github.com/timstclair/heapster@v0.20.0-alpha1/Godeps/_workspace/src/k8s.io/kubernetes/pkg/api/types.go (about) 1 /* 2 Copyright 2014 The Kubernetes Authors All rights reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package api 18 19 import ( 20 "k8s.io/kubernetes/pkg/api/resource" 21 "k8s.io/kubernetes/pkg/api/unversioned" 22 "k8s.io/kubernetes/pkg/fields" 23 "k8s.io/kubernetes/pkg/labels" 24 "k8s.io/kubernetes/pkg/runtime" 25 "k8s.io/kubernetes/pkg/types" 26 "k8s.io/kubernetes/pkg/util/intstr" 27 ) 28 29 // Common string formats 30 // --------------------- 31 // Many fields in this API have formatting requirements. The commonly used 32 // formats are defined here. 33 // 34 // C_IDENTIFIER: This is a string that conforms to the definition of an "identifier" 35 // in the C language. This is captured by the following regex: 36 // [A-Za-z_][A-Za-z0-9_]* 37 // This defines the format, but not the length restriction, which should be 38 // specified at the definition of any field of this type. 39 // 40 // DNS_LABEL: This is a string, no more than 63 characters long, that conforms 41 // to the definition of a "label" in RFCs 1035 and 1123. This is captured 42 // by the following regex: 43 // [a-z0-9]([-a-z0-9]*[a-z0-9])? 44 // 45 // DNS_SUBDOMAIN: This is a string, no more than 253 characters long, that conforms 46 // to the definition of a "subdomain" in RFCs 1035 and 1123. This is captured 47 // by the following regex: 48 // [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)* 49 // or more simply: 50 // DNS_LABEL(\.DNS_LABEL)* 51 // 52 // IANA_SVC_NAME: This is a string, no more than 15 characters long, that 53 // conforms to the definition of IANA service name in RFC 6335. 54 // It must contains at least one letter [a-z] and it must contains only [a-z0-9-]. 55 // Hypens ('-') cannot be leading or trailing character of the string 56 // and cannot be adjacent to other hyphens. 57 58 // ObjectMeta is metadata that all persisted resources must have, which includes all objects 59 // users must create. 60 type ObjectMeta struct { 61 // Name is unique within a namespace. Name is required when creating resources, although 62 // some resources may allow a client to request the generation of an appropriate name 63 // automatically. Name is primarily intended for creation idempotence and configuration 64 // definition. 65 Name string `json:"name,omitempty"` 66 67 // GenerateName indicates that the name should be made unique by the server prior to persisting 68 // it. A non-empty value for the field indicates the name will be made unique (and the name 69 // returned to the client will be different than the name passed). The value of this field will 70 // be combined with a unique suffix on the server if the Name field has not been provided. 71 // The provided value must be valid within the rules for Name, and may be truncated by the length 72 // of the suffix required to make the value unique on the server. 73 // 74 // If this field is specified, and Name is not present, the server will NOT return a 409 if the 75 // generated name exists - instead, it will either return 201 Created or 500 with Reason 76 // ServerTimeout indicating a unique name could not be found in the time allotted, and the client 77 // should retry (optionally after the time indicated in the Retry-After header). 78 GenerateName string `json:"generateName,omitempty"` 79 80 // Namespace defines the space within which name must be unique. An empty namespace is 81 // equivalent to the "default" namespace, but "default" is the canonical representation. 82 // Not all objects are required to be scoped to a namespace - the value of this field for 83 // those objects will be empty. 84 Namespace string `json:"namespace,omitempty"` 85 86 // SelfLink is a URL representing this object. 87 SelfLink string `json:"selfLink,omitempty"` 88 89 // UID is the unique in time and space value for this object. It is typically generated by 90 // the server on successful creation of a resource and is not allowed to change on PUT 91 // operations. 92 UID types.UID `json:"uid,omitempty"` 93 94 // An opaque value that represents the version of this resource. May be used for optimistic 95 // concurrency, change detection, and the watch operation on a resource or set of resources. 96 // Clients must treat these values as opaque and values may only be valid for a particular 97 // resource or set of resources. Only servers will generate resource versions. 98 ResourceVersion string `json:"resourceVersion,omitempty"` 99 100 // A sequence number representing a specific generation of the desired state. 101 // Currently only implemented by replication controllers. 102 Generation int64 `json:"generation,omitempty"` 103 104 // CreationTimestamp is a timestamp representing the server time when this object was 105 // created. It is not guaranteed to be set in happens-before order across separate operations. 106 // Clients may not set this value. It is represented in RFC3339 form and is in UTC. 107 CreationTimestamp unversioned.Time `json:"creationTimestamp,omitempty"` 108 109 // DeletionTimestamp is the time after which this resource will be deleted. This 110 // field is set by the server when a graceful deletion is requested by the user, and is not 111 // directly settable by a client. The resource will be deleted (no longer visible from 112 // resource lists, and not reachable by name) after the time in this field. Once set, this 113 // value may not be unset or be set further into the future, although it may be shortened 114 // or the resource may be deleted prior to this time. For example, a user may request that 115 // a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination 116 // signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet 117 // will send a hard termination signal to the container. 118 DeletionTimestamp *unversioned.Time `json:"deletionTimestamp,omitempty"` 119 120 // DeletionGracePeriodSeconds records the graceful deletion value set when graceful deletion 121 // was requested. Represents the most recent grace period, and may only be shortened once set. 122 DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty"` 123 124 // Labels are key value pairs that may be used to scope and select individual resources. 125 // Label keys are of the form: 126 // label-key ::= prefixed-name | name 127 // prefixed-name ::= prefix '/' name 128 // prefix ::= DNS_SUBDOMAIN 129 // name ::= DNS_LABEL 130 // The prefix is optional. If the prefix is not specified, the key is assumed to be private 131 // to the user. Other system components that wish to use labels must specify a prefix. The 132 // "kubernetes.io/" prefix is reserved for use by kubernetes components. 133 // TODO: replace map[string]string with labels.LabelSet type 134 Labels map[string]string `json:"labels,omitempty"` 135 136 // Annotations are unstructured key value data stored with a resource that may be set by 137 // external tooling. They are not queryable and should be preserved when modifying 138 // objects. Annotation keys have the same formatting restrictions as Label keys. See the 139 // comments on Labels for details. 140 Annotations map[string]string `json:"annotations,omitempty"` 141 } 142 143 const ( 144 // NamespaceDefault means the object is in the default namespace which is applied when not specified by clients 145 NamespaceDefault string = "default" 146 // NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces 147 NamespaceAll string = "" 148 // NamespaceNone is the argument for a context when there is no namespace. 149 NamespaceNone string = "" 150 // NamespaceSystem is the system namespace where we place system components. 151 NamespaceSystem string = "kube-system" 152 // TerminationMessagePathDefault means the default path to capture the application termination message running in a container 153 TerminationMessagePathDefault string = "/dev/termination-log" 154 ) 155 156 // Volume represents a named volume in a pod that may be accessed by any containers in the pod. 157 type Volume struct { 158 // Required: This must be a DNS_LABEL. Each volume in a pod must have 159 // a unique name. 160 Name string `json:"name"` 161 // The VolumeSource represents the location and type of a volume to mount. 162 // This is optional for now. If not specified, the Volume is implied to be an EmptyDir. 163 // This implied behavior is deprecated and will be removed in a future version. 164 VolumeSource `json:",inline,omitempty"` 165 } 166 167 // VolumeSource represents the source location of a volume to mount. 168 // Only one of its members may be specified. 169 type VolumeSource struct { 170 // HostPath represents file or directory on the host machine that is 171 // directly exposed to the container. This is generally used for system 172 // agents or other privileged things that are allowed to see the host 173 // machine. Most containers will NOT need this. 174 // --- 175 // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not 176 // mount host directories as read/write. 177 HostPath *HostPathVolumeSource `json:"hostPath,omitempty"` 178 // EmptyDir represents a temporary directory that shares a pod's lifetime. 179 EmptyDir *EmptyDirVolumeSource `json:"emptyDir,omitempty"` 180 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 181 // kubelet's host machine and then exposed to the pod. 182 GCEPersistentDisk *GCEPersistentDiskVolumeSource `json:"gcePersistentDisk,omitempty"` 183 // AWSElasticBlockStore represents an AWS EBS disk that is attached to a 184 // kubelet's host machine and then exposed to the pod. 185 AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource `json:"awsElasticBlockStore,omitempty"` 186 // GitRepo represents a git repository at a particular revision. 187 GitRepo *GitRepoVolumeSource `json:"gitRepo,omitempty"` 188 // Secret represents a secret that should populate this volume. 189 Secret *SecretVolumeSource `json:"secret,omitempty"` 190 // NFS represents an NFS mount on the host that shares a pod's lifetime 191 NFS *NFSVolumeSource `json:"nfs,omitempty"` 192 // ISCSIVolumeSource represents an ISCSI Disk resource that is attached to a 193 // kubelet's host machine and then exposed to the pod. 194 ISCSI *ISCSIVolumeSource `json:"iscsi,omitempty"` 195 // Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime 196 Glusterfs *GlusterfsVolumeSource `json:"glusterfs,omitempty"` 197 // PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace 198 PersistentVolumeClaim *PersistentVolumeClaimVolumeSource `json:"persistentVolumeClaim,omitempty"` 199 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime 200 RBD *RBDVolumeSource `json:"rbd,omitempty"` 201 // Cinder represents a cinder volume attached and mounted on kubelets host machine 202 Cinder *CinderVolumeSource `json:"cinder,omitempty"` 203 204 // CephFS represents a Cephfs mount on the host that shares a pod's lifetime 205 CephFS *CephFSVolumeSource `json:"cephfs,omitempty"` 206 207 // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 208 Flocker *FlockerVolumeSource `json:"flocker,omitempty"` 209 210 // DownwardAPI represents metadata about the pod that should populate this volume 211 DownwardAPI *DownwardAPIVolumeSource `json:"downwardAPI,omitempty"` 212 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 213 FC *FCVolumeSource `json:"fc,omitempty"` 214 } 215 216 // Similar to VolumeSource but meant for the administrator who creates PVs. 217 // Exactly one of its members must be set. 218 type PersistentVolumeSource struct { 219 // GCEPersistentDisk represents a GCE Disk resource that is attached to a 220 // kubelet's host machine and then exposed to the pod. 221 GCEPersistentDisk *GCEPersistentDiskVolumeSource `json:"gcePersistentDisk,omitempty"` 222 // AWSElasticBlockStore represents an AWS EBS disk that is attached to a 223 // kubelet's host machine and then exposed to the pod. 224 AWSElasticBlockStore *AWSElasticBlockStoreVolumeSource `json:"awsElasticBlockStore,omitempty"` 225 // HostPath represents a directory on the host. 226 // Provisioned by a developer or tester. 