels 905 map is equivalent to an element of matchExpressions, 906 whose key field is "key", the operator is 907 "In", and the values array contains only "value". 908 The requirements are ANDed. 909 type: object 910 type: object 911 namespaces: 912 description: namespaces specifies a static list 913 of namespace names that the term applies to. The 914 term is applied to the union of the namespaces 915 listed in this field and the ones selected by 916 namespaceSelector. null or empty namespaces list 917 and null namespaceSelector means "this pod's namespace". 918 items: 919 type: string 920 type: array 921 topologyKey: 922 description: This pod should be co-located (affinity) 923 or not co-located (anti-affinity) with the pods 924 matching the labelSelector in the specified namespaces, 925 where co-located is defined as running on a node 926 whose value of the label with key topologyKey 927 matches that of any node on which any of the selected 928 pods is running. Empty topologyKey is not allowed. 929 type: string 930 required: 931 - topologyKey 932 type: object 933 type: array 934 type: object 935 type: object 936 command: 937 items: 938 type: string 939 type: array 940 containerSecurityContext: 941 description: SecurityContext holds security configuration that 942 will be applied to a container. Some fields are present in both 943 SecurityContext and PodSecurityContext. When both are set, 944 the values in SecurityContext take precedence. 945 properties: 946 allowPrivilegeEscalation: 947 description: 'AllowPrivilegeEscalation controls whether a 948 process can gain more privileges than its parent process. 949 This bool directly controls if the no_new_privs flag will 950 be set on the container process. AllowPrivilegeEscalation 951 is true always when the container is: 1) run as Privileged 952 2) has CAP_SYS_ADMIN Note that this field cannot be set 953 when spec.os.name is windows.' 954 type: boolean 955 capabilities: 956 description: The capabilities to add/drop when running containers. 957 Defaults to the default set of capabilities granted by the 958 container runtime. Note that this field cannot be set when 959 spec.os.name is windows. 960 properties: 961 add: 962 description: Added capabilities 963 items: 964 description: Capability represent POSIX capabilities 965 type 966 type: string 967 type: array 968 drop: 969 description: Removed capabilities 970 items: 971 description: Capability represent POSIX capabilities 972 type 973 type: string 974 type: array 975 type: object 976 privileged: 977 description: Run container in privileged mode. Processes in 978 privileged containers are essentially equivalent to root 979 on the host. Defaults to false. Note that this field cannot 980 be set when spec.os.name is windows. 981 type: boolean 982 procMount: 983 description: procMount denotes the type of proc mount to use 984 for the containers. The default is DefaultProcMount which 985 uses the container runtime defaults for readonly paths and 986 masked paths. This requires the ProcMountType feature flag 987 to be enabled. Note that this field cannot be set when spec.os.name 988 is windows. 989 type: string 990 readOnlyRootFilesystem: 991 description: Whether this container has a read-only root filesystem. 992 Default is false. Note that this field cannot be set when 993 spec.os.name is windows. 994 type: boolean 995 runAsGroup: 996 description: The GID to run the entrypoint of the container 997 process. Uses runtime default if unset. May also be set 998 in PodSecurityContext. If set in both SecurityContext and 999 PodSecurityContext, the value specified in SecurityContext 1000 takes precedence. Note that this field cannot be set when 1001 spec.os.name is windows. 1002 format: int64 1003 type: integer 1004 runAsNonRoot: 1005 description: Indicates that the container must run as a non-root 1006 user. If true, the Kubelet will validate the image at runtime 1007 to ensure that it does not run as UID 0 (root) and fail 1008 to start the container if it does. If unset or false, no 1009 such validation will be performed. May also be set in PodSecurityContext. If 1010 set in both SecurityContext and PodSecurityContext, the 1011 value specified in SecurityContext takes precedence. 1012 type: boolean 1013 runAsUser: 1014 description: The UID to run the entrypoint of the container 1015 process. Defaults to user specified in image metadata if 1016 unspecified. May also be set in PodSecurityContext. If 1017 set in both SecurityContext and PodSecurityContext, the 1018 value specified in SecurityContext takes precedence. Note 1019 that this field cannot be set when spec.os.name is windows. 1020 format: int64 1021 type: integer 1022 seLinuxOptions: 1023 description: The SELinux context to be applied to the container. 1024 If unspecified, the container runtime will allocate a random 1025 SELinux context for each container. May also be set in 1026 PodSecurityContext. If set in both SecurityContext and 1027 PodSecurityContext, the value specified in SecurityContext 1028 takes precedence. Note that this field cannot be set when 1029 spec.os.name is windows. 1030 properties: 1031 level: 1032 description: Level is SELinux level label that applies 1033 to the container. 1034 type: string 1035 role: 1036 description: Role is a SELinux role label that applies 1037 to the container. 1038 type: string 1039 type: 1040 description: Type is a SELinux type label that applies 1041 to the container. 1042 type: string 1043 user: 1044 description: User is a SELinux user label that applies 1045 to the container. 1046 type: string 1047 type: object 1048 seccompProfile: 1049 description: The seccomp options to use by this container. 1050 If seccomp options are provided at both the pod & container 1051 level, the container options override the pod options. Note 1052 that this field cannot be set when spec.os.name is windows. 1053 properties: 1054 localhostProfile: 1055 description: localhostProfile indicates a profile defined 1056 in a file on the node should be used. The profile must 1057 be preconfigured on the node to work. Must be a descending 1058 path, relative to the kubelet's configured seccomp profile 1059 location. Must only be set if type is "Localhost". 1060 type: string 1061 type: 1062 description: "type indicates which kind of seccomp profile 1063 will be applied. Valid options are: \n Localhost - a 1064 profile defined in a file on the node should be used. 1065 RuntimeDefault - the container runtime default profile 1066 should be used. Unconfined - no profile should be applied." 1067 type: string 1068 required: 1069 - type 1070 type: object 1071 windowsOptions: 1072 description: The Windows specific settings applied to all 1073 containers. If unspecified, the options from the PodSecurityContext 1074 will be used. If set in both SecurityContext and PodSecurityContext, 1075 the value specified in SecurityContext takes precedence. 1076 Note that this field cannot be set when spec.os.name is 1077 linux. 1078 properties: 1079 gmsaCredentialSpec: 1080 description: GMSACredentialSpec is where the GMSA admission 1081 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1082 inlines the contents of the GMSA credential spec named 1083 by the GMSACredentialSpecName field. 1084 type: string 1085 gmsaCredentialSpecName: 1086 description: GMSACredentialSpecName is the name of the 1087 GMSA credential spec to use. 1088 type: string 1089 hostProcess: 1090 description: HostProcess determines if a container should 1091 be run as a 'Host Process' container. This field is 1092 alpha-level and will only be honored by components that 1093 enable the WindowsHostProcessContainers feature flag. 1094 Setting this field without the feature flag will result 1095 in errors when validating the Pod. All of a Pod's containers 1096 must have the same effective HostProcess value (it is 1097 not allowed to have a mix of HostProcess containers 1098 and non-HostProcess containers). In addition, if HostProcess 1099 is true then HostNetwork must also be set to true. 1100 type: boolean 1101 runAsUserName: 1102 description: The UserName in Windows to run the entrypoint 1103 of the container process. Defaults to the user specified 1104 in image metadata if unspecified. May also be set in 1105 PodSecurityContext. If set in both SecurityContext and 1106 PodSecurityContext, the value specified in SecurityContext 1107 takes precedence. 1108 type: string 1109 type: object 1110 type: object 1111 customCommandRenames: 1112 items: 1113 description: RedisCommandRename defines the specification of 1114 a "rename-command" configuration option 1115 properties: 1116 from: 1117 type: string 1118 to: 1119 type: string 1120 type: object 1121 type: array 1122 customConfig: 1123 items: 1124 type: string 1125 type: array 1126 dnsPolicy: 1127 description: DNSPolicy defines how a pod's DNS will be configured. 1128 type: string 1129 exporter: 1130 description: Exporter defines the specification for the redis/sentinel 1131 exporter 1132 properties: 1133 args: 1134 items: 1135 type: string 1136 type: array 1137 containerSecurityContext: 1138 description: SecurityContext holds security configuration 1139 that will be applied to a container. Some fields are present 1140 in both SecurityContext and PodSecurityContext. When both 1141 are set, the values in SecurityContext take precedence. 1142 properties: 1143 allowPrivilegeEscalation: 1144 description: 'AllowPrivilegeEscalation controls whether 1145 a process can gain more privileges than its parent process. 1146 This bool directly controls if the no_new_privs flag 1147 will be set on the container process. AllowPrivilegeEscalation 1148 is true always when the container is: 1) run as Privileged 1149 2) has CAP_SYS_ADMIN Note that this field cannot be 1150 set when spec.os.name is windows.' 1151 type: boolean 1152 capabilities: 1153 description: The capabilities to add/drop when running 1154 containers. Defaults to the default set of capabilities 1155 granted by the container runtime. Note that this field 1156 cannot be set when spec.os.name is windows. 1157 properties: 1158 add: 1159 description: Added capabilities 1160 items: 1161 description: Capability represent POSIX capabilities 1162 type 1163 type: string 1164 type: array 1165 drop: 1166 description: Removed capabilities 1167 items: 1168 description: Capability represent POSIX capabilities 1169 type 1170 type: string 1171 type: array 1172 type: object 1173 privileged: 1174 description: Run container in privileged mode. Processes 1175 in privileged containers are essentially equivalent 1176 to root on the host. Defaults to false. Note that this 1177 field cannot be set when spec.os.name is windows. 1178 type: boolean 1179 procMount: 1180 description: procMount denotes the type of proc mount 1181 to use for the containers. The default is DefaultProcMount 1182 which uses the container runtime defaults for readonly 1183 paths and masked paths. This requires the ProcMountType 1184 feature flag to be enabled. Note that this field cannot 1185 be set when spec.os.name is windows. 1186 type: string 1187 readOnlyRootFilesystem: 1188 description: Whether this container has a read-only root 1189 filesystem. Default is false. Note that this field cannot 1190 be set when spec.os.name is windows. 1191 type: boolean 1192 runAsGroup: 1193 description: The GID to run the entrypoint of the container 1194 process. Uses runtime default if unset. May also be 1195 set in PodSecurityContext. If set in both SecurityContext 1196 and PodSecurityContext, the value specified in SecurityContext 1197 takes precedence. Note that this field cannot be set 1198 when spec.os.name is windows. 1199 format: int64 1200 type: integer 1201 runAsNonRoot: 1202 description: Indicates that the container must run as 1203 a non-root user. If true, the Kubelet will validate 1204 the image at runtime to ensure that it does not run 1205 as UID 0 (root) and fail to start the container if it 1206 does. If unset or false, no such validation will be 1207 performed. May also be set in PodSecurityContext. If 1208 set in both SecurityContext and PodSecurityContext, 1209 the value specified in SecurityContext takes precedence. 1210 type: boolean 1211 runAsUser: 1212 description: The UID to run the entrypoint of the container 1213 process. Defaults to user specified in image metadata 1214 if unspecified. May also be set in PodSecurityContext. If 1215 set in both SecurityContext and PodSecurityContext, 1216 the value specified in SecurityContext takes precedence. 1217 Note that this field cannot be set when spec.os.name 1218 is windows. 1219 format: int64 1220 type: integer 1221 seLinuxOptions: 1222 description: The SELinux context to be applied to the 1223 container. If unspecified, the container runtime will 1224 allocate a random SELinux context for each container. May 1225 also be set in PodSecurityContext. If set in both SecurityContext 1226 and PodSecurityContext, the value specified in SecurityContext 1227 takes precedence. Note that this field cannot be set 1228 when spec.os.name is windows. 1229 properties: 1230 level: 1231 description: Level is SELinux level label that applies 1232 to the container. 1233 type: string 1234 role: 1235 description: Role is a SELinux role label that applies 1236 to the container. 1237 type: string 1238 type: 1239 description: Type is a SELinux type label that applies 1240 to the container. 1241 type: string 1242 user: 1243 description: User is a SELinux user label that applies 1244 to the container. 1245 type: string 1246 type: object 1247 seccompProfile: 1248 description: The seccomp options to use by this container. 1249 If seccomp options are provided at both the pod & container 1250 level, the container options override the pod options. 1251 Note that this field cannot be set when spec.os.name 1252 is windows. 1253 properties: 1254 localhostProfile: 1255 description: localhostProfile indicates a profile 1256 defined in a file on the node should be used. The 1257 profile must be preconfigured on the node to work. 1258 Must be a descending path, relative to the kubelet's 1259 configured seccomp profile location. Must only be 1260 set if type is "Localhost". 1261 type: string 1262 type: 1263 description: "type indicates which kind of seccomp 1264 profile will be applied. Valid options are: \n Localhost 1265 - a profile defined in a file on the node should 1266 be used. RuntimeDefault - the container runtime 1267 default profile should be used. Unconfined - no 1268 profile should be applied." 1269 type: string 1270 required: 1271 - type 1272 type: object 1273 windowsOptions: 1274 description: The Windows specific settings applied to 1275 all containers. If unspecified, the options from the 1276 PodSecurityContext will be used. If set in both SecurityContext 1277 and PodSecurityContext, the value specified in SecurityContext 1278 takes precedence. Note that this field cannot be set 1279 when spec.os.name is linux. 1280 properties: 1281 gmsaCredentialSpec: 1282 description: GMSACredentialSpec is where the GMSA 1283 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1284 inlines the contents of the GMSA credential spec 1285 named by the GMSACredentialSpecName field. 1286 type: string 1287 gmsaCredentialSpecName: 1288 description: GMSACredentialSpecName is the name of 1289 the GMSA credential spec to use. 1290 type: string 1291 hostProcess: 1292 description: HostProcess determines if a container 1293 should be run as a 'Host Process' container. This 1294 field is alpha-level and will only be honored by 1295 components that enable the WindowsHostProcessContainers 1296 feature flag. Setting this field without the feature 1297 flag will result in errors when validating the Pod. 1298 All of a Pod's containers must have the same effective 1299 HostProcess value (it is not allowed to have a mix 1300 of HostProcess containers and non-HostProcess containers). In 1301 addition, if HostProcess is true then HostNetwork 1302 must also be set to true. 1303 type: boolean 1304 runAsUserName: 1305 description: The UserName in Windows to run the entrypoint 1306 of the container process. Defaults to the user specified 1307 in image metadata if unspecified. May also be set 1308 in PodSecurityContext. If set in both SecurityContext 1309 and PodSecurityContext, the value specified in SecurityContext 1310 takes precedence. 1311 type: string 1312 type: object 1313 type: object 1314 enabled: 1315 type: boolean 1316 env: 1317 items: 1318 description: EnvVar represents an environment variable present 1319 in a Container. 1320 properties: 1321 name: 1322 description: Name of the environment variable. Must 1323 be a C_IDENTIFIER. 1324 type: string 1325 value: 1326 description: 'Variable references $(VAR_NAME) are expanded 1327 using the previously defined environment variables 1328 in the container and any service environment variables. 1329 If a variable cannot be resolved, the reference in 1330 the input string will be unchanged. Double $$ are 1331 reduced to a single $, which allows for escaping the 1332 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 1333 the string literal "$(VAR_NAME)". Escaped references 1334 will never be expanded, regardless of whether the 1335 variable exists or not. Defaults to "".' 1336 type: string 1337 valueFrom: 1338 description: Source for the environment variable's value. 1339 Cannot be used if value is not empty. 1340 properties: 1341 configMapKeyRef: 1342 description: Selects a key of a ConfigMap. 1343 properties: 1344 key: 1345 description: The key to select. 1346 type: string 1347 name: 1348 description: 'Name of the referent. More info: 1349 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1350 TODO: Add other useful fields. apiVersion, 1351 kind, uid?' 1352 type: string 1353 optional: 1354 description: Specify whether the ConfigMap or 1355 its key must be defined 1356 type: boolean 1357 required: 1358 - key 1359 type: object 1360 fieldRef: 1361 description: 'Selects a field of the pod: supports 1362 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1363 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1364 spec.serviceAccountName, status.hostIP, status.podIP, 1365 status.podIPs.' 1366 properties: 1367 apiVersion: 1368 description: Version of the schema the FieldPath 1369 is written in terms of, defaults to "v1". 1370 type: string 1371 fieldPath: 1372 description: Path of the field to select in 1373 the specified API version. 1374 type: string 1375 required: 1376 - fieldPath 1377 type: object 1378 resourceFieldRef: 1379 description: 'Selects a resource of the container: 1380 only resources limits and requests (limits.cpu, 1381 limits.memory, limits.ephemeral-storage, requests.cpu, 1382 requests.memory and requests.ephemeral-storage) 1383 are currently supported.' 1384 properties: 1385 containerName: 1386 description: 'Container name: required for volumes, 1387 optional for env vars' 1388 type: string 1389 divisor: 1390 anyOf: 1391 - type: integer 1392 - type: string 1393 description: Specifies the output format of 1394 the exposed resources, defaults to "1" 1395 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1396 x-kubernetes-int-or-string: true 1397 resource: 1398 description: 'Required: resource to select' 1399 type: string 1400 required: 1401 - resource 1402 type: object 1403 secretKeyRef: 1404 description: Selects a key of a secret in the pod's 1405 namespace 1406 properties: 1407 key: 1408 description: The key of the secret to select 1409 from. Must be a valid secret key. 1410 type: string 1411 name: 1412 description: 'Name of the referent. More info: 1413 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1414 TODO: Add other useful fields. apiVersion, 1415 kind, uid?' 1416 type: string 1417 optional: 1418 description: Specify whether the Secret or its 1419 key must be defined 1420 type: boolean 1421 required: 1422 - key 1423 type: object 1424 type: object 1425 required: 1426 - name 1427 type: object 1428 type: array 1429 image: 1430 type: string 1431 imagePullPolicy: 1432 description: PullPolicy describes a policy for if/when to 1433 pull a container image 1434 type: string 1435 resources: 1436 description: ResourceRequirements describes the compute resource 1437 requirements. 1438 properties: 1439 limits: 1440 additionalProperties: 1441 anyOf: 1442 - type: integer 1443 - type: string 1444 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1445 x-kubernetes-int-or-string: true 1446 description: 'Limits describes the maximum amount of compute 1447 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1448 type: object 1449 requests: 1450 additionalProperties: 1451 anyOf: 1452 - type: integer 1453 - type: string 1454 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1455 x-kubernetes-int-or-string: true 1456 description: 'Requests describes the minimum amount of 1457 compute resources required. If Requests is omitted for 1458 a container, it defaults to Limits if that is explicitly 1459 specified, otherwise to an implementation-defined value. 1460 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1461 type: object 1462 type: object 1463 type: object 1464 extraContainers: 1465 items: 1466 description: A single application container that you want to 1467 run within a pod. 1468 properties: 1469 args: 1470 description: 'Arguments to the entrypoint. The container 1471 image''s CMD is used if this is not provided. Variable 1472 references $(VAR_NAME) are expanded using the container''s 1473 environment. If a variable cannot be resolved, the reference 1474 in the input string will be unchanged. Double $$ are reduced 1475 to a single $, which allows for escaping the $(VAR_NAME) 1476 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 1477 "$(VAR_NAME)". Escaped references will never be expanded, 1478 regardless of whether the variable exists or not. Cannot 1479 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1480 items: 1481 type: string 1482 type: array 1483 command: 1484 description: 'Entrypoint array. Not executed within a shell. 1485 The container image''s ENTRYPOINT is used if this is not 1486 provided. Variable references $(VAR_NAME) are expanded 1487 using the container''s environment. If a variable cannot 1488 be resolved, the reference in the input string will be 1489 unchanged. Double $$ are reduced to a single $, which 1490 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1491 will produce the string literal "$(VAR_NAME)". Escaped 1492 references will never be expanded, regardless of whether 1493 the variable exists or not. Cannot be updated. More info: 1494 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1495 items: 1496 type: string 1497 type: array 1498 env: 1499 description: List of environment variables to set in the 1500 container. Cannot be updated. 1501 items: 1502 description: EnvVar represents an environment variable 1503 present in a Container. 1504 properties: 1505 name: 1506 description: Name of the environment variable. Must 1507 be a C_IDENTIFIER. 1508 type: string 1509 value: 1510 description: 'Variable references $(VAR_NAME) are 1511 expanded using the previously defined environment 1512 variables in the container and any service environment 1513 variables. If a variable cannot be resolved, the 1514 reference in the input string will be unchanged. 1515 Double $$ are reduced to a single $, which allows 1516 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 1517 will produce the string literal "$(VAR_NAME)". Escaped 1518 references will never be expanded, regardless of 1519 whether the variable exists or not. Defaults to 1520 "".' 1521 type: string 1522 valueFrom: 1523 description: Source for the environment variable's 1524 value. Cannot be used if value is not empty. 1525 properties: 1526 configMapKeyRef: 1527 description: Selects a key of a ConfigMap. 1528 properties: 1529 key: 1530 description: The key to select. 1531 type: string 1532 name: 1533 description: 'Name of the referent. More info: 1534 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1535 TODO: Add other useful fields. apiVersion, 1536 kind, uid?' 1537 type: string 1538 optional: 1539 description: Specify whether the ConfigMap 1540 or its key must be defined 1541 type: boolean 1542 required: 1543 - key 1544 type: object 1545 fieldRef: 1546 description: 'Selects a field of the pod: supports 1547 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1548 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1549 spec.serviceAccountName, status.hostIP, status.podIP, 1550 status.podIPs.' 1551 properties: 1552 apiVersion: 1553 description: Version of the schema the FieldPath 1554 is written in terms of, defaults to "v1". 1555 type: string 1556 fieldPath: 1557 description: Path of the field to select in 1558 the specified API version. 1559 type: string 1560 required: 1561 - fieldPath 1562 type: object 1563 resourceFieldRef: 1564 description: 'Selects a resource of the container: 1565 only resources limits and requests (limits.cpu, 1566 limits.memory, limits.ephemeral-storage, requests.cpu, 1567 requests.memory and requests.ephemeral-storage) 1568 are currently supported.' 1569 properties: 1570 containerName: 1571 description: 'Container name: required for 1572 volumes, optional for env vars' 1573 type: string 1574 divisor: 1575 anyOf: 1576 - type: integer 1577 - type: string 1578 description: Specifies the output format of 1579 the exposed resources, defaults to "1" 1580 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1581 x-kubernetes-int-or-string: true 1582 resource: 1583 description: 'Required: resource to select' 1584 type: string 1585 required: 1586 - resource 1587 type: object 1588 secretKeyRef: 1589 description: Selects a key of a secret in the 1590 pod's namespace 1591 properties: 1592 key: 1593 description: The key of the secret to select 1594 from. Must be a valid secret key. 1595 type: string 1596 name: 1597 description: 'Name of the referent. More info: 1598 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1599 TODO: Add other useful fields. apiVersion, 1600 kind, uid?' 1601 type: string 1602 optional: 1603 description: Specify whether the Secret or 1604 its key must be defined 1605 type: boolean 1606 required: 1607 - key 1608 type: object 1609 type: object 1610 required: 1611 - name 1612 type: object 1613 type: array 1614 envFrom: 1615 description: List of sources to populate environment variables 1616 in the container. The keys defined within a source must 1617 be a C_IDENTIFIER. All invalid keys will be reported as 1618 an event when the container is starting. When a key exists 1619 in multiple sources, the value associated with the last 1620 source will take precedence. Values defined by an Env 1621 with a duplicate key will take precedence. Cannot be updated. 1622 items: 1623 description: EnvFromSource represents the source of a 1624 set of ConfigMaps 1625 properties: 1626 configMapRef: 1627 description: The ConfigMap to select from 1628 properties: 1629 name: 1630 description: 'Name of the referent. More info: 1631 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1632 TODO: Add other useful fields. apiVersion, kind, 1633 uid?' 1634 type: string 1635 optional: 1636 description: Specify whether the ConfigMap must 1637 be defined 1638 type: boolean 1639 type: object 1640 prefix: 1641 description: An optional identifier to prepend to 1642 each key in the ConfigMap. Must be a C_IDENTIFIER. 1643 type: string 1644 secretRef: 1645 description: The Secret to select from 1646 properties: 1647 name: 1648 description: 'Name of the referent. More info: 1649 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1650 TODO: Add other useful fields. apiVersion, kind, 1651 uid?' 1652 type: string 1653 optional: 1654 description: Specify whether the Secret must be 1655 defined 1656 type: boolean 1657 type: object 1658 type: object 1659 type: array 1660 image: 1661 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1662 This field is optional to allow higher level config management 1663 to default or override container images in workload controllers 1664 like Deployments and StatefulSets.' 1665 type: string 1666 imagePullPolicy: 1667 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1668 Defaults to Always if :latest tag is specified, or IfNotPresent 1669 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1670 type: string 1671 lifecycle: 1672 description: Actions that the management system should take 1673 in response to container lifecycle events. Cannot be updated. 1674 properties: 1675 postStart: 1676 description: 'PostStart is called immediately after 1677 a container is created. If the handler fails, the 1678 container is terminated and restarted according to 1679 its restart policy. Other management of the container 1680 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1681 properties: 1682 exec: 1683 description: Exec specifies the action to take. 1684 properties: 1685 command: 1686 description: Command is the command line to 1687 execute inside the container, the working 1688 directory for the command is root ('/') in 1689 the container's filesystem. The command is 1690 simply exec'd, it is not run inside a shell, 1691 so traditional shell instructions ('|', etc) 1692 won't work. To use a shell, you need to explicitly 1693 call out to that shell. Exit status of 0 is 1694 treated as live/healthy and non-zero is unhealthy. 1695 items: 1696 type: string 1697 type: array 1698 type: object 1699 httpGet: 1700 description: HTTPGet specifies the http request 1701 to perform. 1702 properties: 1703 host: 1704 description: Host name to connect to, defaults 1705 to the pod IP. You probably want to set "Host" 1706 in httpHeaders instead. 1707 type: string 1708 httpHeaders: 1709 description: Custom headers to set in the request. 1710 HTTP allows repeated headers. 1711 items: 1712 description: HTTPHeader describes a custom 1713 header to be used in HTTP probes 1714 properties: 1715 name: 1716 description: The header field name 1717 type: string 1718 value: 1719 description: The header field value 1720 type: string 1721 required: 1722 - name 1723 - value 1724 type: object 1725 type: array 1726 path: 1727 description: Path to access on the HTTP server. 1728 type: string 1729 port: 1730 anyOf: 1731 - type: integer 1732 - type: string 1733 description: Name or number of the port to access 1734 on the container. Number must be in the range 1735 1 to 65535. Name must be an IANA_SVC_NAME. 1736 x-kubernetes-int-or-string: true 1737 scheme: 1738 description: Scheme to use for connecting to 1739 the host. Defaults to HTTP. 1740 type: string 1741 required: 1742 - port 1743 type: object 1744 tcpSocket: 1745 description: Deprecated. TCPSocket is NOT supported 1746 as a LifecycleHandler and kept for the backward 1747 compatibility. There are no validation of this 1748 field and lifecycle hooks will fail in runtime 1749 when tcp handler is specified. 1750 properties: 1751 host: 1752 description: 'Optional: Host name to connect 1753 to, defaults to the pod IP.' 1754 type: string 1755 port: 1756 anyOf: 1757 - type: integer 1758 - type: string 1759 description: Number or name of the port to access 1760 on the container. Number must be in the range 1761 1 to 65535. Name must be an IANA_SVC_NAME. 1762 x-kubernetes-int-or-string: true 1763 required: 1764 - port 1765 type: object 1766 type: object 1767 preStop: 1768 description: 'PreStop is called immediately before a 1769 container is terminated due to an API request or management 1770 event such as liveness/startup probe failure, preemption, 1771 resource contention, etc. The handler is not called 1772 if the container crashes or exits. The Pod''s termination 1773 grace period countdown begins before the PreStop hook 1774 is executed. Regardless of the outcome of the handler, 1775 the container will eventually terminate within the 1776 Pod''s termination grace period (unless delayed by 1777 finalizers). Other management of the container blocks 1778 until the hook completes or until the termination 1779 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1780 properties: 1781 exec: 1782 description: Exec specifies the action to take. 1783 properties: 1784 command: 1785 description: Command is the command line to 1786 execute inside the container, the working 1787 directory for the command is root ('/') in 1788 the container's filesystem. The command is 1789 simply exec'd, it is not run inside a shell, 1790 so traditional shell instructions ('|', etc) 1791 won't work. To use a shell, you need to explicitly 1792 call out to that shell. Exit status of 0 is 1793 treated as live/healthy and non-zero is unhealthy. 1794 items: 1795 type: string 1796 type: array 1797 type: object 1798 httpGet: 1799 description: HTTPGet specifies the http request 1800 to perform. 1801 properties: 1802 host: 1803 description: Host name to connect to, defaults 1804 to the pod IP. You probably want to set "Host" 1805 in httpHeaders instead. 1806 type: string 1807 httpHeaders: 1808 description: Custom headers to set in the request. 1809 HTTP allows repeated headers. 1810 items: 1811 description: HTTPHeader describes a custom 1812 header to be used in HTTP probes 1813 properties: 1814 name: 1815 description: The header field name 1816 type: string 1817 value: 1818 description: The header field value 1819 type: string 1820 required: 1821 - name 1822 - value 1823 type: object 1824 type: array 1825 path: 1826 description: Path to access on the HTTP server. 1827 type: string 1828 port: 1829 anyOf: 1830 - type: integer 1831 - type: string 1832 description: Name or number of the port to access 1833 on the container. Number must be in the range 1834 1 to 65535. Name must be an IANA_SVC_NAME. 1835 x-kubernetes-int-or-string: true 1836 scheme: 1837 description: Scheme to use for connecting to 1838 the host. Defaults to HTTP. 1839 type: string 1840 required: 1841 - port 1842 type: object 1843 tcpSocket: 1844 description: Deprecated. TCPSocket is NOT supported 1845 as a LifecycleHandler and kept for the backward 1846 compatibility. There are no validation of this 1847 field and lifecycle hooks will fail in runtime 1848 when tcp handler is specified. 1849 properties: 1850 host: 1851 description: 'Optional: Host name to connect 1852 to, defaults to the pod IP.' 1853 type: string 1854 port: 1855 anyOf: 1856 - type: integer 1857 - type: string 1858 description: Number or name of the port to access 1859 on the container. Number must be in the range 1860 1 to 65535. Name must be an IANA_SVC_NAME. 1861 x-kubernetes-int-or-string: true 1862 required: 1863 - port 1864 type: object 1865 type: object 1866 type: object 1867 livenessProbe: 1868 description: 'Periodic probe of container liveness. Container 1869 will be restarted if the probe fails. Cannot be updated. 1870 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1871 properties: 1872 exec: 1873 description: Exec specifies the action to take. 1874 properties: 1875 command: 1876 description: Command is the command line to execute 1877 inside the container, the working directory for 1878 the command is root ('/') in the container's 1879 filesystem. The command is simply exec'd, it is 1880 not run inside a shell, so traditional shell instructions 1881 ('|', etc) won't work. To use a shell, you need 1882 to explicitly call out to that shell. Exit status 1883 of 0 is treated as live/healthy and non-zero is 1884 unhealthy. 1885 items: 1886 type: string 1887 type: array 1888 type: object 1889 failureThreshold: 1890 description: Minimum consecutive failures for the probe 1891 to be considered failed after having succeeded. Defaults 1892 to 3. Minimum value is 1. 1893 format: int32 1894 type: integer 1895 grpc: 1896 description: GRPC specifies an action involving a GRPC 1897 port. This is a beta field and requires enabling GRPCContainerProbe 1898 feature gate. 1899 properties: 1900 port: 1901 description: Port number of the gRPC service. Number 1902 must be in the range 1 to 65535. 1903 format: int32 1904 type: integer 1905 service: 1906 description: "Service is the name of the service 1907 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1908 \n If this is not specified, the default behavior 1909 is defined by gRPC." 1910 type: string 1911 required: 1912 - port 1913 type: object 1914 httpGet: 1915 description: HTTPGet specifies the http request to perform. 1916 properties: 1917 host: 1918 description: Host name to connect to, defaults to 1919 the pod IP. You probably want to set "Host" in 1920 httpHeaders instead. 1921 type: string 1922 httpHeaders: 1923 description: Custom headers to set in the request. 1924 HTTP allows repeated headers. 1925 items: 1926 description: HTTPHeader describes a custom header 1927 to be used in HTTP probes 1928 properties: 1929 name: 1930 description: The header field name 1931 type: string 1932 value: 1933 description: The header field value 1934 type: string 1935 required: 1936 - name 1937 - value 1938 type: object 1939 type: array 1940 path: 1941 description: Path to access on the HTTP server. 1942 type: string 1943 port: 1944 anyOf: 1945 - type: integer 1946 - type: string 1947 description: Name or number of the port to access 1948 on the container. Number must be in the range 1949 1 to 65535. Name must be an IANA_SVC_NAME. 1950 x-kubernetes-int-or-string: true 1951 scheme: 1952 description: Scheme to use for connecting to the 1953 host. Defaults to HTTP. 1954 type: string 1955 required: 1956 - port 1957 type: object 1958 initialDelaySeconds: 1959 description: 'Number of seconds after the container 1960 has started before liveness probes are initiated. 1961 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1962 format: int32 1963 type: integer 1964 periodSeconds: 1965 description: How often (in seconds) to perform the probe. 1966 Default to 10 seconds. Minimum value is 1. 1967 format: int32 1968 type: integer 1969 successThreshold: 1970 description: Minimum consecutive successes for the probe 1971 to be considered successful after having failed. Defaults 1972 to 1. Must be 1 for liveness and startup. Minimum 1973 value is 1. 1974 format: int32 1975 type: integer 1976 tcpSocket: 1977 description: TCPSocket specifies an action involving 1978 a TCP port. 1979 properties: 1980 host: 1981 description: 'Optional: Host name to connect to, 1982 defaults to the pod IP.' 1983 type: string 1984 port: 1985 anyOf: 1986 - type: integer 1987 - type: string 1988 description: Number or name of the port to access 1989 on the container. Number must be in the range 1990 1 to 65535. Name must be an IANA_SVC_NAME. 1991 x-kubernetes-int-or-string: true 1992 required: 1993 - port 1994 type: object 1995 terminationGracePeriodSeconds: 1996 description: Optional duration in seconds the pod needs 1997 to terminate gracefully upon probe failure. The grace 1998 period is the duration in seconds after the processes 1999 running in the pod are sent a termination signal and 2000 the time when the processes are forcibly halted with 2001 a kill signal. Set this value longer than the expected 2002 cleanup time for your process. If this value is nil, 2003 the pod's terminationGracePeriodSeconds will be used. 2004 Otherwise, this value overrides the value provided 2005 by the pod spec. Value must be non-negative integer. 2006 The value zero indicates stop immediately via the 2007 kill signal (no opportunity to shut down). This is 2008 a beta field and requires enabling ProbeTerminationGracePeriod 2009 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2010 is used if unset. 2011 format: int64 2012 type: integer 2013 timeoutSeconds: 2014 description: 'Number of seconds after which the probe 2015 times out. Defaults to 1 second. Minimum value is 2016 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2017 format: int32 2018 type: integer 2019 type: object 2020 name: 2021 description: Name of the container specified as a DNS_LABEL. 2022 Each container in a pod must have a unique name (DNS_LABEL). 2023 Cannot be updated. 2024 type: string 2025 ports: 2026 description: List of ports to expose from the container. 2027 Exposing a port here gives the system additional information 2028 about the network connections a container uses, but is 2029 primarily informational. Not specifying a port here DOES 2030 NOT prevent that port from being exposed. Any port which 2031 is listening on the default "0.0.0.0" address inside a 2032 container will be accessible from the network. Cannot 2033 be updated. 2034 items: 2035 description: ContainerPort represents a network port in 2036 a single container. 2037 properties: 2038 containerPort: 2039 description: Number of port to expose on the pod's 2040 IP address. This must be a valid port number, 0 2041 < x < 65536. 2042 format: int32 2043 type: integer 2044 hostIP: 2045 description: What host IP to bind the external port 2046 to. 2047 type: string 2048 hostPort: 2049 description: Number of port to expose on the host. 2050 If specified, this must be a valid port number, 2051 0 < x < 65536. If HostNetwork is specified, this 2052 must match ContainerPort. Most containers do not 2053 need this. 2054 format: int32 2055 type: integer 2056 name: 2057 description: If specified, this must be an IANA_SVC_NAME 2058 and unique within the pod. Each named port in a 2059 pod must have a unique name. Name for the port that 2060 can be referred to by services. 2061 type: string 2062 protocol: 2063 default: TCP 2064 description: Protocol for port. Must be UDP, TCP, 2065 or SCTP. Defaults to "TCP". 2066 type: string 2067 required: 2068 - containerPort 2069 type: object 2070 type: array 2071 x-kubernetes-list-map-keys: 2072 - containerPort 2073 - protocol 2074 x-kubernetes-list-type: map 2075 readinessProbe: 2076 description: 'Periodic probe of container service readiness. 2077 Container will be removed from service endpoints if the 2078 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2079 properties: 2080 exec: 2081 description: Exec specifies the action to take. 2082 properties: 2083 command: 2084 description: Command is the command line to execute 2085 inside the container, the working directory for 2086 the command is root ('/') in the container's 2087 filesystem. The command is simply exec'd, it is 2088 not run inside a shell, so traditional shell instructions 2089 ('|', etc) won't work. To use a shell, you need 2090 to explicitly call out to that shell. Exit status 2091 of 0 is treated as live/healthy and non-zero is 2092 unhealthy. 2093 items: 2094 type: string 2095 type: array 2096 type: object 2097 failureThreshold: 2098 description: Minimum consecutive failures for the probe 2099 to be considered failed after having succeeded. Defaults 2100 to 3. Minimum value is 1. 2101 format: int32 2102 type: integer 2103 grpc: 2104 description: GRPC specifies an action involving a GRPC 2105 port. This is a beta field and requires enabling GRPCContainerProbe 2106 feature gate. 2107 properties: 2108 port: 2109 description: Port number of the gRPC service. Number 2110 must be in the range 1 to 65535. 2111 format: int32 2112 type: integer 2113 service: 2114 description: "Service is the name of the service 2115 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2116 \n If this is not specified, the default behavior 2117 is defined by gRPC." 2118 type: string 2119 required: 2120 - port 2121 type: object 2122 httpGet: 2123 description: HTTPGet specifies the http request to perform. 2124 properties: 2125 host: 2126 description: Host name to connect to, defaults to 2127 the pod IP. You probably want to set "Host" in 2128 httpHeaders instead. 2129 type: string 2130 httpHeaders: 2131 description: Custom headers to set in the request. 2132 HTTP allows repeated headers. 2133 items: 2134 description: HTTPHeader describes a custom header 2135 to be used in HTTP probes 2136 properties: 2137 name: 2138 description: The header field name 2139 type: string 2140 value: 2141 description: The header field value 2142 type: string 2143 required: 2144 - name 2145 - value 2146 type: object 2147 type: array 2148 path: 2149 description: Path to access on the HTTP server. 2150 type: string 2151 port: 2152 anyOf: 2153 - type: integer 2154 - type: string 2155 description: Name or number of the port to access 2156 on the container. Number must be in the range 2157 1 to 65535. Name must be an IANA_SVC_NAME. 2158 x-kubernetes-int-or-string: true 2159 scheme: 2160 description: Scheme to use for connecting to the 2161 host. Defaults to HTTP. 2162 type: string 2163 required: 2164 - port 2165 type: object 2166 initialDelaySeconds: 2167 description: 'Number of seconds after the container 2168 has started before liveness probes are initiated. 2169 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2170 format: int32 2171 type: integer 2172 periodSeconds: 2173 description: How often (in seconds) to perform the probe. 2174 Default to 10 seconds. Minimum value is 1. 2175 format: int32 2176 type: integer 2177 successThreshold: 2178 description: Minimum consecutive successes for the probe 2179 to be considered successful after having failed. Defaults 2180 to 1. Must be 1 for liveness and startup. Minimum 2181 value is 1. 2182 format: int32 2183 type: integer 2184 tcpSocket: 2185 description: TCPSocket specifies an action involving 2186 a TCP port. 2187 properties: 2188 host: 2189 description: 'Optional: Host name to connect to, 2190 defaults to the pod IP.' 2191 type: string 2192 port: 2193 anyOf: 2194 - type: integer 2195 - type: string 2196 description: Number or name of the port to access 2197 on the container. Number must be in the range 2198 1 to 65535. Name must be an IANA_SVC_NAME. 2199 x-kubernetes-int-or-string: true 2200 required: 2201 - port 2202 type: object 2203 terminationGracePeriodSeconds: 2204 description: Optional duration in seconds the pod needs 2205 to terminate gracefully upon probe failure. The grace 2206 period is the duration in seconds after the processes 2207 running in the pod are sent a termination signal and 2208 the time when the processes are forcibly halted with 2209 a kill signal. Set this value longer than the expected 2210 cleanup time for your process. If this value is nil, 2211 the pod's terminationGracePeriodSeconds will be used. 2212 Otherwise, this value overrides the value provided 2213 by the pod spec. Value must be non-negative integer. 2214 The value zero indicates stop immediately via the 2215 kill signal (no opportunity to shut down). This is 2216 a beta field and requires enabling ProbeTerminationGracePeriod 2217 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2218 is used if unset. 2219 format: int64 2220 type: integer 2221 timeoutSeconds: 2222 description: 'Number of seconds after which the probe 2223 times out. Defaults to 1 second. Minimum value is 2224 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2225 format: int32 2226 type: integer 2227 type: object 2228 resources: 2229 description: 'Compute Resources required by this container. 2230 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2231 properties: 2232 limits: 2233 additionalProperties: 2234 anyOf: 2235 - type: integer 2236 - type: string 2237 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2238 x-kubernetes-int-or-string: true 2239 description: 'Limits describes the maximum amount of 2240 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2241 type: object 2242 requests: 2243 additionalProperties: 2244 anyOf: 2245 - type: integer 2246 - type: string 2247 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2248 x-kubernetes-int-or-string: true 2249 description: 'Requests describes the minimum amount 2250 of compute resources required. If Requests is omitted 2251 for a container, it defaults to Limits if that is 2252 explicitly specified, otherwise to an implementation-defined 2253 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2254 type: object 2255 type: object 2256 securityContext: 2257 description: 'SecurityContext defines the security options 2258 the container should be run with. If set, the fields of 2259 SecurityContext override the equivalent fields of PodSecurityContext. 2260 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2261 properties: 2262 allowPrivilegeEscalation: 2263 description: 'AllowPrivilegeEscalation controls whether 2264 a process can gain more privileges than its parent 2265 process. This bool directly controls if the no_new_privs 2266 flag will be set on the container process. AllowPrivilegeEscalation 2267 is true always when the container is: 1) run as Privileged 2268 2) has CAP_SYS_ADMIN Note that this field cannot be 2269 set when spec.os.name is windows.' 2270 type: boolean 2271 capabilities: 2272 description: The capabilities to add/drop when running 2273 containers. Defaults to the default set of capabilities 2274 granted by the container runtime. Note that this field 2275 cannot be set when spec.os.name is windows. 2276 properties: 2277 add: 2278 description: Added capabilities 2279 items: 2280 description: Capability represent POSIX capabilities 2281 type 2282 type: string 2283 type: array 2284 drop: 2285 description: Removed capabilities 2286 items: 2287 description: Capability represent POSIX capabilities 2288 type 2289 type: string 2290 type: array 2291 type: object 2292 privileged: 2293 description: Run container in privileged mode. Processes 2294 in privileged containers are essentially equivalent 2295 to root on the host. Defaults to false. Note that 2296 this field cannot be set when spec.os.name is windows. 2297 type: boolean 2298 procMount: 2299 description: procMount denotes the type of proc mount 2300 to use for the containers. The default is DefaultProcMount 2301 which uses the container runtime defaults for readonly 2302 paths and masked paths. This requires the ProcMountType 2303 feature flag to be enabled. Note that this field cannot 2304 be set when spec.os.name is windows. 2305 type: string 2306 readOnlyRootFilesystem: 2307 description: Whether this container has a read-only 2308 root filesystem. Default is false. Note that this 2309 field cannot be set when spec.os.name is windows. 2310 type: boolean 2311 runAsGroup: 2312 description: The GID to run the entrypoint of the container 2313 process. Uses runtime default if unset. May also be 2314 set in PodSecurityContext. If set in both SecurityContext 2315 and PodSecurityContext, the value specified in SecurityContext 2316 takes precedence. Note that this field cannot be set 2317 when spec.os.name is windows. 2318 format: int64 2319 type: integer 2320 runAsNonRoot: 2321 description: Indicates that the container must run as 2322 a non-root user. If true, the Kubelet will validate 2323 the image at runtime to ensure that it does not run 2324 as UID 0 (root) and fail to start the container if 2325 it does. If unset or false, no such validation will 2326 be performed. May also be set in PodSecurityContext. If 2327 set in both SecurityContext and PodSecurityContext, 2328 the value specified in SecurityContext takes precedence. 2329 type: boolean 2330 runAsUser: 2331 description: The UID to run the entrypoint of the container 2332 process. Defaults to user specified in image metadata 2333 if unspecified. May also be set in PodSecurityContext. If 2334 set in both SecurityContext and PodSecurityContext, 2335 the value specified in SecurityContext takes precedence. 2336 Note that this field cannot be set when spec.os.name 2337 is windows. 2338 format: int64 2339 type: integer 2340 seLinuxOptions: 2341 description: The SELinux context to be applied to the 2342 container. If unspecified, the container runtime will 2343 allocate a random SELinux context for each container. May 2344 also be set in PodSecurityContext. If set in both 2345 SecurityContext and PodSecurityContext, the value 2346 specified in SecurityContext takes precedence. Note 2347 that this field cannot be set when spec.os.name is 2348 windows. 2349 properties: 2350 level: 2351 description: Level is SELinux level label that applies 2352 to the container. 2353 type: string 2354 role: 2355 description: Role is a SELinux role label that applies 2356 to the container. 2357 type: string 2358 type: 2359 description: Type is a SELinux type label that applies 2360 to the container. 2361 type: string 2362 user: 2363 description: User is a SELinux user label that applies 2364 to the container. 