227 // This is useful for single-node development and testing only! 228 // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. 229 HostPath *HostPathVolumeSource `json:"hostPath,omitempty"` 230 // Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod 231 Glusterfs *GlusterfsVolumeSource `json:"glusterfs,omitempty"` 232 // NFS represents an NFS mount on the host that shares a pod's lifetime 233 NFS *NFSVolumeSource `json:"nfs,omitempty"` 234 // RBD represents a Rados Block Device mount on the host that shares a pod's lifetime 235 RBD *RBDVolumeSource `json:"rbd,omitempty"` 236 // ISCSIVolumeSource represents an ISCSI resource that is attached to a 237 // kubelet's host machine and then exposed to the pod. 238 ISCSI *ISCSIVolumeSource `json:"iscsi,omitempty"` 239 // Cinder represents a cinder volume attached and mounted on kubelets host machine 240 Cinder *CinderVolumeSource `json:"cinder,omitempty"` 241 // CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 242 CephFS *CephFSVolumeSource `json:"cephfs,omitempty"` 243 // FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 244 FC *FCVolumeSource `json:"fc,omitempty"` 245 // Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 246 Flocker *FlockerVolumeSource `json:"flocker,omitempty"` 247 } 248 249 type PersistentVolumeClaimVolumeSource struct { 250 // ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume 251 ClaimName string `json:"claimName"` 252 // Optional: Defaults to false (read/write). ReadOnly here 253 // will force the ReadOnly setting in VolumeMounts 254 ReadOnly bool `json:"readOnly,omitempty"` 255 } 256 257 type PersistentVolume struct { 258 unversioned.TypeMeta `json:",inline"` 259 ObjectMeta `json:"metadata,omitempty"` 260 261 //Spec defines a persistent volume owned by the cluster 262 Spec PersistentVolumeSpec `json:"spec,omitempty"` 263 264 // Status represents the current information about persistent volume. 265 Status PersistentVolumeStatus `json:"status,omitempty"` 266 } 267 268 type PersistentVolumeSpec struct { 269 // Resources represents the actual resources of the volume 270 Capacity ResourceList `json:"capacity"` 271 // Source represents the location and type of a volume to mount. 272 PersistentVolumeSource `json:",inline"` 273 // AccessModes contains all ways the volume can be mounted 274 AccessModes []PersistentVolumeAccessMode `json:"accessModes,omitempty"` 275 // ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. 276 // ClaimRef is expected to be non-nil when bound. 277 // claim.VolumeName is the authoritative bind between PV and PVC. 278 ClaimRef *ObjectReference `json:"claimRef,omitempty"` 279 // Optional: what happens to a persistent volume when released from its claim. 280 PersistentVolumeReclaimPolicy PersistentVolumeReclaimPolicy `json:"persistentVolumeReclaimPolicy,omitempty"` 281 } 282 283 // PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes 284 type PersistentVolumeReclaimPolicy string 285 286 const ( 287 // PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. 288 // The volume plugin must support Recycling. 289 PersistentVolumeReclaimRecycle PersistentVolumeReclaimPolicy = "Recycle" 290 // PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. 291 // The volume plugin must support Deletion. 292 PersistentVolumeReclaimDelete PersistentVolumeReclaimPolicy = "Delete" 293 // PersistentVolumeReclaimRetain means the volume will left in its current phase (Released) for manual reclamation by the administrator. 294 // The default policy is Retain. 295 PersistentVolumeReclaimRetain PersistentVolumeReclaimPolicy = "Retain" 296 ) 297 298 type PersistentVolumeStatus struct { 299 // Phase indicates if a volume is available, bound to a claim, or released by a claim 300 Phase PersistentVolumePhase `json:"phase,omitempty"` 301 // A human-readable message indicating details about why the volume is in this state. 302 Message string `json:"message,omitempty"` 303 // Reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI 304 Reason string `json:"reason,omitempty"` 305 } 306 307 type PersistentVolumeList struct { 308 unversioned.TypeMeta `json:",inline"` 309 unversioned.ListMeta `json:"metadata,omitempty"` 310 Items []PersistentVolume `json:"items"` 311 } 312 313 // PersistentVolumeClaim is a user's request for and claim to a persistent volume 314 type PersistentVolumeClaim struct { 315 unversioned.TypeMeta `json:",inline"` 316 ObjectMeta `json:"metadata,omitempty"` 317 318 // Spec defines the volume requested by a pod author 319 Spec PersistentVolumeClaimSpec `json:"spec,omitempty"` 320 321 // Status represents the current information about a claim 322 Status PersistentVolumeClaimStatus `json:"status,omitempty"` 323 } 324 325 type PersistentVolumeClaimList struct { 326 unversioned.TypeMeta `json:",inline"` 327 unversioned.ListMeta `json:"metadata,omitempty"` 328 Items []PersistentVolumeClaim `json:"items"` 329 } 330 331 // PersistentVolumeClaimSpec describes the common attributes of storage devices 332 // and allows a Source for provider-specific attributes 333 type PersistentVolumeClaimSpec struct { 334 // Contains the types of access modes required 335 AccessModes []PersistentVolumeAccessMode `json:"accessModes,omitempty"` 336 // Resources represents the minimum resources required 337 Resources ResourceRequirements `json:"resources,omitempty"` 338 // VolumeName is the binding reference to the PersistentVolume backing this claim 339 VolumeName string `json:"volumeName,omitempty"` 340 } 341 342 type PersistentVolumeClaimStatus struct { 343 // Phase represents the current phase of PersistentVolumeClaim 344 Phase PersistentVolumeClaimPhase `json:"phase,omitempty"` 345 // AccessModes contains all ways the volume backing the PVC can be mounted 346 AccessModes []PersistentVolumeAccessMode `json:"accessModes,omitempty"` 347 // Represents the actual resources of the underlying volume 348 Capacity ResourceList `json:"capacity,omitempty"` 349 } 350 351 type PersistentVolumeAccessMode string 352 353 const ( 354 // can be mounted read/write mode to exactly 1 host 355 ReadWriteOnce PersistentVolumeAccessMode = "ReadWriteOnce" 356 // can be mounted in read-only mode to many hosts 357 ReadOnlyMany PersistentVolumeAccessMode = "ReadOnlyMany" 358 // can be mounted in read/write mode to many hosts 359 ReadWriteMany PersistentVolumeAccessMode = "ReadWriteMany" 360 ) 361 362 type PersistentVolumePhase string 363 364 const ( 365 // used for PersistentVolumes that are not available 366 VolumePending PersistentVolumePhase = "Pending" 367 // used for PersistentVolumes that are not yet bound 368 // Available volumes are held by the binder and matched to PersistentVolumeClaims 369 VolumeAvailable PersistentVolumePhase = "Available" 370 // used for PersistentVolumes that are bound 371 VolumeBound PersistentVolumePhase = "Bound" 372 // used for PersistentVolumes where the bound PersistentVolumeClaim was deleted 373 // released volumes must be recycled before becoming available again 374 // this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource 375 VolumeReleased PersistentVolumePhase = "Released" 376 // used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim 377 VolumeFailed PersistentVolumePhase = "Failed" 378 ) 379 380 type PersistentVolumeClaimPhase string 381 382 const ( 383 // used for PersistentVolumeClaims that are not yet bound 384 ClaimPending PersistentVolumeClaimPhase = "Pending" 385 // used for PersistentVolumeClaims that are bound 386 ClaimBound PersistentVolumeClaimPhase = "Bound" 387 ) 388 389 // HostPathVolumeSource represents a host directory mapped into a pod. 390 type HostPathVolumeSource struct { 391 Path string `json:"path"` 392 } 393 394 // EmptyDirVolumeSource represents an empty directory for a pod. 395 type EmptyDirVolumeSource struct { 396 // TODO: Longer term we want to represent the selection of underlying 397 // media more like a scheduling problem - user says what traits they 398 // need, we give them a backing store that satisifies that. For now 399 // this will cover the most common needs. 400 // Optional: what type of storage medium should back this directory. 401 // The default is "" which means to use the node's default medium. 402 Medium StorageMedium `json:"medium"` 403 } 404 405 // StorageMedium defines ways that storage can be allocated to a volume. 406 type StorageMedium string 407 408 const ( 409 StorageMediumDefault StorageMedium = "" // use whatever the default is for the node 410 StorageMediumMemory StorageMedium = "Memory" // use memory (tmpfs) 411 ) 412 413 // Protocol defines network protocols supported for things like conatiner ports. 414 type Protocol string 415 416 const ( 417 // ProtocolTCP is the TCP protocol. 418 ProtocolTCP Protocol = "TCP" 419 // ProtocolUDP is the UDP protocol. 420 ProtocolUDP Protocol = "UDP" 421 ) 422 423 // GCEPersistentDiskVolumeSource represents a Persistent Disk resource in Google Compute Engine. 424 // 425 // A GCE PD must exist and be formatted before mounting to a container. 426 // The disk must also be in the same GCE project and zone as the kubelet. 427 // A GCE PD can only be mounted as read/write once. 428 type GCEPersistentDiskVolumeSource struct { 429 // Unique name of the PD resource. Used to identify the disk in GCE 430 PDName string `json:"pdName"` 431 // Required: Filesystem type to mount. 432 // Must be a filesystem type supported by the host operating system. 433 // Ex. "ext4", "xfs", "ntfs" 434 // TODO: how do we prevent errors in the filesystem from compromising the machine 435 FSType string `json:"fsType,omitempty"` 436 // Optional: Partition on the disk to mount. 437 // If omitted, kubelet will attempt to mount the device name. 438 // Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty. 439 Partition int `json:"partition,omitempty"` 440 // Optional: Defaults to false (read/write). ReadOnly here will force 441 // the ReadOnly setting in VolumeMounts. 442 ReadOnly bool `json:"readOnly,omitempty"` 443 } 444 445 // A ISCSI Disk can only be mounted as read/write once. 446 type ISCSIVolumeSource struct { 447 // Required: iSCSI target portal 448 // the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260) 449 TargetPortal string `json:"targetPortal,omitempty"` 450 // Required: target iSCSI Qualified Name 451 IQN string `json:"iqn,omitempty"` 452 // Required: iSCSI target lun number 453 Lun int `json:"lun,omitempty"` 454 // Required: Filesystem type to mount. 455 // Must be a filesystem type supported by the host operating system. 456 // Ex. "ext4", "xfs", "ntfs" 457 // TODO: how do we prevent errors in the filesystem from compromising the machine 458 FSType string `json:"fsType,omitempty"` 459 // Optional: Defaults to false (read/write). ReadOnly here will force 460 // the ReadOnly setting in VolumeMounts. 461 ReadOnly bool `json:"readOnly,omitempty"` 462 } 463 464 // A Fibre Channel Disk can only be mounted as read/write once. 465 type FCVolumeSource struct { 466 // Required: FC target world wide names (WWNs) 467 TargetWWNs []string `json:"targetWWNs"` 468 // Required: FC target lun number 469 Lun *int `json:"lun"` 470 // Required: Filesystem type to mount. 471 // Must be a filesystem type supported by the host operating system. 472 // Ex. "ext4", "xfs", "ntfs" 473 // TODO: how do we prevent errors in the filesystem from compromising the machine 474 FSType string `json:"fsType"` 475 // Optional: Defaults to false (read/write). ReadOnly here will force 476 // the ReadOnly setting in VolumeMounts. 477 ReadOnly bool `json:"readOnly,omitempty"` 478 } 479 480 // AWSElasticBlockStoreVolumeSource represents a Persistent Disk resource in AWS. 481 // 482 // An AWS EBS disk must exist and be formatted before mounting to a container. 483 // The disk must also be in the same AWS zone as the kubelet. 484 // A AWS EBS disk can only be mounted as read/write once. 485 type AWSElasticBlockStoreVolumeSource struct { 486 // Unique id of the persistent disk resource. Used to identify the disk in AWS 487 VolumeID string `json:"volumeID"` 488 // Required: Filesystem type to mount. 489 // Must be a filesystem type supported by the host operating system. 490 // Ex. "ext4", "xfs", "ntfs" 491 // TODO: how do we prevent errors in the filesystem from compromising the machine 492 FSType string `json:"fsType,omitempty"` 493 // Optional: Partition on the disk to mount. 494 // If omitted, kubelet will attempt to mount the device name. 495 // Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty. 496 Partition int `json:"partition,omitempty"` 497 // Optional: Defaults to false (read/write). ReadOnly here will force 498 // the ReadOnly setting in VolumeMounts. 499 ReadOnly bool `json:"readOnly,omitempty"` 500 } 501 502 // GitRepoVolumeSource represents a volume that is pulled from git when the pod is created. 503 type GitRepoVolumeSource struct { 504 // Repository URL 505 Repository string `json:"repository"` 506 // Commit hash, this is optional 507 Revision string `json:"revision"` 508 // TODO: Consider credentials here. 509 } 510 511 // SecretVolumeSource adapts a Secret into a VolumeSource. 512 // 513 // The contents of the target Secret's Data field will be presented in a volume 514 // as files using the keys in the Data field as the file names. 515 type SecretVolumeSource struct { 516 // Name of the secret in the pod's namespace to use 517 SecretName string `json:"secretName"` 518 } 519 520 // NFSVolumeSource represents an NFS Mount that lasts the lifetime of a pod 521 type NFSVolumeSource struct { 522 // Server is the hostname or IP address of the NFS server 523 Server string `json:"server"` 524 525 // Path is the exported NFS share 526 Path string `json:"path"` 527 528 // Optional: Defaults to false (read/write). ReadOnly here will force 529 // the NFS export to be mounted with read-only permissions 530 ReadOnly bool `json:"readOnly,omitempty"` 531 } 532 533 // GlusterfsVolumeSource represents a Glusterfs Mount that lasts the lifetime of a pod 534 type GlusterfsVolumeSource struct { 535 // Required: EndpointsName is the endpoint name that details Glusterfs topology 536 EndpointsName string `json:"endpoints"` 537 538 // Required: Path is the Glusterfs volume path 539 Path string `json:"path"` 540 541 // Optional: Defaults to false (read/write). ReadOnly here will force 542 // the Glusterfs to be mounted with read-only permissions 543 ReadOnly bool `json:"readOnly,omitempty"` 544 } 545 546 // RBDVolumeSource represents a Rados Block Device Mount that lasts the lifetime of a pod 547 type RBDVolumeSource struct { 548 // Required: CephMonitors is a collection of Ceph monitors 549 CephMonitors []string `json:"monitors"` 550 // Required: RBDImage is the rados image name 551 RBDImage string `json:"image"` 552 // Required: Filesystem type to mount. 553 // Must be a filesystem type supported by the host operating system. 554 // Ex. "ext4", "xfs", "ntfs" 555 // TODO: how do we prevent errors in the filesystem from compromising the machine 556 FSType string `json:"fsType,omitempty"` 557 // Optional: RadosPool is the rados pool name,default is rbd 558 RBDPool string `json:"pool"` 559 // Optional: RBDUser is the rados user name, default is admin 560 RadosUser string `json:"user"` 561 // Optional: Keyring is the path to key ring for RBDUser, default is /etc/ceph/keyring 562 Keyring string `json:"keyring"` 563 // Optional: SecretRef is name of the authentication secret for RBDUser, default is empty. 564 SecretRef *LocalObjectReference `json:"secretRef"` 565 // Optional: Defaults to false (read/write). ReadOnly here will force 566 // the ReadOnly setting in VolumeMounts. 567 ReadOnly bool `json:"readOnly,omitempty"` 568 } 569 570 // CinderVolumeSource represents a cinder volume resource in Openstack. 571 // A Cinder volume must exist and be formatted before mounting to a container. 572 // The volume must also be in the same region as the kubelet. 573 type CinderVolumeSource struct { 574 // Unique id of the volume used to identify the cinder volume 575 VolumeID string `json:"volumeID"` 576 // Required: Filesystem type to mount. 577 // Must be a filesystem type supported by the host operating system. 578 // Only ext3 and ext4 are allowed 579 FSType string `json:"fsType,omitempty"` 580 // Optional: Defaults to false (read/write). ReadOnly here will force 581 // the ReadOnly setting in VolumeMounts. 582 ReadOnly bool `json:"readOnly,omitempty"` 583 } 584 585 // CephFSVolumeSource represents a Ceph Filesystem Mount that lasts the lifetime of a pod 586 type CephFSVolumeSource struct { 587 // Required: Monitors is a collection of Ceph monitors 588 Monitors []string `json:"monitors"` 589 // Optional: User is the rados user name, default is admin 590 User string `json:"user,omitempty"` 591 // Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 592 SecretFile string `json:"secretFile,omitempty"` 593 // Optional: SecretRef is reference to the authentication secret for User, default is empty. 594 SecretRef *LocalObjectReference `json:"secretRef,omitempty"` 595 // Optional: Defaults to false (read/write). ReadOnly here will force 596 // the ReadOnly setting in VolumeMounts. 597 ReadOnly bool `json:"readOnly,omitempty"` 598 } 599 600 // FlockerVolumeSource represents a Flocker volume mounted by the Flocker agent. 601 type FlockerVolumeSource struct { 602 // Required: the volume name. This is going to be store on metadata -> name on the payload for Flocker 603 DatasetName string `json:"datasetName"` 604 } 605 606 // DownwardAPIVolumeSource represents a volume containing downward API info 607 type DownwardAPIVolumeSource struct { 608 // Items is a list of DownwardAPIVolume file 609 Items []DownwardAPIVolumeFile `json:"items,omitempty"` 610 } 611 612 // DownwardAPIVolumeFile represents a single file containing information from the downward API 613 type DownwardAPIVolumeFile struct { 614 // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' 615 Path string `json:"path"` 616 // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. 617 FieldRef ObjectFieldSelector `json:"fieldRef"` 618 } 619 620 // ContainerPort represents a network port in a single container 621 type ContainerPort struct { 622 // Optional: If specified, this must be an IANA_SVC_NAME Each named port 623 // in a pod must have a unique name. 624 Name string `json:"name,omitempty"` 625 // Optional: If specified, this must be a valid port number, 0 < x < 65536. 626 // If HostNetwork is specified, this must match ContainerPort. 627 HostPort int `json:"hostPort,omitempty"` 628 // Required: This must be a valid port number, 0 < x < 65536. 629 ContainerPort int `json:"containerPort"` 630 // Required: Supports "TCP" and "UDP". 631 Protocol Protocol `json:"protocol,omitempty"` 632 // Optional: What host IP to bind the external port to. 633 HostIP string `json:"hostIP,omitempty"` 634 } 635 636 // VolumeMount describes a mounting of a Volume within a container. 637 type VolumeMount struct { 638 // Required: This must match the Name of a Volume [above]. 639 Name string `json:"name"` 640 // Optional: Defaults to false (read-write). 641 ReadOnly bool `json:"readOnly,omitempty"` 642 // Required. 643 MountPath string `json:"mountPath"` 644 } 645 646 // EnvVar represents an environment variable present in a Container. 647 type EnvVar struct { 648 // Required: This must be a C_IDENTIFIER. 649 Name string `json:"name"` 650 // Optional: no more than one of the following may be specified. 651 // Optional: Defaults to ""; variable references $(VAR_NAME) are expanded 652 // using the previous defined environment variables in the container and 653 // any service environment variables. If a variable cannot be resolved, 654 // the reference in the input string will be unchanged. The $(VAR_NAME) 655 // syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped 656 // references will never be expanded, regardless of whether the variable 657 // exists or not. 658 Value string `json:"value,omitempty"` 659 // Optional: Specifies a source the value of this var should come from. 660 ValueFrom *EnvVarSource `json:"valueFrom,omitempty"` 661 } 662 663 // EnvVarSource represents a source for the value of an EnvVar. 664 type EnvVarSource struct { 665 // Required: Selects a field of the pod; only name and namespace are supported. 666 FieldRef *ObjectFieldSelector `json:"fieldRef"` 667 } 668 669 // ObjectFieldSelector selects an APIVersioned field of an object. 670 type ObjectFieldSelector struct { 671 // Required: Version of the schema the FieldPath is written in terms of. 672 // If no value is specified, it will be defaulted to the APIVersion of the 673 // enclosing object. 674 APIVersion string `json:"apiVersion"` 675 // Required: Path of the field to select in the specified API version 676 FieldPath string `json:"fieldPath"` 677 } 678 679 // HTTPGetAction describes an action based on HTTP Get requests. 680 type HTTPGetAction struct { 681 // Optional: Path to access on the HTTP server. 682 Path string `json:"path,omitempty"` 683 // Required: Name or number of the port to access on the container. 684 Port intstr.IntOrString `json:"port,omitempty"` 685 // Optional: Host name to connect to, defaults to the pod IP. 686 Host string `json:"host,omitempty"` 687 // Optional: Scheme to use for connecting to the host, defaults to HTTP. 688 Scheme URIScheme `json:"scheme,omitempty"` 689 } 690 691 // URIScheme identifies the scheme used for connection to a host for Get actions 692 type URIScheme string 693 694 const ( 695 // URISchemeHTTP means that the scheme used will be http:// 696 URISchemeHTTP URIScheme = "HTTP" 697 // URISchemeHTTPS means that the scheme used will be https:// 698 URISchemeHTTPS URIScheme = "HTTPS" 699 ) 700 701 // TCPSocketAction describes an action based on opening a socket 702 type TCPSocketAction struct { 703 // Required: Port to connect to. 704 Port intstr.IntOrString `json:"port,omitempty"` 705 } 706 707 // ExecAction describes a "run in container" action. 708 type ExecAction struct { 709 // Command is the command line to execute inside the container, the working directory for the 710 // command is root ('/') in the container's filesystem. The command is simply exec'd, it is 711 // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 712 // a shell, you need to explicitly call out to that shell. 713 Command []string `json:"command,omitempty"` 714 } 715 716 // Probe describes a health check to be performed against a container to determine whether it is 717 // alive or ready to receive traffic. 718 type Probe struct { 719 // The action taken to determine the health of a container 720 Handler `json:",inline"` 721 // Length of time before health checking is activated. In seconds. 722 InitialDelaySeconds int64 `json:"initialDelaySeconds,omitempty"` 723 // Length of time before health checking times out. In seconds. 724 TimeoutSeconds int64 `json:"timeoutSeconds,omitempty"` 725 // How often (in seconds) to perform the probe. 726 PeriodSeconds int64 `json:"periodSeconds,omitempty"` 727 // Minimum consecutive successes for the probe to be considered successful after having failed. 728 // Must be 1 for liveness. 729 SuccessThreshold int `json:"successThreshold,omitempty"` 730 // Minimum consecutive failures for the probe to be considered failed after having succeeded. 731 FailureThreshold int `json:"failureThreshold,omitempty"` 732 } 733 734 // PullPolicy describes a policy for if/when to pull a container image 735 type PullPolicy string 736 737 const ( 738 // PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 739 PullAlways PullPolicy = "Always" 740 // PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 741 PullNever PullPolicy = "Never" 742 // PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 743 PullIfNotPresent PullPolicy = "IfNotPresent" 744 ) 745 746 // Capability represent POSIX capabilities type 747 type Capability string 748 749 // Capabilities represent POSIX capabilities that can be added or removed to a running container. 750 type Capabilities struct { 751 // Added capabilities 752 Add []Capability `json:"add,omitempty"` 753 // Removed capabilities 754 Drop []Capability `json:"drop,omitempty"` 755 } 756 757 // ResourceRequirements describes the compute resource requirements. 758 type ResourceRequirements struct { 759 // Limits describes the maximum amount of compute resources allowed. 