2365 type: string 2366 type: object 2367 seccompProfile: 2368 description: The seccomp options to use by this container. 2369 If seccomp options are provided at both the pod & 2370 container level, the container options override the 2371 pod options. Note that this field cannot be set when 2372 spec.os.name is windows. 2373 properties: 2374 localhostProfile: 2375 description: localhostProfile indicates a profile 2376 defined in a file on the node should be used. 2377 The profile must be preconfigured on the node 2378 to work. Must be a descending path, relative to 2379 the kubelet's configured seccomp profile location. 2380 Must only be set if type is "Localhost". 2381 type: string 2382 type: 2383 description: "type indicates which kind of seccomp 2384 profile will be applied. Valid options are: \n 2385 Localhost - a profile defined in a file on the 2386 node should be used. RuntimeDefault - the container 2387 runtime default profile should be used. Unconfined 2388 - no profile should be applied." 2389 type: string 2390 required: 2391 - type 2392 type: object 2393 windowsOptions: 2394 description: The Windows specific settings applied to 2395 all containers. If unspecified, the options from the 2396 PodSecurityContext will be used. If set in both SecurityContext 2397 and PodSecurityContext, the value specified in SecurityContext 2398 takes precedence. Note that this field cannot be set 2399 when spec.os.name is linux. 2400 properties: 2401 gmsaCredentialSpec: 2402 description: GMSACredentialSpec is where the GMSA 2403 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2404 inlines the contents of the GMSA credential spec 2405 named by the GMSACredentialSpecName field. 2406 type: string 2407 gmsaCredentialSpecName: 2408 description: GMSACredentialSpecName is the name 2409 of the GMSA credential spec to use. 2410 type: string 2411 hostProcess: 2412 description: HostProcess determines if a container 2413 should be run as a 'Host Process' container. This 2414 field is alpha-level and will only be honored 2415 by components that enable the WindowsHostProcessContainers 2416 feature flag. Setting this field without the feature 2417 flag will result in errors when validating the 2418 Pod. All of a Pod's containers must have the same 2419 effective HostProcess value (it is not allowed 2420 to have a mix of HostProcess containers and non-HostProcess 2421 containers). In addition, if HostProcess is true 2422 then HostNetwork must also be set to true. 2423 type: boolean 2424 runAsUserName: 2425 description: The UserName in Windows to run the 2426 entrypoint of the container process. Defaults 2427 to the user specified in image metadata if unspecified. 2428 May also be set in PodSecurityContext. If set 2429 in both SecurityContext and PodSecurityContext, 2430 the value specified in SecurityContext takes precedence. 2431 type: string 2432 type: object 2433 type: object 2434 startupProbe: 2435 description: 'StartupProbe indicates that the Pod has successfully 2436 initialized. If specified, no other probes are executed 2437 until this completes successfully. If this probe fails, 2438 the Pod will be restarted, just as if the livenessProbe 2439 failed. This can be used to provide different probe parameters 2440 at the beginning of a Pod''s lifecycle, when it might 2441 take a long time to load data or warm a cache, than during 2442 steady-state operation. This cannot be updated. More info: 2443 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2444 properties: 2445 exec: 2446 description: Exec specifies the action to take. 2447 properties: 2448 command: 2449 description: Command is the command line to execute 2450 inside the container, the working directory for 2451 the command is root ('/') in the container's 2452 filesystem. The command is simply exec'd, it is 2453 not run inside a shell, so traditional shell instructions 2454 ('|', etc) won't work. To use a shell, you need 2455 to explicitly call out to that shell. Exit status 2456 of 0 is treated as live/healthy and non-zero is 2457 unhealthy. 2458 items: 2459 type: string 2460 type: array 2461 type: object 2462 failureThreshold: 2463 description: Minimum consecutive failures for the probe 2464 to be considered failed after having succeeded. Defaults 2465 to 3. Minimum value is 1. 2466 format: int32 2467 type: integer 2468 grpc: 2469 description: GRPC specifies an action involving a GRPC 2470 port. This is a beta field and requires enabling GRPCContainerProbe 2471 feature gate. 2472 properties: 2473 port: 2474 description: Port number of the gRPC service. Number 2475 must be in the range 1 to 65535. 2476 format: int32 2477 type: integer 2478 service: 2479 description: "Service is the name of the service 2480 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2481 \n If this is not specified, the default behavior 2482 is defined by gRPC." 2483 type: string 2484 required: 2485 - port 2486 type: object 2487 httpGet: 2488 description: HTTPGet specifies the http request to perform. 2489 properties: 2490 host: 2491 description: Host name to connect to, defaults to 2492 the pod IP. You probably want to set "Host" in 2493 httpHeaders instead. 2494 type: string 2495 httpHeaders: 2496 description: Custom headers to set in the request. 2497 HTTP allows repeated headers. 2498 items: 2499 description: HTTPHeader describes a custom header 2500 to be used in HTTP probes 2501 properties: 2502 name: 2503 description: The header field name 2504 type: string 2505 value: 2506 description: The header field value 2507 type: string 2508 required: 2509 - name 2510 - value 2511 type: object 2512 type: array 2513 path: 2514 description: Path to access on the HTTP server. 2515 type: string 2516 port: 2517 anyOf: 2518 - type: integer 2519 - type: string 2520 description: Name or number of the port to access 2521 on the container. Number must be in the range 2522 1 to 65535. Name must be an IANA_SVC_NAME. 2523 x-kubernetes-int-or-string: true 2524 scheme: 2525 description: Scheme to use for connecting to the 2526 host. Defaults to HTTP. 2527 type: string 2528 required: 2529 - port 2530 type: object 2531 initialDelaySeconds: 2532 description: 'Number of seconds after the container 2533 has started before liveness probes are initiated. 2534 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2535 format: int32 2536 type: integer 2537 periodSeconds: 2538 description: How often (in seconds) to perform the probe. 2539 Default to 10 seconds. Minimum value is 1. 2540 format: int32 2541 type: integer 2542 successThreshold: 2543 description: Minimum consecutive successes for the probe 2544 to be considered successful after having failed. Defaults 2545 to 1. Must be 1 for liveness and startup. Minimum 2546 value is 1. 2547 format: int32 2548 type: integer 2549 tcpSocket: 2550 description: TCPSocket specifies an action involving 2551 a TCP port. 2552 properties: 2553 host: 2554 description: 'Optional: Host name to connect to, 2555 defaults to the pod IP.' 2556 type: string 2557 port: 2558 anyOf: 2559 - type: integer 2560 - type: string 2561 description: Number or name of the port to access 2562 on the container. Number must be in the range 2563 1 to 65535. Name must be an IANA_SVC_NAME. 2564 x-kubernetes-int-or-string: true 2565 required: 2566 - port 2567 type: object 2568 terminationGracePeriodSeconds: 2569 description: Optional duration in seconds the pod needs 2570 to terminate gracefully upon probe failure. The grace 2571 period is the duration in seconds after the processes 2572 running in the pod are sent a termination signal and 2573 the time when the processes are forcibly halted with 2574 a kill signal. Set this value longer than the expected 2575 cleanup time for your process. If this value is nil, 2576 the pod's terminationGracePeriodSeconds will be used. 2577 Otherwise, this value overrides the value provided 2578 by the pod spec. Value must be non-negative integer. 2579 The value zero indicates stop immediately via the 2580 kill signal (no opportunity to shut down). This is 2581 a beta field and requires enabling ProbeTerminationGracePeriod 2582 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2583 is used if unset. 2584 format: int64 2585 type: integer 2586 timeoutSeconds: 2587 description: 'Number of seconds after which the probe 2588 times out. Defaults to 1 second. Minimum value is 2589 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2590 format: int32 2591 type: integer 2592 type: object 2593 stdin: 2594 description: Whether this container should allocate a buffer 2595 for stdin in the container runtime. If this is not set, 2596 reads from stdin in the container will always result in 2597 EOF. Default is false. 2598 type: boolean 2599 stdinOnce: 2600 description: Whether the container runtime should close 2601 the stdin channel after it has been opened by a single 2602 attach. When stdin is true the stdin stream will remain 2603 open across multiple attach sessions. If stdinOnce is 2604 set to true, stdin is opened on container start, is empty 2605 until the first client attaches to stdin, and then remains 2606 open and accepts data until the client disconnects, at 2607 which time stdin is closed and remains closed until the 2608 container is restarted. If this flag is false, a container 2609 processes that reads from stdin will never receive an 2610 EOF. Default is false 2611 type: boolean 2612 terminationMessagePath: 2613 description: 'Optional: Path at which the file to which 2614 the container''s termination message will be written is 2615 mounted into the container''s filesystem. Message written 2616 is intended to be brief final status, such as an assertion 2617 failure message. Will be truncated by the node if greater 2618 than 4096 bytes. The total message length across all containers 2619 will be limited to 12kb. Defaults to /dev/termination-log. 2620 Cannot be updated.' 2621 type: string 2622 terminationMessagePolicy: 2623 description: Indicate how the termination message should 2624 be populated. File will use the contents of terminationMessagePath 2625 to populate the container status message on both success 2626 and failure. FallbackToLogsOnError will use the last chunk 2627 of container log output if the termination message file 2628 is empty and the container exited with an error. The log 2629 output is limited to 2048 bytes or 80 lines, whichever 2630 is smaller. Defaults to File. Cannot be updated. 2631 type: string 2632 tty: 2633 description: Whether this container should allocate a TTY 2634 for itself, also requires 'stdin' to be true. Default 2635 is false. 2636 type: boolean 2637 volumeDevices: 2638 description: volumeDevices is the list of block devices 2639 to be used by the container. 2640 items: 2641 description: volumeDevice describes a mapping of a raw 2642 block device within a container. 2643 properties: 2644 devicePath: 2645 description: devicePath is the path inside of the 2646 container that the device will be mapped to. 2647 type: string 2648 name: 2649 description: name must match the name of a persistentVolumeClaim 2650 in the pod 2651 type: string 2652 required: 2653 - devicePath 2654 - name 2655 type: object 2656 type: array 2657 volumeMounts: 2658 description: Pod volumes to mount into the container's filesystem. 2659 Cannot be updated. 2660 items: 2661 description: VolumeMount describes a mounting of a Volume 2662 within a container. 2663 properties: 2664 mountPath: 2665 description: Path within the container at which the 2666 volume should be mounted. Must not contain ':'. 2667 type: string 2668 mountPropagation: 2669 description: mountPropagation determines how mounts 2670 are propagated from the host to container and the 2671 other way around. When not set, MountPropagationNone 2672 is used. This field is beta in 1.10. 2673 type: string 2674 name: 2675 description: This must match the Name of a Volume. 2676 type: string 2677 readOnly: 2678 description: Mounted read-only if true, read-write 2679 otherwise (false or unspecified). Defaults to false. 2680 type: boolean 2681 subPath: 2682 description: Path within the volume from which the 2683 container's volume should be mounted. Defaults to 2684 "" (volume's root). 2685 type: string 2686 subPathExpr: 2687 description: Expanded path within the volume from 2688 which the container's volume should be mounted. 2689 Behaves similarly to SubPath but environment variable 2690 references $(VAR_NAME) are expanded using the container's 2691 environment. Defaults to "" (volume's root). SubPathExpr 2692 and SubPath are mutually exclusive. 2693 type: string 2694 required: 2695 - mountPath 2696 - name 2697 type: object 2698 type: array 2699 workingDir: 2700 description: Container's working directory. If not specified, 2701 the container runtime's default will be used, which might 2702 be configured in the container image. Cannot be updated. 2703 type: string 2704 required: 2705 - name 2706 type: object 2707 type: array 2708 extraVolumeMounts: 2709 items: 2710 description: VolumeMount describes a mounting of a Volume within 2711 a container. 2712 properties: 2713 mountPath: 2714 description: Path within the container at which the volume 2715 should be mounted. Must not contain ':'. 2716 type: string 2717 mountPropagation: 2718 description: mountPropagation determines how mounts are 2719 propagated from the host to container and the other way 2720 around. When not set, MountPropagationNone is used. This 2721 field is beta in 1.10. 2722 type: string 2723 name: 2724 description: This must match the Name of a Volume. 2725 type: string 2726 readOnly: 2727 description: Mounted read-only if true, read-write otherwise 2728 (false or unspecified). Defaults to false. 2729 type: boolean 2730 subPath: 2731 description: Path within the volume from which the container's 2732 volume should be mounted. Defaults to "" (volume's root). 2733 type: string 2734 subPathExpr: 2735 description: Expanded path within the volume from which 2736 the container's volume should be mounted. Behaves similarly 2737 to SubPath but environment variable references $(VAR_NAME) 2738 are expanded using the container's environment. Defaults 2739 to "" (volume's root). SubPathExpr and SubPath are mutually 2740 exclusive. 2741 type: string 2742 required: 2743 - mountPath 2744 - name 2745 type: object 2746 type: array 2747 extraVolumes: 2748 items: 2749 description: Volume represents a named volume in a pod that 2750 may be accessed by any container in the pod. 2751 properties: 2752 awsElasticBlockStore: 2753 description: 'awsElasticBlockStore represents an AWS Disk 2754 resource that is attached to a kubelet''s host machine 2755 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2756 properties: 2757 fsType: 2758 description: 'fsType is the filesystem type of the volume 2759 that you want to mount. Tip: Ensure that the filesystem 2760 type is supported by the host operating system. Examples: 2761 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 2762 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 2763 TODO: how do we prevent errors in the filesystem from 2764 compromising the machine' 2765 type: string 2766 partition: 2767 description: 'partition is the partition in the volume 2768 that you want to mount. If omitted, the default is 2769 to mount by volume name. Examples: For volume /dev/sda1, 2770 you specify the partition as "1". Similarly, the volume 2771 partition for /dev/sda is "0" (or you can leave the 2772 property empty).' 2773 format: int32 2774 type: integer 2775 readOnly: 2776 description: 'readOnly value true will force the readOnly 2777 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2778 type: boolean 2779 volumeID: 2780 description: 'volumeID is unique ID of the persistent 2781 disk resource in AWS (Amazon EBS volume). More info: 2782 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2783 type: string 2784 required: 2785 - volumeID 2786 type: object 2787 azureDisk: 2788 description: azureDisk represents an Azure Data Disk mount 2789 on the host and bind mount to the pod. 2790 properties: 2791 cachingMode: 2792 description: 'cachingMode is the Host Caching mode: 2793 None, Read Only, Read Write.' 2794 type: string 2795 diskName: 2796 description: diskName is the Name of the data disk in 2797 the blob storage 2798 type: string 2799 diskURI: 2800 description: diskURI is the URI of data disk in the 2801 blob storage 2802 type: string 2803 fsType: 2804 description: fsType is Filesystem type to mount. Must 2805 be a filesystem type supported by the host operating 2806 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 2807 to be "ext4" if unspecified. 2808 type: string 2809 kind: 2810 description: 'kind expected values are Shared: multiple 2811 blob disks per storage account Dedicated: single 2812 blob disk per storage account Managed: azure managed 2813 data disk (only in managed availability set). defaults 2814 to shared' 2815 type: string 2816 readOnly: 2817 description: readOnly Defaults to false (read/write). 2818 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2819 type: boolean 2820 required: 2821 - diskName 2822 - diskURI 2823 type: object 2824 azureFile: 2825 description: azureFile represents an Azure File Service 2826 mount on the host and bind mount to the pod. 2827 properties: 2828 readOnly: 2829 description: readOnly defaults to false (read/write). 2830 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2831 type: boolean 2832 secretName: 2833 description: secretName is the name of secret that 2834 contains Azure Storage Account Name and Key 2835 type: string 2836 shareName: 2837 description: shareName is the azure share Name 2838 type: string 2839 required: 2840 - secretName 2841 - shareName 2842 type: object 2843 cephfs: 2844 description: cephFS represents a Ceph FS mount on the host 2845 that shares a pod's lifetime 2846 properties: 2847 monitors: 2848 description: 'monitors is Required: Monitors is a collection 2849 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2850 items: 2851 type: string 2852 type: array 2853 path: 2854 description: 'path is Optional: Used as the mounted 2855 root, rather than the full Ceph tree, default is /' 2856 type: string 2857 readOnly: 2858 description: 'readOnly is Optional: Defaults to false 2859 (read/write). ReadOnly here will force the ReadOnly 2860 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2861 type: boolean 2862 secretFile: 2863 description: 'secretFile is Optional: SecretFile is 2864 the path to key ring for User, default is /etc/ceph/user.secret 2865 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2866 type: string 2867 secretRef: 2868 description: 'secretRef is Optional: SecretRef is reference 2869 to the authentication secret for User, default is 2870 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2871 properties: 2872 name: 2873 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2874 TODO: Add other useful fields. apiVersion, kind, 2875 uid?' 2876 type: string 2877 type: object 2878 user: 2879 description: 'user is optional: User is the rados user 2880 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2881 type: string 2882 required: 2883 - monitors 2884 type: object 2885 cinder: 2886 description: 'cinder represents a cinder volume attached 2887 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2888 properties: 2889 fsType: 2890 description: 'fsType is the filesystem type to mount. 2891 Must be a filesystem type supported by the host operating 2892 system. Examples: "ext4", "xfs", "ntfs". Implicitly 2893 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2894 type: string 2895 readOnly: 2896 description: 'readOnly defaults to false (read/write). 2897 ReadOnly here will force the ReadOnly setting in VolumeMounts. 2898 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2899 type: boolean 2900 secretRef: 2901 description: 'secretRef is optional: points to a secret 2902 object containing parameters used to connect to OpenStack.' 2903 properties: 2904 name: 2905 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2906 TODO: Add other useful fields. apiVersion, kind, 2907 uid?' 2908 type: string 2909 type: object 2910 volumeID: 2911 description: 'volumeID used to identify the volume in 2912 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2913 type: string 2914 required: 2915 - volumeID 2916 type: object 2917 configMap: 2918 description: configMap represents a configMap that should 2919 populate this volume 2920 properties: 2921 defaultMode: 2922 description: 'defaultMode is optional: mode bits used 2923 to set permissions on created files by default. Must 2924 be an octal value between 0000 and 0777 or a decimal 2925 value between 0 and 511. YAML accepts both octal and 2926 decimal values, JSON requires decimal values for mode 2927 bits. Defaults to 0644. Directories within the path 2928 are not affected by this setting. This might be in 2929 conflict with other options that affect the file mode, 2930 like fsGroup, and the result can be other mode bits 2931 set.' 2932 format: int32 2933 type: integer 2934 items: 2935 description: items if unspecified, each key-value pair 2936 in the Data field of the referenced ConfigMap will 2937 be projected into the volume as a file whose name 2938 is the key and content is the value. If specified, 2939 the listed keys will be projected into the specified 2940 paths, and unlisted keys will not be present. If a 2941 key is specified which is not present in the ConfigMap, 2942 the volume setup will error unless it is marked optional. 2943 Paths must be relative and may not contain the '..' 2944 path or start with '..'. 2945 items: 2946 description: Maps a string key to a path within a 2947 volume. 2948 properties: 2949 key: 2950 description: key is the key to project. 2951 type: string 2952 mode: 2953 description: 'mode is Optional: mode bits used 2954 to set permissions on this file. Must be an 2955 octal value between 0000 and 0777 or a decimal 2956 value between 0 and 511. YAML accepts both octal 2957 and decimal values, JSON requires decimal values 2958 for mode bits. If not specified, the volume 2959 defaultMode will be used. This might be in conflict 2960 with other options that affect the file mode, 2961 like fsGroup, and the result can be other mode 2962 bits set.' 2963 format: int32 2964 type: integer 2965 path: 2966 description: path is the relative path of the 2967 file to map the key to. May not be an absolute 2968 path. May not contain the path element '..'. 2969 May not start with the string '..'. 2970 type: string 2971 required: 2972 - key 2973 - path 2974 type: object 2975 type: array 2976 name: 2977 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2978 TODO: Add other useful fields. apiVersion, kind, uid?' 2979 type: string 2980 optional: 2981 description: optional specify whether the ConfigMap 2982 or its keys must be defined 2983 type: boolean 2984 type: object 2985 csi: 2986 description: csi (Container Storage Interface) represents 2987 ephemeral storage that is handled by certain external 2988 CSI drivers (Beta feature). 2989 properties: 2990 driver: 2991 description: driver is the name of the CSI driver that 2992 handles this volume. Consult with your admin for the 2993 correct name as registered in the cluster. 2994 type: string 2995 fsType: 2996 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 2997 If not provided, the empty value is passed to the 2998 associated CSI driver which will determine the default 2999 filesystem to apply. 3000 type: string 3001 nodePublishSecretRef: 3002 description: nodePublishSecretRef is a reference to 3003 the secret object containing sensitive information 3004 to pass to the CSI driver to complete the CSI NodePublishVolume 3005 and NodeUnpublishVolume calls. This field is optional, 3006 and may be empty if no secret is required. If the 3007 secret object contains more than one secret, all secret 3008 references are passed. 3009 properties: 3010 name: 3011 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3012 TODO: Add other useful fields. apiVersion, kind, 3013 uid?' 3014 type: string 3015 type: object 3016 readOnly: 3017 description: readOnly specifies a read-only configuration 3018 for the volume. Defaults to false (read/write). 3019 type: boolean 3020 volumeAttributes: 3021 additionalProperties: 3022 type: string 3023 description: volumeAttributes stores driver-specific 3024 properties that are passed to the CSI driver. Consult 3025 your driver's documentation for supported values. 3026 type: object 3027 required: 3028 - driver 3029 type: object 3030 downwardAPI: 3031 description: downwardAPI represents downward API about the 3032 pod that should populate this volume 3033 properties: 3034 defaultMode: 3035 description: 'Optional: mode bits to use on created 3036 files by default. Must be a Optional: mode bits used 3037 to set permissions on created files by default. Must 3038 be an octal value between 0000 and 0777 or a decimal 3039 value between 0 and 511. YAML accepts both octal and 3040 decimal values, JSON requires decimal values for mode 3041 bits. Defaults to 0644. Directories within the path 3042 are not affected by this setting. This might be in 3043 conflict with other options that affect the file mode, 3044 like fsGroup, and the result can be other mode bits 3045 set.' 3046 format: int32 3047 type: integer 3048 items: 3049 description: Items is a list of downward API volume 3050 file 3051 items: 3052 description: DownwardAPIVolumeFile represents information 3053 to create the file containing the pod field 3054 properties: 3055 fieldRef: 3056 description: 'Required: Selects a field of the 3057 pod: only annotations, labels, name and namespace 3058 are supported.' 3059 properties: 3060 apiVersion: 3061 description: Version of the schema the FieldPath 3062 is written in terms of, defaults to "v1". 3063 type: string 3064 fieldPath: 3065 description: Path of the field to select in 3066 the specified API version. 3067 type: string 3068 required: 3069 - fieldPath 3070 type: object 3071 mode: 3072 description: 'Optional: mode bits used to set 3073 permissions on this file, must be an octal value 3074 between 0000 and 0777 or a decimal value between 3075 0 and 511. YAML accepts both octal and decimal 3076 values, JSON requires decimal values for mode 3077 bits. If not specified, the volume defaultMode 3078 will be used. This might be in conflict with 3079 other options that affect the file mode, like 3080 fsGroup, and the result can be other mode bits 3081 set.' 3082 format: int32 3083 type: integer 3084 path: 3085 description: 'Required: Path is the relative 3086 path name of the file to be created. Must not 3087 be absolute or contain the ''..'' path. Must 3088 be utf-8 encoded. The first item of the relative 3089 path must not start with ''..''' 3090 type: string 3091 resourceFieldRef: 3092 description: 'Selects a resource of the container: 3093 only resources limits and requests (limits.cpu, 3094 limits.memory, requests.cpu and requests.memory) 3095 are currently supported.' 3096 properties: 3097 containerName: 3098 description: 'Container name: required for 3099 volumes, optional for env vars' 3100 type: string 3101 divisor: 3102 anyOf: 3103 - type: integer 3104 - type: string 3105 description: Specifies the output format of 3106 the exposed resources, defaults to "1" 3107 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3108 x-kubernetes-int-or-string: true 3109 resource: 3110 description: 'Required: resource to select' 3111 type: string 3112 required: 3113 - resource 3114 type: object 3115 required: 3116 - path 3117 type: object 3118 type: array 3119 type: object 3120 emptyDir: 3121 description: 'emptyDir represents a temporary directory 3122 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3123 properties: 3124 medium: 3125 description: 'medium represents what type of storage 3126 medium should back this directory. The default is 3127 "" which means to use the node''s default medium. 3128 Must be an empty string (default) or Memory. More 3129 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 3130 type: string 3131 sizeLimit: 3132 anyOf: 3133 - type: integer 3134 - type: string 3135 description: 'sizeLimit is the total amount of local 3136 storage required for this EmptyDir volume. The size 3137 limit is also applicable for memory medium. The maximum 3138 usage on memory medium EmptyDir would be the minimum 3139 value between the SizeLimit specified here and the 3140 sum of memory limits of all containers in a pod. The 3141 default is nil which means that the limit is undefined. 3142 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 3143 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3144 x-kubernetes-int-or-string: true 3145 type: object 3146 ephemeral: 3147 description: "ephemeral represents a volume that is handled 3148 by a cluster storage driver. The volume's lifecycle is 3149 tied to the pod that defines it - it will be created before 3150 the pod starts, and deleted when the pod is removed. \n 3151 Use this if: a) the volume is only needed while the pod 3152 runs, b) features of normal volumes like restoring from 3153 snapshot or capacity tracking are needed, c) the storage 3154 driver is specified through a storage class, and d) the 3155 storage driver supports dynamic volume provisioning through 3156 \ a PersistentVolumeClaim (see EphemeralVolumeSource 3157 for more information on the connection between this 3158 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 3159 or one of the vendor-specific APIs for volumes that persist 3160 for longer than the lifecycle of an individual pod. \n 3161 Use CSI for light-weight local ephemeral volumes if the 3162 CSI driver is meant to be used that way - see the documentation 3163 of the driver for more information. \n A pod can use both 3164 types of ephemeral volumes and persistent volumes at the 3165 same time." 3166 properties: 3167 volumeClaimTemplate: 3168 description: "Will be used to create a stand-alone PVC 3169 to provision the volume. The pod in which this EphemeralVolumeSource 3170 is embedded will be the owner of the PVC, i.e. the 3171 PVC will be deleted together with the pod. The name 3172 of the PVC will be `<pod name>-<volume name>` where 3173 `<volume name>` is the name from the `PodSpec.Volumes` 3174 array entry. Pod validation will reject the pod if 3175 the concatenated name is not valid for a PVC (for 3176 example, too long). \n An existing PVC with that name 3177 that is not owned by the pod will *not* be used for 3178 the pod to avoid using an unrelated volume by mistake. 3179 Starting the pod is then blocked until the unrelated 3180 PVC is removed. If such a pre-created PVC is meant 3181 to be used by the pod, the PVC has to updated with 3182 an owner reference to the pod once the pod exists. 3183 Normally this should not be necessary, but it may 3184 be useful when manually reconstructing a broken cluster. 3185 \n This field is read-only and no changes will be 3186 made by Kubernetes to the PVC after it has been created. 3187 \n Required, must not be nil." 3188 properties: 3189 metadata: 3190 description: May contain labels and annotations 3191 that will be copied into the PVC when creating 3192 it. No other fields are allowed and will be rejected 3193 during validation. 3194 type: object 3195 spec: 3196 description: The specification for the PersistentVolumeClaim. 3197 The entire content is copied unchanged into the 3198 PVC that gets created from this template. The 3199 same fields as in a PersistentVolumeClaim are 3200 also valid here. 3201 properties: 3202 accessModes: 3203 description: 'accessModes contains the desired 3204 access modes the volume should have. More 3205 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 3206 items: 3207 type: string 3208 type: array 3209 dataSource: 3210 description: 'dataSource field can be used to 3211 specify either: * An existing VolumeSnapshot 3212 object (snapshot.storage.k8s.io/VolumeSnapshot) 3213 * An existing PVC (PersistentVolumeClaim) 3214 If the provisioner or an external controller 3215 can support the specified data source, it 3216 will create a new volume based on the contents 3217 of the specified data source. If the AnyVolumeDataSource 3218 feature gate is enabled, this field will always 3219 have the same contents as the DataSourceRef 3220 field.' 3221 properties: 3222 apiGroup: 3223 description: APIGroup is the group for the 3224 resource being referenced. If APIGroup 3225 is not specified, the specified Kind must 3226 be in the core API group. For any other 3227 third-party types, APIGroup is required. 3228 type: string 3229 kind: 3230 description: Kind is the type of resource 3231 being referenced 3232 type: string 3233 name: 3234 description: Name is the name of resource 3235 being referenced 3236 type: string 3237 required: 3238 - kind 3239 - name 3240 type: object 3241 dataSourceRef: 3242 description: 'dataSourceRef specifies the object 3243 from which to populate the volume with data, 3244 if a non-empty volume is desired. This may 3245 be any local object from a non-empty API group 3246 (non core object) or a PersistentVolumeClaim 3247 object. When this field is specified, volume 3248 binding will only succeed if the type of the 3249 specified object matches some installed volume 3250 populator or dynamic provisioner. This field 3251 will replace the functionality of the DataSource 3252 field and as such if both fields are non-empty, 3253 they must have the same value. For backwards 3254 compatibility, both fields (DataSource and 3255 DataSourceRef) will be set to the same value 3256 automatically if one of them is empty and 3257 the other is non-empty. There are two important 3258 differences between DataSource and DataSourceRef: 3259 * While DataSource only allows two specific 3260 types of objects, DataSourceRef allows any 3261 non-core object, as well as PersistentVolumeClaim 3262 objects. * While DataSource ignores disallowed 3263 values (dropping them), DataSourceRef preserves 3264 all values, and generates an error if a disallowed 3265 value is specified. (Beta) Using this field 3266 requires the AnyVolumeDataSource feature gate 3267 to be enabled.' 3268 properties: 3269 apiGroup: 3270 description: APIGroup is the group for the 3271 resource being referenced. If APIGroup 3272 is not specified, the specified Kind must 3273 be in the core API group. For any other 3274 third-party types, APIGroup is required. 3275 type: string 3276 kind: 3277 description: Kind is the type of resource 3278 being referenced 3279 type: string 3280 name: 3281 description: Name is the name of resource 3282 being referenced 3283 type: string 3284 required: 3285 - kind 3286 - name 3287 type: object 3288 resources: 3289 description: 'resources represents the minimum 3290 resources the volume should have. If RecoverVolumeExpansionFailure 3291 feature is enabled users are allowed to specify 3292 resource requirements that are lower than 3293 previous value but must still be higher than 3294 capacity recorded in the status field of the 3295 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 3296 properties: 3297 limits: 3298 additionalProperties: 3299 anyOf: 3300 - type: integer 3301 - type: string 3302 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3303 x-kubernetes-int-or-string: true 3304 description: 'Limits describes the maximum 3305 amount of compute resources allowed. More 3306 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3307 type: object 3308 requests: 3309 additionalProperties: 3310 anyOf: 3311 - type: integer 3312 - type: string 3313 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3314 x-kubernetes-int-or-string: true 3315 description: 'Requests describes the minimum 3316 amount of compute resources required. 3317 If Requests is omitted for a container, 3318 it defaults to Limits if that is explicitly 3319 specified, otherwise to an implementation-defined 3320 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3321 type: object 3322 type: object 3323 selector: 3324 description: selector is a label query over 3325 volumes to consider for binding. 3326 properties: 3327 matchExpressions: 3328 description: matchExpressions is a list 3329 of label selector requirements. The requirements 3330 are ANDed. 3331 items: 3332 description: A label selector requirement 3333 is a selector that contains values, 3334 a key, and an operator that relates 3335 the key and values. 3336 properties: 3337 key: 3338 description: key is the label key 3339 that the selector applies to. 3340 type: string 3341 operator: 3342 description: operator represents a 3343 key's relationship to a set of values. 3344 Valid operators are In, NotIn, Exists 3345 and DoesNotExist. 3346 type: string 3347 values: 3348 description: values is an array of 3349 string values. If the operator is 3350 In or NotIn, the values array must 3351 be non-empty. If the operator is 3352 Exists or DoesNotExist, the values 3353 array must be empty. This array 3354 is replaced during a strategic merge 3355 patch. 3356 items: 3357 type: string 3358 type: array 3359 required: 3360 - key 3361 - operator 3362 type: object 3363 type: array 3364 matchLabels: 3365 additionalProperties: 3366 type: string 3367 description: matchLabels is a map of {key,value} 3368 pairs. A single {key,value} in the matchLabels 3369 map is equivalent to an element of matchExpressions, 3370 whose key field is "key", the operator 3371 is "In", and the values array contains 3372 only "value". The requirements are ANDed. 3373 type: object 3374 type: object 3375 storageClassName: 3376 description: 'storageClassName is the name of 3377 the StorageClass required by the claim. More 3378 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 3379 type: string 3380 volumeMode: 3381 description: volumeMode defines what type of 3382 volume is required by the claim. Value of 3383 Filesystem is implied when not included in 3384 claim spec. 3385 type: string 3386 volumeName: 3387 description: volumeName is the binding reference 3388 to the PersistentVolume backing this claim. 3389 type: string 3390 type: object 3391 required: 3392 - spec 3393 type: object 3394 type: object 3395 fc: 3396 description: fc represents a Fibre Channel resource that 3397 is attached to a kubelet's host machine and then exposed 3398 to the pod. 3399 properties: 3400 fsType: 3401 description: 'fsType is the filesystem type to mount. 3402 Must be a filesystem type supported by the host operating 3403 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 3404 to be "ext4" if unspecified. TODO: how do we prevent 3405 errors in the filesystem from compromising the machine' 3406 type: string 3407 lun: 3408 description: 'lun is Optional: FC target lun number' 3409 format: int32 3410 type: integer 3411 readOnly: 3412 description: 'readOnly is Optional: Defaults to false 3413 (read/write). ReadOnly here will force the ReadOnly 3414 setting in VolumeMounts.' 3415 type: boolean 3416 targetWWNs: 3417 description: 'targetWWNs is Optional: FC target worldwide 3418 names (WWNs)' 3419 items: 3420 type: string 3421 type: array 3422 wwids: 3423 description: 'wwids Optional: FC volume world wide identifiers 3424 (wwids) Either wwids or combination of targetWWNs 3425 and lun must be set, but not both simultaneously.' 3426 items: 3427 type: string 3428 type: array 3429 type: object 3430 flexVolume: 3431 description: flexVolume represents a generic volume resource 3432 that is provisioned/attached using an exec based plugin. 3433 properties: 3434 driver: 3435 description: driver is the name of the driver to use 3436 for this volume. 3437 type: string 3438 fsType: 3439 description: fsType is the filesystem type to mount. 3440 Must be a filesystem type supported by the host operating 3441 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 3442 depends on FlexVolume script. 3443 type: string 3444 options: 3445 additionalProperties: 3446 type: string 3447 description: 'options is Optional: this field holds 3448 extra command options if any.' 3449 type: object 3450 readOnly: 3451 description: 'readOnly is Optional: defaults to false 3452 (read/write). ReadOnly here will force the ReadOnly 3453 setting in VolumeMounts.' 3454 type: boolean 3455 secretRef: 3456 description: 'secretRef is Optional: secretRef is reference 3457 to the secret object containing sensitive information 3458 to pass to the plugin scripts. This may be empty if 3459 no secret object is specified. If the secret object 3460 contains more than one secret, all secrets are passed 3461 to the plugin scripts.' 3462 properties: 3463 name: 3464 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3465 TODO: Add other useful fields. apiVersion, kind, 3466 uid?' 3467 type: string 3468 type: object 3469 required: 3470 - driver 3471 type: object 3472 flocker: 3473 description: flocker represents a Flocker volume attached 3474 to a kubelet's host machine. This depends on the Flocker 3475 control service being running 3476 properties: 3477 datasetName: 3478 description: datasetName is Name of the dataset stored 3479 as metadata -> name on the dataset for Flocker should 3480 be considered as deprecated 3481 type: string 3482 datasetUUID: 3483 description: datasetUUID is the UUID of the dataset. 3484 This is unique identifier of a Flocker dataset 3485 type: string 3486 type: object 3487 gcePersistentDisk: 3488 description: 'gcePersistentDisk represents a GCE Disk resource 3489 that is attached to a kubelet''s host machine and then 3490 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3491 properties: 3492 fsType: 3493 description: 'fsType is filesystem type of the volume 3494 that you want to mount. Tip: Ensure that the filesystem 3495 type is supported by the host operating system. Examples: 3496 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3497 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 3498 TODO: how do we prevent errors in the filesystem from 3499 compromising the machine' 3500 type: string 3501 partition: 3502 description: 'partition is the partition in the volume 3503 that you want to mount. If omitted, the default is 3504 to mount by volume name. Examples: For volume /dev/sda1, 3505 you specify the partition as "1". Similarly, the volume 3506 partition for /dev/sda is "0" (or you can leave the 3507 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3508 format: int32 3509 type: integer 3510 pdName: 3511 description: 'pdName is unique name of the PD resource 3512 in GCE. Used to identify the disk in GCE. More info: 3513 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3514 type: string 3515 readOnly: 3516 description: 'readOnly here will force the ReadOnly 3517 setting in VolumeMounts. Defaults to false. More info: 3518 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 3519 type: boolean 3520 required: 3521 - pdName 3522 type: object 3523 gitRepo: 3524 description: 'gitRepo represents a git repository at a particular 3525 revision. DEPRECATED: GitRepo is deprecated. To provision 3526 a container with a git repo, mount an EmptyDir into an 3527 InitContainer that clones the repo using git, then mount 3528 the EmptyDir into the Pod''s container.' 3529 properties: 3530 directory: 3531 description: directory is the target directory name. 3532 Must not contain or start with '..'. If '.' is supplied, 3533 the volume directory will be the git repository. Otherwise, 3534 if specified, the volume will contain the git repository 3535 in the subdirectory with the given name. 3536 type: string 3537 repository: 3538 description: repository is the URL 3539 type: string 3540 revision: 3541 description: revision is the commit hash for the specified 3542 revision. 3543 type: string 3544 required: 3545 - repository 3546 type: object 3547 glusterfs: 3548 description: 'glusterfs represents a Glusterfs mount on 3549 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 3550 properties: 3551 endpoints: 3552 description: 'endpoints is the endpoint name that details 3553 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3554 type: string 3555 path: 3556 description: 'path is the Glusterfs volume path. More 3557 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3558 type: string 3559 readOnly: 3560 description: 'readOnly here will force the Glusterfs 3561 volume to be mounted with read-only permissions. Defaults 3562 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 3563 type: boolean 3564 required: 3565 - endpoints 3566 - path 3567 type: object 3568 hostPath: 3569 description: 'hostPath represents a pre-existing file or 3570 directory on the host machine that is directly exposed 3571 to the container. This is generally used for system agents 3572 or other privileged things that are allowed to see the 3573 host machine. Most containers will NOT need this. More 3574 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 3575 --- TODO(jonesdl) We need to restrict who can use host 3576 directory mounts and who can/can not mount host directories 3577 as read/write.' 3578 properties: 3579 path: 3580 description: 'path of the directory on the host. If 3581 the path is a symlink, it will follow the link to 3582 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3583 type: string 3584 type: 3585 description: 'type for HostPath Volume Defaults to "" 3586 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 3587 type: string 3588 required: 3589 - path 3590 type: object 3591 iscsi: 3592 description: 'iscsi represents an ISCSI Disk resource that 3593 is attached to a kubelet''s host machine and then exposed 3594 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 3595 properties: 3596 chapAuthDiscovery: 3597 description: chapAuthDiscovery defines whether support 3598 iSCSI Discovery CHAP authentication 3599 type: boolean 3600 chapAuthSession: 3601 description: chapAuthSession defines whether support 3602 iSCSI Session CHAP authentication 3603 type: boolean 3604 fsType: 3605 description: 'fsType is the filesystem type of the volume 3606 that you want to mount. Tip: Ensure that the filesystem 3607 type is supported by the host operating system. Examples: 3608 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 3609 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 3610 TODO: how do we prevent errors in the filesystem from 3611 compromising the machine' 3612 type: string 3613 initiatorName: 3614 description: initiatorName is the custom iSCSI Initiator 3615 Name. If initiatorName is specified with iscsiInterface 3616 simultaneously, new iSCSI interface <target portal>:<volume 3617 name> will be created for the connection. 3618 type: string 3619 iqn: 3620 description: iqn is the target iSCSI Qualified Name. 3621 type: string 3622 iscsiInterface: 3623 description: iscsiInterface is the interface Name that 3624 uses an iSCSI transport. Defaults to 'default' (tcp). 3625 type: string 3626 lun: 3627 description: lun represents iSCSI Target Lun number. 3628 format: int32 3629 type: integer 3630 portals: 3631 description: portals is the iSCSI Target Portal List. 3632 The portal is either an IP or ip_addr:port if the 3633 port is other than default (typically TCP ports 860 3634 and 3260). 3635 items: 3636 type: string 3637 type: array 3638 readOnly: 3639 description: readOnly here will force the ReadOnly setting 3640 in VolumeMounts. Defaults to false. 3641 type: boolean 3642 secretRef: 3643 description: secretRef is the CHAP Secret for iSCSI 3644 target and initiator authentication 3645 properties: 3646 name: 3647 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3648 TODO: Add other useful fields. apiVersion, kind, 3649 uid?' 3650 type: string 3651 type: object 3652 targetPortal: 3653 description: targetPortal is iSCSI Target Portal. The 3654 Portal is either an IP or ip_addr:port if the port 3655 is other than default (typically TCP ports 860 and 3656 3260). 3657 type: string 3658 required: 3659 - iqn 3660 - lun 3661 - targetPortal 3662 type: object 3663 name: 3664 description: 'name of the volume. Must be a DNS_LABEL and 3665 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 3666 type: string 3667 nfs: 3668 description: 'nfs represents an NFS mount on the host that 3669 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3670 properties: 3671 path: 3672 description: 'path that is exported by the NFS server. 3673 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3674 type: string 3675 readOnly: 3676 description: 'readOnly here will force the NFS export 3677 to be mounted with read-only permissions. Defaults 3678 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3679 type: boolean 3680 server: 3681 description: 'server is the hostname or IP address of 3682 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 3683 type: string 3684 required: 3685 - path 3686 - server 3687 type: object 3688 persistentVolumeClaim: 3689 description: 'persistentVolumeClaimVolumeSource represents 3690 a reference to a PersistentVolumeClaim in the same namespace. 3691 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 3692 properties: 3693 claimName: 3694 description: 'claimName is the name of a PersistentVolumeClaim 3695 in the same namespace as the pod using this volume. 3696 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 3697 type: string 3698 readOnly: 3699 description: readOnly Will force the ReadOnly setting 3700 in VolumeMounts. Default false. 3701 type: boolean 3702 required: 3703 - claimName 3704 type: object 3705 photonPersistentDisk: 3706 description: photonPersistentDisk represents a PhotonController 3707 persistent disk attached and mounted on kubelets host 3708 machine 3709 properties: 3710 fsType: 3711 description: fsType is the filesystem type to mount. 3712 Must be a filesystem type supported by the host operating 3713 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 3714 to be "ext4" if unspecified. 3715 type: string 3716 pdID: 3717 description: pdID is the ID that identifies Photon Controller 3718 persistent disk 3719 type: string 3720 required: 3721 - pdID 3722 type: object 3723 portworxVolume: 3724 description: portworxVolume represents a portworx volume 3725 attached and mounted on kubelets host machine 3726 properties: 3727 fsType: 3728 description: fSType represents the filesystem type to 3729 mount Must be a filesystem type supported by the host 3730 operating system. Ex. "ext4", "xfs". Implicitly inferred 3731 to be "ext4" if unspecified. 3732 type: string 3733 readOnly: 3734 description: readOnly defaults to false (read/write). 3735 ReadOnly here will force the ReadOnly setting in VolumeMounts. 3736 type: boolean 3737 volumeID: 3738 description: volumeID uniquely identifies a Portworx 3739 volume 3740 type: string 3741 required: 3742 - volumeID 3743 type: object 3744 projected: 3745 description: projected items for all in one resources secrets, 3746 configmaps, and downward API 3747 properties: 3748 defaultMode: 3749 description: defaultMode are the mode bits used to set 3750 permissions on created files by default. Must be an 3751 octal value between 0000 and 0777 or a decimal value 3752 between 0 and 511. YAML accepts both octal and decimal 3753 values, JSON requires decimal values for mode bits. 3754 Directories within the path are not affected by this 3755 setting. This might be in conflict with other options 3756 that affect the file mode, like fsGroup, and the result 3757 can be other mode bits set. 3758 format: int32 3759 type: integer 3760 sources: 3761 description: sources is the list of volume projections 3762 items: 3763 description: Projection that may be projected along 3764 with other supported volume types 3765 properties: 3766 configMap: 3767 description: configMap information about the configMap 3768 data to project 3769 properties: 3770 items: 3771 description: items if unspecified, each key-value 3772 pair in the Data field of the referenced 3773 ConfigMap will be projected into the volume 3774 as a file whose name is the key and content 3775 is the value. If specified, the listed keys 3776 will be projected into the specified paths, 3777 and unlisted keys will not be present. If 3778 a key is specified which is not present 3779 in the ConfigMap, the volume setup will 3780 error unless it is marked optional. Paths 3781 must be relative and may not contain the 3782 '..' path or start with '..'. 3783 items: 3784 description: Maps a string key to a path 3785 within a volume. 3786 properties: 3787 key: 3788 description: key is the key to project. 3789 type: string 3790 mode: 3791 description: 'mode is Optional: mode 3792 bits used to set permissions on this 3793 file. Must be an octal value between 3794 0000 and 0777 or a decimal value between 3795 0 and 511. YAML accepts both octal 3796 and decimal values, JSON requires 3797 decimal values for mode bits. If not 3798 specified, the volume defaultMode 3799 will be used. This might be in conflict 3800 with other options that affect the 3801 file mode, like fsGroup, and the result 3802 can be other mode bits set.' 3803 format: int32 3804 type: integer 3805 path: 3806 description: path is the relative path 3807 of the file to map the key to. May 3808 not be an absolute path. May not contain 3809 the path element '..'. May not start 3810 with the string '..'. 3811 type: string 3812 required: 3813 - key 3814 - path 3815 type: object 3816 type: array 3817 name: 3818 description: 'Name of the referent. More info: 3819 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3820 TODO: Add other useful fields. apiVersion, 3821 kind, uid?' 3822 type: string 3823 optional: 3824 description: optional specify whether the 3825 ConfigMap or its keys must be defined 3826 type: boolean 3827 type: object 3828 downwardAPI: 3829 description: downwardAPI information about the 3830 downwardAPI data to project 3831 properties: 3832 items: 3833 description: Items is a list of DownwardAPIVolume 3834 file 3835 items: 3836 description: DownwardAPIVolumeFile represents 3837 information to create the file containing 3838 the pod field 3839 properties: 3840 fieldRef: 3841 description: 'Required: Selects a field 3842 of the pod: only annotations, labels, 3843 name and namespace are supported.' 3844 properties: 3845 apiVersion: 3846 description: Version of the schema 3847 the FieldPath is written in terms 3848 of, defaults to "v1". 3849 type: string 3850 fieldPath: 3851 description: Path of the field to 3852 select in the specified API version. 3853 type: string 3854 required: 3855 - fieldPath 3856 type: object 3857 mode: 3858 description: 'Optional: mode bits used 3859 to set permissions on this file, must 3860 be an octal value between 0000 and 3861 0777 or a decimal value between 0 3862 and 511. YAML accepts both octal and 3863 decimal values, JSON requires decimal 3864 values for mode bits. If not specified, 3865 the volume defaultMode will be used. 3866 This might be in conflict with other 3867 options that affect the file mode, 3868 like fsGroup, and the result can be 3869 other mode bits set.' 3870 format: int32 3871 type: integer 3872 path: 3873 description: 'Required: Path is the 3874 relative path name of the file to 3875 be created. Must not be absolute or 3876 contain the ''..'' path. Must be utf-8 3877 encoded. The first item of the relative 3878 path must not start with ''..''' 3879 type: string 3880 resourceFieldRef: 3881 description: 'Selects a resource of 3882 the container: only resources limits 3883 and requests (limits.cpu, limits.memory, 3884 requests.cpu and requests.memory) 3885 are currently supported.' 3886 properties: 3887 containerName: 3888 description: 'Container name: required 3889 for volumes, optional for env 3890 vars' 3891 type: string 3892 divisor: 3893 anyOf: 3894 - type: integer 3895 - type: string 3896 description: Specifies the output 3897 format of the exposed resources, 3898 defaults to "1" 3899 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3900 x-kubernetes-int-or-string: true 3901 resource: 3902 description: 'Required: resource 3903 to select' 3904 type: string 3905 required: 3906 - resource 3907 type: object 3908 required: 3909 - path 3910 type: object 3911 type: array 3912 type: object 3913 secret: 3914 description: secret information about the secret 3915 data to project 3916 properties: 3917 items: 3918 description: items if unspecified, each key-value 3919 pair in the Data field of the referenced 3920 Secret will be projected into the volume 3921 as a file whose name is the key and content 3922 is the value. If specified, the listed keys 3923 will be projected into the specified paths, 3924 and unlisted keys will not be present. If 3925 a key is specified which is not present 3926 in the Secret, the volume setup will error 3927 unless it is marked optional. Paths must 3928 be relative and may not contain the '..' 3929 path or start with '..'. 3930 items: 3931 description: Maps a string key to a path 3932 within a volume. 3933 properties: 3934 key: 3935 description: key is the key to project. 3936 type: string 3937 mode: 3938 description: 'mode is Optional: mode 3939 bits used to set permissions on this 3940 file. Must be an octal value between 3941 0000 and 0777 or a decimal value between 3942 0 and 511. YAML accepts both octal 3943 and decimal values, JSON requires 3944 decimal values for mode bits. If not 3945 specified, the volume defaultMode 3946 will be used. This might be in conflict 3947 with other options that affect the 3948 file mode, like fsGroup, and the result 3949 can be other mode bits set.' 3950 format: int32 3951 type: integer 3952 path: 3953 description: path is the relative path 3954 of the file to map the key to. May 3955 not be an absolute path. May not contain 3956 the path element '..'. May not start 3957 with the string '..'. 3958 type: string 3959 required: 3960 - key 3961 - path 3962 type: object 3963 type: array 3964 name: 3965 description: 'Name of the referent. More info: 3966 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3967 TODO: Add other useful fields. apiVersion, 3968 kind, uid?' 3969 type: string 3970 optional: 3971 description: optional field specify whether 3972 the Secret or its key must be defined 3973 type: boolean 3974 type: object 3975 serviceAccountToken: 3976 description: serviceAccountToken is information 3977 about the serviceAccountToken data to project 3978 properties: 3979 audience: 3980 description: audience is the intended audience 3981 of the token. A recipient of a token must 3982 identify itself with an identifier specified 3983 in the audience of the token, and otherwise 3984 should reject the token. The audience defaults 3985 to the identifier of the apiserver. 3986 type: string 3987 expirationSeconds: 3988 description: expirationSeconds is the requested 3989 duration of validity of the service account 3990 token. As the token approaches expiration, 3991 the kubelet volume plugin will proactively 3992 rotate the service account token. The kubelet 3993 will start trying to rotate the token if 3994 the token is older than 80 percent of its 3995 time to live or if the token is older than 3996 24 hours.Defaults to 1 hour and must be 3997 at least 10 minutes. 3998 format: int64 3999 type: integer 4000 path: 4001 description: path is the path relative to 4002 the mount point of the file to project the 4003 token into. 4004 type: string 4005 required: 4006 - path 4007 type: object 4008 type: object 4009 type: array 4010 type: object 4011 quobyte: 4012 description: quobyte represents a Quobyte mount on the host 4013 that shares a pod's lifetime 4014 properties: 4015 group: 4016 description: group to map volume access to Default is 4017 no group 4018 type: string 4019 readOnly: 4020 description: readOnly here will force the Quobyte volume 4021 to be mounted with read-only permissions. Defaults 4022 to false. 4023 type: boolean 4024 registry: 4025 description: registry represents a single or multiple 4026 Quobyte Registry services specified as a string as 4027 host:port pair (multiple entries are separated with 4028 commas) which acts as the central registry for volumes 4029 type: string 4030 tenant: 4031 description: tenant owning the given Quobyte volume 4032 in the Backend Used with dynamically provisioned Quobyte 4033 volumes, value is set by the plugin 4034 type: string 4035 user: 4036 description: user to map volume access to Defaults to 4037 serivceaccount user 4038 type: string 4039 volume: 4040 description: volume is a string that references an already 4041 created Quobyte volume by name. 4042 type: string 4043 required: 4044 - registry 4045 - volume 4046 type: object 4047 rbd: 4048 description: 'rbd represents a Rados Block Device mount 4049 on the host that shares a pod''s lifetime. More info: 4050 https://examples.k8s.io/volumes/rbd/README.md' 4051 properties: 4052 fsType: 4053 description: 'fsType is the filesystem type of the volume 4054 that you want to mount. Tip: Ensure that the filesystem 4055 type is supported by the host operating system. Examples: 4056 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 4057 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 4058 TODO: how do we prevent errors in the filesystem from 4059 compromising the machine' 4060 type: string 4061 image: 4062 description: 'image is the rados image name. More info: 4063 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4064 type: string 4065 keyring: 4066 description: 'keyring is the path to key ring for RBDUser. 4067 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4068 type: string 4069 monitors: 4070 description: 'monitors is a collection of Ceph monitors. 4071 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4072 items: 4073 type: string 4074 type: array 4075 pool: 4076 description: 'pool is the rados pool name. Default is 4077 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4078 type: string 4079 readOnly: 4080 description: 'readOnly here will force the ReadOnly 4081 setting in VolumeMounts. Defaults to false. More info: 4082 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4083 type: boolean 4084 secretRef: 4085 description: 'secretRef is name of the authentication 4086 secret for RBDUser. If provided overrides keyring. 4087 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4088 properties: 4089 name: 4090 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4091 TODO: Add other useful fields. apiVersion, kind, 4092 uid?' 4093 type: string 4094 type: object 4095 user: 4096 description: 'user is the rados user name. Default is 4097 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 4098 type: string 4099 required: 4100 - image 4101 - monitors 4102 type: object 4103 scaleIO: 4104 description: scaleIO represents a ScaleIO persistent volume 4105 attached and mounted on Kubernetes nodes. 4106 properties: 4107 fsType: 4108 description: fsType is the filesystem type to mount. 4109 Must be a filesystem type supported by the host operating 4110 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 4111 type: string 4112 gateway: 4113 description: gateway is the host address of the ScaleIO 4114 API Gateway. 4115 type: string 4116 protectionDomain: 4117 description: protectionDomain is the name of the ScaleIO 4118 Protection Domain for the configured storage. 4119 type: string 4120 readOnly: 4121 description: readOnly Defaults to false (read/write). 4122 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4123 type: boolean 4124 secretRef: 4125 description: secretRef references to the secret for 4126 ScaleIO user and other sensitive information. If this 4127 is not provided, Login operation will fail. 4128 properties: 4129 name: 4130 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4131 TODO: Add other useful fields. apiVersion, kind, 4132 uid?' 4133 type: string 4134 type: object 4135 sslEnabled: 4136 description: sslEnabled Flag enable/disable SSL communication 4137 with Gateway, default false 4138 type: boolean 4139 storageMode: 4140 description: storageMode indicates whether the storage 4141 for a volume should be ThickProvisioned or ThinProvisioned. 4142 Default is ThinProvisioned. 4143 type: string 4144 storagePool: 4145 description: storagePool is the ScaleIO Storage Pool 4146 associated with the protection domain. 4147 type: string 4148 system: 4149 description: system is the name of the storage system 4150 as configured in ScaleIO. 4151 type: string 4152 volumeName: 4153 description: volumeName is the name of a volume already 4154 created in the ScaleIO system that is associated with 4155 this volume source. 4156 type: string 4157 required: 4158 - gateway 4159 - secretRef 4160 - system 4161 type: object 4162 secret: 4163 description: 'secret represents a secret that should populate 4164 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4165 properties: 4166 defaultMode: 4167 description: 'defaultMode is Optional: mode bits used 4168 to set permissions on created files by default. Must 4169 be an octal value between 0000 and 0777 or a decimal 4170 value between 0 and 511. YAML accepts both octal and 4171 decimal values, JSON requires decimal values for mode 4172 bits. Defaults to 0644. Directories within the path 4173 are not affected by this setting. This might be in 4174 conflict with other options that affect the file mode, 4175 like fsGroup, and the result can be other mode bits 4176 set.' 4177 format: int32 4178 type: integer 4179 items: 4180 description: items If unspecified, each key-value pair 4181 in the Data field of the referenced Secret will be 4182 projected into the volume as a file whose name is 4183 the key and content is the value. If specified, the 4184 listed keys will be projected into the specified paths, 4185 and unlisted keys will not be present. If a key is 4186 specified which is not present in the Secret, the 4187 volume setup will error unless it is marked optional. 4188 Paths must be relative and may not contain the '..' 4189 path or start with '..'. 4190 items: 4191 description: Maps a string key to a path within a 4192 volume. 4193 properties: 4194 key: 4195 description: key is the key to project. 4196 type: string 4197 mode: 4198 description: 'mode is Optional: mode bits used 4199 to set permissions on this file. Must be an 4200 octal value between 0000 and 0777 or a decimal 4201 value between 0 and 511. YAML accepts both octal 4202 and decimal values, JSON requires decimal values 4203 for mode bits. If not specified, the volume 4204 defaultMode will be used. This might be in conflict 4205 with other options that affect the file mode, 4206 like fsGroup, and the result can be other mode 4207 bits set.' 4208 format: int32 4209 type: integer 4210 path: 4211 description: path is the relative path of the 4212 file to map the key to. May not be an absolute 4213 path. May not contain the path element '..'. 4214 May not start with the string '..'. 4215 type: string 4216 required: 4217 - key 4218 - path 4219 type: object 4220 type: array 4221 optional: 4222 description: optional field specify whether the Secret 4223 or its keys must be defined 4224 type: boolean 4225 secretName: 4226 description: 'secretName is the name of the secret in 4227 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 4228 type: string 4229 type: object 4230 storageos: 4231 description: storageOS represents a StorageOS volume attached 4232 and mounted on Kubernetes nodes. 4233 properties: 4234 fsType: 4235 description: fsType is the filesystem type to mount. 4236 Must be a filesystem type supported by the host operating 4237 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 4238 to be "ext4" if unspecified. 4239 type: string 4240 readOnly: 4241 description: readOnly defaults to false (read/write). 4242 ReadOnly here will force the ReadOnly setting in VolumeMounts. 4243 type: boolean 4244 secretRef: 4245 description: secretRef specifies the secret to use for 4246 obtaining the StorageOS API credentials. If not specified, 4247 default values will be attempted. 4248 properties: 4249 name: 4250 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4251 TODO: Add other useful fields. apiVersion, kind, 4252 uid?' 4253 type: string 4254 type: object 4255 volumeName: 4256 description: volumeName is the human-readable name of 4257 the StorageOS volume. Volume names are only unique 4258 within a namespace. 4259 type: string 4260 volumeNamespace: 4261 description: volumeNamespace specifies the scope of 4262 the volume within StorageOS. If no namespace is specified 4263 then the Pod's namespace will be used. This allows 4264 the Kubernetes name scoping to be mirrored within 4265 StorageOS for tighter integration. Set VolumeName 4266 to any name to override the default behaviour. Set 4267 to "default" if you are not using namespaces within 4268 StorageOS. Namespaces that do not pre-exist within 4269 StorageOS will be created. 4270 type: string 4271 type: object 4272 vsphereVolume: 4273 description: vsphereVolume represents a vSphere volume attached 4274 and mounted on kubelets host machine 4275 properties: 4276 fsType: 4277 description: fsType is filesystem type to mount. Must 4278 be a filesystem type supported by the host operating 4279 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 4280 to be "ext4" if unspecified. 4281 type: string 4282 storagePolicyID: 4283 description: storagePolicyID is the storage Policy Based 4284 Management (SPBM) profile ID associated with the StoragePolicyName. 4285 type: string 4286 storagePolicyName: 4287 description: storagePolicyName is the storage Policy 4288 Based Management (SPBM) profile name. 4289 type: string 4290 volumePath: 4291 description: volumePath is the path that identifies 4292 vSphere volume vmdk 4293 type: string 4294 required: 4295 - volumePath 4296 type: object 4297 required: 4298 - name 4299 type: object 4300 type: array 4301 hostNetwork: 4302 type: boolean 4303 image: 4304 type: string 4305 imagePullPolicy: 4306 description: PullPolicy describes a policy for if/when to pull 4307 a container image 4308 type: string 4309 imagePullSecrets: 4310 items: 4311 description: LocalObjectReference contains enough information 4312 to let you locate the referenced object inside the same namespace. 4313 properties: 4314 name: 4315 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4316 TODO: Add other useful fields. apiVersion, kind, uid?' 4317 type: string 4318 type: object 4319 type: array 4320 initContainers: 4321 items: 4322 description: A single application container that you want to 4323 run within a pod. 4324 properties: 4325 args: 4326 description: 'Arguments to the entrypoint. The container 4327 image''s CMD is used if this is not provided. Variable 4328 references $(VAR_NAME) are expanded using the container''s 4329 environment. If a variable cannot be resolved, the reference 4330 in the input string will be unchanged. Double $$ are reduced 4331 to a single $, which allows for escaping the $(VAR_NAME) 4332 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 4333 "$(VAR_NAME)". Escaped references will never be expanded, 4334 regardless of whether the variable exists or not. Cannot 4335 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4336 items: 4337 type: string 4338 type: array 4339 command: 4340 description: 'Entrypoint array. Not executed within a shell. 4341 The container image''s ENTRYPOINT is used if this is not 4342 provided. Variable references $(VAR_NAME) are expanded 4343 using the container''s environment. If a variable cannot 4344 be resolved, the reference in the input string will be 4345 unchanged. Double $$ are reduced to a single $, which 4346 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4347 will produce the string literal "$(VAR_NAME)". Escaped 4348 references will never be expanded, regardless of whether 4349 the variable exists or not. Cannot be updated. More info: 4350 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4351 items: 4352 type: string 4353 type: array 4354 env: 4355 description: List of environment variables to set in the 4356 container. Cannot be updated. 4357 items: 4358 description: EnvVar represents an environment variable 4359 present in a Container. 4360 properties: 4361 name: 4362 description: Name of the environment variable. Must 4363 be a C_IDENTIFIER. 4364 type: string 4365 value: 4366 description: 'Variable references $(VAR_NAME) are 4367 expanded using the previously defined environment 4368 variables in the container and any service environment 4369 variables. If a variable cannot be resolved, the 4370 reference in the input string will be unchanged. 4371 Double $$ are reduced to a single $, which allows 4372 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 4373 will produce the string literal "$(VAR_NAME)". Escaped 4374 references will never be expanded, regardless of 4375 whether the variable exists or not. Defaults to 4376 "".' 4377 type: string 4378 valueFrom: 4379 description: Source for the environment variable's 4380 value. Cannot be used if value is not empty. 4381 properties: 4382 configMapKeyRef: 4383 description: Selects a key of a ConfigMap. 4384 properties: 4385 key: 4386 description: The key to select. 4387 type: string 4388 name: 4389 description: 'Name of the referent. More info: 4390 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4391 TODO: Add other useful fields. apiVersion, 4392 kind, uid?' 4393 type: string 4394 optional: 4395 description: Specify whether the ConfigMap 4396 or its key must be defined 4397 type: boolean 4398 required: 4399 - key 4400 type: object 4401 fieldRef: 4402 description: 'Selects a field of the pod: supports 4403 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 4404 `metadata.annotations[''<KEY>'']`, spec.nodeName, 4405 spec.serviceAccountName, status.hostIP, status.podIP, 4406 status.podIPs.' 4407 properties: 4408 apiVersion: 4409 description: Version of the schema the FieldPath 4410 is written in terms of, defaults to "v1". 4411 type: string 4412 fieldPath: 4413 description: Path of the field to select in 4414 the specified API version. 4415 type: string 4416 required: 4417 - fieldPath 4418 type: object 4419 resourceFieldRef: 4420 description: 'Selects a resource of the container: 4421 only resources limits and requests (limits.cpu, 4422 limits.memory, limits.ephemeral-storage, requests.cpu, 4423 requests.memory and requests.ephemeral-storage) 4424 are currently supported.' 4425 properties: 4426 containerName: 4427 description: 'Container name: required for 4428 volumes, optional for env vars' 4429 type: string 4430 divisor: 4431 anyOf: 4432 - type: integer 4433 - type: string 4434 description: Specifies the output format of 4435 the exposed resources, defaults to "1" 4436 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4437 x-kubernetes-int-or-string: true 4438 resource: 4439 description: 'Required: resource to select' 4440 type: string 4441 required: 4442 - resource 4443 type: object 4444 secretKeyRef: 4445 description: Selects a key of a secret in the 4446 pod's namespace 4447 properties: 4448 key: 4449 description: The key of the secret to select 4450 from. Must be a valid secret key. 4451 type: string 4452 name: 4453 description: 'Name of the referent. More info: 4454 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4455 TODO: Add other useful fields. apiVersion, 4456 kind, uid?' 4457 type: string 4458 optional: 4459 description: Specify whether the Secret or 4460 its key must be defined 4461 type: boolean 4462 required: 4463 - key 4464 type: object 4465 type: object 4466 required: 4467 - name 4468 type: object 4469 type: array 4470 envFrom: 4471 description: List of sources to populate environment variables 4472 in the container. The keys defined within a source must 4473 be a C_IDENTIFIER. All invalid keys will be reported as 4474 an event when the container is starting. When a key exists 4475 in multiple sources, the value associated with the last 4476 source will take precedence. Values defined by an Env 4477 with a duplicate key will take precedence. Cannot be updated. 4478 items: 4479 description: EnvFromSource represents the source of a 4480 set of ConfigMaps 4481 properties: 4482 configMapRef: 4483 description: The ConfigMap to select from 4484 properties: 4485 name: 4486 description: 'Name of the referent. More info: 4487 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4488 TODO: Add other useful fields. apiVersion, kind, 4489 uid?' 4490 type: string 4491 optional: 4492 description: Specify whether the ConfigMap must 4493 be defined 4494 type: boolean 4495 type: object 4496 prefix: 4497 description: An optional identifier to prepend to 4498 each key in the ConfigMap. Must be a C_IDENTIFIER. 4499 type: string 4500 secretRef: 4501 description: The Secret to select from 4502 properties: 4503 name: 4504 description: 'Name of the referent. More info: 4505 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4506 TODO: Add other useful fields. apiVersion, kind, 4507 uid?' 4508 type: string 4509 optional: 4510 description: Specify whether the Secret must be 4511 defined 4512 type: boolean 4513 type: object 4514 type: object 4515 type: array 4516 image: 4517 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 4518 This field is optional to allow higher level config management 4519 to default or override container images in workload controllers 4520 like Deployments and StatefulSets.' 4521 type: string 4522 imagePullPolicy: 4523 description: 'Image pull policy. One of Always, Never, IfNotPresent. 4524 Defaults to Always if :latest tag is specified, or IfNotPresent 4525 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 4526 type: string 4527 lifecycle: 4528 description: Actions that the management system should take 4529 in response to container lifecycle events. Cannot be updated. 4530 properties: 4531 postStart: 4532 description: 'PostStart is called immediately after 4533 a container is created. If the handler fails, the 4534 container is terminated and restarted according to 4535 its restart policy. Other management of the container 4536 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4537 properties: 4538 exec: 4539 description: Exec specifies the action to take. 4540 properties: 4541 command: 4542 description: Command is the command line to 4543 execute inside the container, the working 4544 directory for the command is root ('/') in 4545 the container's filesystem. The command is 4546 simply exec'd, it is not run inside a shell, 4547 so traditional shell instructions ('|', etc) 4548 won't work. To use a shell, you need to explicitly 4549 call out to that shell. Exit status of 0 is 4550 treated as live/healthy and non-zero is unhealthy. 4551 items: 4552 type: string 4553 type: array 4554 type: object 4555 httpGet: 4556 description: HTTPGet specifies the http request 4557 to perform. 4558 properties: 4559 host: 4560 description: Host name to connect to, defaults 4561 to the pod IP. You probably want to set "Host" 4562 in httpHeaders instead. 4563 type: string 4564 httpHeaders: 4565 description: Custom headers to set in the request. 4566 HTTP allows repeated headers. 4567 items: 4568 description: HTTPHeader describes a custom 4569 header to be used in HTTP probes 4570 properties: 4571 name: 4572 description: The header field name 4573 type: string 4574 value: 4575 description: The header field value 4576 type: string 4577 required: 4578 - name 4579 - value 4580 type: object 4581 type: array 4582 path: 4583 description: Path to access on the HTTP server. 4584 type: string 4585 port: 4586 anyOf: 4587 - type: integer 4588 - type: string 4589 description: Name or number of the port to access 4590 on the container. Number must be in the range 4591 1 to 65535. Name must be an IANA_SVC_NAME. 4592 x-kubernetes-int-or-string: true 4593 scheme: 4594 description: Scheme to use for connecting to 4595 the host. Defaults to HTTP. 4596 type: string 4597 required: 4598 - port 4599 type: object 4600 tcpSocket: 4601 description: Deprecated. TCPSocket is NOT supported 4602 as a LifecycleHandler and kept for the backward 4603 compatibility. There are no validation of this 4604 field and lifecycle hooks will fail in runtime 4605 when tcp handler is specified. 4606 properties: 4607 host: 4608 description: 'Optional: Host name to connect 4609 to, defaults to the pod IP.' 4610 type: string 4611 port: 4612 anyOf: 4613 - type: integer 4614 - type: string 4615 description: Number or name of the port to access 4616 on the container. Number must be in the range 4617 1 to 65535. Name must be an IANA_SVC_NAME. 4618 x-kubernetes-int-or-string: true 4619 required: 4620 - port 4621 type: object 4622 type: object 4623 preStop: 4624 description: 'PreStop is called immediately before a 4625 container is terminated due to an API request or management 4626 event such as liveness/startup probe failure, preemption, 4627 resource contention, etc. The handler is not called 4628 if the container crashes or exits. The Pod''s termination 4629 grace period countdown begins before the PreStop hook 4630 is executed. Regardless of the outcome of the handler, 4631 the container will eventually terminate within the 4632 Pod''s termination grace period (unless delayed by 4633 finalizers). Other management of the container blocks 4634 until the hook completes or until the termination 4635 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4636 properties: 4637 exec: 4638 description: Exec specifies the action to take. 4639 properties: 4640 command: 4641 description: Command is the command line to 4642 execute inside the container, the working 4643 directory for the command is root ('/') in 4644 the container's filesystem. The command is 4645 simply exec'd, it is not run inside a shell, 4646 so traditional shell instructions ('|', etc) 4647 won't work. To use a shell, you need to explicitly 4648 call out to that shell. Exit status of 0 is 4649 treated as live/healthy and non-zero is unhealthy. 4650 items: 4651 type: string 4652 type: array 4653 type: object 4654 httpGet: 4655 description: HTTPGet specifies the http request 4656 to perform. 4657 properties: 4658 host: 4659 description: Host name to connect to, defaults 4660 to the pod IP. You probably want to set "Host" 4661 in httpHeaders instead. 4662 type: string 4663 httpHeaders: 4664 description: Custom headers to set in the request. 4665 HTTP allows repeated headers. 4666 items: 4667 description: HTTPHeader describes a custom 4668 header to be used in HTTP probes 4669 properties: 4670 name: 4671 description: The header field name 4672 type: string 4673 value: 4674 description: The header field value 4675 type: string 4676 required: 4677 - name 4678 - value 4679 type: object 4680 type: array 4681 path: 4682 description: Path to access on the HTTP server. 4683 type: string 4684 port: 4685 anyOf: 4686 - type: integer 4687 - type: string 4688 description: Name or number of the port to access 4689 on the container. Number must be in the range 4690 1 to 65535. Name must be an IANA_SVC_NAME. 4691 x-kubernetes-int-or-string: true 4692 scheme: 4693 description: Scheme to use for connecting to 4694 the host. Defaults to HTTP. 4695 type: string 4696 required: 4697 - port 4698 type: object 4699 tcpSocket: 4700 description: Deprecated. TCPSocket is NOT supported 4701 as a LifecycleHandler and kept for the backward 4702 compatibility. There are no validation of this 4703 field and lifecycle hooks will fail in runtime 4704 when tcp handler is specified. 4705 properties: 4706 host: 4707 description: 'Optional: Host name to connect 4708 to, defaults to the pod IP.' 4709 type: string 4710 port: 4711 anyOf: 4712 - type: integer 4713 - type: string 4714 description: Number or name of the port to access 4715 on the container. Number must be in the range 4716 1 to 65535. Name must be an IANA_SVC_NAME. 4717 x-kubernetes-int-or-string: true 4718 required: 4719 - port 4720 type: object 4721 type: object 4722 type: object 4723 livenessProbe: 4724 description: 'Periodic probe of container liveness. Container 4725 will be restarted if the probe fails. Cannot be updated. 4726 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4727 properties: 4728 exec: 4729 description: Exec specifies the action to take. 4730 properties: 4731 command: 4732 description: Command is the command line to execute 4733 inside the container, the working directory for 4734 the command is root ('/') in the container's 4735 filesystem. The command is simply exec'd, it is 4736 not run inside a shell, so traditional shell instructions 4737 ('|', etc) won't work. To use a shell, you need 4738 to explicitly call out to that shell. Exit status 4739 of 0 is treated as live/healthy and non-zero is 4740 unhealthy. 4741 items: 4742 type: string 4743 type: array 4744 type: object 4745 failureThreshold: 4746 description: Minimum consecutive failures for the probe 4747 to be considered failed after having succeeded. Defaults 4748 to 3. Minimum value is 1. 4749 format: int32 4750 type: integer 4751 grpc: 4752 description: GRPC specifies an action involving a GRPC 4753 port. This is a beta field and requires enabling GRPCContainerProbe 4754 feature gate. 4755 properties: 4756 port: 4757 description: Port number of the gRPC service. Number 4758 must be in the range 1 to 65535. 4759 format: int32 4760 type: integer 4761 service: 4762 description: "Service is the name of the service 4763 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4764 \n If this is not specified, the default behavior 4765 is defined by gRPC." 4766 type: string 4767 required: 4768 - port 4769 type: object 4770 httpGet: 4771 description: HTTPGet specifies the http request to perform. 4772 properties: 4773 host: 4774 description: Host name to connect to, defaults to 4775 the pod IP. You probably want to set "Host" in 4776 httpHeaders instead. 4777 type: string 4778 httpHeaders: 4779 description: Custom headers to set in the request. 4780 HTTP allows repeated headers. 4781 items: 4782 description: HTTPHeader describes a custom header 4783 to be used in HTTP probes 4784 properties: 4785 name: 4786 description: The header field name 4787 type: string 4788 value: 4789 description: The header field value 4790 type: string 4791 required: 4792 - name 4793 - value 4794 type: object 4795 type: array 4796 path: 4797 description: Path to access on the HTTP server. 4798 type: string 4799 port: 4800 anyOf: 4801 - type: integer 4802 - type: string 4803 description: Name or number of the port to access 4804 on the container. Number must be in the range 4805 1 to 65535. Name must be an IANA_SVC_NAME. 4806 x-kubernetes-int-or-string: true 4807 scheme: 4808 description: Scheme to use for connecting to the 4809 host. Defaults to HTTP. 4810 type: string 4811 required: 4812 - port 4813 type: object 4814 initialDelaySeconds: 4815 description: 'Number of seconds after the container 4816 has started before liveness probes are initiated. 4817 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4818 format: int32 4819 type: integer 4820 periodSeconds: 4821 description: How often (in seconds) to perform the probe. 4822 Default to 10 seconds. Minimum value is 1. 4823 format: int32 4824 type: integer 4825 successThreshold: 4826 description: Minimum consecutive successes for the probe 4827 to be considered successful after having failed. Defaults 4828 to 1. Must be 1 for liveness and startup. Minimum 4829 value is 1. 4830 format: int32 4831 type: integer 4832 tcpSocket: 4833 description: TCPSocket specifies an action involving 4834 a TCP port. 4835 properties: 4836 host: 4837 description: 'Optional: Host name to connect to, 4838 defaults to the pod IP.' 4839 type: string 4840 port: 4841 anyOf: 4842 - type: integer 4843 - type: string 4844 description: Number or name of the port to access 4845 on the container. Number must be in the range 4846 1 to 65535. Name must be an IANA_SVC_NAME. 4847 x-kubernetes-int-or-string: true 4848 required: 4849 - port 4850 type: object 4851 terminationGracePeriodSeconds: 4852 description: Optional duration in seconds the pod needs 4853 to terminate gracefully upon probe failure. The grace 4854 period is the duration in seconds after the processes 4855 running in the pod are sent a termination signal and 4856 the time when the processes are forcibly halted with 4857 a kill signal. Set this value longer than the expected 4858 cleanup time for your process. If this value is nil, 4859 the pod's terminationGracePeriodSeconds will be used. 4860 Otherwise, this value overrides the value provided 4861 by the pod spec. Value must be non-negative integer. 4862 The value zero indicates stop immediately via the 4863 kill signal (no opportunity to shut down). This is 4864 a beta field and requires enabling ProbeTerminationGracePeriod 4865 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 4866 is used if unset. 4867 format: int64 4868 type: integer 4869 timeoutSeconds: 4870 description: 'Number of seconds after which the probe 4871 times out. Defaults to 1 second. Minimum value is 4872 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4873 format: int32 4874 type: integer 4875 type: object 4876 name: 4877 description: Name of the container specified as a DNS_LABEL. 4878 Each container in a pod must have a unique name (DNS_LABEL). 4879 Cannot be updated. 4880 type: string 4881 ports: 4882 description: List of ports to expose from the container. 4883 Exposing a port here gives the system additional information 4884 about the network connections a container uses, but is 4885 primarily informational. Not specifying a port here DOES 4886 NOT prevent that port from being exposed. Any port which 4887 is listening on the default "0.0.0.0" address inside a 4888 container will be accessible from the network. Cannot 4889 be updated. 4890 items: 4891 description: ContainerPort represents a network port in 4892 a single container. 4893 properties: 4894 containerPort: 4895 description: Number of port to expose on the pod's 4896 IP address. This must be a valid port number, 0 4897 < x < 65536. 4898 format: int32 4899 type: integer 4900 hostIP: 4901 description: What host IP to bind the external port 4902 to. 4903 type: string 4904 hostPort: 4905 description: Number of port to expose on the host. 4906 If specified, this must be a valid port number, 4907 0 < x < 65536. If HostNetwork is specified, this 4908 must match ContainerPort. Most containers do not 4909 need this. 4910 format: int32 4911 type: integer 4912 name: 4913 description: If specified, this must be an IANA_SVC_NAME 4914 and unique within the pod. Each named port in a 4915 pod must have a unique name. Name for the port that 4916 can be referred to by services. 4917 type: string 4918 protocol: 4919 default: TCP 4920 description: Protocol for port. Must be UDP, TCP, 4921 or SCTP. Defaults to "TCP". 4922 type: string 4923 required: 4924 - containerPort 4925 type: object 4926 type: array 4927 x-kubernetes-list-map-keys: 4928 - containerPort 4929 - protocol 4930 x-kubernetes-list-type: map 4931 readinessProbe: 4932 description: 'Periodic probe of container service readiness. 4933 Container will be removed from service endpoints if the 4934 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4935 properties: 4936 exec: 4937 description: Exec specifies the action to take. 4938 properties: 4939 command: 4940 description: Command is the command line to execute 4941 inside the container, the working directory for 4942 the command is root ('/') in the container's 4943 filesystem. The command is simply exec'd, it is 4944 not run inside a shell, so traditional shell instructions 4945 ('|', etc) won't work. To use a shell, you need 4946 to explicitly call out to that shell. Exit status 4947 of 0 is treated as live/healthy and non-zero is 4948 unhealthy. 4949 items: 4950 type: string 4951 type: array 4952 type: object 4953 failureThreshold: 4954 description: Minimum consecutive failures for the probe 4955 to be considered failed after having succeeded. Defaults 4956 to 3. Minimum value is 1. 4957 format: int32 4958 type: integer 4959 grpc: 4960 description: GRPC specifies an action involving a GRPC 4961 port. This is a beta field and requires enabling GRPCContainerProbe 4962 feature gate. 4963 properties: 4964 port: 4965 description: Port number of the gRPC service. Number 4966 must be in the range 1 to 65535. 4967 format: int32 4968 type: integer 4969 service: 4970 description: "Service is the name of the service 4971 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4972 \n If this is not specified, the default behavior 4973 is defined by gRPC." 4974 type: string 4975 required: 4976 - port 4977 type: object 4978 httpGet: 4979 description: HTTPGet specifies the http request to perform. 4980 properties: 4981 host: 4982 description: Host name to connect to, defaults to 4983 the pod IP. You probably want to set "Host" in 4984 httpHeaders instead. 4985 type: string 4986 httpHeaders: 4987 description: Custom headers to set in the request. 4988 HTTP allows repeated headers. 4989 items: 4990 description: HTTPHeader describes a custom header 4991 to be used in HTTP probes 4992 properties: 4993 name: 4994 description: The header field name 4995 type: string 4996 value: 4997 description: The header field value 4998 type: string 4999 required: 5000 - name 5001 - value 5002 type: object 5003 type: array 5004 path: 5005 description: Path to access on the HTTP server. 5006 type: string 5007 port: 5008 anyOf: 5009 - type: integer 5010 - type: string 5011 description: Name or number of the port to access 5012 on the container. Number must be in the range 5013 1 to 65535. Name must be an IANA_SVC_NAME. 5014 x-kubernetes-int-or-string: true 5015 scheme: 5016 description: Scheme to use for connecting to the 5017 host. Defaults to HTTP. 5018 type: string 5019 required: 5020 - port 5021 type: object 5022 initialDelaySeconds: 5023 description: 'Number of seconds after the container 5024 has started before liveness probes are initiated. 5025 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5026 format: int32 5027 type: integer 5028 periodSeconds: 5029 description: How often (in seconds) to perform the probe. 5030 Default to 10 seconds. Minimum value is 1. 5031 format: int32 5032 type: integer 5033 successThreshold: 5034 description: Minimum consecutive successes for the probe 5035 to be considered successful after having failed. Defaults 5036 to 1. Must be 1 for liveness and startup. Minimum 5037 value is 1. 5038 format: int32 5039 type: integer 5040 tcpSocket: 5041 description: TCPSocket specifies an action involving 5042 a TCP port. 5043 properties: 5044 host: 5045 description: 'Optional: Host name to connect to, 5046 defaults to the pod IP.' 5047 type: string 5048 port: 5049 anyOf: 5050 - type: integer 5051 - type: string 5052 description: Number or name of the port to access 5053 on the container. Number must be in the range 5054 1 to 65535. Name must be an IANA_SVC_NAME. 5055 x-kubernetes-int-or-string: true 5056 required: 5057 - port 5058 type: object 5059 terminationGracePeriodSeconds: 5060 description: Optional duration in seconds the pod needs 5061 to terminate gracefully upon probe failure. The grace 5062 period is the duration in seconds after the processes 5063 running in the pod are sent a termination signal and 5064 the time when the processes are forcibly halted with 5065 a kill signal. Set this value longer than the expected 5066 cleanup time for your process. If this value is nil, 5067 the pod's terminationGracePeriodSeconds will be used. 5068 Otherwise, this value overrides the value provided 5069 by the pod spec. Value must be non-negative integer. 5070 The value zero indicates stop immediately via the 5071 kill signal (no opportunity to shut down). This is 5072 a beta field and requires enabling ProbeTerminationGracePeriod 5073 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5074 is used if unset. 5075 format: int64 5076 type: integer 5077 timeoutSeconds: 5078 description: 'Number of seconds after which the probe 5079 times out. Defaults to 1 second. Minimum value is 5080 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5081 format: int32 5082 type: integer 5083 type: object 5084 resources: 5085 description: 'Compute Resources required by this container. 5086 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5087 properties: 5088 limits: 5089 additionalProperties: 5090 anyOf: 5091 - type: integer 5092 - type: string 5093 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5094 x-kubernetes-int-or-string: true 5095 description: 'Limits describes the maximum amount of 5096 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5097 type: object 5098 requests: 5099 additionalProperties: 5100 anyOf: 5101 - type: integer 5102 - type: string 5103 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5104 x-kubernetes-int-or-string: true 5105 description: 'Requests describes the minimum amount 5106 of compute resources required. If Requests is omitted 5107 for a container, it defaults to Limits if that is 5108 explicitly specified, otherwise to an implementation-defined 5109 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5110 type: object 5111 type: object 5112 securityContext: 5113 description: 'SecurityContext defines the security options 5114 the container should be run with. If set, the fields of 5115 SecurityContext override the equivalent fields of PodSecurityContext. 5116 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5117 properties: 5118 allowPrivilegeEscalation: 5119 description: 'AllowPrivilegeEscalation controls whether 5120 a process can gain more privileges than its parent 5121 process. This bool directly controls if the no_new_privs 5122 flag will be set on the container process. AllowPrivilegeEscalation 5123 is true always when the container is: 1) run as Privileged 5124 2) has CAP_SYS_ADMIN Note that this field cannot be 5125 set when spec.os.name is windows.' 5126 type: boolean 5127 capabilities: 5128 description: The capabilities to add/drop when running 5129 containers. Defaults to the default set of capabilities 5130 granted by the container runtime. Note that this field 5131 cannot be set when spec.os.name is windows. 5132 properties: 5133 add: 5134 description: Added capabilities 5135 items: 5136 description: Capability represent POSIX capabilities 5137 type 5138 type: string 5139 type: array 5140 drop: 5141 description: Removed capabilities 5142 items: 5143 description: Capability represent POSIX capabilities 5144 type 5145 type: string 5146 type: array 5147 type: object 5148 privileged: 5149 description: Run container in privileged mode. Processes 5150 in privileged containers are essentially equivalent 5151 to root on the host. Defaults to false. Note that 5152 this field cannot be set when spec.os.name is windows. 5153 type: boolean 5154 procMount: 5155 description: procMount denotes the type of proc mount 5156 to use for the containers. The default is DefaultProcMount 5157 which uses the container runtime defaults for readonly 5158 paths and masked paths. This requires the ProcMountType 5159 feature flag to be enabled. Note that this field cannot 5160 be set when spec.os.name is windows. 5161 type: string 5162 readOnlyRootFilesystem: 5163 description: Whether this container has a read-only 5164 root filesystem. Default is false. Note that this 5165 field cannot be set when spec.os.name is windows. 5166 type: boolean 5167 runAsGroup: 5168 description: The GID to run the entrypoint of the container 5169 process. Uses runtime default if unset. May also be 5170 set in PodSecurityContext. If set in both SecurityContext 5171 and PodSecurityContext, the value specified in SecurityContext 5172 takes precedence. Note that this field cannot be set 5173 when spec.os.name is windows. 5174 format: int64 5175 type: integer 5176 runAsNonRoot: 5177 description: Indicates that the container must run as 5178 a non-root user. If true, the Kubelet will validate 5179 the image at runtime to ensure that it does not run 5180 as UID 0 (root) and fail to start the container if 5181 it does. If unset or false, no such validation will 5182 be performed. May also be set in PodSecurityContext. If 5183 set in both SecurityContext and PodSecurityContext, 5184 the value specified in SecurityContext takes precedence. 5185 type: boolean 5186 runAsUser: 5187 description: The UID to run the entrypoint of the container 5188 process. Defaults to user specified in image metadata 5189 if unspecified. May also be set in PodSecurityContext. If 5190 set in both SecurityContext and PodSecurityContext, 5191 the value specified in SecurityContext takes precedence. 5192 Note that this field cannot be set when spec.os.name 5193 is windows. 5194 format: int64 5195 type: integer 5196 seLinuxOptions: 5197 description: The SELinux context to be applied to the 5198 container. If unspecified, the container runtime will 5199 allocate a random SELinux context for each container. May 5200 also be set in PodSecurityContext. If set in both 5201 SecurityContext and PodSecurityContext, the value 5202 specified in SecurityContext takes precedence. Note 5203 that this field cannot be set when spec.os.name is 5204 windows. 5205 properties: 5206 level: 5207 description: Level is SELinux level label that applies 5208 to the container. 5209 type: string 5210 role: 5211 description: Role is a SELinux role label that applies 5212 to the container. 5213 type: string 5214 type: 5215 description: Type is a SELinux type label that applies 5216 to the container. 5217 type: string 5218 user: 5219 description: User is a SELinux user label that applies 5220 to the container. 5221 type: string 5222 type: object 5223 seccompProfile: 5224 description: The seccomp options to use by this container. 5225 If seccomp options are provided at both the pod & 5226 container level, the container options override the 5227 pod options. Note that this field cannot be set when 5228 spec.os.name is windows. 5229 properties: 5230 localhostProfile: 5231 description: localhostProfile indicates a profile 5232 defined in a file on the node should be used. 5233 The profile must be preconfigured on the node 5234 to work. Must be a descending path, relative to 5235 the kubelet's configured seccomp profile location. 5236 Must only be set if type is "Localhost". 5237 type: string 5238 type: 5239 description: "type indicates which kind of seccomp 5240 profile will be applied. Valid options are: \n 5241 Localhost - a profile defined in a file on the 5242 node should be used. RuntimeDefault - the container 5243 runtime default profile should be used. Unconfined 5244 - no profile should be applied." 5245 type: string 5246 required: 5247 - type 5248 type: object 5249 windowsOptions: 5250 description: The Windows specific settings applied to 5251 all containers. If unspecified, the options from the 5252 PodSecurityContext will be used. If set in both SecurityContext 5253 and PodSecurityContext, the value specified in SecurityContext 5254 takes precedence. Note that this field cannot be set 5255 when spec.os.name is linux. 5256 properties: 5257 gmsaCredentialSpec: 5258 description: GMSACredentialSpec is where the GMSA 5259 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5260 inlines the contents of the GMSA credential spec 5261 named by the GMSACredentialSpecName field. 5262 type: string 5263 gmsaCredentialSpecName: 5264 description: GMSACredentialSpecName is the name 5265 of the GMSA credential spec to use. 5266 type: string 5267 hostProcess: 5268 description: HostProcess determines if a container 5269 should be run as a 'Host Process' container. This 5270 field is alpha-level and will only be honored 5271 by components that enable the WindowsHostProcessContainers 5272 feature flag. Setting this field without the feature 5273 flag will result in errors when validating the 5274 Pod. All of a Pod's containers must have the same 5275 effective HostProcess value (it is not allowed 5276 to have a mix of HostProcess containers and non-HostProcess 5277 containers). In addition, if HostProcess is true 5278 then HostNetwork must also be set to true. 5279 type: boolean 5280 runAsUserName: 5281 description: The UserName in Windows to run the 5282 entrypoint of the container process. Defaults 5283 to the user specified in image metadata if unspecified. 5284 May also be set in PodSecurityContext. If set 5285 in both SecurityContext and PodSecurityContext, 5286 the value specified in SecurityContext takes precedence. 