760 Limits ResourceList `json:"limits,omitempty"` 761 // Requests describes the minimum amount of compute resources required. 762 // If Request is omitted for a container, it defaults to Limits if that is explicitly specified, 763 // otherwise to an implementation-defined value 764 Requests ResourceList `json:"requests,omitempty"` 765 } 766 767 // Container represents a single container that is expected to be run on the host. 768 type Container struct { 769 // Required: This must be a DNS_LABEL. Each container in a pod must 770 // have a unique name. 771 Name string `json:"name"` 772 // Required. 773 Image string `json:"image"` 774 // Optional: The docker image's entrypoint is used if this is not provided; cannot be updated. 775 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 776 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 777 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 778 // regardless of whether the variable exists or not. 779 Command []string `json:"command,omitempty"` 780 // Optional: The docker image's cmd is used if this is not provided; cannot be updated. 781 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 782 // cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax 783 // can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, 784 // regardless of whether the variable exists or not. 785 Args []string `json:"args,omitempty"` 786 // Optional: Defaults to Docker's default. 787 WorkingDir string `json:"workingDir,omitempty"` 788 Ports []ContainerPort `json:"ports,omitempty"` 789 Env []EnvVar `json:"env,omitempty"` 790 // Compute resource requirements. 791 Resources ResourceRequirements `json:"resources,omitempty"` 792 VolumeMounts []VolumeMount `json:"volumeMounts,omitempty"` 793 LivenessProbe *Probe `json:"livenessProbe,omitempty"` 794 ReadinessProbe *Probe `json:"readinessProbe,omitempty"` 795 Lifecycle *Lifecycle `json:"lifecycle,omitempty"` 796 // Required. 797 TerminationMessagePath string `json:"terminationMessagePath,omitempty"` 798 // Required: Policy for pulling images for this container 799 ImagePullPolicy PullPolicy `json:"imagePullPolicy"` 800 // Optional: SecurityContext defines the security options the container should be run with. 801 // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 802 SecurityContext *SecurityContext `json:"securityContext,omitempty"` 803 804 // Variables for interactive containers, these have very specialized use-cases (e.g. debugging) 805 // and shouldn't be used for general purpose containers. 806 Stdin bool `json:"stdin,omitempty"` 807 StdinOnce bool `json:"stdinOnce,omitempty"` 808 TTY bool `json:"tty,omitempty"` 809 } 810 811 // Handler defines a specific action that should be taken 812 // TODO: pass structured data to these actions, and document that data here. 813 type Handler struct { 814 // One and only one of the following should be specified. 815 // Exec specifies the action to take. 816 Exec *ExecAction `json:"exec,omitempty"` 817 // HTTPGet specifies the http request to perform. 818 HTTPGet *HTTPGetAction `json:"httpGet,omitempty"` 819 // TCPSocket specifies an action involving a TCP port. 820 // TODO: implement a realistic TCP lifecycle hook 821 TCPSocket *TCPSocketAction `json:"tcpSocket,omitempty"` 822 } 823 824 // Lifecycle describes actions that the management system should take in response to container lifecycle 825 // events. For the PostStart and PreStop lifecycle handlers, management of the container blocks 826 // until the action is complete, unless the container process fails, in which case the handler is aborted. 827 type Lifecycle struct { 828 // PostStart is called immediately after a container is created. If the handler fails, the container 829 // is terminated and restarted. 830 PostStart *Handler `json:"postStart,omitempty"` 831 // PreStop is called immediately before a container is terminated. The reason for termination is 832 // passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. 833 PreStop *Handler `json:"preStop,omitempty"` 834 } 835 836 // The below types are used by kube_client and api_server. 837 838 type ConditionStatus string 839 840 // These are valid condition statuses. "ConditionTrue" means a resource is in the condition; 841 // "ConditionFalse" means a resource is not in the condition; "ConditionUnknown" means kubernetes 842 // can't decide if a resource is in the condition or not. In the future, we could add other 843 // intermediate conditions, e.g. ConditionDegraded. 844 const ( 845 ConditionTrue ConditionStatus = "True" 846 ConditionFalse ConditionStatus = "False" 847 ConditionUnknown ConditionStatus = "Unknown" 848 ) 849 850 type ContainerStateWaiting struct { 851 // A brief CamelCase string indicating details about why the container is in waiting state. 852 Reason string `json:"reason,omitempty"` 853 // A human-readable message indicating details about why the container is in waiting state. 854 Message string `json:"message,omitempty"` 855 } 856 857 type ContainerStateRunning struct { 858 StartedAt unversioned.Time `json:"startedAt,omitempty"` 859 } 860 861 type ContainerStateTerminated struct { 862 ExitCode int `json:"exitCode"` 863 Signal int `json:"signal,omitempty"` 864 Reason string `json:"reason,omitempty"` 865 Message string `json:"message,omitempty"` 866 StartedAt unversioned.Time `json:"startedAt,omitempty"` 867 FinishedAt unversioned.Time `json:"finishedAt,omitempty"` 868 ContainerID string `json:"containerID,omitempty"` 869 } 870 871 // ContainerState holds a possible state of container. 872 // Only one of its members may be specified. 873 // If none of them is specified, the default one is ContainerStateWaiting. 874 type ContainerState struct { 875 Waiting *ContainerStateWaiting `json:"waiting,omitempty"` 876 Running *ContainerStateRunning `json:"running,omitempty"` 877 Terminated *ContainerStateTerminated `json:"terminated,omitempty"` 878 } 879 880 type ContainerStatus struct { 881 // Each container in a pod must have a unique name. 882 Name string `json:"name"` 883 State ContainerState `json:"state,omitempty"` 884 LastTerminationState ContainerState `json:"lastState,omitempty"` 885 // Ready specifies whether the conatiner has passed its readiness check. 886 Ready bool `json:"ready"` 887 // Note that this is calculated from dead containers. But those containers are subject to 888 // garbage collection. This value will get capped at 5 by GC. 889 RestartCount int `json:"restartCount"` 890 Image string `json:"image"` 891 ImageID string `json:"imageID"` 892 ContainerID string `json:"containerID,omitempty"` 893 } 894 895 // PodPhase is a label for the condition of a pod at the current time. 896 type PodPhase string 897 898 // These are the valid statuses of pods. 899 const ( 900 // PodPending means the pod has been accepted by the system, but one or more of the containers 901 // has not been started. This includes time before being bound to a node, as well as time spent 902 // pulling images onto the host. 903 PodPending PodPhase = "Pending" 904 // PodRunning means the pod has been bound to a node and all of the containers have been started. 905 // At least one container is still running or is in the process of being restarted. 906 PodRunning PodPhase = "Running" 907 // PodSucceeded means that all containers in the pod have voluntarily terminated 908 // with a container exit code of 0, and the system is not going to restart any of these containers. 909 PodSucceeded PodPhase = "Succeeded" 910 // PodFailed means that all containers in the pod have terminated, and at least one container has 911 // terminated in a failure (exited with a non-zero exit code or was stopped by the system). 912 PodFailed PodPhase = "Failed" 913 // PodUnknown means that for some reason the state of the pod could not be obtained, typically due 914 // to an error in communicating with the host of the pod. 915 PodUnknown PodPhase = "Unknown" 916 ) 917 918 type PodConditionType string 919 920 // These are valid conditions of pod. 921 const ( 922 // PodReady means the pod is able to service requests and should be added to the 923 // load balancing pools of all matching services. 924 PodReady PodConditionType = "Ready" 925 ) 926 927 type PodCondition struct { 928 Type PodConditionType `json:"type"` 929 Status ConditionStatus `json:"status"` 930 LastProbeTime unversioned.Time `json:"lastProbeTime,omitempty"` 931 LastTransitionTime unversioned.Time `json:"lastTransitionTime,omitempty"` 932 Reason string `json:"reason,omitempty"` 933 Message string `json:"message,omitempty"` 934 } 935 936 // RestartPolicy describes how the container should be restarted. 937 // Only one of the following restart policies may be specified. 938 // If none of the following policies is specified, the default one 939 // is RestartPolicyAlways. 940 type RestartPolicy string 941 942 const ( 943 RestartPolicyAlways RestartPolicy = "Always" 944 RestartPolicyOnFailure RestartPolicy = "OnFailure" 945 RestartPolicyNever RestartPolicy = "Never" 946 ) 947 948 // PodList is a list of Pods. 949 type PodList struct { 950 unversioned.TypeMeta `json:",inline"` 951 unversioned.ListMeta `json:"metadata,omitempty"` 952 953 Items []Pod `json:"items"` 954 } 955 956 // DNSPolicy defines how a pod's DNS will be configured. 957 type DNSPolicy string 958 959 const ( 960 // DNSClusterFirst indicates that the pod should use cluster DNS 961 // first, if it is available, then fall back on the default (as 962 // determined by kubelet) DNS settings. 963 DNSClusterFirst DNSPolicy = "ClusterFirst" 964 965 // DNSDefault indicates that the pod should use the default (as 966 // determined by kubelet) DNS settings. 967 DNSDefault DNSPolicy = "Default" 968 ) 969 970 // PodSpec is a description of a pod 971 type PodSpec struct { 972 Volumes []Volume `json:"volumes"` 973 // Required: there must be at least one container in a pod. 974 Containers []Container `json:"containers"` 975 RestartPolicy RestartPolicy `json:"restartPolicy,omitempty"` 976 // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 977 // Value must be non-negative integer. The value zero indicates delete immediately. 978 // If this value is nil, the default grace period will be used instead. 979 // The grace period is the duration in seconds after the processes running in the pod are sent 980 // a termination signal and the time when the processes are forcibly halted with a kill signal. 981 // Set this value longer than the expected cleanup time for your process. 982 TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` 983 // Optional duration in seconds relative to the StartTime that the pod may be active on a node 984 // before the system actively tries to terminate the pod; value must be positive integer 985 ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"` 986 // Required: Set DNS policy. 987 DNSPolicy DNSPolicy `json:"dnsPolicy,omitempty"` 988 // NodeSelector is a selector which must be true for the pod to fit on a node 989 NodeSelector map[string]string `json:"nodeSelector,omitempty"` 990 991 // ServiceAccountName is the name of the ServiceAccount to use to run this pod 992 // The pod will be allowed to use secrets referenced by the ServiceAccount 993 ServiceAccountName string `json:"serviceAccountName"` 994 995 // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, 996 // the scheduler simply schedules this pod onto that node, assuming that it fits resource 997 // requirements. 998 NodeName string `json:"nodeName,omitempty"` 999 // SecurityContext holds pod-level security attributes and common container settings. 1000 // Optional: Defaults to empty. See type description for default values of each field. 1001 SecurityContext *PodSecurityContext `json:"securityContext,omitempty"` 1002 // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 1003 // If specified, these secrets will be passed to individual puller implementations for them to use. For example, 1004 // in the case of docker, only DockerConfig type secrets are honored. 1005 ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty"` 1006 } 1007 1008 // PodSecurityContext holds pod-level security attributes and common container settings. 1009 // Some fields are also present in container.securityContext. Field values of 1010 // container.securityContext take precedence over field values of PodSecurityContext. 1011 type PodSecurityContext struct { 1012 // Use the host's network namespace. If this option is set, the ports that will be 1013 // used must be specified. 1014 // Optional: Default to false 1015 HostNetwork bool `json:"hostNetwork,omitempty"` 1016 // Use the host's pid namespace. 1017 // Optional: Default to false. 1018 HostPID bool `json:"hostPID,omitempty"` 1019 // Use the host's ipc namespace. 1020 // Optional: Default to false. 1021 HostIPC bool `json:"hostIPC,omitempty"` 1022 // The SELinux context to be applied to all containers. 1023 // If unspecified, the container runtime will allocate a random SELinux context for each 1024 // container. May also be set in SecurityContext. If set in 1025 // both SecurityContext and PodSecurityContext, the value specified in SecurityContext 1026 // takes precedence for that container. 1027 SELinuxOptions *SELinuxOptions `json:"seLinuxOptions,omitempty"` 1028 // The UID to run the entrypoint of the container process. 1029 // Defaults to user specified in image metadata if unspecified. 1030 // May also be set in SecurityContext. If set in both SecurityContext and 1031 // PodSecurityContext, the value specified in SecurityContext takes precedence 1032 // for that container. 1033 RunAsUser *int64 `json:"runAsUser,omitempty"` 1034 // Indicates that the container must run as a non-root user. 1035 // If true, the Kubelet will validate the image at runtime to ensure that it 1036 // does not run as UID 0 (root) and fail to start the container if it does. 1037 // If unset or false, no such validation will be performed. 1038 // May also be set in SecurityContext. If set in both SecurityContext and 1039 // PodSecurityContext, the value specified in SecurityContext takes precedence. 1040 RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"` 1041 // A list of groups applied to the first process run in each container, in addition 1042 // to the container's primary GID. If unspecified, no groups will be added to 1043 // any container. 1044 SupplementalGroups []int64 `json:"supplementalGroups,omitempty"` 1045 // A special supplemental group that applies to all containers in a pod. 1046 // Some volume types allow the Kubelet to change the ownership of that volume 1047 // to be owned by the pod: 1048 // 1049 // 1. The owning GID will be the FSGroup 1050 // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 1051 // 3. The permission bits are OR'd with rw-rw---- 1052 // 1053 // If unset, the Kubelet will not modify the ownership and permissions of any volume. 1054 FSGroup *int64 `json:"fsGroup,omitempty"` 1055 } 1056 1057 // PodStatus represents information about the status of a pod. Status may trail the actual 1058 // state of a system. 1059 type PodStatus struct { 1060 Phase PodPhase `json:"phase,omitempty"` 1061 Conditions []PodCondition `json:"conditions,omitempty"` 1062 // A human readable message indicating details about why the pod is in this state. 1063 Message string `json:"message,omitempty"` 1064 // A brief CamelCase message indicating details about why the pod is in this state. e.g. 'OutOfDisk' 1065 Reason string `json:"reason,omitempty"` 1066 1067 HostIP string `json:"hostIP,omitempty"` 1068 PodIP string `json:"podIP,omitempty"` 1069 1070 // Date and time at which the object was acknowledged by the Kubelet. 1071 // This is before the Kubelet pulled the container image(s) for the pod. 1072 StartTime *unversioned.Time `json:"startTime,omitempty"` 1073 1074 // The list has one entry per container in the manifest. Each entry is 1075 // currently the output of `docker inspect`. This output format is *not* 1076 // final and should not be relied upon. 1077 // TODO: Make real decisions about what our info should look like. Re-enable fuzz test 1078 // when we have done this. 1079 ContainerStatuses []ContainerStatus `json:"containerStatuses,omitempty"` 1080 } 1081 1082 // PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded 1083 type PodStatusResult struct { 1084 unversioned.TypeMeta `json:",inline"` 1085 ObjectMeta `json:"metadata,omitempty"` 1086 // Status represents the current information about a pod. This data may not be up 1087 // to date. 1088 Status PodStatus `json:"status,omitempty"` 1089 } 1090 1091 // Pod is a collection of containers, used as either input (create, update) or as output (list, get). 1092 type Pod struct { 1093 unversioned.TypeMeta `json:",inline"` 1094 ObjectMeta `json:"metadata,omitempty"` 1095 1096 // Spec defines the behavior of a pod. 1097 Spec PodSpec `json:"spec,omitempty"` 1098 1099 // Status represents the current information about a pod. This data may not be up 1100 // to date. 1101 Status PodStatus `json:"status,omitempty"` 1102 } 1103 1104 // PodTemplateSpec describes the data a pod should have when created from a template 1105 type PodTemplateSpec struct { 1106 // Metadata of the pods created from this template. 1107 ObjectMeta `json:"metadata,omitempty"` 1108 1109 // Spec defines the behavior of a pod. 1110 Spec PodSpec `json:"spec,omitempty"` 1111 } 1112 1113 // PodTemplate describes a template for creating copies of a predefined pod. 1114 type PodTemplate struct { 1115 unversioned.TypeMeta `json:",inline"` 1116 ObjectMeta `json:"metadata,omitempty"` 1117 1118 // Template defines the pods that will be created from this pod template 1119 Template PodTemplateSpec `json:"template,omitempty"` 1120 } 1121 1122 // PodTemplateList is a list of PodTemplates. 1123 type PodTemplateList struct { 1124 unversioned.TypeMeta `json:",inline"` 1125 unversioned.ListMeta `json:"metadata,omitempty"` 1126 1127 Items []PodTemplate `json:"items"` 1128 } 1129 1130 // ReplicationControllerSpec is the specification of a replication controller. 1131 // As the internal representation of a replication controller, it may have either 1132 // a TemplateRef or a Template set. 1133 type ReplicationControllerSpec struct { 1134 // Replicas is the number of desired replicas. 1135 Replicas int `json:"replicas"` 1136 1137 // Selector is a label query over pods that should match the Replicas count. 1138 Selector map[string]string `json:"selector"` 1139 1140 // TemplateRef is a reference to an object that describes the pod that will be created if 1141 // insufficient replicas are detected. This reference is ignored if a Template is set. 1142 // Must be set before converting to a versioned API object 1143 //TemplateRef *ObjectReference `json:"templateRef,omitempty"` 1144 1145 // Template is the object that describes the pod that will be created if 1146 // insufficient replicas are detected. Internally, this takes precedence over a 1147 // TemplateRef. 1148 Template *PodTemplateSpec `json:"template,omitempty"` 1149 } 1150 1151 // ReplicationControllerStatus represents the current status of a replication 1152 // controller. 1153 type ReplicationControllerStatus struct { 1154 // Replicas is the number of actual replicas. 1155 Replicas int `json:"replicas"` 1156 1157 // ObservedGeneration is the most recent generation observed by the controller. 1158 ObservedGeneration int64 `json:"observedGeneration,omitempty"` 1159 } 1160 1161 // ReplicationController represents the configuration of a replication controller. 1162 type ReplicationController struct { 1163 unversioned.TypeMeta `json:",inline"` 1164 ObjectMeta `json:"metadata,omitempty"` 1165 1166 // Spec defines the desired behavior of this replication controller. 1167 Spec ReplicationControllerSpec `json:"spec,omitempty"` 1168 1169 // Status is the current status of this replication controller. This data may be 1170 // out of date by some window of time. 1171 Status ReplicationControllerStatus `json:"status,omitempty"` 1172 } 1173 1174 // ReplicationControllerList is a collection of replication controllers. 1175 type ReplicationControllerList struct { 1176 unversioned.TypeMeta `json:",inline"` 1177 unversioned.ListMeta `json:"metadata,omitempty"` 1178 1179 Items []ReplicationController `json:"items"` 1180 } 1181 1182 const ( 1183 // ClusterIPNone - do not assign a cluster IP 1184 // no proxying required and no environment variables should be created for pods 1185 ClusterIPNone = "None" 1186 ) 1187 1188 // ServiceList holds a list of services. 1189 type ServiceList struct { 1190 unversioned.TypeMeta `json:",inline"` 1191 unversioned.ListMeta `json:"metadata,omitempty"` 1192 1193 Items []Service `json:"items"` 1194 } 1195 1196 // Session Affinity Type string 1197 type ServiceAffinity string 1198 1199 const ( 1200 // ServiceAffinityClientIP is the Client IP based. 1201 ServiceAffinityClientIP ServiceAffinity = "ClientIP" 1202 1203 // ServiceAffinityNone - no session affinity. 1204 ServiceAffinityNone ServiceAffinity = "None" 1205 ) 1206 1207 // Service Type string describes ingress methods for a service 1208 type ServiceType string 1209 1210 const ( 1211 // ServiceTypeClusterIP means a service will only be accessible inside the 1212 // cluster, via the ClusterIP. 1213 ServiceTypeClusterIP ServiceType = "ClusterIP" 1214 1215 // ServiceTypeNodePort means a service will be exposed on one port of 1216 // every node, in addition to 'ClusterIP' type. 1217 ServiceTypeNodePort ServiceType = "NodePort" 1218 1219 // ServiceTypeLoadBalancer means a service will be exposed via an 1220 // external load balancer (if the cloud provider supports it), in addition 1221 // to 'NodePort' type. 1222 ServiceTypeLoadBalancer ServiceType = "LoadBalancer" 1223 ) 1224 1225 // ServiceStatus represents the current status of a service 1226 type ServiceStatus struct { 1227 // LoadBalancer contains the current status of the load-balancer, 1228 // if one is present. 1229 LoadBalancer LoadBalancerStatus `json:"loadBalancer,omitempty"` 1230 } 1231 1232 // LoadBalancerStatus represents the status of a load-balancer 1233 type LoadBalancerStatus struct { 1234 // Ingress is a list containing ingress points for the load-balancer; 1235 // traffic intended for the service should be sent to these ingress points. 1236 Ingress []LoadBalancerIngress `json:"ingress,omitempty"` 1237 } 1238 1239 // LoadBalancerIngress represents the status of a load-balancer ingress point: 1240 // traffic intended for the service should be sent to an ingress point. 1241 type LoadBalancerIngress struct { 1242 // IP is set for load-balancer ingress points that are IP based 1243 // (typically GCE or OpenStack load-balancers) 1244 IP string `json:"ip,omitempty"` 1245 1246 // Hostname is set for load-balancer ingress points that are DNS based 1247 // (typically AWS load-balancers) 1248 Hostname string `json:"hostname,omitempty"` 1249 } 1250 1251 // ServiceSpec describes the attributes that a user creates on a service 1252 type ServiceSpec struct { 1253 // Type determines how the service will be exposed. Valid options: ClusterIP, NodePort, LoadBalancer 1254 Type ServiceType `json:"type,omitempty"` 1255 1256 // Required: The list of ports that are exposed by this service. 1257 Ports []ServicePort `json:"ports"` 1258 1259 // This service will route traffic to pods having labels matching this selector. If empty or not present, 1260 // the service is assumed to have endpoints set by an external process and Kubernetes will not modify 1261 // those endpoints. 1262 Selector map[string]string `json:"selector"` 1263 1264 // ClusterIP is usually assigned by the master. If specified by the user 1265 // we will try to respect it or else fail the request. This field can 1266 // not be changed by updates. 1267 // Valid values are None, empty string (""), or a valid IP address 1268 // None can be specified for headless services when proxying is not required 1269 ClusterIP string `json:"clusterIP,omitempty"` 1270 1271 // ExternalIPs are used by external load balancers, or can be set by 1272 // users to handle external traffic that arrives at a node. 1273 ExternalIPs []string `json:"externalIPs,omitempty"` 1274 1275 // Only applies to Service Type: LoadBalancer 1276 // LoadBalancer will get created with the IP specified in this field. 