5287 type: string 5288 type: object 5289 type: object 5290 startupProbe: 5291 description: 'StartupProbe indicates that the Pod has successfully 5292 initialized. If specified, no other probes are executed 5293 until this completes successfully. If this probe fails, 5294 the Pod will be restarted, just as if the livenessProbe 5295 failed. This can be used to provide different probe parameters 5296 at the beginning of a Pod''s lifecycle, when it might 5297 take a long time to load data or warm a cache, than during 5298 steady-state operation. This cannot be updated. More info: 5299 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5300 properties: 5301 exec: 5302 description: Exec specifies the action to take. 5303 properties: 5304 command: 5305 description: Command is the command line to execute 5306 inside the container, the working directory for 5307 the command is root ('/') in the container's 5308 filesystem. The command is simply exec'd, it is 5309 not run inside a shell, so traditional shell instructions 5310 ('|', etc) won't work. To use a shell, you need 5311 to explicitly call out to that shell. Exit status 5312 of 0 is treated as live/healthy and non-zero is 5313 unhealthy. 5314 items: 5315 type: string 5316 type: array 5317 type: object 5318 failureThreshold: 5319 description: Minimum consecutive failures for the probe 5320 to be considered failed after having succeeded. Defaults 5321 to 3. Minimum value is 1. 5322 format: int32 5323 type: integer 5324 grpc: 5325 description: GRPC specifies an action involving a GRPC 5326 port. This is a beta field and requires enabling GRPCContainerProbe 5327 feature gate. 5328 properties: 5329 port: 5330 description: Port number of the gRPC service. Number 5331 must be in the range 1 to 65535. 5332 format: int32 5333 type: integer 5334 service: 5335 description: "Service is the name of the service 5336 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5337 \n If this is not specified, the default behavior 5338 is defined by gRPC." 5339 type: string 5340 required: 5341 - port 5342 type: object 5343 httpGet: 5344 description: HTTPGet specifies the http request to perform. 5345 properties: 5346 host: 5347 description: Host name to connect to, defaults to 5348 the pod IP. You probably want to set "Host" in 5349 httpHeaders instead. 5350 type: string 5351 httpHeaders: 5352 description: Custom headers to set in the request. 5353 HTTP allows repeated headers. 5354 items: 5355 description: HTTPHeader describes a custom header 5356 to be used in HTTP probes 5357 properties: 5358 name: 5359 description: The header field name 5360 type: string 5361 value: 5362 description: The header field value 5363 type: string 5364 required: 5365 - name 5366 - value 5367 type: object 5368 type: array 5369 path: 5370 description: Path to access on the HTTP server. 5371 type: string 5372 port: 5373 anyOf: 5374 - type: integer 5375 - type: string 5376 description: Name or number of the port to access 5377 on the container. Number must be in the range 5378 1 to 65535. Name must be an IANA_SVC_NAME. 5379 x-kubernetes-int-or-string: true 5380 scheme: 5381 description: Scheme to use for connecting to the 5382 host. Defaults to HTTP. 5383 type: string 5384 required: 5385 - port 5386 type: object 5387 initialDelaySeconds: 5388 description: 'Number of seconds after the container 5389 has started before liveness probes are initiated. 5390 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5391 format: int32 5392 type: integer 5393 periodSeconds: 5394 description: How often (in seconds) to perform the probe. 5395 Default to 10 seconds. Minimum value is 1. 5396 format: int32 5397 type: integer 5398 successThreshold: 5399 description: Minimum consecutive successes for the probe 5400 to be considered successful after having failed. Defaults 5401 to 1. Must be 1 for liveness and startup. Minimum 5402 value is 1. 5403 format: int32 5404 type: integer 5405 tcpSocket: 5406 description: TCPSocket specifies an action involving 5407 a TCP port. 5408 properties: 5409 host: 5410 description: 'Optional: Host name to connect to, 5411 defaults to the pod IP.' 5412 type: string 5413 port: 5414 anyOf: 5415 - type: integer 5416 - type: string 5417 description: Number or name of the port to access 5418 on the container. Number must be in the range 5419 1 to 65535. Name must be an IANA_SVC_NAME. 5420 x-kubernetes-int-or-string: true 5421 required: 5422 - port 5423 type: object 5424 terminationGracePeriodSeconds: 5425 description: Optional duration in seconds the pod needs 5426 to terminate gracefully upon probe failure. The grace 5427 period is the duration in seconds after the processes 5428 running in the pod are sent a termination signal and 5429 the time when the processes are forcibly halted with 5430 a kill signal. Set this value longer than the expected 5431 cleanup time for your process. If this value is nil, 5432 the pod's terminationGracePeriodSeconds will be used. 5433 Otherwise, this value overrides the value provided 5434 by the pod spec. Value must be non-negative integer. 5435 The value zero indicates stop immediately via the 5436 kill signal (no opportunity to shut down). This is 5437 a beta field and requires enabling ProbeTerminationGracePeriod 5438 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5439 is used if unset. 5440 format: int64 5441 type: integer 5442 timeoutSeconds: 5443 description: 'Number of seconds after which the probe 5444 times out. Defaults to 1 second. Minimum value is 5445 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5446 format: int32 5447 type: integer 5448 type: object 5449 stdin: 5450 description: Whether this container should allocate a buffer 5451 for stdin in the container runtime. If this is not set, 5452 reads from stdin in the container will always result in 5453 EOF. Default is false. 5454 type: boolean 5455 stdinOnce: 5456 description: Whether the container runtime should close 5457 the stdin channel after it has been opened by a single 5458 attach. When stdin is true the stdin stream will remain 5459 open across multiple attach sessions. If stdinOnce is 5460 set to true, stdin is opened on container start, is empty 5461 until the first client attaches to stdin, and then remains 5462 open and accepts data until the client disconnects, at 5463 which time stdin is closed and remains closed until the 5464 container is restarted. If this flag is false, a container 5465 processes that reads from stdin will never receive an 5466 EOF. Default is false 5467 type: boolean 5468 terminationMessagePath: 5469 description: 'Optional: Path at which the file to which 5470 the container''s termination message will be written is 5471 mounted into the container''s filesystem. Message written 5472 is intended to be brief final status, such as an assertion 5473 failure message. Will be truncated by the node if greater 5474 than 4096 bytes. The total message length across all containers 5475 will be limited to 12kb. Defaults to /dev/termination-log. 5476 Cannot be updated.' 5477 type: string 5478 terminationMessagePolicy: 5479 description: Indicate how the termination message should 5480 be populated. File will use the contents of terminationMessagePath 5481 to populate the container status message on both success 5482 and failure. FallbackToLogsOnError will use the last chunk 5483 of container log output if the termination message file 5484 is empty and the container exited with an error. The log 5485 output is limited to 2048 bytes or 80 lines, whichever 5486 is smaller. Defaults to File. Cannot be updated. 5487 type: string 5488 tty: 5489 description: Whether this container should allocate a TTY 5490 for itself, also requires 'stdin' to be true. Default 5491 is false. 5492 type: boolean 5493 volumeDevices: 5494 description: volumeDevices is the list of block devices 5495 to be used by the container. 5496 items: 5497 description: volumeDevice describes a mapping of a raw 5498 block device within a container. 5499 properties: 5500 devicePath: 5501 description: devicePath is the path inside of the 5502 container that the device will be mapped to. 5503 type: string 5504 name: 5505 description: name must match the name of a persistentVolumeClaim 5506 in the pod 5507 type: string 5508 required: 5509 - devicePath 5510 - name 5511 type: object 5512 type: array 5513 volumeMounts: 5514 description: Pod volumes to mount into the container's filesystem. 5515 Cannot be updated. 5516 items: 5517 description: VolumeMount describes a mounting of a Volume 5518 within a container. 5519 properties: 5520 mountPath: 5521 description: Path within the container at which the 5522 volume should be mounted. Must not contain ':'. 5523 type: string 5524 mountPropagation: 5525 description: mountPropagation determines how mounts 5526 are propagated from the host to container and the 5527 other way around. When not set, MountPropagationNone 5528 is used. This field is beta in 1.10. 5529 type: string 5530 name: 5531 description: This must match the Name of a Volume. 5532 type: string 5533 readOnly: 5534 description: Mounted read-only if true, read-write 5535 otherwise (false or unspecified). Defaults to false. 5536 type: boolean 5537 subPath: 5538 description: Path within the volume from which the 5539 container's volume should be mounted. Defaults to 5540 "" (volume's root). 5541 type: string 5542 subPathExpr: 5543 description: Expanded path within the volume from 5544 which the container's volume should be mounted. 5545 Behaves similarly to SubPath but environment variable 5546 references $(VAR_NAME) are expanded using the container's 5547 environment. Defaults to "" (volume's root). SubPathExpr 5548 and SubPath are mutually exclusive. 5549 type: string 5550 required: 5551 - mountPath 5552 - name 5553 type: object 5554 type: array 5555 workingDir: 5556 description: Container's working directory. If not specified, 5557 the container runtime's default will be used, which might 5558 be configured in the container image. Cannot be updated. 5559 type: string 5560 required: 5561 - name 5562 type: object 5563 type: array 5564 nodeSelector: 5565 additionalProperties: 5566 type: string 5567 type: object 5568 podAnnotations: 5569 additionalProperties: 5570 type: string 5571 type: object 5572 port: 5573 format: int32 5574 type: integer 5575 priorityClassName: 5576 type: string 5577 replicas: 5578 format: int32 5579 type: integer 5580 resources: 5581 description: ResourceRequirements describes the compute resource 5582 requirements. 5583 properties: 5584 limits: 5585 additionalProperties: 5586 anyOf: 5587 - type: integer 5588 - type: string 5589 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5590 x-kubernetes-int-or-string: true 5591 description: 'Limits describes the maximum amount of compute 5592 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5593 type: object 5594 requests: 5595 additionalProperties: 5596 anyOf: 5597 - type: integer 5598 - type: string 5599 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5600 x-kubernetes-int-or-string: true 5601 description: 'Requests describes the minimum amount of compute 5602 resources required. If Requests is omitted for a container, 5603 it defaults to Limits if that is explicitly specified, otherwise 5604 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5605 type: object 5606 type: object 5607 securityContext: 5608 description: PodSecurityContext holds pod-level security attributes 5609 and common container settings. Some fields are also present 5610 in container.securityContext. Field values of container.securityContext 5611 take precedence over field values of PodSecurityContext. 5612 properties: 5613 fsGroup: 5614 description: "A special supplemental group that applies to 5615 all containers in a pod. Some volume types allow the Kubelet 5616 to change the ownership of that volume to be owned by the 5617 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 5618 bit is set (new files created in the volume will be owned 5619 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 5620 \n If unset, the Kubelet will not modify the ownership and 5621 permissions of any volume. Note that this field cannot be 5622 set when spec.os.name is windows." 5623 format: int64 5624 type: integer 5625 fsGroupChangePolicy: 5626 description: 'fsGroupChangePolicy defines behavior of changing 5627 ownership and permission of the volume before being exposed 5628 inside Pod. This field will only apply to volume types which 5629 support fsGroup based ownership(and permissions). It will 5630 have no effect on ephemeral volume types such as: secret, 5631 configmaps and emptydir. Valid values are "OnRootMismatch" 5632 and "Always". If not specified, "Always" is used. Note that 5633 this field cannot be set when spec.os.name is windows.' 5634 type: string 5635 runAsGroup: 5636 description: The GID to run the entrypoint of the container 5637 process. Uses runtime default if unset. May also be set 5638 in SecurityContext. If set in both SecurityContext and 5639 PodSecurityContext, the value specified in SecurityContext 5640 takes precedence for that container. Note that this field 5641 cannot be set when spec.os.name is windows. 5642 format: int64 5643 type: integer 5644 runAsNonRoot: 5645 description: Indicates that the container must run as a non-root 5646 user. If true, the Kubelet will validate the image at runtime 5647 to ensure that it does not run as UID 0 (root) and fail 5648 to start the container if it does. If unset or false, no 5649 such validation will be performed. May also be set in SecurityContext. If 5650 set in both SecurityContext and PodSecurityContext, the 5651 value specified in SecurityContext takes precedence. 5652 type: boolean 5653 runAsUser: 5654 description: The UID to run the entrypoint of the container 5655 process. Defaults to user specified in image metadata if 5656 unspecified. May also be set in SecurityContext. If set 5657 in both SecurityContext and PodSecurityContext, the value 5658 specified in SecurityContext takes precedence for that container. 5659 Note that this field cannot be set when spec.os.name is 5660 windows. 5661 format: int64 5662 type: integer 5663 seLinuxOptions: 5664 description: The SELinux context to be applied to all containers. 5665 If unspecified, the container runtime will allocate a random 5666 SELinux context for each container. May also be set in 5667 SecurityContext. If set in both SecurityContext and PodSecurityContext, 5668 the value specified in SecurityContext takes precedence 5669 for that container. Note that this field cannot be set when 5670 spec.os.name is windows. 5671 properties: 5672 level: 5673 description: Level is SELinux level label that applies 5674 to the container. 5675 type: string 5676 role: 5677 description: Role is a SELinux role label that applies 5678 to the container. 5679 type: string 5680 type: 5681 description: Type is a SELinux type label that applies 5682 to the container. 5683 type: string 5684 user: 5685 description: User is a SELinux user label that applies 5686 to the container. 5687 type: string 5688 type: object 5689 seccompProfile: 5690 description: The seccomp options to use by the containers 5691 in this pod. Note that this field cannot be set when spec.os.name 5692 is windows. 5693 properties: 5694 localhostProfile: 5695 description: localhostProfile indicates a profile defined 5696 in a file on the node should be used. The profile must 5697 be preconfigured on the node to work. Must be a descending 5698 path, relative to the kubelet's configured seccomp profile 5699 location. Must only be set if type is "Localhost". 5700 type: string 5701 type: 5702 description: "type indicates which kind of seccomp profile 5703 will be applied. Valid options are: \n Localhost - a 5704 profile defined in a file on the node should be used. 5705 RuntimeDefault - the container runtime default profile 5706 should be used. Unconfined - no profile should be applied." 5707 type: string 5708 required: 5709 - type 5710 type: object 5711 supplementalGroups: 5712 description: A list of groups applied to the first process 5713 run in each container, in addition to the container's primary 5714 GID. If unspecified, no groups will be added to any container. 5715 Note that this field cannot be set when spec.os.name is 5716 windows. 5717 items: 5718 format: int64 5719 type: integer 5720 type: array 5721 sysctls: 5722 description: Sysctls hold a list of namespaced sysctls used 5723 for the pod. Pods with unsupported sysctls (by the container 5724 runtime) might fail to launch. Note that this field cannot 5725 be set when spec.os.name is windows. 5726 items: 5727 description: Sysctl defines a kernel parameter to be set 5728 properties: 5729 name: 5730 description: Name of a property to set 5731 type: string 5732 value: 5733 description: Value of a property to set 5734 type: string 5735 required: 5736 - name 5737 - value 5738 type: object 5739 type: array 5740 windowsOptions: 5741 description: The Windows specific settings applied to all 5742 containers. If unspecified, the options within a container's 5743 SecurityContext will be used. If set in both SecurityContext 5744 and PodSecurityContext, the value specified in SecurityContext 5745 takes precedence. Note that this field cannot be set when 5746 spec.os.name is linux. 5747 properties: 5748 gmsaCredentialSpec: 5749 description: GMSACredentialSpec is where the GMSA admission 5750 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5751 inlines the contents of the GMSA credential spec named 5752 by the GMSACredentialSpecName field. 5753 type: string 5754 gmsaCredentialSpecName: 5755 description: GMSACredentialSpecName is the name of the 5756 GMSA credential spec to use. 5757 type: string 5758 hostProcess: 5759 description: HostProcess determines if a container should 5760 be run as a 'Host Process' container. This field is 5761 alpha-level and will only be honored by components that 5762 enable the WindowsHostProcessContainers feature flag. 5763 Setting this field without the feature flag will result 5764 in errors when validating the Pod. All of a Pod's containers 5765 must have the same effective HostProcess value (it is 5766 not allowed to have a mix of HostProcess containers 5767 and non-HostProcess containers). In addition, if HostProcess 5768 is true then HostNetwork must also be set to true. 5769 type: boolean 5770 runAsUserName: 5771 description: The UserName in Windows to run the entrypoint 5772 of the container process. Defaults to the user specified 5773 in image metadata if unspecified. May also be set in 5774 PodSecurityContext. If set in both SecurityContext and 5775 PodSecurityContext, the value specified in SecurityContext 5776 takes precedence. 5777 type: string 5778 type: object 5779 type: object 5780 serviceAccountName: 5781 type: string 5782 serviceAnnotations: 5783 additionalProperties: 5784 type: string 5785 type: object 5786 shutdownConfigMap: 5787 type: string 5788 startupConfigMap: 5789 type: string 5790 storage: 5791 description: RedisStorage defines the structure used to store 5792 the Redis Data 5793 properties: 5794 emptyDir: 5795 description: Represents an empty directory for a pod. Empty 5796 directory volumes support ownership management and SELinux 5797 relabeling. 5798 properties: 5799 medium: 5800 description: 'medium represents what type of storage medium 5801 should back this directory. The default is "" which 5802 means to use the node''s default medium. Must be an 5803 empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 5804 type: string 5805 sizeLimit: 5806 anyOf: 5807 - type: integer 5808 - type: string 5809 description: 'sizeLimit is the total amount of local storage 5810 required for this EmptyDir volume. The size limit is 5811 also applicable for memory medium. The maximum usage 5812 on memory medium EmptyDir would be the minimum value 5813 between the SizeLimit specified here and the sum of 5814 memory limits of all containers in a pod. The default 5815 is nil which means that the limit is undefined. More 5816 info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 5817 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5818 x-kubernetes-int-or-string: true 5819 type: object 5820 keepAfterDeletion: 5821 type: boolean 5822 persistentVolumeClaim: 5823 description: EmbeddedPersistentVolumeClaim is an embedded 5824 version of k8s.io/api/core/v1.PersistentVolumeClaim. It 5825 contains TypeMeta and a reduced ObjectMeta. 5826 properties: 5827 apiVersion: 5828 description: 'APIVersion defines the versioned schema 5829 of this representation of an object. Servers should 5830 convert recognized schemas to the latest internal value, 5831 and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 5832 type: string 5833 kind: 5834 description: 'Kind is a string value representing the 5835 REST resource this object represents. Servers may infer 5836 this from the endpoint the client submits requests to. 5837 Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 5838 type: string 5839 metadata: 5840 description: EmbeddedMetadata contains metadata relevant 5841 to an EmbeddedResource. 5842 properties: 5843 annotations: 5844 additionalProperties: 5845 type: string 5846 description: 'Annotations is an unstructured key value 5847 map stored with a resource that may be set by external 5848 tools to store and retrieve arbitrary metadata. 5849 They are not queryable and should be preserved when 5850 modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 5851 type: object 5852 labels: 5853 additionalProperties: 5854 type: string 5855 description: 'Map of string keys and values that can 5856 be used to organize and categorize (scope and select) 5857 objects. May match selectors of replication controllers 5858 and services. More info: http://kubernetes.io/docs/user-guide/labels' 5859 type: object 5860 name: 5861 description: 'Name must be unique within a namespace. 5862 Is required when creating resources, although some 5863 resources may allow a client to request the generation 5864 of an appropriate name automatically. Name is primarily 5865 intended for creation idempotence and configuration 5866 definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 5867 type: string 5868 type: object 5869 spec: 5870 description: 'Spec defines the desired characteristics 5871 of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 5872 properties: 5873 accessModes: 5874 description: 'accessModes contains the desired access 5875 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 5876 items: 5877 type: string 5878 type: array 5879 dataSource: 5880 description: 'dataSource field can be used to specify 5881 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 5882 * An existing PVC (PersistentVolumeClaim) If the 5883 provisioner or an external controller can support 5884 the specified data source, it will create a new 5885 volume based on the contents of the specified data 5886 source. If the AnyVolumeDataSource feature gate 5887 is enabled, this field will always have the same 5888 contents as the DataSourceRef field.' 5889 properties: 5890 apiGroup: 5891 description: APIGroup is the group for the resource 5892 being referenced. If APIGroup is not specified, 5893 the specified Kind must be in the core API group. 5894 For any other third-party types, APIGroup is 5895 required. 5896 type: string 5897 kind: 5898 description: Kind is the type of resource being 5899 referenced 5900 type: string 5901 name: 5902 description: Name is the name of resource being 5903 referenced 5904 type: string 5905 required: 5906 - kind 5907 - name 5908 type: object 5909 dataSourceRef: 5910 description: 'dataSourceRef specifies the object from 5911 which to populate the volume with data, if a non-empty 5912 volume is desired. This may be any local object 5913 from a non-empty API group (non core object) or 5914 a PersistentVolumeClaim object. When this field 5915 is specified, volume binding will only succeed if 5916 the type of the specified object matches some installed 5917 volume populator or dynamic provisioner. This field 5918 will replace the functionality of the DataSource 5919 field and as such if both fields are non-empty, 5920 they must have the same value. For backwards compatibility, 5921 both fields (DataSource and DataSourceRef) will 5922 be set to the same value automatically if one of 5923 them is empty and the other is non-empty. There 5924 are two important differences between DataSource 5925 and DataSourceRef: * While DataSource only allows 5926 two specific types of objects, DataSourceRef allows 5927 any non-core object, as well as PersistentVolumeClaim 5928 objects. * While DataSource ignores disallowed values 5929 (dropping them), DataSourceRef preserves all values, 5930 and generates an error if a disallowed value is specified. 5931 (Beta) Using this field requires the AnyVolumeDataSource 5932 feature gate to be enabled.' 5933 properties: 5934 apiGroup: 5935 description: APIGroup is the group for the resource 5936 being referenced. If APIGroup is not specified, 5937 the specified Kind must be in the core API group. 5938 For any other third-party types, APIGroup is 5939 required. 5940 type: string 5941 kind: 5942 description: Kind is the type of resource being 5943 referenced 5944 type: string 5945 name: 5946 description: Name is the name of resource being 5947 referenced 5948 type: string 5949 required: 5950 - kind 5951 - name 5952 type: object 5953 resources: 5954 description: 'resources represents the minimum resources 5955 the volume should have. If RecoverVolumeExpansionFailure 5956 feature is enabled users are allowed to specify 5957 resource requirements that are lower than previous 5958 value but must still be higher than capacity recorded 5959 in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 5960 properties: 5961 limits: 5962 additionalProperties: 5963 anyOf: 5964 - type: integer 5965 - type: string 5966 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5967 x-kubernetes-int-or-string: true 5968 description: 'Limits describes the maximum amount 5969 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5970 type: object 5971 requests: 5972 additionalProperties: 5973 anyOf: 5974 - type: integer 5975 - type: string 5976 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5977 x-kubernetes-int-or-string: true 5978 description: 'Requests describes the minimum amount 5979 of compute resources required. If Requests is 5980 omitted for a container, it defaults to Limits 5981 if that is explicitly specified, otherwise to 5982 an implementation-defined value. More info: 5983 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5984 type: object 5985 type: object 5986 selector: 5987 description: selector is a label query over volumes 5988 to consider for binding. 5989 properties: 5990 matchExpressions: 5991 description: matchExpressions is a list of label 5992 selector requirements. The requirements are 5993 ANDed. 5994 items: 5995 description: A label selector requirement is 5996 a selector that contains values, a key, and 5997 an operator that relates the key and values. 5998 properties: 5999 key: 6000 description: key is the label key that the 6001 selector applies to. 6002 type: string 6003 operator: 6004 description: operator represents a key's 6005 relationship to a set of values. Valid 6006 operators are In, NotIn, Exists and DoesNotExist. 6007 type: string 6008 values: 6009 description: values is an array of string 6010 values. If the operator is In or NotIn, 6011 the values array must be non-empty. If 6012 the operator is Exists or DoesNotExist, 6013 the values array must be empty. This array 6014 is replaced during a strategic merge patch. 6015 items: 6016 type: string 6017 type: array 6018 required: 6019 - key 6020 - operator 6021 type: object 6022 type: array 6023 matchLabels: 6024 additionalProperties: 6025 type: string 6026 description: matchLabels is a map of {key,value} 6027 pairs. A single {key,value} in the matchLabels 6028 map is equivalent to an element of matchExpressions, 6029 whose key field is "key", the operator is "In", 6030 and the values array contains only "value". 6031 The requirements are ANDed. 6032 type: object 6033 type: object 6034 storageClassName: 6035 description: 'storageClassName is the name of the 6036 StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6037 type: string 6038 volumeMode: 6039 description: volumeMode defines what type of volume 6040 is required by the claim. Value of Filesystem is 6041 implied when not included in claim spec. 6042 type: string 6043 volumeName: 6044 description: volumeName is the binding reference to 6045 the PersistentVolume backing this claim. 6046 type: string 6047 type: object 6048 status: 6049 description: 'Status represents the current information/status 6050 of a persistent volume claim. Read-only. More info: 6051 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6052 properties: 6053 accessModes: 6054 description: 'accessModes contains the actual access 6055 modes the volume backing the PVC has. More info: 6056 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6057 items: 6058 type: string 6059 type: array 6060 allocatedResources: 6061 additionalProperties: 6062 anyOf: 6063 - type: integer 6064 - type: string 6065 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6066 x-kubernetes-int-or-string: true 6067 description: allocatedResources is the storage resource 6068 within AllocatedResources tracks the capacity allocated 6069 to a PVC. It may be larger than the actual capacity 6070 when a volume expansion operation is requested. 6071 For storage quota, the larger value from allocatedResources 6072 and PVC.spec.resources is used. If allocatedResources 6073 is not set, PVC.spec.resources alone is used for 6074 quota calculation. If a volume expansion capacity 6075 request is lowered, allocatedResources is only lowered 6076 if there are no expansion operations in progress 6077 and if the actual volume capacity is equal or lower 6078 than the requested capacity. This is an alpha field 6079 and requires enabling RecoverVolumeExpansionFailure 6080 feature. 6081 type: object 6082 capacity: 6083 additionalProperties: 6084 anyOf: 6085 - type: integer 6086 - type: string 6087 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6088 x-kubernetes-int-or-string: true 6089 description: capacity represents the actual resources 6090 of the underlying volume. 6091 type: object 6092 conditions: 6093 description: conditions is the current Condition of 6094 persistent volume claim. If underlying persistent 6095 volume is being resized then the Condition will 6096 be set to 'ResizeStarted'. 6097 items: 6098 description: PersistentVolumeClaimCondition contails 6099 details about state of pvc 6100 properties: 6101 lastProbeTime: 6102 description: lastProbeTime is the time we probed 6103 the condition. 6104 format: date-time 6105 type: string 6106 lastTransitionTime: 6107 description: lastTransitionTime is the time 6108 the condition transitioned from one status 6109 to another. 6110 format: date-time 6111 type: string 6112 message: 6113 description: message is the human-readable message 6114 indicating details about last transition. 6115 type: string 6116 reason: 6117 description: reason is a unique, this should 6118 be a short, machine understandable string 6119 that gives the reason for condition's last 6120 transition. If it reports "ResizeStarted" 6121 that means the underlying persistent volume 6122 is being resized. 6123 type: string 6124 status: 6125 type: string 6126 type: 6127 description: PersistentVolumeClaimConditionType 6128 is a valid value of PersistentVolumeClaimCondition.Type 6129 type: string 6130 required: 6131 - status 6132 - type 6133 type: object 6134 type: array 6135 phase: 6136 description: phase represents the current phase of 6137 PersistentVolumeClaim. 6138 type: string 6139 resizeStatus: 6140 description: resizeStatus stores status of resize 6141 operation. ResizeStatus is not set by default but 6142 when expansion is complete resizeStatus is set to 6143 empty string by resize controller or kubelet. This 6144 is an alpha field and requires enabling RecoverVolumeExpansionFailure 6145 feature. 6146 type: string 6147 type: object 6148 type: object 6149 type: object 6150 terminationGracePeriod: 6151 format: int64 6152 type: integer 6153 tolerations: 6154 items: 6155 description: The pod this Toleration is attached to tolerates 6156 any taint that matches the triple <key,value,effect> using 6157 the matching operator <operator>. 6158 properties: 6159 effect: 6160 description: Effect indicates the taint effect to match. 6161 Empty means match all taint effects. When specified, allowed 6162 values are NoSchedule, PreferNoSchedule and NoExecute. 6163 type: string 6164 key: 6165 description: Key is the taint key that the toleration applies 6166 to. Empty means match all taint keys. If the key is empty, 6167 operator must be Exists; this combination means to match 6168 all values and all keys. 6169 type: string 6170 operator: 6171 description: Operator represents a key's relationship to 6172 the value. Valid operators are Exists and Equal. Defaults 6173 to Equal. Exists is equivalent to wildcard for value, 6174 so that a pod can tolerate all taints of a particular 6175 category. 6176 type: string 6177 tolerationSeconds: 6178 description: TolerationSeconds represents the period of 6179 time the toleration (which must be of effect NoExecute, 6180 otherwise this field is ignored) tolerates the taint. 6181 By default, it is not set, which means tolerate the taint 6182 forever (do not evict). Zero and negative values will 6183 be treated as 0 (evict immediately) by the system. 6184 format: int64 6185 type: integer 6186 value: 6187 description: Value is the taint value the toleration matches 6188 to. If the operator is Exists, the value should be empty, 6189 otherwise just a regular string. 6190 type: string 6191 type: object 6192 type: array 6193 topologySpreadConstraints: 6194 items: 6195 description: TopologySpreadConstraint specifies how to spread 6196 matching pods among the given topology. 6197 properties: 6198 labelSelector: 6199 description: LabelSelector is used to find matching pods. 6200 Pods that match this label selector are counted to determine 6201 the number of pods in their corresponding topology domain. 6202 properties: 6203 matchExpressions: 6204 description: matchExpressions is a list of label selector 6205 requirements. The requirements are ANDed. 6206 items: 6207 description: A label selector requirement is a selector 6208 that contains values, a key, and an operator that 6209 relates the key and values. 6210 properties: 6211 key: 6212 description: key is the label key that the selector 6213 applies to. 6214 type: string 6215 operator: 6216 description: operator represents a key's relationship 6217 to a set of values. Valid operators are In, 6218 NotIn, Exists and DoesNotExist. 6219 type: string 6220 values: 6221 description: values is an array of string values. 6222 If the operator is In or NotIn, the values array 6223 must be non-empty. If the operator is Exists 6224 or DoesNotExist, the values array must be empty. 6225 This array is replaced during a strategic merge 6226 patch. 6227 items: 6228 type: string 6229 type: array 6230 required: 6231 - key 6232 - operator 6233 type: object 6234 type: array 6235 matchLabels: 6236 additionalProperties: 6237 type: string 6238 description: matchLabels is a map of {key,value} pairs. 6239 A single {key,value} in the matchLabels map is equivalent 6240 to an element of matchExpressions, whose key field 6241 is "key", the operator is "In", and the values array 6242 contains only "value". The requirements are ANDed. 6243 type: object 6244 type: object 6245 maxSkew: 6246 description: 'MaxSkew describes the degree to which pods 6247 may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 6248 it is the maximum permitted difference between the number 6249 of matching pods in the target topology and the global 6250 minimum. The global minimum is the minimum number of matching 6251 pods in an eligible domain or zero if the number of eligible 6252 domains is less than MinDomains. For example, in a 3-zone 6253 cluster, MaxSkew is set to 1, and pods with the same labelSelector 6254 spread as 2/2/1: In this case, the global minimum is 1. 6255 | zone1 | zone2 | zone3 | | P P | P P | P | - 6256 if MaxSkew is 1, incoming pod can only be scheduled to 6257 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 6258 would make the ActualSkew(3-1) on zone1(zone2) violate 6259 MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled 6260 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 6261 it is used to give higher precedence to topologies that 6262 satisfy it. It''s a required field. Default value is 1 6263 and 0 is not allowed.' 6264 format: int32 6265 type: integer 6266 minDomains: 6267 description: "MinDomains indicates a minimum number of eligible 6268 domains. When the number of eligible domains with matching 6269 topology keys is less than minDomains, Pod Topology Spread 6270 treats \"global minimum\" as 0, and then the calculation 6271 of Skew is performed. And when the number of eligible 6272 domains with matching topology keys equals or greater 6273 than minDomains, this value has no effect on scheduling. 6274 As a result, when the number of eligible domains is less 6275 than minDomains, scheduler won't schedule more than maxSkew 6276 Pods to those domains. If value is nil, the constraint 6277 behaves as if MinDomains is equal to 1. Valid values are 6278 integers greater than 0. When value is not nil, WhenUnsatisfiable 6279 must be DoNotSchedule. \n For example, in a 3-zone cluster, 6280 MaxSkew is set to 2, MinDomains is set to 5 and pods with 6281 the same labelSelector spread as 2/2/2: | zone1 | zone2 6282 | zone3 | | P P | P P | P P | The number of domains 6283 is less than 5(MinDomains), so \"global minimum\" is treated 6284 as 0. In this situation, new pod with the same labelSelector 6285 cannot be scheduled, because computed skew will be 3(3 6286 - 0) if new Pod is scheduled to any of the three zones, 6287 it will violate MaxSkew. \n This is an alpha field and 6288 requires enabling MinDomainsInPodTopologySpread feature 6289 gate." 6290 format: int32 6291 type: integer 6292 topologyKey: 6293 description: TopologyKey is the key of node labels. Nodes 6294 that have a label with this key and identical values are 6295 considered to be in the same topology. We consider each 6296 <key, value> as a "bucket", and try to put balanced number 6297 of pods into each bucket. We define a domain as a particular 6298 instance of a topology. Also, we define an eligible domain 6299 as a domain whose nodes match the node selector. e.g. 6300 If TopologyKey is "kubernetes.io/hostname", each Node 6301 is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", 6302 each zone is a domain of that topology. It's a required 6303 field. 6304 type: string 6305 whenUnsatisfiable: 6306 description: 'WhenUnsatisfiable indicates how to deal with 6307 a pod if it doesn''t satisfy the spread constraint. - 6308 DoNotSchedule (default) tells the scheduler not to schedule 6309 it. - ScheduleAnyway tells the scheduler to schedule the 6310 pod in any location, but giving higher precedence to 6311 topologies that would help reduce the skew. A constraint 6312 is considered "Unsatisfiable" for an incoming pod if and 6313 only if every possible node assignment for that pod would 6314 violate "MaxSkew" on some topology. For example, in a 6315 3-zone cluster, MaxSkew is set to 1, and pods with the 6316 same labelSelector spread as 3/1/1: | zone1 | zone2 | 6317 zone3 | | P P P | P | P | If WhenUnsatisfiable 6318 is set to DoNotSchedule, incoming pod can only be scheduled 6319 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 6320 on zone2(zone3) satisfies MaxSkew(1). In other words, 6321 the cluster can still be imbalanced, but scheduler won''t 6322 make it *more* imbalanced. It''s a required field.' 6323 type: string 6324 required: 6325 - maxSkew 6326 - topologyKey 6327 - whenUnsatisfiable 6328 type: object 6329 type: array 6330 type: object 6331 sentinel: 6332 description: SentinelSettings defines the specification of the sentinel 6333 cluster 6334 properties: 6335 affinity: 6336 description: Affinity is a group of affinity scheduling rules. 6337 properties: 6338 nodeAffinity: 6339 description: Describes node affinity scheduling rules for 6340 the pod. 6341 properties: 6342 preferredDuringSchedulingIgnoredDuringExecution: 6343 description: The scheduler will prefer to schedule pods 6344 to nodes that satisfy the affinity expressions specified 6345 by this field, but it may choose a node that violates 6346 one or more of the expressions. The node that is most 6347 preferred is the one with the greatest sum of weights, 6348 i.e. for each node that meets all of the scheduling 6349 requirements (resource request, requiredDuringScheduling 6350 affinity expressions, etc.), compute a sum by iterating 6351 through the elements of this field and adding "weight" 6352 to the sum if the node matches the corresponding matchExpressions; 6353 the node(s) with the highest sum are the most preferred. 6354 items: 6355 description: An empty preferred scheduling term matches 6356 all objects with implicit weight 0 (i.e. it's a no-op). 6357 A null preferred scheduling term matches no objects 6358 (i.e. is also a no-op). 6359 properties: 6360 preference: 6361 description: A node selector term, associated with 6362 the corresponding weight. 6363 properties: 6364 matchExpressions: 6365 description: A list of node selector requirements 6366 by node's labels. 6367 items: 6368 description: A node selector requirement is 6369 a selector that contains values, a key, 6370 and an operator that relates the key and 6371 values. 6372 properties: 6373 key: 6374 description: The label key that the selector 6375 applies to. 6376 type: string 6377 operator: 6378 description: Represents a key's relationship 6379 to a set of values. Valid operators 6380 are In, NotIn, Exists, DoesNotExist. 6381 Gt, and Lt. 6382 type: string 6383 values: 6384 description: An array of string values. 6385 If the operator is In or NotIn, the 6386 values array must be non-empty. If the 6387 operator is Exists or DoesNotExist, 6388 the values array must be empty. If the 6389 operator is Gt or Lt, the values array 6390 must have a single element, which will 6391 be interpreted as an integer. This array 6392 is replaced during a strategic merge 6393 patch. 6394 items: 6395 type: string 6396 type: array 6397 required: 6398 - key 6399 - operator 6400 type: object 6401 type: array 6402 matchFields: 6403 description: A list of node selector requirements 6404 by node's fields. 6405 items: 6406 description: A node selector requirement is 6407 a selector that contains values, a key, 6408 and an operator that relates the key and 6409 values. 6410 properties: 6411 key: 6412 description: The label key that the selector 6413 applies to. 6414 type: string 6415 operator: 6416 description: Represents a key's relationship 6417 to a set of values. Valid operators 6418 are In, NotIn, Exists, DoesNotExist. 6419 Gt, and Lt. 6420 type: string 6421 values: 6422 description: An array of string values. 6423 If the operator is In or NotIn, the 6424 values array must be non-empty. If the 6425 operator is Exists or DoesNotExist, 6426 the values array must be empty. If the 6427 operator is Gt or Lt, the values array 6428 must have a single element, which will 6429 be interpreted as an integer. This array 6430 is replaced during a strategic merge 6431 patch. 6432 items: 6433 type: string 6434 type: array 6435 required: 6436 - key 6437 - operator 6438 type: object 6439 type: array 6440 type: object 6441 weight: 6442 description: Weight associated with matching the 6443 corresponding nodeSelectorTerm, in the range 1-100. 6444 format: int32 6445 type: integer 6446 required: 6447 - preference 6448 - weight 6449 type: object 6450 type: array 6451 requiredDuringSchedulingIgnoredDuringExecution: 6452 description: If the affinity requirements specified by 6453 this field are not met at scheduling time, the pod will 6454 not be scheduled onto the node. If the affinity requirements 6455 specified by this field cease to be met at some point 6456 during pod execution (e.g. due to an update), the system 6457 may or may not try to eventually evict the pod from 6458 its node. 6459 properties: 6460 nodeSelectorTerms: 6461 description: Required. A list of node selector terms. 6462 The terms are ORed. 6463 items: 6464 description: A null or empty node selector term 6465 matches no objects. The requirements of them are 6466 ANDed. The TopologySelectorTerm type implements 6467 a subset of the NodeSelectorTerm. 6468 properties: 6469 matchExpressions: 6470 description: A list of node selector requirements 6471 by node's labels. 6472 items: 6473 description: A node selector requirement is 6474 a selector that contains values, a key, 6475 and an operator that relates the key and 6476 values. 6477 properties: 6478 key: 6479 description: The label key that the selector 6480 applies to. 6481 type: string 6482 operator: 6483 description: Represents a key's relationship 6484 to a set of values. Valid operators 6485 are In, NotIn, Exists, DoesNotExist. 6486 Gt, and Lt. 6487 type: string 6488 values: 6489 description: An array of string values. 6490 If the operator is In or NotIn, the 6491 values array must be non-empty. If the 6492 operator is Exists or DoesNotExist, 6493 the values array must be empty. If the 6494 operator is Gt or Lt, the values array 6495 must have a single element, which will 6496 be interpreted as an integer. This array 6497 is replaced during a strategic merge 6498 patch. 6499 items: 6500 type: string 6501 type: array 6502 required: 6503 - key 6504 - operator 6505 type: object 6506 type: array 6507 matchFields: 6508 description: A list of node selector requirements 6509 by node's fields. 6510 items: 6511 description: A node selector requirement is 6512 a selector that contains values, a key, 6513 and an operator that relates the key and 6514 values. 6515 properties: 6516 key: 6517 description: The label key that the selector 6518 applies to. 6519 type: string 6520 operator: 6521 description: Represents a key's relationship 6522 to a set of values. Valid operators 6523 are In, NotIn, Exists, DoesNotExist. 6524 Gt, and Lt. 6525 type: string 6526 values: 6527 description: An array of string values. 6528 If the operator is In or NotIn, the 6529 values array must be non-empty. If the 6530 operator is Exists or DoesNotExist, 6531 the values array must be empty. If the 6532 operator is Gt or Lt, the values array 6533 must have a single element, which will 6534 be interpreted as an integer. This array 6535 is replaced during a strategic merge 6536 patch. 6537 items: 6538 type: string 6539 type: array 6540 required: 6541 - key 6542 - operator 6543 type: object 6544 type: array 6545 type: object 6546 type: array 6547 required: 6548 - nodeSelectorTerms 6549 type: object 6550 type: object 6551 podAffinity: 6552 description: Describes pod affinity scheduling rules (e.g. 6553 co-locate this pod in the same node, zone, etc. as some 6554 other pod(s)). 6555 properties: 6556 preferredDuringSchedulingIgnoredDuringExecution: 6557 description: The scheduler will prefer to schedule pods 6558 to nodes that satisfy the affinity expressions specified 6559 by this field, but it may choose a node that violates 6560 one or more of the expressions. The node that is most 6561 preferred is the one with the greatest sum of weights, 6562 i.e. for each node that meets all of the scheduling 6563 requirements (resource request, requiredDuringScheduling 6564 affinity expressions, etc.), compute a sum by iterating 6565 through the elements of this field and adding "weight" 6566 to the sum if the node has pods which matches the corresponding 6567 podAffinityTerm; the node(s) with the highest sum are 6568 the most preferred. 6569 items: 6570 description: The weights of all of the matched WeightedPodAffinityTerm 6571 fields are added per-node to find the most preferred 6572 node(s) 6573 properties: 6574 podAffinityTerm: 6575 description: Required. A pod affinity term, associated 6576 with the corresponding weight. 6577 properties: 6578 labelSelector: 6579 description: A label query over a set of resources, 6580 in this case pods. 6581 properties: 6582 matchExpressions: 6583 description: matchExpressions is a list 6584 of label selector requirements. The requirements 6585 are ANDed. 6586 items: 6587 description: A label selector requirement 6588 is a selector that contains values, 6589 a key, and an operator that relates 6590 the key and values. 6591 properties: 6592 key: 6593 description: key is the label key 6594 that the selector applies to. 6595 type: string 6596 operator: 6597 description: operator represents a 6598 key's relationship to a set of values. 6599 Valid operators are In, NotIn, Exists 6600 and DoesNotExist. 6601 type: string 6602 values: 6603 description: values is an array of 6604 string values. If the operator is 6605 In or NotIn, the values array must 6606 be non-empty. If the operator is 6607 Exists or DoesNotExist, the values 6608 array must be empty. This array 6609 is replaced during a strategic merge 6610 patch. 6611 items: 6612 type: string 6613 type: array 6614 required: 6615 - key 6616 - operator 6617 type: object 6618 type: array 6619 matchLabels: 6620 additionalProperties: 6621 type: string 6622 description: matchLabels is a map of {key,value} 6623 pairs. A single {key,value} in the matchLabels 6624 map is equivalent to an element of matchExpressions, 6625 whose key field is "key", the operator 6626 is "In", and the values array contains 6627 only "value". The requirements are ANDed. 6628 type: object 6629 type: object 6630 namespaceSelector: 6631 description: A label query over the set of namespaces 6632 that the term applies to. The term is applied 6633 to the union of the namespaces selected by 6634 this field and the ones listed in the namespaces 6635 field. null selector and null or empty namespaces 6636 list means "this pod's namespace". An empty 6637 selector ({}) matches all namespaces. 6638 properties: 6639 matchExpressions: 6640 description: matchExpressions is a list 6641 of label selector requirements. The requirements 6642 are ANDed. 6643 items: 6644 description: A label selector requirement 6645 is a selector that contains values, 6646 a key, and an operator that relates 6647 the key and values. 6648 properties: 6649 key: 6650 description: key is the label key 6651 that the selector applies to. 6652 type: string 6653 operator: 6654 description: operator represents a 6655 key's relationship to a set of values. 6656 Valid operators are In, NotIn, Exists 6657 and DoesNotExist. 6658 type: string 6659 values: 6660 description: values is an array of 6661 string values. If the operator is 6662 In or NotIn, the values array must 6663 be non-empty. If the operator is 6664 Exists or DoesNotExist, the values 6665 array must be empty. This array 6666 is replaced during a strategic merge 6667 patch. 6668 items: 6669 type: string 6670 type: array 6671 required: 6672 - key 6673 - operator 6674 type: object 6675 type: array 6676 matchLabels: 6677 additionalProperties: 6678 type: string 6679 description: matchLabels is a map of {key,value} 6680 pairs. A single {key,value} in the matchLabels 6681 map is equivalent to an element of matchExpressions, 6682 whose key field is "key", the operator 6683 is "In", and the values array contains 6684 only "value". The requirements are ANDed. 6685 type: object 6686 type: object 6687 namespaces: 6688 description: namespaces specifies a static list 6689 of namespace names that the term applies to. 6690 The term is applied to the union of the namespaces 6691 listed in this field and the ones selected 6692 by namespaceSelector. null or empty namespaces 6693 list and null namespaceSelector means "this 6694 pod's namespace". 6695 items: 6696 type: string 6697 type: array 6698 topologyKey: 6699 description: This pod should be co-located (affinity) 6700 or not co-located (anti-affinity) with the 6701 pods matching the labelSelector in the specified 6702 namespaces, where co-located is defined as 6703 running on a node whose value of the label 6704 with key topologyKey matches that of any node 6705 on which any of the selected pods is running. 