1277 // This feature depends on whether the underlying cloud-provider supports specifying 1278 // the loadBalancerIP when a load balancer is created. 1279 // This field will be ignored if the cloud-provider does not support the feature. 1280 LoadBalancerIP string `json:"loadBalancerIP,omitempty"` 1281 1282 // Required: Supports "ClientIP" and "None". Used to maintain session affinity. 1283 SessionAffinity ServiceAffinity `json:"sessionAffinity,omitempty"` 1284 } 1285 1286 type ServicePort struct { 1287 // Optional if only one ServicePort is defined on this service: The 1288 // name of this port within the service. This must be a DNS_LABEL. 1289 // All ports within a ServiceSpec must have unique names. This maps to 1290 // the 'Name' field in EndpointPort objects. 1291 Name string `json:"name"` 1292 1293 // The IP protocol for this port. Supports "TCP" and "UDP". 1294 Protocol Protocol `json:"protocol"` 1295 1296 // The port that will be exposed on the service. 1297 Port int `json:"port"` 1298 1299 // Optional: The target port on pods selected by this service. If this 1300 // is a string, it will be looked up as a named port in the target 1301 // Pod's container ports. If this is not specified, the default value 1302 // is the sames as the Port field (an identity map). 1303 TargetPort intstr.IntOrString `json:"targetPort"` 1304 1305 // The port on each node on which this service is exposed. 1306 // Default is to auto-allocate a port if the ServiceType of this Service requires one. 1307 NodePort int `json:"nodePort"` 1308 } 1309 1310 // Service is a named abstraction of software service (for example, mysql) consisting of local port 1311 // (for example 3306) that the proxy listens on, and the selector that determines which pods 1312 // will answer requests sent through the proxy. 1313 type Service struct { 1314 unversioned.TypeMeta `json:",inline"` 1315 ObjectMeta `json:"metadata,omitempty"` 1316 1317 // Spec defines the behavior of a service. 1318 Spec ServiceSpec `json:"spec,omitempty"` 1319 1320 // Status represents the current status of a service. 1321 Status ServiceStatus `json:"status,omitempty"` 1322 } 1323 1324 // ServiceAccount binds together: 1325 // * a name, understood by users, and perhaps by peripheral systems, for an identity 1326 // * a principal that can be authenticated and authorized 1327 // * a set of secrets 1328 type ServiceAccount struct { 1329 unversioned.TypeMeta `json:",inline"` 1330 ObjectMeta `json:"metadata,omitempty"` 1331 1332 // Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount 1333 Secrets []ObjectReference `json:"secrets"` 1334 1335 // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images 1336 // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets 1337 // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. 1338 ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty"` 1339 } 1340 1341 // ServiceAccountList is a list of ServiceAccount objects 1342 type ServiceAccountList struct { 1343 unversioned.TypeMeta `json:",inline"` 1344 unversioned.ListMeta `json:"metadata,omitempty"` 1345 1346 Items []ServiceAccount `json:"items"` 1347 } 1348 1349 // Endpoints is a collection of endpoints that implement the actual service. Example: 1350 // Name: "mysvc", 1351 // Subsets: [ 1352 // { 1353 // Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 1354 // Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 1355 // }, 1356 // { 1357 // Addresses: [{"ip": "10.10.3.3"}], 1358 // Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] 1359 // }, 1360 // ] 1361 type Endpoints struct { 1362 unversioned.TypeMeta `json:",inline"` 1363 ObjectMeta `json:"metadata,omitempty"` 1364 1365 // The set of all endpoints is the union of all subsets. 1366 Subsets []EndpointSubset 1367 } 1368 1369 // EndpointSubset is a group of addresses with a common set of ports. The 1370 // expanded set of endpoints is the Cartesian product of Addresses x Ports. 1371 // For example, given: 1372 // { 1373 // Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], 1374 // Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] 1375 // } 1376 // The resulting set of endpoints can be viewed as: 1377 // a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], 1378 // b: [ 10.10.1.1:309, 10.10.2.2:309 ] 1379 type EndpointSubset struct { 1380 Addresses []EndpointAddress 1381 NotReadyAddresses []EndpointAddress 1382 Ports []EndpointPort 1383 } 1384 1385 // EndpointAddress is a tuple that describes single IP address. 1386 type EndpointAddress struct { 1387 // The IP of this endpoint. 1388 // TODO: This should allow hostname or IP, see #4447. 1389 IP string 1390 1391 // Optional: The kubernetes object related to the entry point. 1392 TargetRef *ObjectReference 1393 } 1394 1395 // EndpointPort is a tuple that describes a single port. 1396 type EndpointPort struct { 1397 // The name of this port (corresponds to ServicePort.Name). Optional 1398 // if only one port is defined. Must be a DNS_LABEL. 1399 Name string 1400 1401 // The port number. 1402 Port int 1403 1404 // The IP protocol for this port. 1405 Protocol Protocol 1406 } 1407 1408 // EndpointsList is a list of endpoints. 1409 type EndpointsList struct { 1410 unversioned.TypeMeta `json:",inline"` 1411 unversioned.ListMeta `json:"metadata,omitempty"` 1412 1413 Items []Endpoints `json:"items"` 1414 } 1415 1416 // NodeSpec describes the attributes that a node is created with. 1417 type NodeSpec struct { 1418 // PodCIDR represents the pod IP range assigned to the node 1419 // Note: assigning IP ranges to nodes might need to be revisited when we support migratable IPs. 1420 PodCIDR string `json:"podCIDR,omitempty"` 1421 1422 // External ID of the node assigned by some machine database (e.g. a cloud provider) 1423 ExternalID string `json:"externalID,omitempty"` 1424 1425 // ID of the node assigned by the cloud provider 1426 // Note: format is "<ProviderName>://<ProviderSpecificNodeID>" 1427 ProviderID string `json:"providerID,omitempty"` 1428 1429 // Unschedulable controls node schedulability of new pods. By default node is schedulable. 1430 Unschedulable bool `json:"unschedulable,omitempty"` 1431 } 1432 1433 // DaemonEndpoint contains information about a single Daemon endpoint. 1434 type DaemonEndpoint struct { 1435 // Port number of the given endpoint. 1436 Port int `json:port` 1437 } 1438 1439 // NodeDaemonEndpoints lists ports opened by daemons running on the Node. 1440 type NodeDaemonEndpoints struct { 1441 // Endpoint on which Kubelet is listening. 1442 KubeletEndpoint DaemonEndpoint `json:"kubeletEndpoint,omitempty"` 1443 } 1444 1445 // NodeSystemInfo is a set of ids/uuids to uniquely identify the node. 1446 type NodeSystemInfo struct { 1447 // Machine ID reported by the node. 1448 MachineID string `json:"machineID"` 1449 // System UUID reported by the node. 1450 SystemUUID string `json:"systemUUID"` 1451 // Boot ID reported by the node. 1452 BootID string `json:"bootID"` 1453 // Kernel Version reported by the node. 1454 KernelVersion string `json:"kernelVersion"` 1455 // OS Image reported by the node. 1456 OsImage string `json:"osImage"` 1457 // ContainerRuntime Version reported by the node. 1458 ContainerRuntimeVersion string `json:"containerRuntimeVersion"` 1459 // Kubelet Version reported by the node. 1460 KubeletVersion string `json:"kubeletVersion"` 1461 // KubeProxy Version reported by the node. 1462 KubeProxyVersion string `json:"kubeProxyVersion"` 1463 } 1464 1465 // NodeStatus is information about the current status of a node. 1466 type NodeStatus struct { 1467 // Capacity represents the available resources of a node. 1468 Capacity ResourceList `json:"capacity,omitempty"` 1469 // NodePhase is the current lifecycle phase of the node. 1470 Phase NodePhase `json:"phase,omitempty"` 1471 // Conditions is an array of current node conditions. 1472 Conditions []NodeCondition `json:"conditions,omitempty"` 1473 // Queried from cloud provider, if available. 1474 Addresses []NodeAddress `json:"addresses,omitempty"` 1475 // Endpoints of daemons running on the Node. 1476 DaemonEndpoints NodeDaemonEndpoints `json:"daemonEndpoints,omitempty"` 1477 // Set of ids/uuids to uniquely identify the node. 1478 NodeInfo NodeSystemInfo `json:"nodeInfo,omitempty"` 1479 } 1480 1481 type NodePhase string 1482 1483 // These are the valid phases of node. 1484 const ( 1485 // NodePending means the node has been created/added by the system, but not configured. 1486 NodePending NodePhase = "Pending" 1487 // NodeRunning means the node has been configured and has Kubernetes components running. 1488 NodeRunning NodePhase = "Running" 1489 // NodeTerminated means the node has been removed from the cluster. 1490 NodeTerminated NodePhase = "Terminated" 1491 ) 1492 1493 type NodeConditionType string 1494 1495 // These are valid conditions of node. Currently, we don't have enough information to decide 1496 // node condition. In the future, we will add more. The proposed set of conditions are: 1497 // NodeReady, NodeReachable 1498 const ( 1499 // NodeReady means kubelet is healthy and ready to accept pods. 1500 NodeReady NodeConditionType = "Ready" 1501 // NodeOutOfDisk means the kubelet will not accept new pods due to insufficient free disk 1502 // space on the node. 1503 NodeOutOfDisk NodeConditionType = "OutOfDisk" 1504 ) 1505 1506 type NodeCondition struct { 1507 Type NodeConditionType `json:"type"` 1508 Status ConditionStatus `json:"status"` 1509 LastHeartbeatTime unversioned.Time `json:"lastHeartbeatTime,omitempty"` 1510 LastTransitionTime unversioned.Time `json:"lastTransitionTime,omitempty"` 1511 Reason string `json:"reason,omitempty"` 1512 Message string `json:"message,omitempty"` 1513 } 1514 1515 type NodeAddressType string 1516 1517 // These are valid address types of node. NodeLegacyHostIP is used to transit 1518 // from out-dated HostIP field to NodeAddress. 1519 const ( 1520 NodeLegacyHostIP NodeAddressType = "LegacyHostIP" 1521 NodeHostName NodeAddressType = "Hostname" 1522 NodeExternalIP NodeAddressType = "ExternalIP" 1523 NodeInternalIP NodeAddressType = "InternalIP" 1524 ) 1525 1526 type NodeAddress struct { 1527 Type NodeAddressType `json:"type"` 1528 Address string `json:"address"` 1529 } 1530 1531 // NodeResources is an object for conveying resource information about a node. 1532 // see http://releases.k8s.io/HEAD/docs/design/resources.md for more details. 1533 type NodeResources struct { 1534 // Capacity represents the available resources of a node 1535 Capacity ResourceList `json:"capacity,omitempty"` 1536 } 1537 1538 // ResourceName is the name identifying various resources in a ResourceList. 1539 type ResourceName string 1540 1541 const ( 1542 // CPU, in cores. (500m = .5 cores) 1543 ResourceCPU ResourceName = "cpu" 1544 // Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) 1545 ResourceMemory ResourceName = "memory" 1546 // Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) 1547 ResourceStorage ResourceName = "storage" 1548 // Number of Pods that may be running on this Node: see ResourcePods 1549 ) 1550 1551 // ResourceList is a set of (resource name, quantity) pairs. 1552 type ResourceList map[ResourceName]resource.Quantity 1553 1554 // Node is a worker node in Kubernetes 1555 // The name of the node according to etcd is in ObjectMeta.Name. 1556 type Node struct { 1557 unversioned.TypeMeta `json:",inline"` 1558 ObjectMeta `json:"metadata,omitempty"` 1559 1560 // Spec defines the behavior of a node. 1561 Spec NodeSpec `json:"spec,omitempty"` 1562 1563 // Status describes the current status of a Node 1564 Status NodeStatus `json:"status,omitempty"` 1565 } 1566 1567 // NodeList is a list of nodes. 1568 type NodeList struct { 1569 unversioned.TypeMeta `json:",inline"` 1570 unversioned.ListMeta `json:"metadata,omitempty"` 1571 1572 Items []Node `json:"items"` 1573 } 1574 1575 // NamespaceSpec describes the attributes on a Namespace 1576 type NamespaceSpec struct { 1577 // Finalizers is an opaque list of values that must be empty to permanently remove object from storage 1578 Finalizers []FinalizerName 1579 } 1580 1581 type FinalizerName string 1582 1583 // These are internal finalizer values to Kubernetes, must be qualified name unless defined here 1584 const ( 1585 FinalizerKubernetes FinalizerName = "kubernetes" 1586 ) 1587 1588 // NamespaceStatus is information about the current status of a Namespace. 