6706 Empty topologyKey is not allowed. 6707 type: string 6708 required: 6709 - topologyKey 6710 type: object 6711 weight: 6712 description: weight associated with matching the 6713 corresponding podAffinityTerm, in the range 1-100. 6714 format: int32 6715 type: integer 6716 required: 6717 - podAffinityTerm 6718 - weight 6719 type: object 6720 type: array 6721 requiredDuringSchedulingIgnoredDuringExecution: 6722 description: If the affinity requirements specified by 6723 this field are not met at scheduling time, the pod will 6724 not be scheduled onto the node. If the affinity requirements 6725 specified by this field cease to be met at some point 6726 during pod execution (e.g. due to a pod label update), 6727 the system may or may not try to eventually evict the 6728 pod from its node. When there are multiple elements, 6729 the lists of nodes corresponding to each podAffinityTerm 6730 are intersected, i.e. all terms must be satisfied. 6731 items: 6732 description: Defines a set of pods (namely those matching 6733 the labelSelector relative to the given namespace(s)) 6734 that this pod should be co-located (affinity) or not 6735 co-located (anti-affinity) with, where co-located 6736 is defined as running on a node whose value of the 6737 label with key <topologyKey> matches that of any node 6738 on which a pod of the set of pods is running 6739 properties: 6740 labelSelector: 6741 description: A label query over a set of resources, 6742 in this case pods. 6743 properties: 6744 matchExpressions: 6745 description: matchExpressions is a list of label 6746 selector requirements. The requirements are 6747 ANDed. 6748 items: 6749 description: A label selector requirement 6750 is a selector that contains values, a key, 6751 and an operator that relates the key and 6752 values. 6753 properties: 6754 key: 6755 description: key is the label key that 6756 the selector applies to. 6757 type: string 6758 operator: 6759 description: operator represents a key's 6760 relationship to a set of values. Valid 6761 operators are In, NotIn, Exists and 6762 DoesNotExist. 6763 type: string 6764 values: 6765 description: values is an array of string 6766 values. If the operator is In or NotIn, 6767 the values array must be non-empty. 6768 If the operator is Exists or DoesNotExist, 6769 the values array must be empty. This 6770 array is replaced during a strategic 6771 merge patch. 6772 items: 6773 type: string 6774 type: array 6775 required: 6776 - key 6777 - operator 6778 type: object 6779 type: array 6780 matchLabels: 6781 additionalProperties: 6782 type: string 6783 description: matchLabels is a map of {key,value} 6784 pairs. A single {key,value} in the matchLabels 6785 map is equivalent to an element of matchExpressions, 6786 whose key field is "key", the operator is 6787 "In", and the values array contains only "value". 6788 The requirements are ANDed. 6789 type: object 6790 type: object 6791 namespaceSelector: 6792 description: A label query over the set of namespaces 6793 that the term applies to. The term is applied 6794 to the union of the namespaces selected by this 6795 field and the ones listed in the namespaces field. 6796 null selector and null or empty namespaces list 6797 means "this pod's namespace". An empty selector 6798 ({}) matches all namespaces. 6799 properties: 6800 matchExpressions: 6801 description: matchExpressions is a list of label 6802 selector requirements. The requirements are 6803 ANDed. 6804 items: 6805 description: A label selector requirement 6806 is a selector that contains values, a key, 6807 and an operator that relates the key and 6808 values. 6809 properties: 6810 key: 6811 description: key is the label key that 6812 the selector applies to. 6813 type: string 6814 operator: 6815 description: operator represents a key's 6816 relationship to a set of values. Valid 6817 operators are In, NotIn, Exists and 6818 DoesNotExist. 6819 type: string 6820 values: 6821 description: values is an array of string 6822 values. If the operator is In or NotIn, 6823 the values array must be non-empty. 6824 If the operator is Exists or DoesNotExist, 6825 the values array must be empty. This 6826 array is replaced during a strategic 6827 merge patch. 6828 items: 6829 type: string 6830 type: array 6831 required: 6832 - key 6833 - operator 6834 type: object 6835 type: array 6836 matchLabels: 6837 additionalProperties: 6838 type: string 6839 description: matchLabels is a map of {key,value} 6840 pairs. A single {key,value} in the matchLabels 6841 map is equivalent to an element of matchExpressions, 6842 whose key field is "key", the operator is 6843 "In", and the values array contains only "value". 6844 The requirements are ANDed. 6845 type: object 6846 type: object 6847 namespaces: 6848 description: namespaces specifies a static list 6849 of namespace names that the term applies to. The 6850 term is applied to the union of the namespaces 6851 listed in this field and the ones selected by 6852 namespaceSelector. null or empty namespaces list 6853 and null namespaceSelector means "this pod's namespace". 6854 items: 6855 type: string 6856 type: array 6857 topologyKey: 6858 description: This pod should be co-located (affinity) 6859 or not co-located (anti-affinity) with the pods 6860 matching the labelSelector in the specified namespaces, 6861 where co-located is defined as running on a node 6862 whose value of the label with key topologyKey 6863 matches that of any node on which any of the selected 6864 pods is running. Empty topologyKey is not allowed. 6865 type: string 6866 required: 6867 - topologyKey 6868 type: object 6869 type: array 6870 type: object 6871 podAntiAffinity: 6872 description: Describes pod anti-affinity scheduling rules 6873 (e.g. avoid putting this pod in the same node, zone, etc. 6874 as some other pod(s)). 6875 properties: 6876 preferredDuringSchedulingIgnoredDuringExecution: 6877 description: The scheduler will prefer to schedule pods 6878 to nodes that satisfy the anti-affinity expressions 6879 specified by this field, but it may choose a node that 6880 violates one or more of the expressions. The node that 6881 is most preferred is the one with the greatest sum of 6882 weights, i.e. for each node that meets all of the scheduling 6883 requirements (resource request, requiredDuringScheduling 6884 anti-affinity expressions, etc.), compute a sum by iterating 6885 through the elements of this field and adding "weight" 6886 to the sum if the node has pods which matches the corresponding 6887 podAffinityTerm; the node(s) with the highest sum are 6888 the most preferred. 6889 items: 6890 description: The weights of all of the matched WeightedPodAffinityTerm 6891 fields are added per-node to find the most preferred 6892 node(s) 6893 properties: 6894 podAffinityTerm: 6895 description: Required. A pod affinity term, associated 6896 with the corresponding weight. 6897 properties: 6898 labelSelector: 6899 description: A label query over a set of resources, 6900 in this case pods. 6901 properties: 6902 matchExpressions: 6903 description: matchExpressions is a list 6904 of label selector requirements. The requirements 6905 are ANDed. 6906 items: 6907 description: A label selector requirement 6908 is a selector that contains values, 6909 a key, and an operator that relates 6910 the key and values. 6911 properties: 6912 key: 6913 description: key is the label key 6914 that the selector applies to. 6915 type: string 6916 operator: 6917 description: operator represents a 6918 key's relationship to a set of values. 6919 Valid operators are In, NotIn, Exists 6920 and DoesNotExist. 6921 type: string 6922 values: 6923 description: values is an array of 6924 string values. If the operator is 6925 In or NotIn, the values array must 6926 be non-empty. If the operator is 6927 Exists or DoesNotExist, the values 6928 array must be empty. This array 6929 is replaced during a strategic merge 6930 patch. 6931 items: 6932 type: string 6933 type: array 6934 required: 6935 - key 6936 - operator 6937 type: object 6938 type: array 6939 matchLabels: 6940 additionalProperties: 6941 type: string 6942 description: matchLabels is a map of {key,value} 6943 pairs. A single {key,value} in the matchLabels 6944 map is equivalent to an element of matchExpressions, 6945 whose key field is "key", the operator 6946 is "In", and the values array contains 6947 only "value". The requirements are ANDed. 6948 type: object 6949 type: object 6950 namespaceSelector: 6951 description: A label query over the set of namespaces 6952 that the term applies to. The term is applied 6953 to the union of the namespaces selected by 6954 this field and the ones listed in the namespaces 6955 field. null selector and null or empty namespaces 6956 list means "this pod's namespace". An empty 6957 selector ({}) matches all namespaces. 6958 properties: 6959 matchExpressions: 6960 description: matchExpressions is a list 6961 of label selector requirements. The requirements 6962 are ANDed. 6963 items: 6964 description: A label selector requirement 6965 is a selector that contains values, 6966 a key, and an operator that relates 6967 the key and values. 6968 properties: 6969 key: 6970 description: key is the label key 6971 that the selector applies to. 6972 type: string 6973 operator: 6974 description: operator represents a 6975 key's relationship to a set of values. 6976 Valid operators are In, NotIn, Exists 6977 and DoesNotExist. 6978 type: string 6979 values: 6980 description: values is an array of 6981 string values. If the operator is 6982 In or NotIn, the values array must 6983 be non-empty. If the operator is 6984 Exists or DoesNotExist, the values 6985 array must be empty. This array 6986 is replaced during a strategic merge 6987 patch. 6988 items: 6989 type: string 6990 type: array 6991 required: 6992 - key 6993 - operator 6994 type: object 6995 type: array 6996 matchLabels: 6997 additionalProperties: 6998 type: string 6999 description: matchLabels is a map of {key,value} 7000 pairs. A single {key,value} in the matchLabels 7001 map is equivalent to an element of matchExpressions, 7002 whose key field is "key", the operator 7003 is "In", and the values array contains 7004 only "value". The requirements are ANDed. 7005 type: object 7006 type: object 7007 namespaces: 7008 description: namespaces specifies a static list 7009 of namespace names that the term applies to. 7010 The term is applied to the union of the namespaces 7011 listed in this field and the ones selected 7012 by namespaceSelector. null or empty namespaces 7013 list and null namespaceSelector means "this 7014 pod's namespace". 7015 items: 7016 type: string 7017 type: array 7018 topologyKey: 7019 description: This pod should be co-located (affinity) 7020 or not co-located (anti-affinity) with the 7021 pods matching the labelSelector in the specified 7022 namespaces, where co-located is defined as 7023 running on a node whose value of the label 7024 with key topologyKey matches that of any node 7025 on which any of the selected pods is running. 7026 Empty topologyKey is not allowed. 7027 type: string 7028 required: 7029 - topologyKey 7030 type: object 7031 weight: 7032 description: weight associated with matching the 7033 corresponding podAffinityTerm, in the range 1-100. 7034 format: int32 7035 type: integer 7036 required: 7037 - podAffinityTerm 7038 - weight 7039 type: object 7040 type: array 7041 requiredDuringSchedulingIgnoredDuringExecution: 7042 description: If the anti-affinity requirements specified 7043 by this field are not met at scheduling time, the pod 7044 will not be scheduled onto the node. If the anti-affinity 7045 requirements specified by this field cease to be met 7046 at some point during pod execution (e.g. due to a pod 7047 label update), the system may or may not try to eventually 7048 evict the pod from its node. When there are multiple 7049 elements, the lists of nodes corresponding to each podAffinityTerm 7050 are intersected, i.e. all terms must be satisfied. 7051 items: 7052 description: Defines a set of pods (namely those matching 7053 the labelSelector relative to the given namespace(s)) 7054 that this pod should be co-located (affinity) or not 7055 co-located (anti-affinity) with, where co-located 7056 is defined as running on a node whose value of the 7057 label with key <topologyKey> matches that of any node 7058 on which a pod of the set of pods is running 7059 properties: 7060 labelSelector: 7061 description: A label query over a set of resources, 7062 in this case pods. 7063 properties: 7064 matchExpressions: 7065 description: matchExpressions is a list of label 7066 selector requirements. The requirements are 7067 ANDed. 7068 items: 7069 description: A label selector requirement 7070 is a selector that contains values, a key, 7071 and an operator that relates the key and 7072 values. 7073 properties: 7074 key: 7075 description: key is the label key that 7076 the selector applies to. 7077 type: string 7078 operator: 7079 description: operator represents a key's 7080 relationship to a set of values. Valid 7081 operators are In, NotIn, Exists and 7082 DoesNotExist. 7083 type: string 7084 values: 7085 description: values is an array of string 7086 values. If the operator is In or NotIn, 7087 the values array must be non-empty. 7088 If the operator is Exists or DoesNotExist, 7089 the values array must be empty. This 7090 array is replaced during a strategic 7091 merge patch. 7092 items: 7093 type: string 7094 type: array 7095 required: 7096 - key 7097 - operator 7098 type: object 7099 type: array 7100 matchLabels: 7101 additionalProperties: 7102 type: string 7103 description: matchLabels is a map of {key,value} 7104 pairs. A single {key,value} in the matchLabels 7105 map is equivalent to an element of matchExpressions, 7106 whose key field is "key", the operator is 7107 "In", and the values array contains only "value". 7108 The requirements are ANDed. 7109 type: object 7110 type: object 7111 namespaceSelector: 7112 description: A label query over the set of namespaces 7113 that the term applies to. The term is applied 7114 to the union of the namespaces selected by this 7115 field and the ones listed in the namespaces field. 7116 null selector and null or empty namespaces list 7117 means "this pod's namespace". An empty selector 7118 ({}) matches all namespaces. 7119 properties: 7120 matchExpressions: 7121 description: matchExpressions is a list of label 7122 selector requirements. The requirements are 7123 ANDed. 7124 items: 7125 description: A label selector requirement 7126 is a selector that contains values, a key, 7127 and an operator that relates the key and 7128 values. 7129 properties: 7130 key: 7131 description: key is the label key that 7132 the selector applies to. 7133 type: string 7134 operator: 7135 description: operator represents a key's 7136 relationship to a set of values. Valid 7137 operators are In, NotIn, Exists and 7138 DoesNotExist. 7139 type: string 7140 values: 7141 description: values is an array of string 7142 values. If the operator is In or NotIn, 7143 the values array must be non-empty. 7144 If the operator is Exists or DoesNotExist, 7145 the values array must be empty. This 7146 array is replaced during a strategic 7147 merge patch. 7148 items: 7149 type: string 7150 type: array 7151 required: 7152 - key 7153 - operator 7154 type: object 7155 type: array 7156 matchLabels: 7157 additionalProperties: 7158 type: string 7159 description: matchLabels is a map of {key,value} 7160 pairs. A single {key,value} in the matchLabels 7161 map is equivalent to an element of matchExpressions, 7162 whose key field is "key", the operator is 7163 "In", and the values array contains only "value". 7164 The requirements are ANDed. 7165 type: object 7166 type: object 7167 namespaces: 7168 description: namespaces specifies a static list 7169 of namespace names that the term applies to. The 7170 term is applied to the union of the namespaces 7171 listed in this field and the ones selected by 7172 namespaceSelector. null or empty namespaces list 7173 and null namespaceSelector means "this pod's namespace". 7174 items: 7175 type: string 7176 type: array 7177 topologyKey: 7178 description: This pod should be co-located (affinity) 7179 or not co-located (anti-affinity) with the pods 7180 matching the labelSelector in the specified namespaces, 7181 where co-located is defined as running on a node 7182 whose value of the label with key topologyKey 7183 matches that of any node on which any of the selected 7184 pods is running. Empty topologyKey is not allowed. 7185 type: string 7186 required: 7187 - topologyKey 7188 type: object 7189 type: array 7190 type: object 7191 type: object 7192 command: 7193 items: 7194 type: string 7195 type: array 7196 configCopy: 7197 description: SentinelConfigCopy defines the specification for 7198 the sentinel exporter 7199 properties: 7200 containerSecurityContext: 7201 description: SecurityContext holds security configuration 7202 that will be applied to a container. Some fields are present 7203 in both SecurityContext and PodSecurityContext. When both 7204 are set, the values in SecurityContext take precedence. 7205 properties: 7206 allowPrivilegeEscalation: 7207 description: 'AllowPrivilegeEscalation controls whether 7208 a process can gain more privileges than its parent process. 7209 This bool directly controls if the no_new_privs flag 7210 will be set on the container process. AllowPrivilegeEscalation 7211 is true always when the container is: 1) run as Privileged 7212 2) has CAP_SYS_ADMIN Note that this field cannot be 7213 set when spec.os.name is windows.' 7214 type: boolean 7215 capabilities: 7216 description: The capabilities to add/drop when running 7217 containers. Defaults to the default set of capabilities 7218 granted by the container runtime. Note that this field 7219 cannot be set when spec.os.name is windows. 7220 properties: 7221 add: 7222 description: Added capabilities 7223 items: 7224 description: Capability represent POSIX capabilities 7225 type 7226 type: string 7227 type: array 7228 drop: 7229 description: Removed capabilities 7230 items: 7231 description: Capability represent POSIX capabilities 7232 type 7233 type: string 7234 type: array 7235 type: object 7236 privileged: 7237 description: Run container in privileged mode. Processes 7238 in privileged containers are essentially equivalent 7239 to root on the host. Defaults to false. Note that this 7240 field cannot be set when spec.os.name is windows. 7241 type: boolean 7242 procMount: 7243 description: procMount denotes the type of proc mount 7244 to use for the containers. The default is DefaultProcMount 7245 which uses the container runtime defaults for readonly 7246 paths and masked paths. This requires the ProcMountType 7247 feature flag to be enabled. Note that this field cannot 7248 be set when spec.os.name is windows. 7249 type: string 7250 readOnlyRootFilesystem: 7251 description: Whether this container has a read-only root 7252 filesystem. Default is false. Note that this field cannot 7253 be set when spec.os.name is windows. 7254 type: boolean 7255 runAsGroup: 7256 description: The GID to run the entrypoint of the container 7257 process. Uses runtime default if unset. May also be 7258 set in PodSecurityContext. If set in both SecurityContext 7259 and PodSecurityContext, the value specified in SecurityContext 7260 takes precedence. Note that this field cannot be set 7261 when spec.os.name is windows. 7262 format: int64 7263 type: integer 7264 runAsNonRoot: 7265 description: Indicates that the container must run as 7266 a non-root user. If true, the Kubelet will validate 7267 the image at runtime to ensure that it does not run 7268 as UID 0 (root) and fail to start the container if it 7269 does. If unset or false, no such validation will be 7270 performed. May also be set in PodSecurityContext. If 7271 set in both SecurityContext and PodSecurityContext, 7272 the value specified in SecurityContext takes precedence. 7273 type: boolean 7274 runAsUser: 7275 description: The UID to run the entrypoint of the container 7276 process. Defaults to user specified in image metadata 7277 if unspecified. May also be set in PodSecurityContext. If 7278 set in both SecurityContext and PodSecurityContext, 7279 the value specified in SecurityContext takes precedence. 7280 Note that this field cannot be set when spec.os.name 7281 is windows. 7282 format: int64 7283 type: integer 7284 seLinuxOptions: 7285 description: The SELinux context to be applied to the 7286 container. If unspecified, the container runtime will 7287 allocate a random SELinux context for each container. May 7288 also be set in PodSecurityContext. If set in both SecurityContext 7289 and PodSecurityContext, the value specified in SecurityContext 7290 takes precedence. Note that this field cannot be set 7291 when spec.os.name is windows. 7292 properties: 7293 level: 7294 description: Level is SELinux level label that applies 7295 to the container. 7296 type: string 7297 role: 7298 description: Role is a SELinux role label that applies 7299 to the container. 7300 type: string 7301 type: 7302 description: Type is a SELinux type label that applies 7303 to the container. 7304 type: string 7305 user: 7306 description: User is a SELinux user label that applies 7307 to the container. 7308 type: string 7309 type: object 7310 seccompProfile: 7311 description: The seccomp options to use by this container. 7312 If seccomp options are provided at both the pod & container 7313 level, the container options override the pod options. 7314 Note that this field cannot be set when spec.os.name 7315 is windows. 7316 properties: 7317 localhostProfile: 7318 description: localhostProfile indicates a profile 7319 defined in a file on the node should be used. The 7320 profile must be preconfigured on the node to work. 7321 Must be a descending path, relative to the kubelet's 7322 configured seccomp profile location. Must only be 7323 set if type is "Localhost". 7324 type: string 7325 type: 7326 description: "type indicates which kind of seccomp 7327 profile will be applied. Valid options are: \n Localhost 7328 - a profile defined in a file on the node should 7329 be used. RuntimeDefault - the container runtime 7330 default profile should be used. Unconfined - no 7331 profile should be applied." 7332 type: string 7333 required: 7334 - type 7335 type: object 7336 windowsOptions: 7337 description: The Windows specific settings applied to 7338 all containers. If unspecified, the options from the 7339 PodSecurityContext will be used. If set in both SecurityContext 7340 and PodSecurityContext, the value specified in SecurityContext 7341 takes precedence. Note that this field cannot be set 7342 when spec.os.name is linux. 7343 properties: 7344 gmsaCredentialSpec: 7345 description: GMSACredentialSpec is where the GMSA 7346 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7347 inlines the contents of the GMSA credential spec 7348 named by the GMSACredentialSpecName field. 7349 type: string 7350 gmsaCredentialSpecName: 7351 description: GMSACredentialSpecName is the name of 7352 the GMSA credential spec to use. 7353 type: string 7354 hostProcess: 7355 description: HostProcess determines if a container 7356 should be run as a 'Host Process' container. This 7357 field is alpha-level and will only be honored by 7358 components that enable the WindowsHostProcessContainers 7359 feature flag. Setting this field without the feature 7360 flag will result in errors when validating the Pod. 7361 All of a Pod's containers must have the same effective 7362 HostProcess value (it is not allowed to have a mix 7363 of HostProcess containers and non-HostProcess containers). In 7364 addition, if HostProcess is true then HostNetwork 7365 must also be set to true. 7366 type: boolean 7367 runAsUserName: 7368 description: The UserName in Windows to run the entrypoint 7369 of the container process. Defaults to the user specified 7370 in image metadata if unspecified. May also be set 7371 in PodSecurityContext. If set in both SecurityContext 7372 and PodSecurityContext, the value specified in SecurityContext 7373 takes precedence. 7374 type: string 7375 type: object 7376 type: object 7377 type: object 7378 containerSecurityContext: 7379 description: SecurityContext holds security configuration that 7380 will be applied to a container. Some fields are present in both 7381 SecurityContext and PodSecurityContext. When both are set, 7382 the values in SecurityContext take precedence. 7383 properties: 7384 allowPrivilegeEscalation: 7385 description: 'AllowPrivilegeEscalation controls whether a 7386 process can gain more privileges than its parent process. 7387 This bool directly controls if the no_new_privs flag will 7388 be set on the container process. AllowPrivilegeEscalation 7389 is true always when the container is: 1) run as Privileged 7390 2) has CAP_SYS_ADMIN Note that this field cannot be set 7391 when spec.os.name is windows.' 7392 type: boolean 7393 capabilities: 7394 description: The capabilities to add/drop when running containers. 7395 Defaults to the default set of capabilities granted by the 7396 container runtime. Note that this field cannot be set when 7397 spec.os.name is windows. 7398 properties: 7399 add: 7400 description: Added capabilities 7401 items: 7402 description: Capability represent POSIX capabilities 7403 type 7404 type: string 7405 type: array 7406 drop: 7407 description: Removed capabilities 7408 items: 7409 description: Capability represent POSIX capabilities 7410 type 7411 type: string 7412 type: array 7413 type: object 7414 privileged: 7415 description: Run container in privileged mode. Processes in 7416 privileged containers are essentially equivalent to root 7417 on the host. Defaults to false. Note that this field cannot 7418 be set when spec.os.name is windows. 7419 type: boolean 7420 procMount: 7421 description: procMount denotes the type of proc mount to use 7422 for the containers. The default is DefaultProcMount which 7423 uses the container runtime defaults for readonly paths and 7424 masked paths. This requires the ProcMountType feature flag 7425 to be enabled. Note that this field cannot be set when spec.os.name 7426 is windows. 7427 type: string 7428 readOnlyRootFilesystem: 7429 description: Whether this container has a read-only root filesystem. 7430 Default is false. Note that this field cannot be set when 7431 spec.os.name is windows. 7432 type: boolean 7433 runAsGroup: 7434 description: The GID to run the entrypoint of the container 7435 process. Uses runtime default if unset. May also be set 7436 in PodSecurityContext. If set in both SecurityContext and 7437 PodSecurityContext, the value specified in SecurityContext 7438 takes precedence. Note that this field cannot be set when 7439 spec.os.name is windows. 7440 format: int64 7441 type: integer 7442 runAsNonRoot: 7443 description: Indicates that the container must run as a non-root 7444 user. If true, the Kubelet will validate the image at runtime 7445 to ensure that it does not run as UID 0 (root) and fail 7446 to start the container if it does. If unset or false, no 7447 such validation will be performed. May also be set in PodSecurityContext. If 7448 set in both SecurityContext and PodSecurityContext, the 7449 value specified in SecurityContext takes precedence. 7450 type: boolean 7451 runAsUser: 7452 description: The UID to run the entrypoint of the container 7453 process. Defaults to user specified in image metadata if 7454 unspecified. May also be set in PodSecurityContext. If 7455 set in both SecurityContext and PodSecurityContext, the 7456 value specified in SecurityContext takes precedence. Note 7457 that this field cannot be set when spec.os.name is windows. 7458 format: int64 7459 type: integer 7460 seLinuxOptions: 7461 description: The SELinux context to be applied to the container. 7462 If unspecified, the container runtime will allocate a random 7463 SELinux context for each container. May also be set in 7464 PodSecurityContext. If set in both SecurityContext and 7465 PodSecurityContext, the value specified in SecurityContext 7466 takes precedence. Note that this field cannot be set when 7467 spec.os.name is windows. 7468 properties: 7469 level: 7470 description: Level is SELinux level label that applies 7471 to the container. 7472 type: string 7473 role: 7474 description: Role is a SELinux role label that applies 7475 to the container. 7476 type: string 7477 type: 7478 description: Type is a SELinux type label that applies 7479 to the container. 7480 type: string 7481 user: 7482 description: User is a SELinux user label that applies 7483 to the container. 7484 type: string 7485 type: object 7486 seccompProfile: 7487 description: The seccomp options to use by this container. 7488 If seccomp options are provided at both the pod & container 7489 level, the container options override the pod options. Note 7490 that this field cannot be set when spec.os.name is windows. 7491 properties: 7492 localhostProfile: 7493 description: localhostProfile indicates a profile defined 7494 in a file on the node should be used. The profile must 7495 be preconfigured on the node to work. Must be a descending 7496 path, relative to the kubelet's configured seccomp profile 7497 location. Must only be set if type is "Localhost". 7498 type: string 7499 type: 7500 description: "type indicates which kind of seccomp profile 7501 will be applied. Valid options are: \n Localhost - a 7502 profile defined in a file on the node should be used. 7503 RuntimeDefault - the container runtime default profile 7504 should be used. Unconfined - no profile should be applied." 7505 type: string 7506 required: 7507 - type 7508 type: object 7509 windowsOptions: 7510 description: The Windows specific settings applied to all 7511 containers. If unspecified, the options from the PodSecurityContext 7512 will be used. If set in both SecurityContext and PodSecurityContext, 7513 the value specified in SecurityContext takes precedence. 7514 Note that this field cannot be set when spec.os.name is 7515 linux. 7516 properties: 7517 gmsaCredentialSpec: 7518 description: GMSACredentialSpec is where the GMSA admission 7519 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7520 inlines the contents of the GMSA credential spec named 7521 by the GMSACredentialSpecName field. 7522 type: string 7523 gmsaCredentialSpecName: 7524 description: GMSACredentialSpecName is the name of the 7525 GMSA credential spec to use. 7526 type: string 7527 hostProcess: 7528 description: HostProcess determines if a container should 7529 be run as a 'Host Process' container. This field is 7530 alpha-level and will only be honored by components that 7531 enable the WindowsHostProcessContainers feature flag. 7532 Setting this field without the feature flag will result 7533 in errors when validating the Pod. All of a Pod's containers 7534 must have the same effective HostProcess value (it is 7535 not allowed to have a mix of HostProcess containers 7536 and non-HostProcess containers). In addition, if HostProcess 7537 is true then HostNetwork must also be set to true. 7538 type: boolean 7539 runAsUserName: 7540 description: The UserName in Windows to run the entrypoint 7541 of the container process. Defaults to the user specified 7542 in image metadata if unspecified. May also be set in 7543 PodSecurityContext. If set in both SecurityContext and 7544 PodSecurityContext, the value specified in SecurityContext 7545 takes precedence. 7546 type: string 7547 type: object 7548 type: object 7549 customConfig: 7550 items: 7551 type: string 7552 type: array 7553 dnsPolicy: 7554 description: DNSPolicy defines how a pod's DNS will be configured. 7555 type: string 7556 exporter: 7557 description: Exporter defines the specification for the redis/sentinel 7558 exporter 7559 properties: 7560 args: 7561 items: 7562 type: string 7563 type: array 7564 containerSecurityContext: 7565 description: SecurityContext holds security configuration 7566 that will be applied to a container. Some fields are present 7567 in both SecurityContext and PodSecurityContext. When both 7568 are set, the values in SecurityContext take precedence. 7569 properties: 7570 allowPrivilegeEscalation: 7571 description: 'AllowPrivilegeEscalation controls whether 7572 a process can gain more privileges than its parent process. 7573 This bool directly controls if the no_new_privs flag 7574 will be set on the container process. AllowPrivilegeEscalation 7575 is true always when the container is: 1) run as Privileged 7576 2) has CAP_SYS_ADMIN Note that this field cannot be 7577 set when spec.os.name is windows.' 7578 type: boolean 7579 capabilities: 7580 description: The capabilities to add/drop when running 7581 containers. Defaults to the default set of capabilities 7582 granted by the container runtime. Note that this field 7583 cannot be set when spec.os.name is windows. 7584 properties: 7585 add: 7586 description: Added capabilities 7587 items: 7588 description: Capability represent POSIX capabilities 7589 type 7590 type: string 7591 type: array 7592 drop: 7593 description: Removed capabilities 7594 items: 7595 description: Capability represent POSIX capabilities 7596 type 7597 type: string 7598 type: array 7599 type: object 7600 privileged: 7601 description: Run container in privileged mode. Processes 7602 in privileged containers are essentially equivalent 7603 to root on the host. Defaults to false. Note that this 7604 field cannot be set when spec.os.name is windows. 7605 type: boolean 7606 procMount: 7607 description: procMount denotes the type of proc mount 7608 to use for the containers. The default is DefaultProcMount 7609 which uses the container runtime defaults for readonly 7610 paths and masked paths. This requires the ProcMountType 7611 feature flag to be enabled. Note that this field cannot 7612 be set when spec.os.name is windows. 7613 type: string 7614 readOnlyRootFilesystem: 7615 description: Whether this container has a read-only root 7616 filesystem. Default is false. Note that this field cannot 7617 be set when spec.os.name is windows. 7618 type: boolean 7619 runAsGroup: 7620 description: The GID to run the entrypoint of the container 7621 process. Uses runtime default if unset. May also be 7622 set in PodSecurityContext. If set in both SecurityContext 7623 and PodSecurityContext, the value specified in SecurityContext 7624 takes precedence. Note that this field cannot be set 7625 when spec.os.name is windows. 7626 format: int64 7627 type: integer 7628 runAsNonRoot: 7629 description: Indicates that the container must run as 7630 a non-root user. If true, the Kubelet will validate 7631 the image at runtime to ensure that it does not run 7632 as UID 0 (root) and fail to start the container if it 7633 does. If unset or false, no such validation will be 7634 performed. May also be set in PodSecurityContext. If 7635 set in both SecurityContext and PodSecurityContext, 7636 the value specified in SecurityContext takes precedence. 7637 type: boolean 7638 runAsUser: 7639 description: The UID to run the entrypoint of the container 7640 process. Defaults to user specified in image metadata 7641 if unspecified. May also be set in PodSecurityContext. If 7642 set in both SecurityContext and PodSecurityContext, 7643 the value specified in SecurityContext takes precedence. 7644 Note that this field cannot be set when spec.os.name 7645 is windows. 7646 format: int64 7647 type: integer 7648 seLinuxOptions: 7649 description: The SELinux context to be applied to the 7650 container. If unspecified, the container runtime will 7651 allocate a random SELinux context for each container. May 7652 also be set in PodSecurityContext. If set in both SecurityContext 7653 and PodSecurityContext, the value specified in SecurityContext 7654 takes precedence. Note that this field cannot be set 7655 when spec.os.name is windows. 7656 properties: 7657 level: 7658 description: Level is SELinux level label that applies 7659 to the container. 7660 type: string 7661 role: 7662 description: Role is a SELinux role label that applies 7663 to the container. 7664 type: string 7665 type: 7666 description: Type is a SELinux type label that applies 7667 to the container. 7668 type: string 7669 user: 7670 description: User is a SELinux user label that applies 7671 to the container. 7672 type: string 7673 type: object 7674 seccompProfile: 7675 description: The seccomp options to use by this container. 7676 If seccomp options are provided at both the pod & container 7677 level, the container options override the pod options. 7678 Note that this field cannot be set when spec.os.name 7679 is windows. 7680 properties: 7681 localhostProfile: 7682 description: localhostProfile indicates a profile 7683 defined in a file on the node should be used. The 7684 profile must be preconfigured on the node to work. 7685 Must be a descending path, relative to the kubelet's 7686 configured seccomp profile location. Must only be 7687 set if type is "Localhost". 7688 type: string 7689 type: 7690 description: "type indicates which kind of seccomp 7691 profile will be applied. Valid options are: \n Localhost 7692 - a profile defined in a file on the node should 7693 be used. RuntimeDefault - the container runtime 7694 default profile should be used. Unconfined - no 7695 profile should be applied." 7696 type: string 7697 required: 7698 - type 7699 type: object 7700 windowsOptions: 7701 description: The Windows specific settings applied to 7702 all containers. If unspecified, the options from the 7703 PodSecurityContext will be used. If set in both SecurityContext 7704 and PodSecurityContext, the value specified in SecurityContext 7705 takes precedence. Note that this field cannot be set 7706 when spec.os.name is linux. 7707 properties: 7708 gmsaCredentialSpec: 7709 description: GMSACredentialSpec is where the GMSA 7710 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 7711 inlines the contents of the GMSA credential spec 7712 named by the GMSACredentialSpecName field. 7713 type: string 7714 gmsaCredentialSpecName: 7715 description: GMSACredentialSpecName is the name of 7716 the GMSA credential spec to use. 7717 type: string 7718 hostProcess: 7719 description: HostProcess determines if a container 7720 should be run as a 'Host Process' container. This 7721 field is alpha-level and will only be honored by 7722 components that enable the WindowsHostProcessContainers 7723 feature flag. Setting this field without the feature 7724 flag will result in errors when validating the Pod. 7725 All of a Pod's containers must have the same effective 7726 HostProcess value (it is not allowed to have a mix 7727 of HostProcess containers and non-HostProcess containers). In 7728 addition, if HostProcess is true then HostNetwork 7729 must also be set to true. 7730 type: boolean 7731 runAsUserName: 7732 description: The UserName in Windows to run the entrypoint 7733 of the container process. Defaults to the user specified 7734 in image metadata if unspecified. May also be set 7735 in PodSecurityContext. If set in both SecurityContext 7736 and PodSecurityContext, the value specified in SecurityContext 7737 takes precedence. 7738 type: string 7739 type: object 7740 type: object 7741 enabled: 7742 type: boolean 7743 env: 7744 items: 7745 description: EnvVar represents an environment variable present 7746 in a Container. 7747 properties: 7748 name: 7749 description: Name of the environment variable. Must 7750 be a C_IDENTIFIER. 7751 type: string 7752 value: 7753 description: 'Variable references $(VAR_NAME) are expanded 7754 using the previously defined environment variables 7755 in the container and any service environment variables. 7756 If a variable cannot be resolved, the reference in 7757 the input string will be unchanged. Double $$ are 7758 reduced to a single $, which allows for escaping the 7759 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 7760 the string literal "$(VAR_NAME)". Escaped references 7761 will never be expanded, regardless of whether the 7762 variable exists or not. Defaults to "".' 7763 type: string 7764 valueFrom: 7765 description: Source for the environment variable's value. 7766 Cannot be used if value is not empty. 7767 properties: 7768 configMapKeyRef: 7769 description: Selects a key of a ConfigMap. 7770 properties: 7771 key: 7772 description: The key to select. 7773 type: string 7774 name: 7775 description: 'Name of the referent. More info: 7776 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7777 TODO: Add other useful fields. apiVersion, 7778 kind, uid?' 7779 type: string 7780 optional: 7781 description: Specify whether the ConfigMap or 7782 its key must be defined 7783 type: boolean 7784 required: 7785 - key 7786 type: object 7787 fieldRef: 7788 description: 'Selects a field of the pod: supports 7789 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 7790 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7791 spec.serviceAccountName, status.hostIP, status.podIP, 7792 status.podIPs.' 7793 properties: 7794 apiVersion: 7795 description: Version of the schema the FieldPath 7796 is written in terms of, defaults to "v1". 7797 type: string 7798 fieldPath: 7799 description: Path of the field to select in 7800 the specified API version. 7801 type: string 7802 required: 7803 - fieldPath 7804 type: object 7805 resourceFieldRef: 7806 description: 'Selects a resource of the container: 7807 only resources limits and requests (limits.cpu, 7808 limits.memory, limits.ephemeral-storage, requests.cpu, 7809 requests.memory and requests.ephemeral-storage) 7810 are currently supported.' 7811 properties: 7812 containerName: 7813 description: 'Container name: required for volumes, 7814 optional for env vars' 7815 type: string 7816 divisor: 7817 anyOf: 7818 - type: integer 7819 - type: string 7820 description: Specifies the output format of 7821 the exposed resources, defaults to "1" 7822 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7823 x-kubernetes-int-or-string: true 7824 resource: 7825 description: 'Required: resource to select' 7826 type: string 7827 required: 7828 - resource 7829 type: object 7830 secretKeyRef: 7831 description: Selects a key of a secret in the pod's 7832 namespace 7833 properties: 7834 key: 7835 description: The key of the secret to select 7836 from. Must be a valid secret key. 7837 type: string 7838 name: 7839 description: 'Name of the referent. More info: 7840 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7841 TODO: Add other useful fields. apiVersion, 7842 kind, uid?' 7843 type: string 7844 optional: 7845 description: Specify whether the Secret or its 7846 key must be defined 7847 type: boolean 7848 required: 7849 - key 7850 type: object 7851 type: object 7852 required: 7853 - name 7854 type: object 7855 type: array 7856 image: 7857 type: string 7858 imagePullPolicy: 7859 description: PullPolicy describes a policy for if/when to 7860 pull a container image 7861 type: string 7862 resources: 7863 description: ResourceRequirements describes the compute resource 7864 requirements. 7865 properties: 7866 limits: 7867 additionalProperties: 7868 anyOf: 7869 - type: integer 7870 - type: string 7871 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7872 x-kubernetes-int-or-string: true 7873 description: 'Limits describes the maximum amount of compute 7874 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7875 type: object 7876 requests: 7877 additionalProperties: 7878 anyOf: 7879 - type: integer 7880 - type: string 7881 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7882 x-kubernetes-int-or-string: true 7883 description: 'Requests describes the minimum amount of 7884 compute resources required. If Requests is omitted for 7885 a container, it defaults to Limits if that is explicitly 7886 specified, otherwise to an implementation-defined value. 7887 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 7888 type: object 7889 type: object 7890 type: object 7891 extraContainers: 7892 items: 7893 description: A single application container that you want to 7894 run within a pod. 7895 properties: 7896 args: 7897 description: 'Arguments to the entrypoint. The container 7898 image''s CMD is used if this is not provided. Variable 7899 references $(VAR_NAME) are expanded using the container''s 7900 environment. If a variable cannot be resolved, the reference 7901 in the input string will be unchanged. Double $$ are reduced 7902 to a single $, which allows for escaping the $(VAR_NAME) 7903 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 7904 "$(VAR_NAME)". Escaped references will never be expanded, 7905 regardless of whether the variable exists or not. Cannot 7906 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 7907 items: 7908 type: string 7909 type: array 7910 command: 7911 description: 'Entrypoint array. Not executed within a shell. 7912 The container image''s ENTRYPOINT is used if this is not 7913 provided. Variable references $(VAR_NAME) are expanded 7914 using the container''s environment. If a variable cannot 7915 be resolved, the reference in the input string will be 7916 unchanged. Double $$ are reduced to a single $, which 7917 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 7918 will produce the string literal "$(VAR_NAME)". Escaped 7919 references will never be expanded, regardless of whether 7920 the variable exists or not. Cannot be updated. More info: 7921 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 7922 items: 7923 type: string 7924 type: array 7925 env: 7926 description: List of environment variables to set in the 7927 container. Cannot be updated. 7928 items: 7929 description: EnvVar represents an environment variable 7930 present in a Container. 7931 properties: 7932 name: 7933 description: Name of the environment variable. Must 7934 be a C_IDENTIFIER. 7935 type: string 7936 value: 7937 description: 'Variable references $(VAR_NAME) are 7938 expanded using the previously defined environment 7939 variables in the container and any service environment 7940 variables. If a variable cannot be resolved, the 7941 reference in the input string will be unchanged. 7942 Double $$ are reduced to a single $, which allows 7943 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 7944 will produce the string literal "$(VAR_NAME)". Escaped 7945 references will never be expanded, regardless of 7946 whether the variable exists or not. Defaults to 7947 "".' 7948 type: string 7949 valueFrom: 7950 description: Source for the environment variable's 7951 value. Cannot be used if value is not empty. 7952 properties: 7953 configMapKeyRef: 7954 description: Selects a key of a ConfigMap. 7955 properties: 7956 key: 7957 description: The key to select. 7958 type: string 7959 name: 7960 description: 'Name of the referent. More info: 7961 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7962 TODO: Add other useful fields. apiVersion, 7963 kind, uid?' 7964 type: string 7965 optional: 7966 description: Specify whether the ConfigMap 7967 or its key must be defined 7968 type: boolean 7969 required: 7970 - key 7971 type: object 7972 fieldRef: 7973 description: 'Selects a field of the pod: supports 7974 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 7975 `metadata.annotations[''<KEY>'']`, spec.nodeName, 7976 spec.serviceAccountName, status.hostIP, status.podIP, 7977 status.podIPs.' 7978 properties: 7979 apiVersion: 7980 description: Version of the schema the FieldPath 7981 is written in terms of, defaults to "v1". 7982 type: string 7983 fieldPath: 7984 description: Path of the field to select in 7985 the specified API version. 7986 type: string 7987 required: 7988 - fieldPath 7989 type: object 7990 resourceFieldRef: 7991 description: 'Selects a resource of the container: 7992 only resources limits and requests (limits.cpu, 7993 limits.memory, limits.ephemeral-storage, requests.cpu, 7994 requests.memory and requests.ephemeral-storage) 7995 are currently supported.' 7996 properties: 7997 containerName: 7998 description: 'Container name: required for 7999 volumes, optional for env vars' 8000 type: string 8001 divisor: 8002 anyOf: 8003 - type: integer 8004 - type: string 8005 description: Specifies the output format of 8006 the exposed resources, defaults to "1" 8007 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8008 x-kubernetes-int-or-string: true 8009 resource: 8010 description: 'Required: resource to select' 8011 type: string 8012 required: 8013 - resource 8014 type: object 8015 secretKeyRef: 8016 description: Selects a key of a secret in the 8017 pod's namespace 8018 properties: 8019 key: 8020 description: The key of the secret to select 8021 from. Must be a valid secret key. 8022 type: string 8023 name: 8024 description: 'Name of the referent. More info: 8025 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8026 TODO: Add other useful fields. apiVersion, 8027 kind, uid?' 8028 type: string 8029 optional: 8030 description: Specify whether the Secret or 8031 its key must be defined 8032 type: boolean 8033 required: 8034 - key 8035 type: object 8036 type: object 8037 required: 8038 - name 8039 type: object 8040 type: array 8041 envFrom: 8042 description: List of sources to populate environment variables 8043 in the container. The keys defined within a source must 8044 be a C_IDENTIFIER. All invalid keys will be reported as 8045 an event when the container is starting. When a key exists 8046 in multiple sources, the value associated with the last 8047 source will take precedence. Values defined by an Env 8048 with a duplicate key will take precedence. Cannot be updated. 8049 items: 8050 description: EnvFromSource represents the source of a 8051 set of ConfigMaps 8052 properties: 8053 configMapRef: 8054 description: The ConfigMap to select from 8055 properties: 8056 name: 8057 description: 'Name of the referent. More info: 8058 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8059 TODO: Add other useful fields. apiVersion, kind, 8060 uid?' 8061 type: string 8062 optional: 8063 description: Specify whether the ConfigMap must 8064 be defined 8065 type: boolean 8066 type: object 8067 prefix: 8068 description: An optional identifier to prepend to 8069 each key in the ConfigMap. Must be a C_IDENTIFIER. 8070 type: string 8071 secretRef: 8072 description: The Secret to select from 8073 properties: 8074 name: 8075 description: 'Name of the referent. More info: 8076 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8077 TODO: Add other useful fields. apiVersion, kind, 8078 uid?' 8079 type: string 8080 optional: 8081 description: Specify whether the Secret must be 8082 defined 8083 type: boolean 8084 type: object 8085 type: object 8086 type: array 8087 image: 8088 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 8089 This field is optional to allow higher level config management 8090 to default or override container images in workload controllers 8091 like Deployments and StatefulSets.' 8092 type: string 8093 imagePullPolicy: 8094 description: 'Image pull policy. One of Always, Never, IfNotPresent. 8095 Defaults to Always if :latest tag is specified, or IfNotPresent 8096 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 8097 type: string 8098 lifecycle: 8099 description: Actions that the management system should take 8100 in response to container lifecycle events. Cannot be updated. 8101 properties: 8102 postStart: 8103 description: 'PostStart is called immediately after 8104 a container is created. If the handler fails, the 8105 container is terminated and restarted according to 8106 its restart policy. Other management of the container 8107 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8108 properties: 8109 exec: 8110 description: Exec specifies the action to take. 8111 properties: 8112 command: 8113 description: Command is the command line to 8114 execute inside the container, the working 8115 directory for the command is root ('/') in 8116 the container's filesystem. The command is 8117 simply exec'd, it is not run inside a shell, 8118 so traditional shell instructions ('|', etc) 8119 won't work. To use a shell, you need to explicitly 8120 call out to that shell. Exit status of 0 is 8121 treated as live/healthy and non-zero is unhealthy. 8122 items: 8123 type: string 8124 type: array 8125 type: object 8126 httpGet: 8127 description: HTTPGet specifies the http request 8128 to perform. 8129 properties: 8130 host: 8131 description: Host name to connect to, defaults 8132 to the pod IP. You probably want to set "Host" 8133 in httpHeaders instead. 8134 type: string 8135 httpHeaders: 8136 description: Custom headers to set in the request. 8137 HTTP allows repeated headers. 8138 items: 8139 description: HTTPHeader describes a custom 8140 header to be used in HTTP probes 8141 properties: 8142 name: 8143 description: The header field name 8144 type: string 8145 value: 8146 description: The header field value 8147 type: string 8148 required: 8149 - name 8150 - value 8151 type: object 8152 type: array 8153 path: 8154 description: Path to access on the HTTP server. 8155 type: string 8156 port: 8157 anyOf: 8158 - type: integer 8159 - type: string 8160 description: Name or number of the port to access 8161 on the container. Number must be in the range 8162 1 to 65535. Name must be an IANA_SVC_NAME. 8163 x-kubernetes-int-or-string: true 8164 scheme: 8165 description: Scheme to use for connecting to 8166 the host. Defaults to HTTP. 8167 type: string 8168 required: 8169 - port 8170 type: object 8171 tcpSocket: 8172 description: Deprecated. TCPSocket is NOT supported 8173 as a LifecycleHandler and kept for the backward 8174 compatibility. There are no validation of this 8175 field and lifecycle hooks will fail in runtime 8176 when tcp handler is specified. 8177 properties: 8178 host: 8179 description: 'Optional: Host name to connect 8180 to, defaults to the pod IP.' 8181 type: string 8182 port: 8183 anyOf: 8184 - type: integer 8185 - type: string 8186 description: Number or name of the port to access 8187 on the container. Number must be in the range 8188 1 to 65535. Name must be an IANA_SVC_NAME. 8189 x-kubernetes-int-or-string: true 8190 required: 8191 - port 8192 type: object 8193 type: object 8194 preStop: 8195 description: 'PreStop is called immediately before a 8196 container is terminated due to an API request or management 8197 event such as liveness/startup probe failure, preemption, 8198 resource contention, etc. The handler is not called 8199 if the container crashes or exits. The Pod''s termination 8200 grace period countdown begins before the PreStop hook 8201 is executed. Regardless of the outcome of the handler, 8202 the container will eventually terminate within the 8203 Pod''s termination grace period (unless delayed by 8204 finalizers). Other management of the container blocks 8205 until the hook completes or until the termination 8206 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8207 properties: 8208 exec: 8209 description: Exec specifies the action to take. 8210 properties: 8211 command: 8212 description: Command is the command line to 8213 execute inside the container, the working 8214 directory for the command is root ('/') in 8215 the container's filesystem. The command is 8216 simply exec'd, it is not run inside a shell, 8217 so traditional shell instructions ('|', etc) 8218 won't work. To use a shell, you need to explicitly 8219 call out to that shell. Exit status of 0 is 8220 treated as live/healthy and non-zero is unhealthy. 8221 items: 8222 type: string 8223 type: array 8224 type: object 8225 httpGet: 8226 description: HTTPGet specifies the http request 8227 to perform. 8228 properties: 8229 host: 8230 description: Host name to connect to, defaults 8231 to the pod IP. You probably want to set "Host" 8232 in httpHeaders instead. 8233 type: string 8234 httpHeaders: 8235 description: Custom headers to set in the request. 8236 HTTP allows repeated headers. 8237 items: 8238 description: HTTPHeader describes a custom 8239 header to be used in HTTP probes 8240 properties: 8241 name: 8242 description: The header field name 8243 type: string 8244 value: 8245 description: The header field value 8246 type: string 8247 required: 8248 - name 8249 - value 8250 type: object 8251 type: array 8252 path: 8253 description: Path to access on the HTTP server. 8254 type: string 8255 port: 8256 anyOf: 8257 - type: integer 8258 - type: string 8259 description: Name or number of the port to access 8260 on the container. Number must be in the range 8261 1 to 65535. Name must be an IANA_SVC_NAME. 8262 x-kubernetes-int-or-string: true 8263 scheme: 8264 description: Scheme to use for connecting to 8265 the host. Defaults to HTTP. 8266 type: string 8267 required: 8268 - port 8269 type: object 8270 tcpSocket: 8271 description: Deprecated. TCPSocket is NOT supported 8272 as a LifecycleHandler and kept for the backward 8273 compatibility. There are no validation of this 8274 field and lifecycle hooks will fail in runtime 8275 when tcp handler is specified. 8276 properties: 8277 host: 8278 description: 'Optional: Host name to connect 8279 to, defaults to the pod IP.' 8280 type: string 8281 port: 8282 anyOf: 8283 - type: integer 8284 - type: string 8285 description: Number or name of the port to access 8286 on the container. Number must be in the range 8287 1 to 65535. Name must be an IANA_SVC_NAME. 8288 x-kubernetes-int-or-string: true 8289 required: 8290 - port 8291 type: object 8292 type: object 8293 type: object 8294 livenessProbe: 8295 description: 'Periodic probe of container liveness. Container 8296 will be restarted if the probe fails. Cannot be updated. 8297 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8298 properties: 8299 exec: 8300 description: Exec specifies the action to take. 8301 properties: 8302 command: 8303 description: Command is the command line to execute 8304 inside the container, the working directory for 8305 the command is root ('/') in the container's 8306 filesystem. The command is simply exec'd, it is 8307 not run inside a shell, so traditional shell instructions 8308 ('|', etc) won't work. To use a shell, you need 8309 to explicitly call out to that shell. Exit status 8310 of 0 is treated as live/healthy and non-zero is 8311 unhealthy. 8312 items: 8313 type: string 8314 type: array 8315 type: object 8316 failureThreshold: 8317 description: Minimum consecutive failures for the probe 8318 to be considered failed after having succeeded. Defaults 8319 to 3. Minimum value is 1. 8320 format: int32 8321 type: integer 8322 grpc: 8323 description: GRPC specifies an action involving a GRPC 8324 port. This is a beta field and requires enabling GRPCContainerProbe 8325 feature gate. 8326 properties: 8327 port: 8328 description: Port number of the gRPC service. Number 8329 must be in the range 1 to 65535. 8330 format: int32 8331 type: integer 8332 service: 8333 description: "Service is the name of the service 8334 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8335 \n If this is not specified, the default behavior 8336 is defined by gRPC." 8337 type: string 8338 required: 8339 - port 8340 type: object 8341 httpGet: 8342 description: HTTPGet specifies the http request to perform. 8343 properties: 8344 host: 8345 description: Host name to connect to, defaults to 8346 the pod IP. You probably want to set "Host" in 8347 httpHeaders instead. 8348 type: string 8349 httpHeaders: 8350 description: Custom headers to set in the request. 8351 HTTP allows repeated headers. 8352 items: 8353 description: HTTPHeader describes a custom header 8354 to be used in HTTP probes 8355 properties: 8356 name: 8357 description: The header field name 8358 type: string 8359 value: 8360 description: The header field value 8361 type: string 8362 required: 8363 - name 8364 - value 8365 type: object 8366 type: array 8367 path: 8368 description: Path to access on the HTTP server. 8369 type: string 8370 port: 8371 anyOf: 8372 - type: integer 8373 - type: string 8374 description: Name or number of the port to access 8375 on the container. Number must be in the range 8376 1 to 65535. Name must be an IANA_SVC_NAME. 8377 x-kubernetes-int-or-string: true 8378 scheme: 8379 description: Scheme to use for connecting to the 8380 host. Defaults to HTTP. 8381 type: string 8382 required: 8383 - port 8384 type: object 8385 initialDelaySeconds: 8386 description: 'Number of seconds after the container 8387 has started before liveness probes are initiated. 8388 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8389 format: int32 8390 type: integer 8391 periodSeconds: 8392 description: How often (in seconds) to perform the probe. 8393 Default to 10 seconds. Minimum value is 1. 8394 format: int32 8395 type: integer 8396 successThreshold: 8397 description: Minimum consecutive successes for the probe 8398 to be considered successful after having failed. Defaults 8399 to 1. Must be 1 for liveness and startup. Minimum 8400 value is 1. 8401 format: int32 8402 type: integer 8403 tcpSocket: 8404 description: TCPSocket specifies an action involving 8405 a TCP port. 8406 properties: 8407 host: 8408 description: 'Optional: Host name to connect to, 8409 defaults to the pod IP.' 8410 type: string 8411 port: 8412 anyOf: 8413 - type: integer 8414 - type: string 8415 description: Number or name of the port to access 8416 on the container. Number must be in the range 8417 1 to 65535. Name must be an IANA_SVC_NAME. 8418 x-kubernetes-int-or-string: true 8419 required: 8420 - port 8421 type: object 8422 terminationGracePeriodSeconds: 8423 description: Optional duration in seconds the pod needs 8424 to terminate gracefully upon probe failure. The grace 8425 period is the duration in seconds after the processes 8426 running in the pod are sent a termination signal and 8427 the time when the processes are forcibly halted with 8428 a kill signal. Set this value longer than the expected 8429 cleanup time for your process. If this value is nil, 8430 the pod's terminationGracePeriodSeconds will be used. 8431 Otherwise, this value overrides the value provided 8432 by the pod spec. Value must be non-negative integer. 8433 The value zero indicates stop immediately via the 8434 kill signal (no opportunity to shut down). This is 8435 a beta field and requires enabling ProbeTerminationGracePeriod 8436 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 8437 is used if unset. 8438 format: int64 8439 type: integer 8440 timeoutSeconds: 8441 description: 'Number of seconds after which the probe 8442 times out. Defaults to 1 second. Minimum value is 8443 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8444 format: int32 8445 type: integer 8446 type: object 8447 name: 8448 description: Name of the container specified as a DNS_LABEL. 8449 Each container in a pod must have a unique name (DNS_LABEL). 8450 Cannot be updated. 8451 type: string 8452 ports: 8453 description: List of ports to expose from the container. 8454 Exposing a port here gives the system additional information 8455 about the network connections a container uses, but is 8456 primarily informational. Not specifying a port here DOES 8457 NOT prevent that port from being exposed. Any port which 8458 is listening on the default "0.0.0.0" address inside a 8459 container will be accessible from the network. Cannot 8460 be updated. 8461 items: 8462 description: ContainerPort represents a network port in 8463 a single container. 8464 properties: 8465 containerPort: 8466 description: Number of port to expose on the pod's 8467 IP address. This must be a valid port number, 0 8468 < x < 65536. 8469 format: int32 8470 type: integer 8471 hostIP: 8472 description: What host IP to bind the external port 8473 to. 8474 type: string 8475 hostPort: 8476 description: Number of port to expose on the host. 8477 If specified, this must be a valid port number, 8478 0 < x < 65536. If HostNetwork is specified, this 8479 must match ContainerPort. Most containers do not 8480 need this. 8481 format: int32 8482 type: integer 8483 name: 8484 description: If specified, this must be an IANA_SVC_NAME 8485 and unique within the pod. Each named port in a 8486 pod must have a unique name. Name for the port that 8487 can be referred to by services. 8488 type: string 8489 protocol: 8490 default: TCP 8491 description: Protocol for port. Must be UDP, TCP, 8492 or SCTP. Defaults to "TCP". 8493 type: string 8494 required: 8495 - containerPort 8496 type: object 8497 type: array 8498 x-kubernetes-list-map-keys: 8499 - containerPort 8500 - protocol 8501 x-kubernetes-list-type: map 8502 readinessProbe: 8503 description: 'Periodic probe of container service readiness. 8504 Container will be removed from service endpoints if the 8505 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8506 properties: 8507 exec: 8508 description: Exec specifies the action to take. 8509 properties: 8510 command: 8511 description: Command is the command line to execute 8512 inside the container, the working directory for 8513 the command is root ('/') in the container's 8514 filesystem. The command is simply exec'd, it is 8515 not run inside a shell, so traditional shell instructions 8516 ('|', etc) won't work. To use a shell, you need 8517 to explicitly call out to that shell. Exit status 8518 of 0 is treated as live/healthy and non-zero is 8519 unhealthy. 8520 items: 8521 type: string 8522 type: array 8523 type: object 8524 failureThreshold: 8525 description: Minimum consecutive failures for the probe 8526 to be considered failed after having succeeded. Defaults 8527 to 3. Minimum value is 1. 8528 format: int32 8529 type: integer 8530 grpc: 8531 description: GRPC specifies an action involving a GRPC 8532 port. This is a beta field and requires enabling GRPCContainerProbe 8533 feature gate. 8534 properties: 8535 port: 8536 description: Port number of the gRPC service. Number 8537 must be in the range 1 to 65535. 8538 format: int32 8539 type: integer 8540 service: 8541 description: "Service is the name of the service 8542 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8543 \n If this is not specified, the default behavior 8544 is defined by gRPC." 8545 type: string 8546 required: 8547 - port 8548 type: object 8549 httpGet: 8550 description: HTTPGet specifies the http request to perform. 8551 properties: 8552 host: 8553 description: Host name to connect to, defaults to 8554 the pod IP. You probably want to set "Host" in 8555 httpHeaders instead. 8556 type: string 8557 httpHeaders: 8558 description: Custom headers to set in the request. 8559 HTTP allows repeated headers. 8560 items: 8561 description: HTTPHeader describes a custom header 8562 to be used in HTTP probes 8563 properties: 8564 name: 8565 description: The header field name 8566 type: string 8567 value: 8568 description: The header field value 8569 type: string 8570 required: 8571 - name 8572 - value 8573 type: object 8574 type: array 8575 path: 8576 description: Path to access on the HTTP server. 8577 type: string 8578 port: 8579 anyOf: 8580 - type: integer 8581 - type: string 8582 description: Name or number of the port to access 8583 on the container. Number must be in the range 8584 1 to 65535. Name must be an IANA_SVC_NAME. 8585 x-kubernetes-int-or-string: true 8586 scheme: 8587 description: Scheme to use for connecting to the 8588 host. Defaults to HTTP. 8589 type: string 8590 required: 8591 - port 8592 type: object 8593 initialDelaySeconds: 8594 description: 'Number of seconds after the container 8595 has started before liveness probes are initiated. 8596 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8597 format: int32 8598 type: integer 8599 periodSeconds: 8600 description: How often (in seconds) to perform the probe. 8601 Default to 10 seconds. Minimum value is 1. 8602 format: int32 8603 type: integer 8604 successThreshold: 8605 description: Minimum consecutive successes for the probe 8606 to be considered successful after having failed. Defaults 8607 to 1. Must be 1 for liveness and startup. Minimum 8608 value is 1. 8609 format: int32 8610 type: integer 8611 tcpSocket: 8612 description: TCPSocket specifies an action involving 8613 a TCP port. 8614 properties: 8615 host: 8616 description: 'Optional: Host name to connect to, 8617 defaults to the pod IP.' 8618 type: string 8619 port: 8620 anyOf: 8621 - type: integer 8622 - type: string 8623 description: Number or name of the port to access 8624 on the container. Number must be in the range 8625 1 to 65535. Name must be an IANA_SVC_NAME. 8626 x-kubernetes-int-or-string: true 8627 required: 8628 - port 8629 type: object 8630 terminationGracePeriodSeconds: 8631 description: Optional duration in seconds the pod needs 8632 to terminate gracefully upon probe failure. The grace 8633 period is the duration in seconds after the processes 8634 running in the pod are sent a termination signal and 8635 the time when the processes are forcibly halted with 8636 a kill signal. Set this value longer than the expected 8637 cleanup time for your process. If this value is nil, 8638 the pod's terminationGracePeriodSeconds will be used. 8639 Otherwise, this value overrides the value provided 8640 by the pod spec. Value must be non-negative integer. 8641 The value zero indicates stop immediately via the 8642 kill signal (no opportunity to shut down). This is 8643 a beta field and requires enabling ProbeTerminationGracePeriod 8644 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 8645 is used if unset. 8646 format: int64 8647 type: integer 8648 timeoutSeconds: 8649 description: 'Number of seconds after which the probe 8650 times out. Defaults to 1 second. Minimum value is 8651 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8652 format: int32 8653 type: integer 8654 type: object 8655 resources: 8656 description: 'Compute Resources required by this container. 8657 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8658 properties: 8659 limits: 8660 additionalProperties: 8661 anyOf: 8662 - type: integer 8663 - type: string 8664 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8665 x-kubernetes-int-or-string: true 8666 description: 'Limits describes the maximum amount of 8667 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8668 type: object 8669 requests: 8670 additionalProperties: 8671 anyOf: 8672 - type: integer 8673 - type: string 8674 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8675 x-kubernetes-int-or-string: true 8676 description: 'Requests describes the minimum amount 8677 of compute resources required. If Requests is omitted 8678 for a container, it defaults to Limits if that is 8679 explicitly specified, otherwise to an implementation-defined 8680 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 8681 type: object 8682 type: object 8683 securityContext: 8684 description: 'SecurityContext defines the security options 8685 the container should be run with. If set, the fields of 8686 SecurityContext override the equivalent fields of PodSecurityContext. 8687 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 8688 properties: 8689 allowPrivilegeEscalation: 8690 description: 'AllowPrivilegeEscalation controls whether 8691 a process can gain more privileges than its parent 8692 process. This bool directly controls if the no_new_privs 8693 flag will be set on the container process. AllowPrivilegeEscalation 8694 is true always when the container is: 1) run as Privileged 8695 2) has CAP_SYS_ADMIN Note that this field cannot be 8696 set when spec.os.name is windows.' 8697 type: boolean 8698 capabilities: 8699 description: The capabilities to add/drop when running 8700 containers. Defaults to the default set of capabilities 8701 granted by the container runtime. Note that this field 8702 cannot be set when spec.os.name is windows. 8703 properties: 8704 add: 8705 description: Added capabilities 8706 items: 8707 description: Capability represent POSIX capabilities 8708 type 8709 type: string 8710 type: array 8711 drop: 8712 description: Removed capabilities 8713 items: 8714 description: Capability represent POSIX capabilities 8715 type 8716 type: string 8717 type: array 8718 type: object 8719 privileged: 8720 description: Run container in privileged mode. Processes 8721 in privileged containers are essentially equivalent 8722 to root on the host. Defaults to false. Note that 8723 this field cannot be set when spec.os.name is windows. 8724 type: boolean 8725 procMount: 8726 description: procMount denotes the type of proc mount 8727 to use for the containers. The default is DefaultProcMount 8728 which uses the container runtime defaults for readonly 8729 paths and masked paths. This requires the ProcMountType 8730 feature flag to be enabled. Note that this field cannot 8731 be set when spec.os.name is windows. 8732 type: string 8733 readOnlyRootFilesystem: 8734 description: Whether this container has a read-only 8735 root filesystem. Default is false. Note that this 8736 field cannot be set when spec.os.name is windows. 8737 type: boolean 8738 runAsGroup: 8739 description: The GID to run the entrypoint of the container 8740 process. Uses runtime default if unset. May also be 8741 set in PodSecurityContext. If set in both SecurityContext 8742 and PodSecurityContext, the value specified in SecurityContext 8743 takes precedence. Note that this field cannot be set 8744 when spec.os.name is windows. 8745 format: int64 8746 type: integer 8747 runAsNonRoot: 8748 description: Indicates that the container must run as 8749 a non-root user. If true, the Kubelet will validate 8750 the image at runtime to ensure that it does not run 8751 as UID 0 (root) and fail to start the container if 8752 it does. If unset or false, no such validation will 8753 be performed. May also be set in PodSecurityContext. If 8754 set in both SecurityContext and PodSecurityContext, 8755 the value specified in SecurityContext takes precedence. 8756 type: boolean 8757 runAsUser: 8758 description: The UID to run the entrypoint of the container 8759 process. Defaults to user specified in image metadata 8760 if unspecified. May also be set in PodSecurityContext. If 8761 set in both SecurityContext and PodSecurityContext, 8762 the value specified in SecurityContext takes precedence. 8763 Note that this field cannot be set when spec.os.name 8764 is windows. 8765 format: int64 8766 type: integer 8767 seLinuxOptions: 8768 description: The SELinux context to be applied to the 8769 container. If unspecified, the container runtime will 8770 allocate a random SELinux context for each container. May 8771 also be set in PodSecurityContext. If set in both 8772 SecurityContext and PodSecurityContext, the value 8773 specified in SecurityContext takes precedence. Note 8774 that this field cannot be set when spec.os.name is 8775 windows. 8776 properties: 8777 level: 8778 description: Level is SELinux level label that applies 8779 to the container. 8780 type: string 8781 role: 8782 description: Role is a SELinux role label that applies 8783 to the container. 8784 type: string 8785 type: 8786 description: Type is a SELinux type label that applies 8787 to the container. 8788 type: string 8789 user: 8790 description: User is a SELinux user label that applies 8791 to the container. 8792 type: string 8793 type: object 8794 seccompProfile: 8795 description: The seccomp options to use by this container. 8796 If seccomp options are provided at both the pod & 8797 container level, the container options override the 8798 pod options. Note that this field cannot be set when 8799 spec.os.name is windows. 8800 properties: 8801 localhostProfile: 8802 description: localhostProfile indicates a profile 8803 defined in a file on the node should be used. 8804 The profile must be preconfigured on the node 8805 to work. Must be a descending path, relative to 8806 the kubelet's configured seccomp profile location. 8807 Must only be set if type is "Localhost". 8808 type: string 8809 type: 8810 description: "type indicates which kind of seccomp 8811 profile will be applied. Valid options are: \n 8812 Localhost - a profile defined in a file on the 8813 node should be used. RuntimeDefault - the container 8814 runtime default profile should be used. Unconfined 8815 - no profile should be applied." 8816 type: string 8817 required: 8818 - type 8819 type: object 8820 windowsOptions: 8821 description: The Windows specific settings applied to 8822 all containers. If unspecified, the options from the 8823 PodSecurityContext will be used. If set in both SecurityContext 8824 and PodSecurityContext, the value specified in SecurityContext 8825 takes precedence. Note that this field cannot be set 8826 when spec.os.name is linux. 8827 properties: 8828 gmsaCredentialSpec: 8829 description: GMSACredentialSpec is where the GMSA 8830 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 8831 inlines the contents of the GMSA credential spec 8832 named by the GMSACredentialSpecName field. 8833 type: string 8834 gmsaCredentialSpecName: 8835 description: GMSACredentialSpecName is the name 8836 of the GMSA credential spec to use. 8837 type: string 8838 hostProcess: 8839 description: HostProcess determines if a container 8840 should be run as a 'Host Process' container. This 8841 field is alpha-level and will only be honored 8842 by components that enable the WindowsHostProcessContainers 8843 feature flag. Setting this field without the feature 8844 flag will result in errors when validating the 8845 Pod. All of a Pod's containers must have the same 8846 effective HostProcess value (it is not allowed 8847 to have a mix of HostProcess containers and non-HostProcess 8848 containers). In addition, if HostProcess is true 8849 then HostNetwork must also be set to true. 8850 type: boolean 8851 runAsUserName: 8852 description: The UserName in Windows to run the 8853 entrypoint of the container process. Defaults 8854 to the user specified in image metadata if unspecified. 8855 May also be set in PodSecurityContext. If set 8856 in both SecurityContext and PodSecurityContext, 8857 the value specified in SecurityContext takes precedence. 8858 type: string 8859 type: object 8860 type: object 8861 startupProbe: 8862 description: 'StartupProbe indicates that the Pod has successfully 8863 initialized. If specified, no other probes are executed 8864 until this completes successfully. If this probe fails, 8865 the Pod will be restarted, just as if the livenessProbe 8866 failed. This can be used to provide different probe parameters 8867 at the beginning of a Pod''s lifecycle, when it might 8868 take a long time to load data or warm a cache, than during 8869 steady-state operation. This cannot be updated. More info: 8870 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8871 properties: 8872 exec: 8873 description: Exec specifies the action to take. 8874 properties: 8875 command: 8876 description: Command is the command line to execute 8877 inside the container, the working directory for 8878 the command is root ('/') in the container's 8879 filesystem. The command is simply exec'd, it is 8880 not run inside a shell, so traditional shell instructions 8881 ('|', etc) won't work. To use a shell, you need 8882 to explicitly call out to that shell. Exit status 8883 of 0 is treated as live/healthy and non-zero is 8884 unhealthy. 8885 items: 8886 type: string 8887 type: array 8888 type: object 8889 failureThreshold: 8890 description: Minimum consecutive failures for the probe 8891 to be considered failed after having succeeded. Defaults 8892 to 3. Minimum value is 1. 8893 format: int32 8894 type: integer 8895 grpc: 8896 description: GRPC specifies an action involving a GRPC 8897 port. This is a beta field and requires enabling GRPCContainerProbe 8898 feature gate. 8899 properties: 8900 port: 8901 description: Port number of the gRPC service. Number 8902 must be in the range 1 to 65535. 8903 format: int32 8904 type: integer 8905 service: 8906 description: "Service is the name of the service 8907 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 8908 \n If this is not specified, the default behavior 8909 is defined by gRPC." 8910 type: string 8911 required: 8912 - port 8913 type: object 8914 httpGet: 8915 description: HTTPGet specifies the http request to perform. 8916 properties: 8917 host: 8918 description: Host name to connect to, defaults to 8919 the pod IP. You probably want to set "Host" in 8920 httpHeaders instead. 8921 type: string 8922 httpHeaders: 8923 description: Custom headers to set in the request. 8924 HTTP allows repeated headers. 8925 items: 8926 description: HTTPHeader describes a custom header 8927 to be used in HTTP probes 8928 properties: 8929 name: 8930 description: The header field name 8931 type: string 8932 value: 8933 description: The header field value 8934 type: string 8935 required: 8936 - name 8937 - value 8938 type: object 8939 type: array 8940 path: 8941 description: Path to access on the HTTP server. 8942 type: string 8943 port: 8944 anyOf: 8945 - type: integer 8946 - type: string 8947 description: Name or number of the port to access 8948 on the container. Number must be in the range 8949 1 to 65535. Name must be an IANA_SVC_NAME. 8950 x-kubernetes-int-or-string: true 8951 scheme: 8952 description: Scheme to use for connecting to the 8953 host. Defaults to HTTP. 8954 type: string 8955 required: 8956 - port 8957 type: object 8958 initialDelaySeconds: 8959 description: 'Number of seconds after the container 8960 has started before liveness probes are initiated. 8961 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 8962 format: int32 8963 type: integer 8964 periodSeconds: 8965 description: How often (in seconds) to perform the probe. 8966 Default to 10 seconds. Minimum value is 1. 8967 format: int32 8968 type: integer 8969 successThreshold: 8970 description: Minimum consecutive successes for the probe 8971 to be considered successful after having failed. Defaults 8972 to 1. Must be 1 for liveness and startup. Minimum 8973 value is 1. 8974 format: int32 8975 type: integer 8976 tcpSocket: 8977 description: TCPSocket specifies an action involving 8978 a TCP port. 8979 properties: 8980 host: 8981 description: 'Optional: Host name to connect to, 8982 defaults to the pod IP.' 8983 type: string 8984 port: 8985 anyOf: 8986 - type: integer 8987 - type: string 8988 description: Number or name of the port to access 8989 on the container. Number must be in the range 8990 1 to 65535. Name must be an IANA_SVC_NAME. 8991 x-kubernetes-int-or-string: true 8992 required: 8993 - port 8994 type: object 8995 terminationGracePeriodSeconds: 8996 description: Optional duration in seconds the pod needs 8997 to terminate gracefully upon probe failure. The grace 8998 period is the duration in seconds after the processes 8999 running in the pod are sent a termination signal and 9000 the time when the processes are forcibly halted with 9001 a kill signal. Set this value longer than the expected 9002 cleanup time for your process. If this value is nil, 9003 the pod's terminationGracePeriodSeconds will be used. 9004 Otherwise, this value overrides the value provided 9005 by the pod spec. Value must be non-negative integer. 9006 The value zero indicates stop immediately via the 9007 kill signal (no opportunity to shut down). This is 9008 a beta field and requires enabling ProbeTerminationGracePeriod 9009 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9010 is used if unset. 9011 format: int64 9012 type: integer 9013 timeoutSeconds: 9014 description: 'Number of seconds after which the probe 9015 times out. Defaults to 1 second. Minimum value is 9016 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9017 format: int32 9018 type: integer 9019 type: object 9020 stdin: 9021 description: Whether this container should allocate a buffer 9022 for stdin in the container runtime. If this is not set, 9023 reads from stdin in the container will always result in 9024 EOF. Default is false. 9025 type: boolean 9026 stdinOnce: 9027 description: Whether the container runtime should close 9028 the stdin channel after it has been opened by a single 9029 attach. When stdin is true the stdin stream will remain 9030 open across multiple attach sessions. If stdinOnce is 9031 set to true, stdin is opened on container start, is empty 9032 until the first client attaches to stdin, and then remains 9033 open and accepts data until the client disconnects, at 9034 which time stdin is closed and remains closed until the 9035 container is restarted. If this flag is false, a container 9036 processes that reads from stdin will never receive an 9037 EOF. Default is false 9038 type: boolean 9039 terminationMessagePath: 9040 description: 'Optional: Path at which the file to which 9041 the container''s termination message will be written is 9042 mounted into the container''s filesystem. Message written 9043 is intended to be brief final status, such as an assertion 9044 failure message. Will be truncated by the node if greater 9045 than 4096 bytes. The total message length across all containers 9046 will be limited to 12kb. Defaults to /dev/termination-log. 9047 Cannot be updated.' 9048 type: string 9049 terminationMessagePolicy: 9050 description: Indicate how the termination message should 9051 be populated. File will use the contents of terminationMessagePath 9052 to populate the container status message on both success 9053 and failure. FallbackToLogsOnError will use the last chunk 9054 of container log output if the termination message file 9055 is empty and the container exited with an error. The log 9056 output is limited to 2048 bytes or 80 lines, whichever 9057 is smaller. Defaults to File. Cannot be updated. 9058 type: string 9059 tty: 9060 description: Whether this container should allocate a TTY 9061 for itself, also requires 'stdin' to be true. Default 9062 is false. 9063 type: boolean 9064 volumeDevices: 9065 description: volumeDevices is the list of block devices 9066 to be used by the container. 9067 items: 9068 description: volumeDevice describes a mapping of a raw 9069 block device within a container. 9070 properties: 9071 devicePath: 9072 description: devicePath is the path inside of the 9073 container that the device will be mapped to. 9074 type: string 9075 name: 9076 description: name must match the name of a persistentVolumeClaim 9077 in the pod 9078 type: string 9079 required: 9080 - devicePath 9081 - name 9082 type: object 9083 type: array 9084 volumeMounts: 9085 description: Pod volumes to mount into the container's filesystem. 9086 Cannot be updated. 9087 items: 9088 description: VolumeMount describes a mounting of a Volume 9089 within a container. 9090 properties: 9091 mountPath: 9092 description: Path within the container at which the 9093 volume should be mounted. Must not contain ':'. 9094 type: string 9095 mountPropagation: 9096 description: mountPropagation determines how mounts 9097 are propagated from the host to container and the 9098 other way around. When not set, MountPropagationNone 9099 is used. This field is beta in 1.10. 9100 type: string 9101 name: 9102 description: This must match the Name of a Volume. 9103 type: string 9104 readOnly: 9105 description: Mounted read-only if true, read-write 9106 otherwise (false or unspecified). Defaults to false. 9107 type: boolean 9108 subPath: 9109 description: Path within the volume from which the 9110 container's volume should be mounted. Defaults to 9111 "" (volume's root). 9112 type: string 9113 subPathExpr: 9114 description: Expanded path within the volume from 9115 which the container's volume should be mounted. 9116 Behaves similarly to SubPath but environment variable 9117 references $(VAR_NAME) are expanded using the container's 9118 environment. Defaults to "" (volume's root). SubPathExpr 9119 and SubPath are mutually exclusive. 9120 type: string 9121 required: 9122 - mountPath 9123 - name 9124 type: object 9125 type: array 9126 workingDir: 9127 description: Container's working directory. If not specified, 9128 the container runtime's default will be used, which might 9129 be configured in the container image. Cannot be updated. 9130 type: string 9131 required: 9132 - name 9133 type: object 9134 type: array 9135 extraVolumeMounts: 9136 items: 9137 description: VolumeMount describes a mounting of a Volume within 9138 a container. 9139 properties: 9140 mountPath: 9141 description: Path within the container at which the volume 9142 should be mounted. Must not contain ':'. 9143 type: string 9144 mountPropagation: 9145 description: mountPropagation determines how mounts are 9146 propagated from the host to container and the other way 9147 around. When not set, MountPropagationNone is used. This 9148 field is beta in 1.10. 9149 type: string 9150 name: 9151 description: This must match the Name of a Volume. 9152 type: string 9153 readOnly: 9154 description: Mounted read-only if true, read-write otherwise 9155 (false or unspecified). Defaults to false. 9156 type: boolean 9157 subPath: 9158 description: Path within the volume from which the container's 9159 volume should be mounted. Defaults to "" (volume's root). 9160 type: string 9161 subPathExpr: 9162 description: Expanded path within the volume from which 9163 the container's volume should be mounted. Behaves similarly 9164 to SubPath but environment variable references $(VAR_NAME) 9165 are expanded using the container's environment. Defaults 9166 to "" (volume's root). SubPathExpr and SubPath are mutually 9167 exclusive. 9168 type: string 9169 required: 9170 - mountPath 9171 - name 9172 type: object 9173 type: array 9174 extraVolumes: 9175 items: 9176 description: Volume represents a named volume in a pod that 9177 may be accessed by any container in the pod. 9178 properties: 9179 awsElasticBlockStore: 9180 description: 'awsElasticBlockStore represents an AWS Disk 9181 resource that is attached to a kubelet''s host machine 9182 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9183 properties: 9184 fsType: 9185 description: 'fsType is the filesystem type of the volume 9186 that you want to mount. Tip: Ensure that the filesystem 9187 type is supported by the host operating system. Examples: 9188 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 9189 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 9190 TODO: how do we prevent errors in the filesystem from 9191 compromising the machine' 9192 type: string 9193 partition: 9194 description: 'partition is the partition in the volume 9195 that you want to mount. If omitted, the default is 9196 to mount by volume name. Examples: For volume /dev/sda1, 9197 you specify the partition as "1". Similarly, the volume 9198 partition for /dev/sda is "0" (or you can leave the 9199 property empty).' 9200 format: int32 9201 type: integer 9202 readOnly: 9203 description: 'readOnly value true will force the readOnly 9204 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9205 type: boolean 9206 volumeID: 9207 description: 'volumeID is unique ID of the persistent 9208 disk resource in AWS (Amazon EBS volume). More info: 9209 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 9210 type: string 9211 required: 9212 - volumeID 9213 type: object 9214 azureDisk: 9215 description: azureDisk represents an Azure Data Disk mount 9216 on the host and bind mount to the pod. 9217 properties: 9218 cachingMode: 9219 description: 'cachingMode is the Host Caching mode: 9220 None, Read Only, Read Write.' 9221 type: string 9222 diskName: 9223 description: diskName is the Name of the data disk in 9224 the blob storage 9225 type: string 9226 diskURI: 9227 description: diskURI is the URI of data disk in the 9228 blob storage 9229 type: string 9230 fsType: 9231 description: fsType is Filesystem type to mount. Must 9232 be a filesystem type supported by the host operating 9233 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 9234 to be "ext4" if unspecified. 9235 type: string 9236 kind: 9237 description: 'kind expected values are Shared: multiple 9238 blob disks per storage account Dedicated: single 9239 blob disk per storage account Managed: azure managed 9240 data disk (only in managed availability set). defaults 9241 to shared' 9242 type: string 9243 readOnly: 9244 description: readOnly Defaults to false (read/write). 9245 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9246 type: boolean 9247 required: 9248 - diskName 9249 - diskURI 9250 type: object 9251 azureFile: 9252 description: azureFile represents an Azure File Service 9253 mount on the host and bind mount to the pod. 9254 properties: 9255 readOnly: 9256 description: readOnly defaults to false (read/write). 9257 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9258 type: boolean 9259 secretName: 9260 description: secretName is the name of secret that 9261 contains Azure Storage Account Name and Key 9262 type: string 9263 shareName: 9264 description: shareName is the azure share Name 9265 type: string 9266 required: 9267 - secretName 9268 - shareName 9269 type: object 9270 cephfs: 9271 description: cephFS represents a Ceph FS mount on the host 9272 that shares a pod's lifetime 9273 properties: 9274 monitors: 9275 description: 'monitors is Required: Monitors is a collection 9276 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9277 items: 9278 type: string 9279 type: array 9280 path: 9281 description: 'path is Optional: Used as the mounted 9282 root, rather than the full Ceph tree, default is /' 9283 type: string 9284 readOnly: 9285 description: 'readOnly is Optional: Defaults to false 9286 (read/write). ReadOnly here will force the ReadOnly 9287 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9288 type: boolean 9289 secretFile: 9290 description: 'secretFile is Optional: SecretFile is 9291 the path to key ring for User, default is /etc/ceph/user.secret 9292 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9293 type: string 9294 secretRef: 9295 description: 'secretRef is Optional: SecretRef is reference 9296 to the authentication secret for User, default is 9297 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9298 properties: 9299 name: 9300 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9301 TODO: Add other useful fields. apiVersion, kind, 9302 uid?' 9303 type: string 9304 type: object 9305 user: 9306 description: 'user is optional: User is the rados user 9307 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 9308 type: string 9309 required: 9310 - monitors 9311 type: object 9312 cinder: 9313 description: 'cinder represents a cinder volume attached 9314 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9315 properties: 9316 fsType: 9317 description: 'fsType is the filesystem type to mount. 9318 Must be a filesystem type supported by the host operating 9319 system. Examples: "ext4", "xfs", "ntfs". Implicitly 9320 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9321 type: string 9322 readOnly: 9323 description: 'readOnly defaults to false (read/write). 9324 ReadOnly here will force the ReadOnly setting in VolumeMounts. 9325 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9326 type: boolean 9327 secretRef: 9328 description: 'secretRef is optional: points to a secret 9329 object containing parameters used to connect to OpenStack.' 9330 properties: 9331 name: 9332 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9333 TODO: Add other useful fields. apiVersion, kind, 9334 uid?' 9335 type: string 9336 type: object 9337 volumeID: 9338 description: 'volumeID used to identify the volume in 9339 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 9340 type: string 9341 required: 9342 - volumeID 9343 type: object 9344 configMap: 9345 description: configMap represents a configMap that should 9346 populate this volume 9347 properties: 9348 defaultMode: 9349 description: 'defaultMode is optional: mode bits used 9350 to set permissions on created files by default. Must 9351 be an octal value between 0000 and 0777 or a decimal 9352 value between 0 and 511. YAML accepts both octal and 9353 decimal values, JSON requires decimal values for mode 9354 bits. Defaults to 0644. Directories within the path 9355 are not affected by this setting. This might be in 9356 conflict with other options that affect the file mode, 9357 like fsGroup, and the result can be other mode bits 9358 set.' 9359 format: int32 9360 type: integer 9361 items: 9362 description: items if unspecified, each key-value pair 9363 in the Data field of the referenced ConfigMap will 9364 be projected into the volume as a file whose name 9365 is the key and content is the value. If specified, 9366 the listed keys will be projected into the specified 9367 paths, and unlisted keys will not be present. If a 9368 key is specified which is not present in the ConfigMap, 9369 the volume setup will error unless it is marked optional. 9370 Paths must be relative and may not contain the '..' 9371 path or start with '..'. 9372 items: 9373 description: Maps a string key to a path within a 9374 volume. 9375 properties: 9376 key: 9377 description: key is the key to project. 9378 type: string 9379 mode: 9380 description: 'mode is Optional: mode bits used 9381 to set permissions on this file. Must be an 9382 octal value between 0000 and 0777 or a decimal 9383 value between 0 and 511. YAML accepts both octal 9384 and decimal values, JSON requires decimal values 9385 for mode bits. If not specified, the volume 9386 defaultMode will be used. This might be in conflict 9387 with other options that affect the file mode, 9388 like fsGroup, and the result can be other mode 9389 bits set.' 9390 format: int32 9391 type: integer 9392 path: 9393 description: path is the relative path of the 9394 file to map the key to. May not be an absolute 9395 path. May not contain the path element '..'. 9396 May not start with the string '..'. 9397 type: string 9398 required: 9399 - key 9400 - path 9401 type: object 9402 type: array 9403 name: 9404 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9405 TODO: Add other useful fields. apiVersion, kind, uid?' 9406 type: string 9407 optional: 9408 description: optional specify whether the ConfigMap 9409 or its keys must be defined 9410 type: boolean 9411 type: object 9412 csi: 9413 description: csi (Container Storage Interface) represents 9414 ephemeral storage that is handled by certain external 9415 CSI drivers (Beta feature). 9416 properties: 9417 driver: 9418 description: driver is the name of the CSI driver that 9419 handles this volume. Consult with your admin for the 9420 correct name as registered in the cluster. 9421 type: string 9422 fsType: 9423 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 9424 If not provided, the empty value is passed to the 9425 associated CSI driver which will determine the default 9426 filesystem to apply. 9427 type: string 9428 nodePublishSecretRef: 9429 description: nodePublishSecretRef is a reference to 9430 the secret object containing sensitive information 9431 to pass to the CSI driver to complete the CSI NodePublishVolume 9432 and NodeUnpublishVolume calls. This field is optional, 9433 and may be empty if no secret is required. If the 9434 secret object contains more than one secret, all secret 9435 references are passed. 9436 properties: 9437 name: 9438 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9439 TODO: Add other useful fields. apiVersion, kind, 9440 uid?' 9441 type: string 9442 type: object 9443 readOnly: 9444 description: readOnly specifies a read-only configuration 9445 for the volume. Defaults to false (read/write). 9446 type: boolean 9447 volumeAttributes: 9448 additionalProperties: 9449 type: string 9450 description: volumeAttributes stores driver-specific 9451 properties that are passed to the CSI driver. Consult 9452 your driver's documentation for supported values. 9453 type: object 9454 required: 9455 - driver 9456 type: object 9457 downwardAPI: 9458 description: downwardAPI represents downward API about the 9459 pod that should populate this volume 9460 properties: 9461 defaultMode: 9462 description: 'Optional: mode bits to use on created 9463 files by default. Must be a Optional: mode bits used 9464 to set permissions on created files by default. Must 9465 be an octal value between 0000 and 0777 or a decimal 9466 value between 0 and 511. YAML accepts both octal and 9467 decimal values, JSON requires decimal values for mode 9468 bits. Defaults to 0644. Directories within the path 9469 are not affected by this setting. This might be in 9470 conflict with other options that affect the file mode, 9471 like fsGroup, and the result can be other mode bits 9472 set.' 9473 format: int32 9474 type: integer 9475 items: 9476 description: Items is a list of downward API volume 9477 file 9478 items: 9479 description: DownwardAPIVolumeFile represents information 9480 to create the file containing the pod field 9481 properties: 9482 fieldRef: 9483 description: 'Required: Selects a field of the 9484 pod: only annotations, labels, name and namespace 9485 are supported.' 9486 properties: 9487 apiVersion: 9488 description: Version of the schema the FieldPath 9489 is written in terms of, defaults to "v1". 9490 type: string 9491 fieldPath: 9492 description: Path of the field to select in 9493 the specified API version. 9494 type: string 9495 required: 9496 - fieldPath 9497 type: object 9498 mode: 9499 description: 'Optional: mode bits used to set 9500 permissions on this file, must be an octal value 9501 between 0000 and 0777 or a decimal value between 9502 0 and 511. YAML accepts both octal and decimal 9503 values, JSON requires decimal values for mode 9504 bits. If not specified, the volume defaultMode 9505 will be used. This might be in conflict with 9506 other options that affect the file mode, like 9507 fsGroup, and the result can be other mode bits 9508 set.' 9509 format: int32 9510 type: integer 9511 path: 9512 description: 'Required: Path is the relative 9513 path name of the file to be created. Must not 9514 be absolute or contain the ''..'' path. Must 9515 be utf-8 encoded. The first item of the relative 9516 path must not start with ''..''' 9517 type: string 9518 resourceFieldRef: 9519 description: 'Selects a resource of the container: 9520 only resources limits and requests (limits.cpu, 9521 limits.memory, requests.cpu and requests.memory) 9522 are currently supported.' 9523 properties: 9524 containerName: 9525 description: 'Container name: required for 9526 volumes, optional for env vars' 9527 type: string 9528 divisor: 9529 anyOf: 9530 - type: integer 9531 - type: string 9532 description: Specifies the output format of 9533 the exposed resources, defaults to "1" 9534 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9535 x-kubernetes-int-or-string: true 9536 resource: 9537 description: 'Required: resource to select' 9538 type: string 9539 required: 9540 - resource 9541 type: object 9542 required: 9543 - path 9544 type: object 9545 type: array 9546 type: object 9547 emptyDir: 9548 description: 'emptyDir represents a temporary directory 9549 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 9550 properties: 9551 medium: 9552 description: 'medium represents what type of storage 9553 medium should back this directory. The default is 9554 "" which means to use the node''s default medium. 9555 Must be an empty string (default) or Memory. More 9556 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 9557 type: string 9558 sizeLimit: 9559 anyOf: 9560 - type: integer 9561 - type: string 9562 description: 'sizeLimit is the total amount of local 9563 storage required for this EmptyDir volume. The size 9564 limit is also applicable for memory medium. The maximum 9565 usage on memory medium EmptyDir would be the minimum 9566 value between the SizeLimit specified here and the 9567 sum of memory limits of all containers in a pod. The 9568 default is nil which means that the limit is undefined. 