1589 type NamespaceStatus struct { 1590 // Phase is the current lifecycle phase of the namespace. 1591 Phase NamespacePhase `json:"phase,omitempty"` 1592 } 1593 1594 type NamespacePhase string 1595 1596 // These are the valid phases of a namespace. 1597 const ( 1598 // NamespaceActive means the namespace is available for use in the system 1599 NamespaceActive NamespacePhase = "Active" 1600 // NamespaceTerminating means the namespace is undergoing graceful termination 1601 NamespaceTerminating NamespacePhase = "Terminating" 1602 ) 1603 1604 // A namespace provides a scope for Names. 1605 // Use of multiple namespaces is optional 1606 type Namespace struct { 1607 unversioned.TypeMeta `json:",inline"` 1608 ObjectMeta `json:"metadata,omitempty"` 1609 1610 // Spec defines the behavior of the Namespace. 1611 Spec NamespaceSpec `json:"spec,omitempty"` 1612 1613 // Status describes the current status of a Namespace 1614 Status NamespaceStatus `json:"status,omitempty"` 1615 } 1616 1617 // NamespaceList is a list of Namespaces. 1618 type NamespaceList struct { 1619 unversioned.TypeMeta `json:",inline"` 1620 unversioned.ListMeta `json:"metadata,omitempty"` 1621 1622 Items []Namespace `json:"items"` 1623 } 1624 1625 // Binding ties one object to another - for example, a pod is bound to a node by a scheduler. 1626 type Binding struct { 1627 unversioned.TypeMeta `json:",inline"` 1628 // ObjectMeta describes the object that is being bound. 1629 ObjectMeta `json:"metadata,omitempty"` 1630 1631 // Target is the object to bind to. 1632 Target ObjectReference `json:"target"` 1633 } 1634 1635 // DeleteOptions may be provided when deleting an API object 1636 type DeleteOptions struct { 1637 unversioned.TypeMeta `json:",inline"` 1638 1639 // Optional duration in seconds before the object should be deleted. Value must be non-negative integer. 1640 // The value zero indicates delete immediately. If this value is nil, the default grace period for the 1641 // specified type will be used. 1642 GracePeriodSeconds *int64 `json:"gracePeriodSeconds"` 1643 } 1644 1645 // ListOptions is the query options to a standard REST list call, and has future support for 1646 // watch calls. 1647 type ListOptions struct { 1648 unversioned.TypeMeta `json:",inline"` 1649 1650 // A selector based on labels 1651 LabelSelector labels.Selector 1652 // A selector based on fields 1653 FieldSelector fields.Selector 1654 // If true, watch for changes to this list 1655 Watch bool 1656 // The resource version to watch (no effect on list yet) 1657 ResourceVersion string 1658 // Timeout for the list/watch call. 1659 TimeoutSeconds *int64 1660 } 1661 1662 // PodLogOptions is the query options for a Pod's logs REST call 1663 type PodLogOptions struct { 1664 unversioned.TypeMeta 1665 1666 // Container for which to return logs 1667 Container string 1668 // If true, follow the logs for the pod 1669 Follow bool 1670 // If true, return previous terminated container logs 1671 Previous bool 1672 // A relative time in seconds before the current time from which to show logs. If this value 1673 // precedes the time a pod was started, only logs since the pod start will be returned. 1674 // If this value is in the future, no logs will be returned. 1675 // Only one of sinceSeconds or sinceTime may be specified. 1676 SinceSeconds *int64 1677 // An RFC3339 timestamp from which to show logs. If this value 1678 // preceeds the time a pod was started, only logs since the pod start will be returned. 1679 // If this value is in the future, no logs will be returned. 1680 // Only one of sinceSeconds or sinceTime may be specified. 1681 SinceTime *unversioned.Time 1682 // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line 1683 // of log output. 1684 Timestamps bool 1685 // If set, the number of lines from the end of the logs to show. If not specified, 1686 // logs are shown from the creation of the container or sinceSeconds or sinceTime 1687 TailLines *int64 1688 // If set, the number of bytes to read from the server before terminating the 1689 // log output. This may not display a complete final line of logging, and may return 1690 // slightly more or slightly less than the specified limit. 1691 LimitBytes *int64 1692 } 1693 1694 // PodAttachOptions is the query options to a Pod's remote attach call 1695 // TODO: merge w/ PodExecOptions below for stdin, stdout, etc 1696 type PodAttachOptions struct { 1697 unversioned.TypeMeta `json:",inline"` 1698 1699 // Stdin if true indicates that stdin is to be redirected for the attach call 1700 Stdin bool `json:"stdin,omitempty"` 1701 1702 // Stdout if true indicates that stdout is to be redirected for the attach call 1703 Stdout bool `json:"stdout,omitempty"` 1704 1705 // Stderr if true indicates that stderr is to be redirected for the attach call 1706 Stderr bool `json:"stderr,omitempty"` 1707 1708 // TTY if true indicates that a tty will be allocated for the attach call 1709 TTY bool `json:"tty,omitempty"` 1710 1711 // Container to attach to. 1712 Container string `json:"container,omitempty"` 1713 } 1714 1715 // PodExecOptions is the query options to a Pod's remote exec call 1716 type PodExecOptions struct { 1717 unversioned.TypeMeta 1718 1719 // Stdin if true indicates that stdin is to be redirected for the exec call 1720 Stdin bool 1721 1722 // Stdout if true indicates that stdout is to be redirected for the exec call 1723 Stdout bool 1724 1725 // Stderr if true indicates that stderr is to be redirected for the exec call 1726 Stderr bool 1727 1728 // TTY if true indicates that a tty will be allocated for the exec call 1729 TTY bool 1730 1731 // Container in which to execute the command. 1732 Container string 1733 1734 // Command is the remote command to execute; argv array; not executed within a shell. 1735 Command []string 1736 } 1737 1738 // PodProxyOptions is the query options to a Pod's proxy call 1739 type PodProxyOptions struct { 1740 unversioned.TypeMeta 1741 1742 // Path is the URL path to use for the current proxy request 1743 Path string 1744 } 1745 1746 // ObjectReference contains enough information to let you inspect or modify the referred object. 1747 type ObjectReference struct { 1748 Kind string `json:"kind,omitempty"` 1749 Namespace string `json:"namespace,omitempty"` 1750 Name string `json:"name,omitempty"` 1751 UID types.UID `json:"uid,omitempty"` 1752 APIVersion string `json:"apiVersion,omitempty"` 1753 ResourceVersion string `json:"resourceVersion,omitempty"` 1754 1755 // Optional. If referring to a piece of an object instead of an entire object, this string 1756 // should contain information to identify the sub-object. For example, if the object 1757 // reference is to a container within a pod, this would take on a value like: 1758 // "spec.containers{name}" (where "name" refers to the name of the container that triggered 1759 // the event) or if no container name is specified "spec.containers[2]" (container with 1760 // index 2 in this pod). This syntax is chosen only to have some well-defined way of 1761 // referencing a part of an object. 1762 // TODO: this design is not final and this field is subject to change in the future. 1763 FieldPath string `json:"fieldPath,omitempty"` 1764 } 1765 1766 // LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. 1767 type LocalObjectReference struct { 1768 //TODO: Add other useful fields. apiVersion, kind, uid? 1769 Name string 1770 } 1771 1772 type SerializedReference struct { 1773 unversioned.TypeMeta `json:",inline"` 1774 Reference ObjectReference `json:"reference,omitempty"` 1775 } 1776 1777 type EventSource struct { 1778 // Component from which the event is generated. 1779 Component string `json:"component,omitempty"` 1780 // Host name on which the event is generated. 1781 Host string `json:"host,omitempty"` 1782 } 1783 1784 // Valid values for event types (new types could be added in future) 1785 const ( 1786 // Information only and will not cause any problems 1787 EventTypeNormal string = "Normal" 1788 // These events are to warn that something might go wrong 1789 EventTypeWarning string = "Warning" 1790 ) 1791 1792 // Event is a report of an event somewhere in the cluster. 1793 // TODO: Decide whether to store these separately or with the object they apply to. 1794 type Event struct { 1795 unversioned.TypeMeta `json:",inline"` 1796 ObjectMeta `json:"metadata,omitempty"` 1797 1798 // Required. The object that this event is about. 1799 InvolvedObject ObjectReference `json:"involvedObject,omitempty"` 1800 1801 // Optional; this should be a short, machine understandable string that gives the reason 1802 // for this event being generated. For example, if the event is reporting that a container 1803 // can't start, the Reason might be "ImageNotFound". 1804 // TODO: provide exact specification for format. 1805 Reason string `json:"reason,omitempty"` 1806 1807 // Optional. A human-readable description of the status of this operation. 1808 // TODO: decide on maximum length. 1809 Message string `json:"message,omitempty"` 1810 1811 // Optional. The component reporting this event. Should be a short machine understandable string. 1812 Source EventSource `json:"source,omitempty"` 1813 1814 // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) 1815 FirstTimestamp unversioned.Time `json:"firstTimestamp,omitempty"` 1816 1817 // The time at which the most recent occurrence of this event was recorded. 1818 LastTimestamp unversioned.Time `json:"lastTimestamp,omitempty"` 1819 1820 // The number of times this event has occurred. 1821 Count int `json:"count,omitempty"` 1822 1823 // Type of this event (Normal, Warning), new types could be added in the future. 1824 Type string `json:"type,omitempty"` 1825 } 1826 1827 // EventList is a list of events. 1828 type EventList struct { 1829 unversioned.TypeMeta `json:",inline"` 1830 unversioned.ListMeta `json:"metadata,omitempty"` 1831 1832 Items []Event `json:"items"` 1833 } 1834 1835 // List holds a list of objects, which may not be known by the server. 1836 type List struct { 1837 unversioned.TypeMeta `json:",inline"` 1838 unversioned.ListMeta `json:"metadata,omitempty"` 1839 1840 Items []runtime.Object `json:"items"` 1841 } 1842 1843 // A type of object that is limited 1844 type LimitType string 1845 1846 const ( 1847 // Limit that applies to all pods in a namespace 1848 LimitTypePod LimitType = "Pod" 1849 // Limit that applies to all containers in a namespace 1850 LimitTypeContainer LimitType = "Container" 1851 ) 1852 1853 // LimitRangeItem defines a min/max usage limit for any resource that matches on kind 1854 type LimitRangeItem struct { 1855 // Type of resource that this limit applies to 1856 Type LimitType `json:"type,omitempty"` 1857 // Max usage constraints on this kind by resource name 1858 Max ResourceList `json:"max,omitempty"` 1859 // Min usage constraints on this kind by resource name 1860 Min ResourceList `json:"min,omitempty"` 1861 // Default resource requirement limit value by resource name. 1862 Default ResourceList `json:"default,omitempty"` 1863 // DefaultRequest resource requirement request value by resource name. 1864 DefaultRequest ResourceList `json:"defaultRequest,omitempty"` 1865 // MaxLimitRequestRatio represents the max burst value for the named resource 1866 MaxLimitRequestRatio ResourceList `json:"maxLimitRequestRatio,omitempty"` 1867 } 1868 1869 // LimitRangeSpec defines a min/max usage limit for resources that match on kind 1870 type LimitRangeSpec struct { 1871 // Limits is the list of LimitRangeItem objects that are enforced 1872 Limits []LimitRangeItem `json:"limits"` 1873 } 1874 1875 // LimitRange sets resource usage limits for each kind of resource in a Namespace 1876 type LimitRange struct { 1877 unversioned.TypeMeta `json:",inline"` 1878 ObjectMeta `json:"metadata,omitempty"` 1879 1880 // Spec defines the limits enforced 1881 Spec LimitRangeSpec `json:"spec,omitempty"` 1882 } 1883 1884 // LimitRangeList is a list of LimitRange items. 