9569 More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 9570 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9571 x-kubernetes-int-or-string: true 9572 type: object 9573 ephemeral: 9574 description: "ephemeral represents a volume that is handled 9575 by a cluster storage driver. The volume's lifecycle is 9576 tied to the pod that defines it - it will be created before 9577 the pod starts, and deleted when the pod is removed. \n 9578 Use this if: a) the volume is only needed while the pod 9579 runs, b) features of normal volumes like restoring from 9580 snapshot or capacity tracking are needed, c) the storage 9581 driver is specified through a storage class, and d) the 9582 storage driver supports dynamic volume provisioning through 9583 \ a PersistentVolumeClaim (see EphemeralVolumeSource 9584 for more information on the connection between this 9585 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 9586 or one of the vendor-specific APIs for volumes that persist 9587 for longer than the lifecycle of an individual pod. \n 9588 Use CSI for light-weight local ephemeral volumes if the 9589 CSI driver is meant to be used that way - see the documentation 9590 of the driver for more information. \n A pod can use both 9591 types of ephemeral volumes and persistent volumes at the 9592 same time." 9593 properties: 9594 volumeClaimTemplate: 9595 description: "Will be used to create a stand-alone PVC 9596 to provision the volume. The pod in which this EphemeralVolumeSource 9597 is embedded will be the owner of the PVC, i.e. the 9598 PVC will be deleted together with the pod. The name 9599 of the PVC will be `<pod name>-<volume name>` where 9600 `<volume name>` is the name from the `PodSpec.Volumes` 9601 array entry. Pod validation will reject the pod if 9602 the concatenated name is not valid for a PVC (for 9603 example, too long). \n An existing PVC with that name 9604 that is not owned by the pod will *not* be used for 9605 the pod to avoid using an unrelated volume by mistake. 9606 Starting the pod is then blocked until the unrelated 9607 PVC is removed. If such a pre-created PVC is meant 9608 to be used by the pod, the PVC has to updated with 9609 an owner reference to the pod once the pod exists. 9610 Normally this should not be necessary, but it may 9611 be useful when manually reconstructing a broken cluster. 9612 \n This field is read-only and no changes will be 9613 made by Kubernetes to the PVC after it has been created. 9614 \n Required, must not be nil." 9615 properties: 9616 metadata: 9617 description: May contain labels and annotations 9618 that will be copied into the PVC when creating 9619 it. No other fields are allowed and will be rejected 9620 during validation. 9621 type: object 9622 spec: 9623 description: The specification for the PersistentVolumeClaim. 9624 The entire content is copied unchanged into the 9625 PVC that gets created from this template. The 9626 same fields as in a PersistentVolumeClaim are 9627 also valid here. 9628 properties: 9629 accessModes: 9630 description: 'accessModes contains the desired 9631 access modes the volume should have. More 9632 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 9633 items: 9634 type: string 9635 type: array 9636 dataSource: 9637 description: 'dataSource field can be used to 9638 specify either: * An existing VolumeSnapshot 9639 object (snapshot.storage.k8s.io/VolumeSnapshot) 9640 * An existing PVC (PersistentVolumeClaim) 9641 If the provisioner or an external controller 9642 can support the specified data source, it 9643 will create a new volume based on the contents 9644 of the specified data source. If the AnyVolumeDataSource 9645 feature gate is enabled, this field will always 9646 have the same contents as the DataSourceRef 9647 field.' 9648 properties: 9649 apiGroup: 9650 description: APIGroup is the group for the 9651 resource being referenced. If APIGroup 9652 is not specified, the specified Kind must 9653 be in the core API group. For any other 9654 third-party types, APIGroup is required. 9655 type: string 9656 kind: 9657 description: Kind is the type of resource 9658 being referenced 9659 type: string 9660 name: 9661 description: Name is the name of resource 9662 being referenced 9663 type: string 9664 required: 9665 - kind 9666 - name 9667 type: object 9668 dataSourceRef: 9669 description: 'dataSourceRef specifies the object 9670 from which to populate the volume with data, 9671 if a non-empty volume is desired. This may 9672 be any local object from a non-empty API group 9673 (non core object) or a PersistentVolumeClaim 9674 object. When this field is specified, volume 9675 binding will only succeed if the type of the 9676 specified object matches some installed volume 9677 populator or dynamic provisioner. This field 9678 will replace the functionality of the DataSource 9679 field and as such if both fields are non-empty, 9680 they must have the same value. For backwards 9681 compatibility, both fields (DataSource and 9682 DataSourceRef) will be set to the same value 9683 automatically if one of them is empty and 9684 the other is non-empty. There are two important 9685 differences between DataSource and DataSourceRef: 9686 * While DataSource only allows two specific 9687 types of objects, DataSourceRef allows any 9688 non-core object, as well as PersistentVolumeClaim 9689 objects. * While DataSource ignores disallowed 9690 values (dropping them), DataSourceRef preserves 9691 all values, and generates an error if a disallowed 9692 value is specified. (Beta) Using this field 9693 requires the AnyVolumeDataSource feature gate 9694 to be enabled.' 9695 properties: 9696 apiGroup: 9697 description: APIGroup is the group for the 9698 resource being referenced. If APIGroup 9699 is not specified, the specified Kind must 9700 be in the core API group. For any other 9701 third-party types, APIGroup is required. 9702 type: string 9703 kind: 9704 description: Kind is the type of resource 9705 being referenced 9706 type: string 9707 name: 9708 description: Name is the name of resource 9709 being referenced 9710 type: string 9711 required: 9712 - kind 9713 - name 9714 type: object 9715 resources: 9716 description: 'resources represents the minimum 9717 resources the volume should have. If RecoverVolumeExpansionFailure 9718 feature is enabled users are allowed to specify 9719 resource requirements that are lower than 9720 previous value but must still be higher than 9721 capacity recorded in the status field of the 9722 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 9723 properties: 9724 limits: 9725 additionalProperties: 9726 anyOf: 9727 - type: integer 9728 - type: string 9729 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9730 x-kubernetes-int-or-string: true 9731 description: 'Limits describes the maximum 9732 amount of compute resources allowed. More 9733 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9734 type: object 9735 requests: 9736 additionalProperties: 9737 anyOf: 9738 - type: integer 9739 - type: string 9740 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9741 x-kubernetes-int-or-string: true 9742 description: 'Requests describes the minimum 9743 amount of compute resources required. 9744 If Requests is omitted for a container, 9745 it defaults to Limits if that is explicitly 9746 specified, otherwise to an implementation-defined 9747 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9748 type: object 9749 type: object 9750 selector: 9751 description: selector is a label query over 9752 volumes to consider for binding. 9753 properties: 9754 matchExpressions: 9755 description: matchExpressions is a list 9756 of label selector requirements. The requirements 9757 are ANDed. 9758 items: 9759 description: A label selector requirement 9760 is a selector that contains values, 9761 a key, and an operator that relates 9762 the key and values. 9763 properties: 9764 key: 9765 description: key is the label key 9766 that the selector applies to. 9767 type: string 9768 operator: 9769 description: operator represents a 9770 key's relationship to a set of values. 9771 Valid operators are In, NotIn, Exists 9772 and DoesNotExist. 9773 type: string 9774 values: 9775 description: values is an array of 9776 string values. If the operator is 9777 In or NotIn, the values array must 9778 be non-empty. If the operator is 9779 Exists or DoesNotExist, the values 9780 array must be empty. This array 9781 is replaced during a strategic merge 9782 patch. 9783 items: 9784 type: string 9785 type: array 9786 required: 9787 - key 9788 - operator 9789 type: object 9790 type: array 9791 matchLabels: 9792 additionalProperties: 9793 type: string 9794 description: matchLabels is a map of {key,value} 9795 pairs. A single {key,value} in the matchLabels 9796 map is equivalent to an element of matchExpressions, 9797 whose key field is "key", the operator 9798 is "In", and the values array contains 9799 only "value". The requirements are ANDed. 9800 type: object 9801 type: object 9802 storageClassName: 9803 description: 'storageClassName is the name of 9804 the StorageClass required by the claim. More 9805 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 9806 type: string 9807 volumeMode: 9808 description: volumeMode defines what type of 9809 volume is required by the claim. Value of 9810 Filesystem is implied when not included in 9811 claim spec. 9812 type: string 9813 volumeName: 9814 description: volumeName is the binding reference 9815 to the PersistentVolume backing this claim. 9816 type: string 9817 type: object 9818 required: 9819 - spec 9820 type: object 9821 type: object 9822 fc: 9823 description: fc represents a Fibre Channel resource that 9824 is attached to a kubelet's host machine and then exposed 9825 to the pod. 9826 properties: 9827 fsType: 9828 description: 'fsType is the filesystem type to mount. 9829 Must be a filesystem type supported by the host operating 9830 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 9831 to be "ext4" if unspecified. TODO: how do we prevent 9832 errors in the filesystem from compromising the machine' 9833 type: string 9834 lun: 9835 description: 'lun is Optional: FC target lun number' 9836 format: int32 9837 type: integer 9838 readOnly: 9839 description: 'readOnly is Optional: Defaults to false 9840 (read/write). ReadOnly here will force the ReadOnly 9841 setting in VolumeMounts.' 9842 type: boolean 9843 targetWWNs: 9844 description: 'targetWWNs is Optional: FC target worldwide 9845 names (WWNs)' 9846 items: 9847 type: string 9848 type: array 9849 wwids: 9850 description: 'wwids Optional: FC volume world wide identifiers 9851 (wwids) Either wwids or combination of targetWWNs 9852 and lun must be set, but not both simultaneously.' 9853 items: 9854 type: string 9855 type: array 9856 type: object 9857 flexVolume: 9858 description: flexVolume represents a generic volume resource 9859 that is provisioned/attached using an exec based plugin. 9860 properties: 9861 driver: 9862 description: driver is the name of the driver to use 9863 for this volume. 9864 type: string 9865 fsType: 9866 description: fsType is the filesystem type to mount. 9867 Must be a filesystem type supported by the host operating 9868 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 9869 depends on FlexVolume script. 9870 type: string 9871 options: 9872 additionalProperties: 9873 type: string 9874 description: 'options is Optional: this field holds 9875 extra command options if any.' 9876 type: object 9877 readOnly: 9878 description: 'readOnly is Optional: defaults to false 9879 (read/write). ReadOnly here will force the ReadOnly 9880 setting in VolumeMounts.' 9881 type: boolean 9882 secretRef: 9883 description: 'secretRef is Optional: secretRef is reference 9884 to the secret object containing sensitive information 9885 to pass to the plugin scripts. This may be empty if 9886 no secret object is specified. If the secret object 9887 contains more than one secret, all secrets are passed 9888 to the plugin scripts.' 9889 properties: 9890 name: 9891 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 9892 TODO: Add other useful fields. apiVersion, kind, 9893 uid?' 9894 type: string 9895 type: object 9896 required: 9897 - driver 9898 type: object 9899 flocker: 9900 description: flocker represents a Flocker volume attached 9901 to a kubelet's host machine. This depends on the Flocker 9902 control service being running 9903 properties: 9904 datasetName: 9905 description: datasetName is Name of the dataset stored 9906 as metadata -> name on the dataset for Flocker should 9907 be considered as deprecated 9908 type: string 9909 datasetUUID: 9910 description: datasetUUID is the UUID of the dataset. 9911 This is unique identifier of a Flocker dataset 9912 type: string 9913 type: object 9914 gcePersistentDisk: 9915 description: 'gcePersistentDisk represents a GCE Disk resource 9916 that is attached to a kubelet''s host machine and then 9917 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9918 properties: 9919 fsType: 9920 description: 'fsType is filesystem type of the volume 9921 that you want to mount. Tip: Ensure that the filesystem 9922 type is supported by the host operating system. Examples: 9923 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 9924 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 9925 TODO: how do we prevent errors in the filesystem from 9926 compromising the machine' 9927 type: string 9928 partition: 9929 description: 'partition is the partition in the volume 9930 that you want to mount. If omitted, the default is 9931 to mount by volume name. Examples: For volume /dev/sda1, 9932 you specify the partition as "1". Similarly, the volume 9933 partition for /dev/sda is "0" (or you can leave the 9934 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9935 format: int32 9936 type: integer 9937 pdName: 9938 description: 'pdName is unique name of the PD resource 9939 in GCE. Used to identify the disk in GCE. More info: 9940 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9941 type: string 9942 readOnly: 9943 description: 'readOnly here will force the ReadOnly 9944 setting in VolumeMounts. Defaults to false. More info: 9945 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 9946 type: boolean 9947 required: 9948 - pdName 9949 type: object 9950 gitRepo: 9951 description: 'gitRepo represents a git repository at a particular 9952 revision. DEPRECATED: GitRepo is deprecated. To provision 9953 a container with a git repo, mount an EmptyDir into an 9954 InitContainer that clones the repo using git, then mount 9955 the EmptyDir into the Pod''s container.' 9956 properties: 9957 directory: 9958 description: directory is the target directory name. 9959 Must not contain or start with '..'. If '.' is supplied, 9960 the volume directory will be the git repository. Otherwise, 9961 if specified, the volume will contain the git repository 9962 in the subdirectory with the given name. 9963 type: string 9964 repository: 9965 description: repository is the URL 9966 type: string 9967 revision: 9968 description: revision is the commit hash for the specified 9969 revision. 9970 type: string 9971 required: 9972 - repository 9973 type: object 9974 glusterfs: 9975 description: 'glusterfs represents a Glusterfs mount on 9976 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 9977 properties: 9978 endpoints: 9979 description: 'endpoints is the endpoint name that details 9980 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9981 type: string 9982 path: 9983 description: 'path is the Glusterfs volume path. More 9984 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9985 type: string 9986 readOnly: 9987 description: 'readOnly here will force the Glusterfs 9988 volume to be mounted with read-only permissions. Defaults 9989 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 9990 type: boolean 9991 required: 9992 - endpoints 9993 - path 9994 type: object 9995 hostPath: 9996 description: 'hostPath represents a pre-existing file or 9997 directory on the host machine that is directly exposed 9998 to the container. This is generally used for system agents 9999 or other privileged things that are allowed to see the 10000 host machine. Most containers will NOT need this. More 10001 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 10002 --- TODO(jonesdl) We need to restrict who can use host 10003 directory mounts and who can/can not mount host directories 10004 as read/write.' 10005 properties: 10006 path: 10007 description: 'path of the directory on the host. If 10008 the path is a symlink, it will follow the link to 10009 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 10010 type: string 10011 type: 10012 description: 'type for HostPath Volume Defaults to "" 10013 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 10014 type: string 10015 required: 10016 - path 10017 type: object 10018 iscsi: 10019 description: 'iscsi represents an ISCSI Disk resource that 10020 is attached to a kubelet''s host machine and then exposed 10021 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 10022 properties: 10023 chapAuthDiscovery: 10024 description: chapAuthDiscovery defines whether support 10025 iSCSI Discovery CHAP authentication 10026 type: boolean 10027 chapAuthSession: 10028 description: chapAuthSession defines whether support 10029 iSCSI Session CHAP authentication 10030 type: boolean 10031 fsType: 10032 description: 'fsType is the filesystem type of the volume 10033 that you want to mount. Tip: Ensure that the filesystem 10034 type is supported by the host operating system. Examples: 10035 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 10036 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 10037 TODO: how do we prevent errors in the filesystem from 10038 compromising the machine' 10039 type: string 10040 initiatorName: 10041 description: initiatorName is the custom iSCSI Initiator 10042 Name. If initiatorName is specified with iscsiInterface 10043 simultaneously, new iSCSI interface <target portal>:<volume 10044 name> will be created for the connection. 10045 type: string 10046 iqn: 10047 description: iqn is the target iSCSI Qualified Name. 10048 type: string 10049 iscsiInterface: 10050 description: iscsiInterface is the interface Name that 10051 uses an iSCSI transport. Defaults to 'default' (tcp). 10052 type: string 10053 lun: 10054 description: lun represents iSCSI Target Lun number. 10055 format: int32 10056 type: integer 10057 portals: 10058 description: portals is the iSCSI Target Portal List. 10059 The portal is either an IP or ip_addr:port if the 10060 port is other than default (typically TCP ports 860 10061 and 3260). 10062 items: 10063 type: string 10064 type: array 10065 readOnly: 10066 description: readOnly here will force the ReadOnly setting 10067 in VolumeMounts. Defaults to false. 10068 type: boolean 10069 secretRef: 10070 description: secretRef is the CHAP Secret for iSCSI 10071 target and initiator authentication 10072 properties: 10073 name: 10074 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10075 TODO: Add other useful fields. apiVersion, kind, 10076 uid?' 10077 type: string 10078 type: object 10079 targetPortal: 10080 description: targetPortal is iSCSI Target Portal. The 10081 Portal is either an IP or ip_addr:port if the port 10082 is other than default (typically TCP ports 860 and 10083 3260). 10084 type: string 10085 required: 10086 - iqn 10087 - lun 10088 - targetPortal 10089 type: object 10090 name: 10091 description: 'name of the volume. Must be a DNS_LABEL and 10092 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 10093 type: string 10094 nfs: 10095 description: 'nfs represents an NFS mount on the host that 10096 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10097 properties: 10098 path: 10099 description: 'path that is exported by the NFS server. 10100 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10101 type: string 10102 readOnly: 10103 description: 'readOnly here will force the NFS export 10104 to be mounted with read-only permissions. Defaults 10105 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10106 type: boolean 10107 server: 10108 description: 'server is the hostname or IP address of 10109 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 10110 type: string 10111 required: 10112 - path 10113 - server 10114 type: object 10115 persistentVolumeClaim: 10116 description: 'persistentVolumeClaimVolumeSource represents 10117 a reference to a PersistentVolumeClaim in the same namespace. 10118 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 10119 properties: 10120 claimName: 10121 description: 'claimName is the name of a PersistentVolumeClaim 10122 in the same namespace as the pod using this volume. 10123 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 10124 type: string 10125 readOnly: 10126 description: readOnly Will force the ReadOnly setting 10127 in VolumeMounts. Default false. 10128 type: boolean 10129 required: 10130 - claimName 10131 type: object 10132 photonPersistentDisk: 10133 description: photonPersistentDisk represents a PhotonController 10134 persistent disk attached and mounted on kubelets host 10135 machine 10136 properties: 10137 fsType: 10138 description: fsType is the filesystem type to mount. 10139 Must be a filesystem type supported by the host operating 10140 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10141 to be "ext4" if unspecified. 10142 type: string 10143 pdID: 10144 description: pdID is the ID that identifies Photon Controller 10145 persistent disk 10146 type: string 10147 required: 10148 - pdID 10149 type: object 10150 portworxVolume: 10151 description: portworxVolume represents a portworx volume 10152 attached and mounted on kubelets host machine 10153 properties: 10154 fsType: 10155 description: fSType represents the filesystem type to 10156 mount Must be a filesystem type supported by the host 10157 operating system. Ex. "ext4", "xfs". Implicitly inferred 10158 to be "ext4" if unspecified. 10159 type: string 10160 readOnly: 10161 description: readOnly defaults to false (read/write). 10162 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10163 type: boolean 10164 volumeID: 10165 description: volumeID uniquely identifies a Portworx 10166 volume 10167 type: string 10168 required: 10169 - volumeID 10170 type: object 10171 projected: 10172 description: projected items for all in one resources secrets, 10173 configmaps, and downward API 10174 properties: 10175 defaultMode: 10176 description: defaultMode are the mode bits used to set 10177 permissions on created files by default. Must be an 10178 octal value between 0000 and 0777 or a decimal value 10179 between 0 and 511. YAML accepts both octal and decimal 10180 values, JSON requires decimal values for mode bits. 10181 Directories within the path are not affected by this 10182 setting. This might be in conflict with other options 10183 that affect the file mode, like fsGroup, and the result 10184 can be other mode bits set. 10185 format: int32 10186 type: integer 10187 sources: 10188 description: sources is the list of volume projections 10189 items: 10190 description: Projection that may be projected along 10191 with other supported volume types 10192 properties: 10193 configMap: 10194 description: configMap information about the configMap 10195 data to project 10196 properties: 10197 items: 10198 description: items if unspecified, each key-value 10199 pair in the Data field of the referenced 10200 ConfigMap will be projected into the volume 10201 as a file whose name is the key and content 10202 is the value. If specified, the listed keys 10203 will be projected into the specified paths, 10204 and unlisted keys will not be present. If 10205 a key is specified which is not present 10206 in the ConfigMap, the volume setup will 10207 error unless it is marked optional. Paths 10208 must be relative and may not contain the 10209 '..' path or start with '..'. 10210 items: 10211 description: Maps a string key to a path 10212 within a volume. 10213 properties: 10214 key: 10215 description: key is the key to project. 10216 type: string 10217 mode: 10218 description: 'mode is Optional: mode 10219 bits used to set permissions on this 10220 file. Must be an octal value between 10221 0000 and 0777 or a decimal value between 10222 0 and 511. YAML accepts both octal 10223 and decimal values, JSON requires 10224 decimal values for mode bits. If not 10225 specified, the volume defaultMode 10226 will be used. This might be in conflict 10227 with other options that affect the 10228 file mode, like fsGroup, and the result 10229 can be other mode bits set.' 10230 format: int32 10231 type: integer 10232 path: 10233 description: path is the relative path 10234 of the file to map the key to. May 10235 not be an absolute path. May not contain 10236 the path element '..'. May not start 10237 with the string '..'. 10238 type: string 10239 required: 10240 - key 10241 - path 10242 type: object 10243 type: array 10244 name: 10245 description: 'Name of the referent. More info: 10246 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10247 TODO: Add other useful fields. apiVersion, 10248 kind, uid?' 10249 type: string 10250 optional: 10251 description: optional specify whether the 10252 ConfigMap or its keys must be defined 10253 type: boolean 10254 type: object 10255 downwardAPI: 10256 description: downwardAPI information about the 10257 downwardAPI data to project 10258 properties: 10259 items: 10260 description: Items is a list of DownwardAPIVolume 10261 file 10262 items: 10263 description: DownwardAPIVolumeFile represents 10264 information to create the file containing 10265 the pod field 10266 properties: 10267 fieldRef: 10268 description: 'Required: Selects a field 10269 of the pod: only annotations, labels, 10270 name and namespace are supported.' 10271 properties: 10272 apiVersion: 10273 description: Version of the schema 10274 the FieldPath is written in terms 10275 of, defaults to "v1". 10276 type: string 10277 fieldPath: 10278 description: Path of the field to 10279 select in the specified API version. 10280 type: string 10281 required: 10282 - fieldPath 10283 type: object 10284 mode: 10285 description: 'Optional: mode bits used 10286 to set permissions on this file, must 10287 be an octal value between 0000 and 10288 0777 or a decimal value between 0 10289 and 511. YAML accepts both octal and 10290 decimal values, JSON requires decimal 10291 values for mode bits. If not specified, 10292 the volume defaultMode will be used. 10293 This might be in conflict with other 10294 options that affect the file mode, 10295 like fsGroup, and the result can be 10296 other mode bits set.' 10297 format: int32 10298 type: integer 10299 path: 10300 description: 'Required: Path is the 10301 relative path name of the file to 10302 be created. Must not be absolute or 10303 contain the ''..'' path. Must be utf-8 10304 encoded. The first item of the relative 10305 path must not start with ''..''' 10306 type: string 10307 resourceFieldRef: 10308 description: 'Selects a resource of 10309 the container: only resources limits 10310 and requests (limits.cpu, limits.memory, 10311 requests.cpu and requests.memory) 10312 are currently supported.' 10313 properties: 10314 containerName: 10315 description: 'Container name: required 10316 for volumes, optional for env 10317 vars' 10318 type: string 10319 divisor: 10320 anyOf: 10321 - type: integer 10322 - type: string 10323 description: Specifies the output 10324 format of the exposed resources, 10325 defaults to "1" 10326 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10327 x-kubernetes-int-or-string: true 10328 resource: 10329 description: 'Required: resource 10330 to select' 10331 type: string 10332 required: 10333 - resource 10334 type: object 10335 required: 10336 - path 10337 type: object 10338 type: array 10339 type: object 10340 secret: 10341 description: secret information about the secret 10342 data to project 10343 properties: 10344 items: 10345 description: items if unspecified, each key-value 10346 pair in the Data field of the referenced 10347 Secret will be projected into the volume 10348 as a file whose name is the key and content 10349 is the value. If specified, the listed keys 10350 will be projected into the specified paths, 10351 and unlisted keys will not be present. If 10352 a key is specified which is not present 10353 in the Secret, the volume setup will error 10354 unless it is marked optional. Paths must 10355 be relative and may not contain the '..' 10356 path or start with '..'. 10357 items: 10358 description: Maps a string key to a path 10359 within a volume. 10360 properties: 10361 key: 10362 description: key is the key to project. 10363 type: string 10364 mode: 10365 description: 'mode is Optional: mode 10366 bits used to set permissions on this 10367 file. Must be an octal value between 10368 0000 and 0777 or a decimal value between 10369 0 and 511. YAML accepts both octal 10370 and decimal values, JSON requires 10371 decimal values for mode bits. If not 10372 specified, the volume defaultMode 10373 will be used. This might be in conflict 10374 with other options that affect the 10375 file mode, like fsGroup, and the result 10376 can be other mode bits set.' 10377 format: int32 10378 type: integer 10379 path: 10380 description: path is the relative path 10381 of the file to map the key to. May 10382 not be an absolute path. May not contain 10383 the path element '..'. May not start 10384 with the string '..'. 10385 type: string 10386 required: 10387 - key 10388 - path 10389 type: object 10390 type: array 10391 name: 10392 description: 'Name of the referent. More info: 10393 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10394 TODO: Add other useful fields. apiVersion, 10395 kind, uid?' 10396 type: string 10397 optional: 10398 description: optional field specify whether 10399 the Secret or its key must be defined 10400 type: boolean 10401 type: object 10402 serviceAccountToken: 10403 description: serviceAccountToken is information 10404 about the serviceAccountToken data to project 10405 properties: 10406 audience: 10407 description: audience is the intended audience 10408 of the token. A recipient of a token must 10409 identify itself with an identifier specified 10410 in the audience of the token, and otherwise 10411 should reject the token. The audience defaults 10412 to the identifier of the apiserver. 10413 type: string 10414 expirationSeconds: 10415 description: expirationSeconds is the requested 10416 duration of validity of the service account 10417 token. As the token approaches expiration, 10418 the kubelet volume plugin will proactively 10419 rotate the service account token. The kubelet 10420 will start trying to rotate the token if 10421 the token is older than 80 percent of its 10422 time to live or if the token is older than 10423 24 hours.Defaults to 1 hour and must be 10424 at least 10 minutes. 10425 format: int64 10426 type: integer 10427 path: 10428 description: path is the path relative to 10429 the mount point of the file to project the 10430 token into. 10431 type: string 10432 required: 10433 - path 10434 type: object 10435 type: object 10436 type: array 10437 type: object 10438 quobyte: 10439 description: quobyte represents a Quobyte mount on the host 10440 that shares a pod's lifetime 10441 properties: 10442 group: 10443 description: group to map volume access to Default is 10444 no group 10445 type: string 10446 readOnly: 10447 description: readOnly here will force the Quobyte volume 10448 to be mounted with read-only permissions. Defaults 10449 to false. 10450 type: boolean 10451 registry: 10452 description: registry represents a single or multiple 10453 Quobyte Registry services specified as a string as 10454 host:port pair (multiple entries are separated with 10455 commas) which acts as the central registry for volumes 10456 type: string 10457 tenant: 10458 description: tenant owning the given Quobyte volume 10459 in the Backend Used with dynamically provisioned Quobyte 10460 volumes, value is set by the plugin 10461 type: string 10462 user: 10463 description: user to map volume access to Defaults to 10464 serivceaccount user 10465 type: string 10466 volume: 10467 description: volume is a string that references an already 10468 created Quobyte volume by name. 10469 type: string 10470 required: 10471 - registry 10472 - volume 10473 type: object 10474 rbd: 10475 description: 'rbd represents a Rados Block Device mount 10476 on the host that shares a pod''s lifetime. More info: 10477 https://examples.k8s.io/volumes/rbd/README.md' 10478 properties: 10479 fsType: 10480 description: 'fsType is the filesystem type of the volume 10481 that you want to mount. Tip: Ensure that the filesystem 10482 type is supported by the host operating system. Examples: 10483 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 10484 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 10485 TODO: how do we prevent errors in the filesystem from 10486 compromising the machine' 10487 type: string 10488 image: 10489 description: 'image is the rados image name. More info: 10490 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10491 type: string 10492 keyring: 10493 description: 'keyring is the path to key ring for RBDUser. 10494 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10495 type: string 10496 monitors: 10497 description: 'monitors is a collection of Ceph monitors. 10498 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10499 items: 10500 type: string 10501 type: array 10502 pool: 10503 description: 'pool is the rados pool name. Default is 10504 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10505 type: string 10506 readOnly: 10507 description: 'readOnly here will force the ReadOnly 10508 setting in VolumeMounts. Defaults to false. More info: 10509 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10510 type: boolean 10511 secretRef: 10512 description: 'secretRef is name of the authentication 10513 secret for RBDUser. If provided overrides keyring. 10514 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10515 properties: 10516 name: 10517 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10518 TODO: Add other useful fields. apiVersion, kind, 10519 uid?' 10520 type: string 10521 type: object 10522 user: 10523 description: 'user is the rados user name. Default is 10524 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 10525 type: string 10526 required: 10527 - image 10528 - monitors 10529 type: object 10530 scaleIO: 10531 description: scaleIO represents a ScaleIO persistent volume 10532 attached and mounted on Kubernetes nodes. 10533 properties: 10534 fsType: 10535 description: fsType is the filesystem type to mount. 10536 Must be a filesystem type supported by the host operating 10537 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 10538 type: string 10539 gateway: 10540 description: gateway is the host address of the ScaleIO 10541 API Gateway. 10542 type: string 10543 protectionDomain: 10544 description: protectionDomain is the name of the ScaleIO 10545 Protection Domain for the configured storage. 10546 type: string 10547 readOnly: 10548 description: readOnly Defaults to false (read/write). 10549 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10550 type: boolean 10551 secretRef: 10552 description: secretRef references to the secret for 10553 ScaleIO user and other sensitive information. If this 10554 is not provided, Login operation will fail. 10555 properties: 10556 name: 10557 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10558 TODO: Add other useful fields. apiVersion, kind, 10559 uid?' 10560 type: string 10561 type: object 10562 sslEnabled: 10563 description: sslEnabled Flag enable/disable SSL communication 10564 with Gateway, default false 10565 type: boolean 10566 storageMode: 10567 description: storageMode indicates whether the storage 10568 for a volume should be ThickProvisioned or ThinProvisioned. 10569 Default is ThinProvisioned. 10570 type: string 10571 storagePool: 10572 description: storagePool is the ScaleIO Storage Pool 10573 associated with the protection domain. 10574 type: string 10575 system: 10576 description: system is the name of the storage system 10577 as configured in ScaleIO. 10578 type: string 10579 volumeName: 10580 description: volumeName is the name of a volume already 10581 created in the ScaleIO system that is associated with 10582 this volume source. 10583 type: string 10584 required: 10585 - gateway 10586 - secretRef 10587 - system 10588 type: object 10589 secret: 10590 description: 'secret represents a secret that should populate 10591 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 10592 properties: 10593 defaultMode: 10594 description: 'defaultMode is Optional: mode bits used 10595 to set permissions on created files by default. Must 10596 be an octal value between 0000 and 0777 or a decimal 10597 value between 0 and 511. YAML accepts both octal and 10598 decimal values, JSON requires decimal values for mode 10599 bits. Defaults to 0644. Directories within the path 10600 are not affected by this setting. This might be in 10601 conflict with other options that affect the file mode, 10602 like fsGroup, and the result can be other mode bits 10603 set.' 10604 format: int32 10605 type: integer 10606 items: 10607 description: items If unspecified, each key-value pair 10608 in the Data field of the referenced Secret will be 10609 projected into the volume as a file whose name is 10610 the key and content is the value. If specified, the 10611 listed keys will be projected into the specified paths, 10612 and unlisted keys will not be present. If a key is 10613 specified which is not present in the Secret, the 10614 volume setup will error unless it is marked optional. 10615 Paths must be relative and may not contain the '..' 10616 path or start with '..'. 10617 items: 10618 description: Maps a string key to a path within a 10619 volume. 10620 properties: 10621 key: 10622 description: key is the key to project. 10623 type: string 10624 mode: 10625 description: 'mode is Optional: mode bits used 10626 to set permissions on this file. Must be an 10627 octal value between 0000 and 0777 or a decimal 10628 value between 0 and 511. YAML accepts both octal 10629 and decimal values, JSON requires decimal values 10630 for mode bits. If not specified, the volume 10631 defaultMode will be used. This might be in conflict 10632 with other options that affect the file mode, 10633 like fsGroup, and the result can be other mode 10634 bits set.' 10635 format: int32 10636 type: integer 10637 path: 10638 description: path is the relative path of the 10639 file to map the key to. May not be an absolute 10640 path. May not contain the path element '..'. 10641 May not start with the string '..'. 10642 type: string 10643 required: 10644 - key 10645 - path 10646 type: object 10647 type: array 10648 optional: 10649 description: optional field specify whether the Secret 10650 or its keys must be defined 10651 type: boolean 10652 secretName: 10653 description: 'secretName is the name of the secret in 10654 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 10655 type: string 10656 type: object 10657 storageos: 10658 description: storageOS represents a StorageOS volume attached 10659 and mounted on Kubernetes nodes. 10660 properties: 10661 fsType: 10662 description: fsType is the filesystem type to mount. 10663 Must be a filesystem type supported by the host operating 10664 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10665 to be "ext4" if unspecified. 10666 type: string 10667 readOnly: 10668 description: readOnly defaults to false (read/write). 10669 ReadOnly here will force the ReadOnly setting in VolumeMounts. 10670 type: boolean 10671 secretRef: 10672 description: secretRef specifies the secret to use for 10673 obtaining the StorageOS API credentials. If not specified, 10674 default values will be attempted. 10675 properties: 10676 name: 10677 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10678 TODO: Add other useful fields. apiVersion, kind, 10679 uid?' 10680 type: string 10681 type: object 10682 volumeName: 10683 description: volumeName is the human-readable name of 10684 the StorageOS volume. Volume names are only unique 10685 within a namespace. 10686 type: string 10687 volumeNamespace: 10688 description: volumeNamespace specifies the scope of 10689 the volume within StorageOS. If no namespace is specified 10690 then the Pod's namespace will be used. This allows 10691 the Kubernetes name scoping to be mirrored within 10692 StorageOS for tighter integration. Set VolumeName 10693 to any name to override the default behaviour. Set 10694 to "default" if you are not using namespaces within 10695 StorageOS. Namespaces that do not pre-exist within 10696 StorageOS will be created. 10697 type: string 10698 type: object 10699 vsphereVolume: 10700 description: vsphereVolume represents a vSphere volume attached 10701 and mounted on kubelets host machine 10702 properties: 10703 fsType: 10704 description: fsType is filesystem type to mount. Must 10705 be a filesystem type supported by the host operating 10706 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 10707 to be "ext4" if unspecified. 10708 type: string 10709 storagePolicyID: 10710 description: storagePolicyID is the storage Policy Based 10711 Management (SPBM) profile ID associated with the StoragePolicyName. 10712 type: string 10713 storagePolicyName: 10714 description: storagePolicyName is the storage Policy 10715 Based Management (SPBM) profile name. 10716 type: string 10717 volumePath: 10718 description: volumePath is the path that identifies 10719 vSphere volume vmdk 10720 type: string 10721 required: 10722 - volumePath 10723 type: object 10724 required: 10725 - name 10726 type: object 10727 type: array 10728 hostNetwork: 10729 type: boolean 10730 image: 10731 type: string 10732 imagePullPolicy: 10733 description: PullPolicy describes a policy for if/when to pull 10734 a container image 10735 type: string 10736 imagePullSecrets: 10737 items: 10738 description: LocalObjectReference contains enough information 10739 to let you locate the referenced object inside the same namespace. 10740 properties: 10741 name: 10742 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10743 TODO: Add other useful fields. apiVersion, kind, uid?' 10744 type: string 10745 type: object 10746 type: array 10747 initContainers: 10748 items: 10749 description: A single application container that you want to 10750 run within a pod. 10751 properties: 10752 args: 10753 description: 'Arguments to the entrypoint. The container 10754 image''s CMD is used if this is not provided. Variable 10755 references $(VAR_NAME) are expanded using the container''s 10756 environment. If a variable cannot be resolved, the reference 10757 in the input string will be unchanged. Double $$ are reduced 10758 to a single $, which allows for escaping the $(VAR_NAME) 10759 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 10760 "$(VAR_NAME)". Escaped references will never be expanded, 10761 regardless of whether the variable exists or not. Cannot 10762 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10763 items: 10764 type: string 10765 type: array 10766 command: 10767 description: 'Entrypoint array. Not executed within a shell. 10768 The container image''s ENTRYPOINT is used if this is not 10769 provided. Variable references $(VAR_NAME) are expanded 10770 using the container''s environment. If a variable cannot 10771 be resolved, the reference in the input string will be 10772 unchanged. Double $$ are reduced to a single $, which 10773 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10774 will produce the string literal "$(VAR_NAME)". Escaped 10775 references will never be expanded, regardless of whether 10776 the variable exists or not. Cannot be updated. More info: 10777 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10778 items: 10779 type: string 10780 type: array 10781 env: 10782 description: List of environment variables to set in the 10783 container. Cannot be updated. 10784 items: 10785 description: EnvVar represents an environment variable 10786 present in a Container. 10787 properties: 10788 name: 10789 description: Name of the environment variable. Must 10790 be a C_IDENTIFIER. 10791 type: string 10792 value: 10793 description: 'Variable references $(VAR_NAME) are 10794 expanded using the previously defined environment 10795 variables in the container and any service environment 10796 variables. If a variable cannot be resolved, the 10797 reference in the input string will be unchanged. 10798 Double $$ are reduced to a single $, which allows 10799 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10800 will produce the string literal "$(VAR_NAME)". Escaped 10801 references will never be expanded, regardless of 10802 whether the variable exists or not. Defaults to 10803 "".' 10804 type: string 10805 valueFrom: 10806 description: Source for the environment variable's 10807 value. Cannot be used if value is not empty. 10808 properties: 10809 configMapKeyRef: 10810 description: Selects a key of a ConfigMap. 10811 properties: 10812 key: 10813 description: The key to select. 10814 type: string 10815 name: 10816 description: 'Name of the referent. More info: 10817 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10818 TODO: Add other useful fields. apiVersion, 10819 kind, uid?' 10820 type: string 10821 optional: 10822 description: Specify whether the ConfigMap 10823 or its key must be defined 10824 type: boolean 10825 required: 10826 - key 10827 type: object 10828 fieldRef: 10829 description: 'Selects a field of the pod: supports 10830 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 10831 `metadata.annotations[''<KEY>'']`, spec.nodeName, 10832 spec.serviceAccountName, status.hostIP, status.podIP, 10833 status.podIPs.' 10834 properties: 10835 apiVersion: 10836 description: Version of the schema the FieldPath 10837 is written in terms of, defaults to "v1". 10838 type: string 10839 fieldPath: 10840 description: Path of the field to select in 10841 the specified API version. 10842 type: string 10843 required: 10844 - fieldPath 10845 type: object 10846 resourceFieldRef: 10847 description: 'Selects a resource of the container: 10848 only resources limits and requests (limits.cpu, 10849 limits.memory, limits.ephemeral-storage, requests.cpu, 10850 requests.memory and requests.ephemeral-storage) 10851 are currently supported.' 10852 properties: 10853 containerName: 10854 description: 'Container name: required for 10855 volumes, optional for env vars' 10856 type: string 10857 divisor: 10858 anyOf: 10859 - type: integer 10860 - type: string 10861 description: Specifies the output format of 10862 the exposed resources, defaults to "1" 10863 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10864 x-kubernetes-int-or-string: true 10865 resource: 10866 description: 'Required: resource to select' 10867 type: string 10868 required: 10869 - resource 10870 type: object 10871 secretKeyRef: 10872 description: Selects a key of a secret in the 10873 pod's namespace 10874 properties: 10875 key: 10876 description: The key of the secret to select 10877 from. Must be a valid secret key. 10878 type: string 10879 name: 10880 description: 'Name of the referent. More info: 10881 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10882 TODO: Add other useful fields. apiVersion, 10883 kind, uid?' 10884 type: string 10885 optional: 10886 description: Specify whether the Secret or 10887 its key must be defined 10888 type: boolean 10889 required: 10890 - key 10891 type: object 10892 type: object 10893 required: 10894 - name 10895 type: object 10896 type: array 10897 envFrom: 10898 description: List of sources to populate environment variables 10899 in the container. The keys defined within a source must 10900 be a C_IDENTIFIER. All invalid keys will be reported as 10901 an event when the container is starting. When a key exists 10902 in multiple sources, the value associated with the last 10903 source will take precedence. Values defined by an Env 10904 with a duplicate key will take precedence. Cannot be updated. 10905 items: 10906 description: EnvFromSource represents the source of a 10907 set of ConfigMaps 10908 properties: 10909 configMapRef: 10910 description: The ConfigMap to select from 10911 properties: 10912 name: 10913 description: 'Name of the referent. More info: 10914 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10915 TODO: Add other useful fields. apiVersion, kind, 10916 uid?' 10917 type: string 10918 optional: 10919 description: Specify whether the ConfigMap must 10920 be defined 10921 type: boolean 10922 type: object 10923 prefix: 10924 description: An optional identifier to prepend to 10925 each key in the ConfigMap. Must be a C_IDENTIFIER. 10926 type: string 10927 secretRef: 10928 description: The Secret to select from 10929 properties: 10930 name: 10931 description: 'Name of the referent. More info: 10932 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10933 TODO: Add other useful fields. apiVersion, kind, 10934 uid?' 10935 type: string 10936 optional: 10937 description: Specify whether the Secret must be 10938 defined 10939 type: boolean 10940 type: object 10941 type: object 10942 type: array 10943 image: 10944 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 10945 This field is optional to allow higher level config management 10946 to default or override container images in workload controllers 10947 like Deployments and StatefulSets.' 10948 type: string 10949 imagePullPolicy: 10950 description: 'Image pull policy. One of Always, Never, IfNotPresent. 10951 Defaults to Always if :latest tag is specified, or IfNotPresent 10952 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 10953 type: string 10954 lifecycle: 10955 description: Actions that the management system should take 10956 in response to container lifecycle events. Cannot be updated. 10957 properties: 10958 postStart: 10959 description: 'PostStart is called immediately after 10960 a container is created. If the handler fails, the 10961 container is terminated and restarted according to 10962 its restart policy. Other management of the container 10963 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10964 properties: 10965 exec: 10966 description: Exec specifies the action to take. 10967 properties: 10968 command: 10969 description: Command is the command line to 10970 execute inside the container, the working 10971 directory for the command is root ('/') in 10972 the container's filesystem. The command is 10973 simply exec'd, it is not run inside a shell, 10974 so traditional shell instructions ('|', etc) 10975 won't work. To use a shell, you need to explicitly 10976 call out to that shell. Exit status of 0 is 10977 treated as live/healthy and non-zero is unhealthy. 10978 items: 10979 type: string 10980 type: array 10981 type: object 10982 httpGet: 10983 description: HTTPGet specifies the http request 10984 to perform. 10985 properties: 10986 host: 10987 description: Host name to connect to, defaults 10988 to the pod IP. You probably want to set "Host" 10989 in httpHeaders instead. 10990 type: string 10991 httpHeaders: 10992 description: Custom headers to set in the request. 10993 HTTP allows repeated headers. 10994 items: 10995 description: HTTPHeader describes a custom 10996 header to be used in HTTP probes 10997 properties: 10998 name: 10999 description: The header field name 11000 type: string 11001 value: 11002 description: The header field value 11003 type: string 11004 required: 11005 - name 11006 - value 11007 type: object 11008 type: array 11009 path: 11010 description: Path to access on the HTTP server. 11011 type: string 11012 port: 11013 anyOf: 11014 - type: integer 11015 - type: string 11016 description: Name or number of the port to access 11017 on the container. Number must be in the range 11018 1 to 65535. Name must be an IANA_SVC_NAME. 11019 x-kubernetes-int-or-string: true 11020 scheme: 11021 description: Scheme to use for connecting to 11022 the host. Defaults to HTTP. 11023 type: string 11024 required: 11025 - port 11026 type: object 11027 tcpSocket: 11028 description: Deprecated. TCPSocket is NOT supported 11029 as a LifecycleHandler and kept for the backward 11030 compatibility. There are no validation of this 11031 field and lifecycle hooks will fail in runtime 11032 when tcp handler is specified. 