1885 type LimitRangeList struct { 1886 unversioned.TypeMeta `json:",inline"` 1887 unversioned.ListMeta `json:"metadata,omitempty"` 1888 1889 // Items is a list of LimitRange objects 1890 Items []LimitRange `json:"items"` 1891 } 1892 1893 // The following identify resource constants for Kubernetes object types 1894 const ( 1895 // Pods, number 1896 ResourcePods ResourceName = "pods" 1897 // Services, number 1898 ResourceServices ResourceName = "services" 1899 // ReplicationControllers, number 1900 ResourceReplicationControllers ResourceName = "replicationcontrollers" 1901 // ResourceQuotas, number 1902 ResourceQuotas ResourceName = "resourcequotas" 1903 // ResourceSecrets, number 1904 ResourceSecrets ResourceName = "secrets" 1905 // ResourcePersistentVolumeClaims, number 1906 ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims" 1907 ) 1908 1909 // ResourceQuotaSpec defines the desired hard limits to enforce for Quota 1910 type ResourceQuotaSpec struct { 1911 // Hard is the set of desired hard limits for each named resource 1912 Hard ResourceList `json:"hard,omitempty"` 1913 } 1914 1915 // ResourceQuotaStatus defines the enforced hard limits and observed use 1916 type ResourceQuotaStatus struct { 1917 // Hard is the set of enforced hard limits for each named resource 1918 Hard ResourceList `json:"hard,omitempty"` 1919 // Used is the current observed total usage of the resource in the namespace 1920 Used ResourceList `json:"used,omitempty"` 1921 } 1922 1923 // ResourceQuota sets aggregate quota restrictions enforced per namespace 1924 type ResourceQuota struct { 1925 unversioned.TypeMeta `json:",inline"` 1926 ObjectMeta `json:"metadata,omitempty"` 1927 1928 // Spec defines the desired quota 1929 Spec ResourceQuotaSpec `json:"spec,omitempty"` 1930 1931 // Status defines the actual enforced quota and its current usage 1932 Status ResourceQuotaStatus `json:"status,omitempty"` 1933 } 1934 1935 // ResourceQuotaList is a list of ResourceQuota items 1936 type ResourceQuotaList struct { 1937 unversioned.TypeMeta `json:",inline"` 1938 unversioned.ListMeta `json:"metadata,omitempty"` 1939 1940 // Items is a list of ResourceQuota objects 1941 Items []ResourceQuota `json:"items"` 1942 } 1943 1944 // Secret holds secret data of a certain type. The total bytes of the values in 1945 // the Data field must be less than MaxSecretSize bytes. 1946 type Secret struct { 1947 unversioned.TypeMeta `json:",inline"` 1948 ObjectMeta `json:"metadata,omitempty"` 1949 1950 // Data contains the secret data. Each key must be a valid DNS_SUBDOMAIN 1951 // or leading dot followed by valid DNS_SUBDOMAIN. 1952 // The serialized form of the secret data is a base64 encoded string, 1953 // representing the arbitrary (possibly non-string) data value here. 1954 Data map[string][]byte `json:"data,omitempty"` 1955 1956 // Used to facilitate programmatic handling of secret data. 1957 Type SecretType `json:"type,omitempty"` 1958 } 1959 1960 const MaxSecretSize = 1 * 1024 * 1024 1961 1962 type SecretType string 1963 1964 const ( 1965 // SecretTypeOpaque is the default; arbitrary user-defined data 1966 SecretTypeOpaque SecretType = "Opaque" 1967 1968 // SecretTypeServiceAccountToken contains a token that identifies a service account to the API 1969 // 1970 // Required fields: 1971 // - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies 1972 // - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies 1973 // - Secret.Data["token"] - a token that identifies the service account to the API 1974 SecretTypeServiceAccountToken SecretType = "kubernetes.io/service-account-token" 1975 1976 // ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets 1977 ServiceAccountNameKey = "kubernetes.io/service-account.name" 1978 // ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets 1979 ServiceAccountUIDKey = "kubernetes.io/service-account.uid" 1980 // ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets 1981 ServiceAccountTokenKey = "token" 1982 // ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets 1983 ServiceAccountKubeconfigKey = "kubernetes.kubeconfig" 1984 // ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets 1985 ServiceAccountRootCAKey = "ca.crt" 1986 1987 // SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg 1988 // 1989 // Required fields: 1990 // - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file 1991 SecretTypeDockercfg SecretType = "kubernetes.io/dockercfg" 1992 1993 // DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets 1994 DockerConfigKey = ".dockercfg" 1995 1996 // SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json 1997 // 1998 // Required fields: 1999 // - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file 2000 SecretTypeDockerConfigJson SecretType = "kubernetes.io/dockerconfigjson" 2001 2002 // DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets 2003 DockerConfigJsonKey = ".dockerconfigjson" 2004 ) 2005 2006 type SecretList struct { 2007 unversioned.TypeMeta `json:",inline"` 2008 unversioned.ListMeta `json:"metadata,omitempty"` 2009 2010 Items []Secret `json:"items"` 2011 } 2012 2013 // These constants are for remote command execution and port forwarding and are 2014 // used by both the client side and server side components. 2015 // 2016 // This is probably not the ideal place for them, but it didn't seem worth it 2017 // to create pkg/exec and pkg/portforward just to contain a single file with 2018 // constants in it. Suggestions for more appropriate alternatives are 2019 // definitely welcome! 2020 const ( 2021 // Enable stdin for remote command execution 2022 ExecStdinParam = "input" 2023 // Enable stdout for remote command execution 2024 ExecStdoutParam = "output" 2025 // Enable stderr for remote command execution 2026 ExecStderrParam = "error" 2027 // Enable TTY for remote command execution 2028 ExecTTYParam = "tty" 2029 // Command to run for remote command execution 2030 ExecCommandParamm = "command" 2031 2032 // Name of header that specifies stream type 2033 StreamType = "streamType" 2034 // Value for streamType header for stdin stream 2035 StreamTypeStdin = "stdin" 2036 // Value for streamType header for stdout stream 2037 StreamTypeStdout = "stdout" 2038 // Value for streamType header for stderr stream 2039 StreamTypeStderr = "stderr" 2040 // Value for streamType header for data stream 2041 StreamTypeData = "data" 2042 // Value for streamType header for error stream 2043 StreamTypeError = "error" 2044 2045 // Name of header that specifies the port being forwarded 2046 PortHeader = "port" 2047 // Name of header that specifies a request ID used to associate the error 2048 // and data streams for a single forwarded connection 2049 PortForwardRequestIDHeader = "requestID" 2050 ) 2051 2052 // Similarly to above, these are constants to support HTTP PATCH utilized by 2053 // both the client and server that didn't make sense for a whole package to be 2054 // dedicated to. 2055 type PatchType string 2056 2057 const ( 2058 JSONPatchType PatchType = "application/json-patch+json" 2059 MergePatchType PatchType = "application/merge-patch+json" 2060 StrategicMergePatchType PatchType = "application/strategic-merge-patch+json" 2061 ) 2062 2063 // Type and constants for component health validation. 2064 type ComponentConditionType string 2065 2066 // These are the valid conditions for the component. 2067 const ( 2068 ComponentHealthy ComponentConditionType = "Healthy" 2069 ) 2070 2071 type ComponentCondition struct { 2072 Type ComponentConditionType `json:"type"` 2073 Status ConditionStatus `json:"status"` 2074 Message string `json:"message,omitempty"` 2075 Error string `json:"error,omitempty"` 2076 } 2077 2078 // ComponentStatus (and ComponentStatusList) holds the cluster validation info. 2079 type ComponentStatus struct { 2080 unversioned.TypeMeta `json:",inline"` 2081 ObjectMeta `json:"metadata,omitempty"` 2082 2083 Conditions []ComponentCondition `json:"conditions,omitempty"` 2084 } 2085 2086 type ComponentStatusList struct { 2087 unversioned.TypeMeta `json:",inline"` 2088 unversioned.ListMeta `json:"metadata,omitempty"` 2089 2090 Items []ComponentStatus `json:"items"` 2091 } 2092 2093 // SecurityContext holds security configuration that will be applied to a container. 2094 // Some fields are present in both SecurityContext and PodSecurityContext. When both 2095 // are set, the values in SecurityContext take precedence. 2096 type SecurityContext struct { 2097 // The capabilities to add/drop when running containers. 2098 // Defaults to the default set of capabilities granted by the container runtime. 2099 Capabilities *Capabilities `json:"capabilities,omitempty"` 2100 // Run container in privileged mode. 2101 // Processes in privileged containers are essentially equivalent to root on the host. 2102 // Defaults to false. 2103 Privileged *bool `json:"privileged,omitempty"` 2104 // The SELinux context to be applied to the container. 2105 // If unspecified, the container runtime will allocate a random SELinux context for each 2106 // container. May also be set in PodSecurityContext. If set in both SecurityContext and 2107 // PodSecurityContext, the value specified in SecurityContext takes precedence. 2108 SELinuxOptions *SELinuxOptions `json:"seLinuxOptions,omitempty"` 2109 // The UID to run the entrypoint of the container process. 2110 // Defaults to user specified in image metadata if unspecified. 2111 // May also be set in PodSecurityContext. If set in both SecurityContext and 2112 // PodSecurityContext, the value specified in SecurityContext takes precedence. 2113 RunAsUser *int64 `json:"runAsUser,omitempty"` 2114 // Indicates that the container must run as a non-root user. 2115 // If true, the Kubelet will validate the image at runtime to ensure that it 2116 // does not run as UID 0 (root) and fail to start the container if it does. 2117 // If unset or false, no such validation will be performed. 2118 // May also be set in PodSecurityContext. If set in both SecurityContext and 2119 // PodSecurityContext, the value specified in SecurityContext takes precedence. 2120 RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"` 2121 } 2122 2123 // SELinuxOptions are the labels to be applied to the container. 2124 type SELinuxOptions struct { 2125 // SELinux user label 2126 User string `json:"user,omitempty"` 2127 // SELinux role label 2128 Role string `json:"role,omitempty"` 2129 // SELinux type label 2130 Type string `json:"type,omitempty"` 2131 // SELinux level label. 2132 Level string `json:"level,omitempty"` 2133 } 2134 2135 // RangeAllocation is an opaque API object (not exposed to end users) that can be persisted to record 2136 // the global allocation state of the cluster. The schema of Range and Data generic, in that Range 2137 // should be a string representation of the inputs to a range (for instance, for IP allocation it 2138 // might be a CIDR) and Data is an opaque blob understood by an allocator which is typically a 2139 // binary range. Consumers should use annotations to record additional information (schema version, 2140 // data encoding hints). A range allocation should *ALWAYS* be recreatable at any time by observation 2141 // of the cluster, thus the object is less strongly typed than most. 2142 type RangeAllocation struct { 2143 unversioned.TypeMeta `json:",inline"` 2144 ObjectMeta `json:"metadata,omitempty"` 2145 // A string representing a unique label for a range of resources, such as a CIDR "10.0.0.0/8" or 2146 // port range "10000-30000". Range is not strongly schema'd here. The Range is expected to define 2147 // a start and end unless there is an implicit end. 2148 Range string `json:"range"` 2149 // A byte array representing the serialized state of a range allocation. Additional clarifiers on 2150 // the type or format of data should be represented with annotations. For IP allocations, this is 2151 // represented as a bit array starting at the base IP of the CIDR in Range, with each bit representing 2152 // a single allocated address (the fifth bit on CIDR 10.0.0.0/8 is 10.0.0.4). 2153 Data []byte `json:"data"` 2154 }