11033 properties: 11034 host: 11035 description: 'Optional: Host name to connect 11036 to, defaults to the pod IP.' 11037 type: string 11038 port: 11039 anyOf: 11040 - type: integer 11041 - type: string 11042 description: Number or name of the port to access 11043 on the container. Number must be in the range 11044 1 to 65535. Name must be an IANA_SVC_NAME. 11045 x-kubernetes-int-or-string: true 11046 required: 11047 - port 11048 type: object 11049 type: object 11050 preStop: 11051 description: 'PreStop is called immediately before a 11052 container is terminated due to an API request or management 11053 event such as liveness/startup probe failure, preemption, 11054 resource contention, etc. The handler is not called 11055 if the container crashes or exits. The Pod''s termination 11056 grace period countdown begins before the PreStop hook 11057 is executed. Regardless of the outcome of the handler, 11058 the container will eventually terminate within the 11059 Pod''s termination grace period (unless delayed by 11060 finalizers). Other management of the container blocks 11061 until the hook completes or until the termination 11062 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 11063 properties: 11064 exec: 11065 description: Exec specifies the action to take. 11066 properties: 11067 command: 11068 description: Command is the command line to 11069 execute inside the container, the working 11070 directory for the command is root ('/') in 11071 the container's filesystem. The command is 11072 simply exec'd, it is not run inside a shell, 11073 so traditional shell instructions ('|', etc) 11074 won't work. To use a shell, you need to explicitly 11075 call out to that shell. Exit status of 0 is 11076 treated as live/healthy and non-zero is unhealthy. 11077 items: 11078 type: string 11079 type: array 11080 type: object 11081 httpGet: 11082 description: HTTPGet specifies the http request 11083 to perform. 11084 properties: 11085 host: 11086 description: Host name to connect to, defaults 11087 to the pod IP. You probably want to set "Host" 11088 in httpHeaders instead. 11089 type: string 11090 httpHeaders: 11091 description: Custom headers to set in the request. 11092 HTTP allows repeated headers. 11093 items: 11094 description: HTTPHeader describes a custom 11095 header to be used in HTTP probes 11096 properties: 11097 name: 11098 description: The header field name 11099 type: string 11100 value: 11101 description: The header field value 11102 type: string 11103 required: 11104 - name 11105 - value 11106 type: object 11107 type: array 11108 path: 11109 description: Path to access on the HTTP server. 11110 type: string 11111 port: 11112 anyOf: 11113 - type: integer 11114 - type: string 11115 description: Name or number of the port to access 11116 on the container. Number must be in the range 11117 1 to 65535. Name must be an IANA_SVC_NAME. 11118 x-kubernetes-int-or-string: true 11119 scheme: 11120 description: Scheme to use for connecting to 11121 the host. Defaults to HTTP. 11122 type: string 11123 required: 11124 - port 11125 type: object 11126 tcpSocket: 11127 description: Deprecated. TCPSocket is NOT supported 11128 as a LifecycleHandler and kept for the backward 11129 compatibility. There are no validation of this 11130 field and lifecycle hooks will fail in runtime 11131 when tcp handler is specified. 11132 properties: 11133 host: 11134 description: 'Optional: Host name to connect 11135 to, defaults to the pod IP.' 11136 type: string 11137 port: 11138 anyOf: 11139 - type: integer 11140 - type: string 11141 description: Number or name of the port to access 11142 on the container. Number must be in the range 11143 1 to 65535. Name must be an IANA_SVC_NAME. 11144 x-kubernetes-int-or-string: true 11145 required: 11146 - port 11147 type: object 11148 type: object 11149 type: object 11150 livenessProbe: 11151 description: 'Periodic probe of container liveness. Container 11152 will be restarted if the probe fails. Cannot be updated. 11153 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11154 properties: 11155 exec: 11156 description: Exec specifies the action to take. 11157 properties: 11158 command: 11159 description: Command is the command line to execute 11160 inside the container, the working directory for 11161 the command is root ('/') in the container's 11162 filesystem. The command is simply exec'd, it is 11163 not run inside a shell, so traditional shell instructions 11164 ('|', etc) won't work. To use a shell, you need 11165 to explicitly call out to that shell. Exit status 11166 of 0 is treated as live/healthy and non-zero is 11167 unhealthy. 11168 items: 11169 type: string 11170 type: array 11171 type: object 11172 failureThreshold: 11173 description: Minimum consecutive failures for the probe 11174 to be considered failed after having succeeded. Defaults 11175 to 3. Minimum value is 1. 11176 format: int32 11177 type: integer 11178 grpc: 11179 description: GRPC specifies an action involving a GRPC 11180 port. This is a beta field and requires enabling GRPCContainerProbe 11181 feature gate. 11182 properties: 11183 port: 11184 description: Port number of the gRPC service. Number 11185 must be in the range 1 to 65535. 11186 format: int32 11187 type: integer 11188 service: 11189 description: "Service is the name of the service 11190 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11191 \n If this is not specified, the default behavior 11192 is defined by gRPC." 11193 type: string 11194 required: 11195 - port 11196 type: object 11197 httpGet: 11198 description: HTTPGet specifies the http request to perform. 11199 properties: 11200 host: 11201 description: Host name to connect to, defaults to 11202 the pod IP. You probably want to set "Host" in 11203 httpHeaders instead. 11204 type: string 11205 httpHeaders: 11206 description: Custom headers to set in the request. 11207 HTTP allows repeated headers. 11208 items: 11209 description: HTTPHeader describes a custom header 11210 to be used in HTTP probes 11211 properties: 11212 name: 11213 description: The header field name 11214 type: string 11215 value: 11216 description: The header field value 11217 type: string 11218 required: 11219 - name 11220 - value 11221 type: object 11222 type: array 11223 path: 11224 description: Path to access on the HTTP server. 11225 type: string 11226 port: 11227 anyOf: 11228 - type: integer 11229 - type: string 11230 description: Name or number of the port to access 11231 on the container. Number must be in the range 11232 1 to 65535. Name must be an IANA_SVC_NAME. 11233 x-kubernetes-int-or-string: true 11234 scheme: 11235 description: Scheme to use for connecting to the 11236 host. Defaults to HTTP. 11237 type: string 11238 required: 11239 - port 11240 type: object 11241 initialDelaySeconds: 11242 description: 'Number of seconds after the container 11243 has started before liveness probes are initiated. 11244 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11245 format: int32 11246 type: integer 11247 periodSeconds: 11248 description: How often (in seconds) to perform the probe. 11249 Default to 10 seconds. Minimum value is 1. 11250 format: int32 11251 type: integer 11252 successThreshold: 11253 description: Minimum consecutive successes for the probe 11254 to be considered successful after having failed. Defaults 11255 to 1. Must be 1 for liveness and startup. Minimum 11256 value is 1. 11257 format: int32 11258 type: integer 11259 tcpSocket: 11260 description: TCPSocket specifies an action involving 11261 a TCP port. 11262 properties: 11263 host: 11264 description: 'Optional: Host name to connect to, 11265 defaults to the pod IP.' 11266 type: string 11267 port: 11268 anyOf: 11269 - type: integer 11270 - type: string 11271 description: Number or name of the port to access 11272 on the container. Number must be in the range 11273 1 to 65535. Name must be an IANA_SVC_NAME. 11274 x-kubernetes-int-or-string: true 11275 required: 11276 - port 11277 type: object 11278 terminationGracePeriodSeconds: 11279 description: Optional duration in seconds the pod needs 11280 to terminate gracefully upon probe failure. The grace 11281 period is the duration in seconds after the processes 11282 running in the pod are sent a termination signal and 11283 the time when the processes are forcibly halted with 11284 a kill signal. Set this value longer than the expected 11285 cleanup time for your process. If this value is nil, 11286 the pod's terminationGracePeriodSeconds will be used. 11287 Otherwise, this value overrides the value provided 11288 by the pod spec. Value must be non-negative integer. 11289 The value zero indicates stop immediately via the 11290 kill signal (no opportunity to shut down). This is 11291 a beta field and requires enabling ProbeTerminationGracePeriod 11292 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11293 is used if unset. 11294 format: int64 11295 type: integer 11296 timeoutSeconds: 11297 description: 'Number of seconds after which the probe 11298 times out. Defaults to 1 second. Minimum value is 11299 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11300 format: int32 11301 type: integer 11302 type: object 11303 name: 11304 description: Name of the container specified as a DNS_LABEL. 11305 Each container in a pod must have a unique name (DNS_LABEL). 11306 Cannot be updated. 11307 type: string 11308 ports: 11309 description: List of ports to expose from the container. 11310 Exposing a port here gives the system additional information 11311 about the network connections a container uses, but is 11312 primarily informational. Not specifying a port here DOES 11313 NOT prevent that port from being exposed. Any port which 11314 is listening on the default "0.0.0.0" address inside a 11315 container will be accessible from the network. Cannot 11316 be updated. 11317 items: 11318 description: ContainerPort represents a network port in 11319 a single container. 11320 properties: 11321 containerPort: 11322 description: Number of port to expose on the pod's 11323 IP address. This must be a valid port number, 0 11324 < x < 65536. 11325 format: int32 11326 type: integer 11327 hostIP: 11328 description: What host IP to bind the external port 11329 to. 11330 type: string 11331 hostPort: 11332 description: Number of port to expose on the host. 11333 If specified, this must be a valid port number, 11334 0 < x < 65536. If HostNetwork is specified, this 11335 must match ContainerPort. Most containers do not 11336 need this. 11337 format: int32 11338 type: integer 11339 name: 11340 description: If specified, this must be an IANA_SVC_NAME 11341 and unique within the pod. Each named port in a 11342 pod must have a unique name. Name for the port that 11343 can be referred to by services. 11344 type: string 11345 protocol: 11346 default: TCP 11347 description: Protocol for port. Must be UDP, TCP, 11348 or SCTP. Defaults to "TCP". 11349 type: string 11350 required: 11351 - containerPort 11352 type: object 11353 type: array 11354 x-kubernetes-list-map-keys: 11355 - containerPort 11356 - protocol 11357 x-kubernetes-list-type: map 11358 readinessProbe: 11359 description: 'Periodic probe of container service readiness. 11360 Container will be removed from service endpoints if the 11361 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11362 properties: 11363 exec: 11364 description: Exec specifies the action to take. 11365 properties: 11366 command: 11367 description: Command is the command line to execute 11368 inside the container, the working directory for 11369 the command is root ('/') in the container's 11370 filesystem. The command is simply exec'd, it is 11371 not run inside a shell, so traditional shell instructions 11372 ('|', etc) won't work. To use a shell, you need 11373 to explicitly call out to that shell. Exit status 11374 of 0 is treated as live/healthy and non-zero is 11375 unhealthy. 11376 items: 11377 type: string 11378 type: array 11379 type: object 11380 failureThreshold: 11381 description: Minimum consecutive failures for the probe 11382 to be considered failed after having succeeded. Defaults 11383 to 3. Minimum value is 1. 11384 format: int32 11385 type: integer 11386 grpc: 11387 description: GRPC specifies an action involving a GRPC 11388 port. This is a beta field and requires enabling GRPCContainerProbe 11389 feature gate. 11390 properties: 11391 port: 11392 description: Port number of the gRPC service. Number 11393 must be in the range 1 to 65535. 11394 format: int32 11395 type: integer 11396 service: 11397 description: "Service is the name of the service 11398 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11399 \n If this is not specified, the default behavior 11400 is defined by gRPC." 11401 type: string 11402 required: 11403 - port 11404 type: object 11405 httpGet: 11406 description: HTTPGet specifies the http request to perform. 11407 properties: 11408 host: 11409 description: Host name to connect to, defaults to 11410 the pod IP. You probably want to set "Host" in 11411 httpHeaders instead. 11412 type: string 11413 httpHeaders: 11414 description: Custom headers to set in the request. 11415 HTTP allows repeated headers. 11416 items: 11417 description: HTTPHeader describes a custom header 11418 to be used in HTTP probes 11419 properties: 11420 name: 11421 description: The header field name 11422 type: string 11423 value: 11424 description: The header field value 11425 type: string 11426 required: 11427 - name 11428 - value 11429 type: object 11430 type: array 11431 path: 11432 description: Path to access on the HTTP server. 11433 type: string 11434 port: 11435 anyOf: 11436 - type: integer 11437 - type: string 11438 description: Name or number of the port to access 11439 on the container. Number must be in the range 11440 1 to 65535. Name must be an IANA_SVC_NAME. 11441 x-kubernetes-int-or-string: true 11442 scheme: 11443 description: Scheme to use for connecting to the 11444 host. Defaults to HTTP. 11445 type: string 11446 required: 11447 - port 11448 type: object 11449 initialDelaySeconds: 11450 description: 'Number of seconds after the container 11451 has started before liveness probes are initiated. 11452 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11453 format: int32 11454 type: integer 11455 periodSeconds: 11456 description: How often (in seconds) to perform the probe. 11457 Default to 10 seconds. Minimum value is 1. 11458 format: int32 11459 type: integer 11460 successThreshold: 11461 description: Minimum consecutive successes for the probe 11462 to be considered successful after having failed. Defaults 11463 to 1. Must be 1 for liveness and startup. Minimum 11464 value is 1. 11465 format: int32 11466 type: integer 11467 tcpSocket: 11468 description: TCPSocket specifies an action involving 11469 a TCP port. 11470 properties: 11471 host: 11472 description: 'Optional: Host name to connect to, 11473 defaults to the pod IP.' 11474 type: string 11475 port: 11476 anyOf: 11477 - type: integer 11478 - type: string 11479 description: Number or name of the port to access 11480 on the container. Number must be in the range 11481 1 to 65535. Name must be an IANA_SVC_NAME. 11482 x-kubernetes-int-or-string: true 11483 required: 11484 - port 11485 type: object 11486 terminationGracePeriodSeconds: 11487 description: Optional duration in seconds the pod needs 11488 to terminate gracefully upon probe failure. The grace 11489 period is the duration in seconds after the processes 11490 running in the pod are sent a termination signal and 11491 the time when the processes are forcibly halted with 11492 a kill signal. Set this value longer than the expected 11493 cleanup time for your process. If this value is nil, 11494 the pod's terminationGracePeriodSeconds will be used. 11495 Otherwise, this value overrides the value provided 11496 by the pod spec. Value must be non-negative integer. 11497 The value zero indicates stop immediately via the 11498 kill signal (no opportunity to shut down). This is 11499 a beta field and requires enabling ProbeTerminationGracePeriod 11500 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11501 is used if unset. 11502 format: int64 11503 type: integer 11504 timeoutSeconds: 11505 description: 'Number of seconds after which the probe 11506 times out. Defaults to 1 second. Minimum value is 11507 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11508 format: int32 11509 type: integer 11510 type: object 11511 resources: 11512 description: 'Compute Resources required by this container. 11513 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11514 properties: 11515 limits: 11516 additionalProperties: 11517 anyOf: 11518 - type: integer 11519 - type: string 11520 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11521 x-kubernetes-int-or-string: true 11522 description: 'Limits describes the maximum amount of 11523 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11524 type: object 11525 requests: 11526 additionalProperties: 11527 anyOf: 11528 - type: integer 11529 - type: string 11530 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11531 x-kubernetes-int-or-string: true 11532 description: 'Requests describes the minimum amount 11533 of compute resources required. If Requests is omitted 11534 for a container, it defaults to Limits if that is 11535 explicitly specified, otherwise to an implementation-defined 11536 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11537 type: object 11538 type: object 11539 securityContext: 11540 description: 'SecurityContext defines the security options 11541 the container should be run with. If set, the fields of 11542 SecurityContext override the equivalent fields of PodSecurityContext. 11543 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 11544 properties: 11545 allowPrivilegeEscalation: 11546 description: 'AllowPrivilegeEscalation controls whether 11547 a process can gain more privileges than its parent 11548 process. This bool directly controls if the no_new_privs 11549 flag will be set on the container process. AllowPrivilegeEscalation 11550 is true always when the container is: 1) run as Privileged 11551 2) has CAP_SYS_ADMIN Note that this field cannot be 11552 set when spec.os.name is windows.' 11553 type: boolean 11554 capabilities: 11555 description: The capabilities to add/drop when running 11556 containers. Defaults to the default set of capabilities 11557 granted by the container runtime. Note that this field 11558 cannot be set when spec.os.name is windows. 11559 properties: 11560 add: 11561 description: Added capabilities 11562 items: 11563 description: Capability represent POSIX capabilities 11564 type 11565 type: string 11566 type: array 11567 drop: 11568 description: Removed capabilities 11569 items: 11570 description: Capability represent POSIX capabilities 11571 type 11572 type: string 11573 type: array 11574 type: object 11575 privileged: 11576 description: Run container in privileged mode. Processes 11577 in privileged containers are essentially equivalent 11578 to root on the host. Defaults to false. Note that 11579 this field cannot be set when spec.os.name is windows. 11580 type: boolean 11581 procMount: 11582 description: procMount denotes the type of proc mount 11583 to use for the containers. The default is DefaultProcMount 11584 which uses the container runtime defaults for readonly 11585 paths and masked paths. This requires the ProcMountType 11586 feature flag to be enabled. Note that this field cannot 11587 be set when spec.os.name is windows. 11588 type: string 11589 readOnlyRootFilesystem: 11590 description: Whether this container has a read-only 11591 root filesystem. Default is false. Note that this 11592 field cannot be set when spec.os.name is windows. 11593 type: boolean 11594 runAsGroup: 11595 description: The GID to run the entrypoint of the container 11596 process. Uses runtime default if unset. May also be 11597 set in PodSecurityContext. If set in both SecurityContext 11598 and PodSecurityContext, the value specified in SecurityContext 11599 takes precedence. Note that this field cannot be set 11600 when spec.os.name is windows. 11601 format: int64 11602 type: integer 11603 runAsNonRoot: 11604 description: Indicates that the container must run as 11605 a non-root user. If true, the Kubelet will validate 11606 the image at runtime to ensure that it does not run 11607 as UID 0 (root) and fail to start the container if 11608 it does. If unset or false, no such validation will 11609 be performed. May also be set in PodSecurityContext. If 11610 set in both SecurityContext and PodSecurityContext, 11611 the value specified in SecurityContext takes precedence. 11612 type: boolean 11613 runAsUser: 11614 description: The UID to run the entrypoint of the container 11615 process. Defaults to user specified in image metadata 11616 if unspecified. May also be set in PodSecurityContext. If 11617 set in both SecurityContext and PodSecurityContext, 11618 the value specified in SecurityContext takes precedence. 11619 Note that this field cannot be set when spec.os.name 11620 is windows. 11621 format: int64 11622 type: integer 11623 seLinuxOptions: 11624 description: The SELinux context to be applied to the 11625 container. If unspecified, the container runtime will 11626 allocate a random SELinux context for each container. May 11627 also be set in PodSecurityContext. If set in both 11628 SecurityContext and PodSecurityContext, the value 11629 specified in SecurityContext takes precedence. Note 11630 that this field cannot be set when spec.os.name is 11631 windows. 11632 properties: 11633 level: 11634 description: Level is SELinux level label that applies 11635 to the container. 11636 type: string 11637 role: 11638 description: Role is a SELinux role label that applies 11639 to the container. 11640 type: string 11641 type: 11642 description: Type is a SELinux type label that applies 11643 to the container. 11644 type: string 11645 user: 11646 description: User is a SELinux user label that applies 11647 to the container. 11648 type: string 11649 type: object 11650 seccompProfile: 11651 description: The seccomp options to use by this container. 11652 If seccomp options are provided at both the pod & 11653 container level, the container options override the 11654 pod options. Note that this field cannot be set when 11655 spec.os.name is windows. 11656 properties: 11657 localhostProfile: 11658 description: localhostProfile indicates a profile 11659 defined in a file on the node should be used. 11660 The profile must be preconfigured on the node 11661 to work. Must be a descending path, relative to 11662 the kubelet's configured seccomp profile location. 11663 Must only be set if type is "Localhost". 11664 type: string 11665 type: 11666 description: "type indicates which kind of seccomp 11667 profile will be applied. Valid options are: \n 11668 Localhost - a profile defined in a file on the 11669 node should be used. RuntimeDefault - the container 11670 runtime default profile should be used. Unconfined 11671 - no profile should be applied." 11672 type: string 11673 required: 11674 - type 11675 type: object 11676 windowsOptions: 11677 description: The Windows specific settings applied to 11678 all containers. If unspecified, the options from the 11679 PodSecurityContext will be used. If set in both SecurityContext 11680 and PodSecurityContext, the value specified in SecurityContext 11681 takes precedence. Note that this field cannot be set 11682 when spec.os.name is linux. 11683 properties: 11684 gmsaCredentialSpec: 11685 description: GMSACredentialSpec is where the GMSA 11686 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 11687 inlines the contents of the GMSA credential spec 11688 named by the GMSACredentialSpecName field. 11689 type: string 11690 gmsaCredentialSpecName: 11691 description: GMSACredentialSpecName is the name 11692 of the GMSA credential spec to use. 11693 type: string 11694 hostProcess: 11695 description: HostProcess determines if a container 11696 should be run as a 'Host Process' container. This 11697 field is alpha-level and will only be honored 11698 by components that enable the WindowsHostProcessContainers 11699 feature flag. Setting this field without the feature 11700 flag will result in errors when validating the 11701 Pod. All of a Pod's containers must have the same 11702 effective HostProcess value (it is not allowed 11703 to have a mix of HostProcess containers and non-HostProcess 11704 containers). In addition, if HostProcess is true 11705 then HostNetwork must also be set to true. 11706 type: boolean 11707 runAsUserName: 11708 description: The UserName in Windows to run the 11709 entrypoint of the container process. Defaults 11710 to the user specified in image metadata if unspecified. 11711 May also be set in PodSecurityContext. If set 11712 in both SecurityContext and PodSecurityContext, 11713 the value specified in SecurityContext takes precedence. 11714 type: string 11715 type: object 11716 type: object 11717 startupProbe: 11718 description: 'StartupProbe indicates that the Pod has successfully 11719 initialized. If specified, no other probes are executed 11720 until this completes successfully. If this probe fails, 11721 the Pod will be restarted, just as if the livenessProbe 11722 failed. This can be used to provide different probe parameters 11723 at the beginning of a Pod''s lifecycle, when it might 11724 take a long time to load data or warm a cache, than during 11725 steady-state operation. This cannot be updated. More info: 11726 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11727 properties: 11728 exec: 11729 description: Exec specifies the action to take. 11730 properties: 11731 command: 11732 description: Command is the command line to execute 11733 inside the container, the working directory for 11734 the command is root ('/') in the container's 11735 filesystem. The command is simply exec'd, it is 11736 not run inside a shell, so traditional shell instructions 11737 ('|', etc) won't work. To use a shell, you need 11738 to explicitly call out to that shell. Exit status 11739 of 0 is treated as live/healthy and non-zero is 11740 unhealthy. 11741 items: 11742 type: string 11743 type: array 11744 type: object 11745 failureThreshold: 11746 description: Minimum consecutive failures for the probe 11747 to be considered failed after having succeeded. Defaults 11748 to 3. Minimum value is 1. 11749 format: int32 11750 type: integer 11751 grpc: 11752 description: GRPC specifies an action involving a GRPC 11753 port. This is a beta field and requires enabling GRPCContainerProbe 11754 feature gate. 11755 properties: 11756 port: 11757 description: Port number of the gRPC service. Number 11758 must be in the range 1 to 65535. 11759 format: int32 11760 type: integer 11761 service: 11762 description: "Service is the name of the service 11763 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11764 \n If this is not specified, the default behavior 11765 is defined by gRPC." 11766 type: string 11767 required: 11768 - port 11769 type: object 11770 httpGet: 11771 description: HTTPGet specifies the http request to perform. 11772 properties: 11773 host: 11774 description: Host name to connect to, defaults to 11775 the pod IP. You probably want to set "Host" in 11776 httpHeaders instead. 11777 type: string 11778 httpHeaders: 11779 description: Custom headers to set in the request. 11780 HTTP allows repeated headers. 11781 items: 11782 description: HTTPHeader describes a custom header 11783 to be used in HTTP probes 11784 properties: 11785 name: 11786 description: The header field name 11787 type: string 11788 value: 11789 description: The header field value 11790 type: string 11791 required: 11792 - name 11793 - value 11794 type: object 11795 type: array 11796 path: 11797 description: Path to access on the HTTP server. 11798 type: string 11799 port: 11800 anyOf: 11801 - type: integer 11802 - type: string 11803 description: Name or number of the port to access 11804 on the container. Number must be in the range 11805 1 to 65535. Name must be an IANA_SVC_NAME. 11806 x-kubernetes-int-or-string: true 11807 scheme: 11808 description: Scheme to use for connecting to the 11809 host. Defaults to HTTP. 11810 type: string 11811 required: 11812 - port 11813 type: object 11814 initialDelaySeconds: 11815 description: 'Number of seconds after the container 11816 has started before liveness probes are initiated. 11817 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11818 format: int32 11819 type: integer 11820 periodSeconds: 11821 description: How often (in seconds) to perform the probe. 11822 Default to 10 seconds. Minimum value is 1. 11823 format: int32 11824 type: integer 11825 successThreshold: 11826 description: Minimum consecutive successes for the probe 11827 to be considered successful after having failed. Defaults 11828 to 1. Must be 1 for liveness and startup. Minimum 11829 value is 1. 11830 format: int32 11831 type: integer 11832 tcpSocket: 11833 description: TCPSocket specifies an action involving 11834 a TCP port. 11835 properties: 11836 host: 11837 description: 'Optional: Host name to connect to, 11838 defaults to the pod IP.' 11839 type: string 11840 port: 11841 anyOf: 11842 - type: integer 11843 - type: string 11844 description: Number or name of the port to access 11845 on the container. Number must be in the range 11846 1 to 65535. Name must be an IANA_SVC_NAME. 11847 x-kubernetes-int-or-string: true 11848 required: 11849 - port 11850 type: object 11851 terminationGracePeriodSeconds: 11852 description: Optional duration in seconds the pod needs 11853 to terminate gracefully upon probe failure. The grace 11854 period is the duration in seconds after the processes 11855 running in the pod are sent a termination signal and 11856 the time when the processes are forcibly halted with 11857 a kill signal. Set this value longer than the expected 11858 cleanup time for your process. If this value is nil, 11859 the pod's terminationGracePeriodSeconds will be used. 11860 Otherwise, this value overrides the value provided 11861 by the pod spec. Value must be non-negative integer. 11862 The value zero indicates stop immediately via the 11863 kill signal (no opportunity to shut down). This is 11864 a beta field and requires enabling ProbeTerminationGracePeriod 11865 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 11866 is used if unset. 11867 format: int64 11868 type: integer 11869 timeoutSeconds: 11870 description: 'Number of seconds after which the probe 11871 times out. Defaults to 1 second. Minimum value is 11872 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11873 format: int32 11874 type: integer 11875 type: object 11876 stdin: 11877 description: Whether this container should allocate a buffer 11878 for stdin in the container runtime. If this is not set, 11879 reads from stdin in the container will always result in 11880 EOF. Default is false. 11881 type: boolean 11882 stdinOnce: 11883 description: Whether the container runtime should close 11884 the stdin channel after it has been opened by a single 11885 attach. When stdin is true the stdin stream will remain 11886 open across multiple attach sessions. If stdinOnce is 11887 set to true, stdin is opened on container start, is empty 11888 until the first client attaches to stdin, and then remains 11889 open and accepts data until the client disconnects, at 11890 which time stdin is closed and remains closed until the 11891 container is restarted. If this flag is false, a container 11892 processes that reads from stdin will never receive an 11893 EOF. Default is false 11894 type: boolean 11895 terminationMessagePath: 11896 description: 'Optional: Path at which the file to which 11897 the container''s termination message will be written is 11898 mounted into the container''s filesystem. Message written 11899 is intended to be brief final status, such as an assertion 11900 failure message. Will be truncated by the node if greater 11901 than 4096 bytes. The total message length across all containers 11902 will be limited to 12kb. Defaults to /dev/termination-log. 11903 Cannot be updated.' 11904 type: string 11905 terminationMessagePolicy: 11906 description: Indicate how the termination message should 11907 be populated. File will use the contents of terminationMessagePath 11908 to populate the container status message on both success 11909 and failure. FallbackToLogsOnError will use the last chunk 11910 of container log output if the termination message file 11911 is empty and the container exited with an error. The log 11912 output is limited to 2048 bytes or 80 lines, whichever 11913 is smaller. Defaults to File. Cannot be updated. 11914 type: string 11915 tty: 11916 description: Whether this container should allocate a TTY 11917 for itself, also requires 'stdin' to be true. Default 11918 is false. 11919 type: boolean 11920 volumeDevices: 11921 description: volumeDevices is the list of block devices 11922 to be used by the container. 11923 items: 11924 description: volumeDevice describes a mapping of a raw 11925 block device within a container. 11926 properties: 11927 devicePath: 11928 description: devicePath is the path inside of the 11929 container that the device will be mapped to. 11930 type: string 11931 name: 11932 description: name must match the name of a persistentVolumeClaim 11933 in the pod 11934 type: string 11935 required: 11936 - devicePath 11937 - name 11938 type: object 11939 type: array 11940 volumeMounts: 11941 description: Pod volumes to mount into the container's filesystem. 11942 Cannot be updated. 11943 items: 11944 description: VolumeMount describes a mounting of a Volume 11945 within a container. 11946 properties: 11947 mountPath: 11948 description: Path within the container at which the 11949 volume should be mounted. Must not contain ':'. 11950 type: string 11951 mountPropagation: 11952 description: mountPropagation determines how mounts 11953 are propagated from the host to container and the 11954 other way around. When not set, MountPropagationNone 11955 is used. This field is beta in 1.10. 11956 type: string 11957 name: 11958 description: This must match the Name of a Volume. 11959 type: string 11960 readOnly: 11961 description: Mounted read-only if true, read-write 11962 otherwise (false or unspecified). Defaults to false. 11963 type: boolean 11964 subPath: 11965 description: Path within the volume from which the 11966 container's volume should be mounted. Defaults to 11967 "" (volume's root). 11968 type: string 11969 subPathExpr: 11970 description: Expanded path within the volume from 11971 which the container's volume should be mounted. 11972 Behaves similarly to SubPath but environment variable 11973 references $(VAR_NAME) are expanded using the container's 11974 environment. Defaults to "" (volume's root). SubPathExpr 11975 and SubPath are mutually exclusive. 11976 type: string 11977 required: 11978 - mountPath 11979 - name 11980 type: object 11981 type: array 11982 workingDir: 11983 description: Container's working directory. If not specified, 11984 the container runtime's default will be used, which might 11985 be configured in the container image. Cannot be updated. 11986 type: string 11987 required: 11988 - name 11989 type: object 11990 type: array 11991 nodeSelector: 11992 additionalProperties: 11993 type: string 11994 type: object 11995 podAnnotations: 11996 additionalProperties: 11997 type: string 11998 type: object 11999 priorityClassName: 12000 type: string 12001 replicas: 12002 format: int32 12003 type: integer 12004 resources: 12005 description: ResourceRequirements describes the compute resource 12006 requirements. 12007 properties: 12008 limits: 12009 additionalProperties: 12010 anyOf: 12011 - type: integer 12012 - type: string 12013 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12014 x-kubernetes-int-or-string: true 12015 description: 'Limits describes the maximum amount of compute 12016 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12017 type: object 12018 requests: 12019 additionalProperties: 12020 anyOf: 12021 - type: integer 12022 - type: string 12023 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12024 x-kubernetes-int-or-string: true 12025 description: 'Requests describes the minimum amount of compute 12026 resources required. If Requests is omitted for a container, 12027 it defaults to Limits if that is explicitly specified, otherwise 12028 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12029 type: object 12030 type: object 12031 securityContext: 12032 description: PodSecurityContext holds pod-level security attributes 12033 and common container settings. Some fields are also present 12034 in container.securityContext. Field values of container.securityContext 12035 take precedence over field values of PodSecurityContext. 12036 properties: 12037 fsGroup: 12038 description: "A special supplemental group that applies to 12039 all containers in a pod. Some volume types allow the Kubelet 12040 to change the ownership of that volume to be owned by the 12041 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 12042 bit is set (new files created in the volume will be owned 12043 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 12044 \n If unset, the Kubelet will not modify the ownership and 12045 permissions of any volume. Note that this field cannot be 12046 set when spec.os.name is windows." 12047 format: int64 12048 type: integer 12049 fsGroupChangePolicy: 12050 description: 'fsGroupChangePolicy defines behavior of changing 12051 ownership and permission of the volume before being exposed 12052 inside Pod. This field will only apply to volume types which 12053 support fsGroup based ownership(and permissions). It will 12054 have no effect on ephemeral volume types such as: secret, 12055 configmaps and emptydir. Valid values are "OnRootMismatch" 12056 and "Always". If not specified, "Always" is used. Note that 12057 this field cannot be set when spec.os.name is windows.' 12058 type: string 12059 runAsGroup: 12060 description: The GID to run the entrypoint of the container 12061 process. Uses runtime default if unset. May also be set 12062 in SecurityContext. If set in both SecurityContext and 12063 PodSecurityContext, the value specified in SecurityContext 12064 takes precedence for that container. Note that this field 12065 cannot be set when spec.os.name is windows. 12066 format: int64 12067 type: integer 12068 runAsNonRoot: 12069 description: Indicates that the container must run as a non-root 12070 user. If true, the Kubelet will validate the image at runtime 12071 to ensure that it does not run as UID 0 (root) and fail 12072 to start the container if it does. If unset or false, no 12073 such validation will be performed. May also be set in SecurityContext. If 12074 set in both SecurityContext and PodSecurityContext, the 12075 value specified in SecurityContext takes precedence. 12076 type: boolean 12077 runAsUser: 12078 description: The UID to run the entrypoint of the container 12079 process. Defaults to user specified in image metadata if 12080 unspecified. May also be set in SecurityContext. If set 12081 in both SecurityContext and PodSecurityContext, the value 12082 specified in SecurityContext takes precedence for that container. 12083 Note that this field cannot be set when spec.os.name is 12084 windows. 12085 format: int64 12086 type: integer 12087 seLinuxOptions: 12088 description: The SELinux context to be applied to all containers. 12089 If unspecified, the container runtime will allocate a random 12090 SELinux context for each container. May also be set in 12091 SecurityContext. If set in both SecurityContext and PodSecurityContext, 12092 the value specified in SecurityContext takes precedence 12093 for that container. Note that this field cannot be set when 12094 spec.os.name is windows. 12095 properties: 12096 level: 12097 description: Level is SELinux level label that applies 12098 to the container. 12099 type: string 12100 role: 12101 description: Role is a SELinux role label that applies 12102 to the container. 12103 type: string 12104 type: 12105 description: Type is a SELinux type label that applies 12106 to the container. 12107 type: string 12108 user: 12109 description: User is a SELinux user label that applies 12110 to the container. 12111 type: string 12112 type: object 12113 seccompProfile: 12114 description: The seccomp options to use by the containers 12115 in this pod. Note that this field cannot be set when spec.os.name 12116 is windows. 12117 properties: 12118 localhostProfile: 12119 description: localhostProfile indicates a profile defined 12120 in a file on the node should be used. The profile must 12121 be preconfigured on the node to work. Must be a descending 12122 path, relative to the kubelet's configured seccomp profile 12123 location. Must only be set if type is "Localhost". 12124 type: string 12125 type: 12126 description: "type indicates which kind of seccomp profile 12127 will be applied. Valid options are: \n Localhost - a 12128 profile defined in a file on the node should be used. 12129 RuntimeDefault - the container runtime default profile 12130 should be used. Unconfined - no profile should be applied." 12131 type: string 12132 required: 12133 - type 12134 type: object 12135 supplementalGroups: 12136 description: A list of groups applied to the first process 12137 run in each container, in addition to the container's primary 12138 GID. If unspecified, no groups will be added to any container. 12139 Note that this field cannot be set when spec.os.name is 12140 windows. 12141 items: 12142 format: int64 12143 type: integer 12144 type: array 12145 sysctls: 12146 description: Sysctls hold a list of namespaced sysctls used 12147 for the pod. Pods with unsupported sysctls (by the container 12148 runtime) might fail to launch. Note that this field cannot 12149 be set when spec.os.name is windows. 12150 items: 12151 description: Sysctl defines a kernel parameter to be set 12152 properties: 12153 name: 12154 description: Name of a property to set 12155 type: string 12156 value: 12157 description: Value of a property to set 12158 type: string 12159 required: 12160 - name 12161 - value 12162 type: object 12163 type: array 12164 windowsOptions: 12165 description: The Windows specific settings applied to all 12166 containers. If unspecified, the options within a container's 12167 SecurityContext will be used. If set in both SecurityContext 12168 and PodSecurityContext, the value specified in SecurityContext 12169 takes precedence. Note that this field cannot be set when 12170 spec.os.name is linux. 12171 properties: 12172 gmsaCredentialSpec: 12173 description: GMSACredentialSpec is where the GMSA admission 12174 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 12175 inlines the contents of the GMSA credential spec named 12176 by the GMSACredentialSpecName field. 12177 type: string 12178 gmsaCredentialSpecName: 12179 description: GMSACredentialSpecName is the name of the 12180 GMSA credential spec to use. 12181 type: string 12182 hostProcess: 12183 description: HostProcess determines if a container should 12184 be run as a 'Host Process' container. This field is 12185 alpha-level and will only be honored by components that 12186 enable the WindowsHostProcessContainers feature flag. 12187 Setting this field without the feature flag will result 12188 in errors when validating the Pod. All of a Pod's containers 12189 must have the same effective HostProcess value (it is 12190 not allowed to have a mix of HostProcess containers 12191 and non-HostProcess containers). In addition, if HostProcess 12192 is true then HostNetwork must also be set to true. 12193 type: boolean 12194 runAsUserName: 12195 description: The UserName in Windows to run the entrypoint 12196 of the container process. Defaults to the user specified 12197 in image metadata if unspecified. May also be set in 12198 PodSecurityContext. If set in both SecurityContext and 12199 PodSecurityContext, the value specified in SecurityContext 12200 takes precedence. 12201 type: string 12202 type: object 12203 type: object 12204 serviceAccountName: 12205 type: string 12206 serviceAnnotations: 12207 additionalProperties: 12208 type: string 12209 type: object 12210 startupConfigMap: 12211 type: string 12212 tolerations: 12213 items: 12214 description: The pod this Toleration is attached to tolerates 12215 any taint that matches the triple <key,value,effect> using 12216 the matching operator <operator>. 12217 properties: 12218 effect: 12219 description: Effect indicates the taint effect to match. 12220 Empty means match all taint effects. When specified, allowed 12221 values are NoSchedule, PreferNoSchedule and NoExecute. 12222 type: string 12223 key: 12224 description: Key is the taint key that the toleration applies 12225 to. Empty means match all taint keys. If the key is empty, 12226 operator must be Exists; this combination means to match 12227 all values and all keys. 12228 type: string 12229 operator: 12230 description: Operator represents a key's relationship to 12231 the value. Valid operators are Exists and Equal. Defaults 12232 to Equal. Exists is equivalent to wildcard for value, 12233 so that a pod can tolerate all taints of a particular 12234 category. 12235 type: string 12236 tolerationSeconds: 12237 description: TolerationSeconds represents the period of 12238 time the toleration (which must be of effect NoExecute, 12239 otherwise this field is ignored) tolerates the taint. 12240 By default, it is not set, which means tolerate the taint 12241 forever (do not evict). Zero and negative values will 12242 be treated as 0 (evict immediately) by the system. 12243 format: int64 12244 type: integer 12245 value: 12246 description: Value is the taint value the toleration matches 12247 to. If the operator is Exists, the value should be empty, 12248 otherwise just a regular string. 12249 type: string 12250 type: object 12251 type: array 12252 topologySpreadConstraints: 12253 items: 12254 description: TopologySpreadConstraint specifies how to spread 12255 matching pods among the given topology. 12256 properties: 12257 labelSelector: 12258 description: LabelSelector is used to find matching pods. 12259 Pods that match this label selector are counted to determine 12260 the number of pods in their corresponding topology domain. 12261 properties: 12262 matchExpressions: 12263 description: matchExpressions is a list of label selector 12264 requirements. The requirements are ANDed. 12265 items: 12266 description: A label selector requirement is a selector 12267 that contains values, a key, and an operator that 12268 relates the key and values. 12269 properties: 12270 key: 12271 description: key is the label key that the selector 12272 applies to. 12273 type: string 12274 operator: 12275 description: operator represents a key's relationship 12276 to a set of values. Valid operators are In, 12277 NotIn, Exists and DoesNotExist. 12278 type: string 12279 values: 12280 description: values is an array of string values. 12281 If the operator is In or NotIn, the values array 12282 must be non-empty. If the operator is Exists 12283 or DoesNotExist, the values array must be empty. 12284 This array is replaced during a strategic merge 12285 patch. 12286 items: 12287 type: string 12288 type: array 12289 required: 12290 - key 12291 - operator 12292 type: object 12293 type: array 12294 matchLabels: 12295 additionalProperties: 12296 type: string 12297 description: matchLabels is a map of {key,value} pairs. 12298 A single {key,value} in the matchLabels map is equivalent 12299 to an element of matchExpressions, whose key field 12300 is "key", the operator is "In", and the values array 12301 contains only "value". The requirements are ANDed. 12302 type: object 12303 type: object 12304 maxSkew: 12305 description: 'MaxSkew describes the degree to which pods 12306 may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 12307 it is the maximum permitted difference between the number 12308 of matching pods in the target topology and the global 12309 minimum. The global minimum is the minimum number of matching 12310 pods in an eligible domain or zero if the number of eligible 12311 domains is less than MinDomains. For example, in a 3-zone 12312 cluster, MaxSkew is set to 1, and pods with the same labelSelector 12313 spread as 2/2/1: In this case, the global minimum is 1. 12314 | zone1 | zone2 | zone3 | | P P | P P | P | - 12315 if MaxSkew is 1, incoming pod can only be scheduled to 12316 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 12317 would make the ActualSkew(3-1) on zone1(zone2) violate 12318 MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled 12319 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 12320 it is used to give higher precedence to topologies that 12321 satisfy it. It''s a required field. Default value is 1 12322 and 0 is not allowed.' 12323 format: int32 12324 type: integer 12325 minDomains: 12326 description: "MinDomains indicates a minimum number of eligible 12327 domains. When the number of eligible domains with matching 12328 topology keys is less than minDomains, Pod Topology Spread 12329 treats \"global minimum\" as 0, and then the calculation 12330 of Skew is performed. And when the number of eligible 12331 domains with matching topology keys equals or greater 12332 than minDomains, this value has no effect on scheduling. 12333 As a result, when the number of eligible domains is less 12334 than minDomains, scheduler won't schedule more than maxSkew 12335 Pods to those domains. If value is nil, the constraint 12336 behaves as if MinDomains is equal to 1. Valid values are 12337 integers greater than 0. When value is not nil, WhenUnsatisfiable 12338 must be DoNotSchedule. \n For example, in a 3-zone cluster, 12339 MaxSkew is set to 2, MinDomains is set to 5 and pods with 12340 the same labelSelector spread as 2/2/2: | zone1 | zone2 12341 | zone3 | | P P | P P | P P | The number of domains 12342 is less than 5(MinDomains), so \"global minimum\" is treated 12343 as 0. In this situation, new pod with the same labelSelector 12344 cannot be scheduled, because computed skew will be 3(3 12345 - 0) if new Pod is scheduled to any of the three zones, 12346 it will violate MaxSkew. \n This is an alpha field and 12347 requires enabling MinDomainsInPodTopologySpread feature 12348 gate." 12349 format: int32 12350 type: integer 12351 topologyKey: 12352 description: TopologyKey is the key of node labels. Nodes 12353 that have a label with this key and identical values are 12354 considered to be in the same topology. We consider each 12355 <key, value> as a "bucket", and try to put balanced number 12356 of pods into each bucket. We define a domain as a particular 12357 instance of a topology. Also, we define an eligible domain 12358 as a domain whose nodes match the node selector. e.g. 12359 If TopologyKey is "kubernetes.io/hostname", each Node 12360 is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", 12361 each zone is a domain of that topology. It's a required 12362 field. 12363 type: string 12364 whenUnsatisfiable: 12365 description: 'WhenUnsatisfiable indicates how to deal with 12366 a pod if it doesn''t satisfy the spread constraint. - 12367 DoNotSchedule (default) tells the scheduler not to schedule 12368 it. - ScheduleAnyway tells the scheduler to schedule the 12369 pod in any location, but giving higher precedence to 12370 topologies that would help reduce the skew. A constraint 12371 is considered "Unsatisfiable" for an incoming pod if and 12372 only if every possible node assignment for that pod would 12373 violate "MaxSkew" on some topology. For example, in a 12374 3-zone cluster, MaxSkew is set to 1, and pods with the 12375 same labelSelector spread as 3/1/1: | zone1 | zone2 | 12376 zone3 | | P P P | P | P | If WhenUnsatisfiable 12377 is set to DoNotSchedule, incoming pod can only be scheduled 12378 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 12379 on zone2(zone3) satisfies MaxSkew(1). In other words, 12380 the cluster can still be imbalanced, but scheduler won''t 12381 make it *more* imbalanced. It''s a required field.' 12382 type: string 12383 required: 12384 - maxSkew 12385 - topologyKey 12386 - whenUnsatisfiable 12387 type: object 12388 type: array 12389 type: object 12390 type: object 12391 required: 12392 - spec 12393 type: object 12394 served: true 12395 storage: true 12396 subresources: {} 12397 status: 12398 acceptedNames: 12399 kind: "" 12400 plural: "" 12401 conditions: [] 12402 storedVersions: []