github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/crds/crd-thanosrulers.yaml (about) 1 # https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.63.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml 2 --- 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 controller-gen.kubebuilder.io/version: v0.11.1 8 creationTimestamp: null 9 name: thanosrulers.monitoring.coreos.com 10 spec: 11 group: monitoring.coreos.com 12 names: 13 categories: 14 - prometheus-operator 15 kind: ThanosRuler 16 listKind: ThanosRulerList 17 plural: thanosrulers 18 shortNames: 19 - ruler 20 singular: thanosruler 21 scope: Namespaced 22 versions: 23 - additionalPrinterColumns: 24 - description: The number of desired replicas 25 jsonPath: .spec.replicas 26 name: Replicas 27 type: integer 28 - jsonPath: .metadata.creationTimestamp 29 name: Age 30 type: date 31 - description: Whether the resource reconciliation is paused or not 32 jsonPath: .status.paused 33 name: Paused 34 priority: 1 35 type: boolean 36 name: v1 37 schema: 38 openAPIV3Schema: 39 description: ThanosRuler defines a ThanosRuler deployment. 40 properties: 41 apiVersion: 42 description: 'APIVersion defines the versioned schema of this representation 43 of an object. Servers should convert recognized schemas to the latest 44 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 45 type: string 46 kind: 47 description: 'Kind is a string value representing the REST resource this 48 object represents. Servers may infer this from the endpoint the client 49 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 50 type: string 51 metadata: 52 type: object 53 spec: 54 description: 'Specification of the desired behavior of the ThanosRuler 55 cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 56 properties: 57 additionalArgs: 58 description: AdditionalArgs allows setting additional arguments for 59 the ThanosRuler container. It is intended for e.g. activating hidden 60 flags which are not supported by the dedicated configuration options 61 yet. The arguments are passed as-is to the ThanosRuler container 62 which may cause issues if they are invalid or not supported by the 63 given ThanosRuler version. In case of an argument conflict (e.g. 64 an argument which is already set by the operator itself) or when 65 providing an invalid argument the reconciliation will fail and an 66 error will be logged. 67 items: 68 description: Argument as part of the AdditionalArgs list. 69 properties: 70 name: 71 description: Name of the argument, e.g. "scrape.discovery-reload-interval". 72 minLength: 1 73 type: string 74 value: 75 description: Argument value, e.g. 30s. Can be empty for name-only 76 arguments (e.g. --storage.tsdb.no-lockfile) 77 type: string 78 required: 79 - name 80 type: object 81 type: array 82 affinity: 83 description: If specified, the pod's scheduling constraints. 84 properties: 85 nodeAffinity: 86 description: Describes node affinity scheduling rules for the 87 pod. 88 properties: 89 preferredDuringSchedulingIgnoredDuringExecution: 90 description: The scheduler will prefer to schedule pods to 91 nodes that satisfy the affinity expressions specified by 92 this field, but it may choose a node that violates one or 93 more of the expressions. The node that is most preferred 94 is the one with the greatest sum of weights, i.e. for each 95 node that meets all of the scheduling requirements (resource 96 request, requiredDuringScheduling affinity expressions, 97 etc.), compute a sum by iterating through the elements of 98 this field and adding "weight" to the sum if the node matches 99 the corresponding matchExpressions; the node(s) with the 100 highest sum are the most preferred. 101 items: 102 description: An empty preferred scheduling term matches 103 all objects with implicit weight 0 (i.e. it's a no-op). 104 A null preferred scheduling term matches no objects (i.e. 105 is also a no-op). 106 properties: 107 preference: 108 description: A node selector term, associated with the 109 corresponding weight. 110 properties: 111 matchExpressions: 112 description: A list of node selector requirements 113 by node's labels. 114 items: 115 description: A node selector requirement is a 116 selector that contains values, a key, and an 117 operator that relates the key and values. 118 properties: 119 key: 120 description: The label key that the selector 121 applies to. 122 type: string 123 operator: 124 description: Represents a key's relationship 125 to a set of values. Valid operators are 126 In, NotIn, Exists, DoesNotExist. Gt, and 127 Lt. 128 type: string 129 values: 130 description: An array of string values. If 131 the operator is In or NotIn, the values 132 array must be non-empty. If the operator 133 is Exists or DoesNotExist, the values array 134 must be empty. If the operator is Gt or 135 Lt, the values array must have a single 136 element, which will be interpreted as an 137 integer. This array is replaced during a 138 strategic merge patch. 139 items: 140 type: string 141 type: array 142 required: 143 - key 144 - operator 145 type: object 146 type: array 147 matchFields: 148 description: A list of node selector requirements 149 by node's fields. 150 items: 151 description: A node selector requirement is a 152 selector that contains values, a key, and an 153 operator that relates the key and values. 154 properties: 155 key: 156 description: The label key that the selector 157 applies to. 158 type: string 159 operator: 160 description: Represents a key's relationship 161 to a set of values. Valid operators are 162 In, NotIn, Exists, DoesNotExist. Gt, and 163 Lt. 164 type: string 165 values: 166 description: An array of string values. If 167 the operator is In or NotIn, the values 168 array must be non-empty. If the operator 169 is Exists or DoesNotExist, the values array 170 must be empty. If the operator is Gt or 171 Lt, the values array must have a single 172 element, which will be interpreted as an 173 integer. This array is replaced during a 174 strategic merge patch. 175 items: 176 type: string 177 type: array 178 required: 179 - key 180 - operator 181 type: object 182 type: array 183 type: object 184 x-kubernetes-map-type: atomic 185 weight: 186 description: Weight associated with matching the corresponding 187 nodeSelectorTerm, in the range 1-100. 188 format: int32 189 type: integer 190 required: 191 - preference 192 - weight 193 type: object 194 type: array 195 requiredDuringSchedulingIgnoredDuringExecution: 196 description: If the affinity requirements specified by this 197 field are not met at scheduling time, the pod will not be 198 scheduled onto the node. If the affinity requirements specified 199 by this field cease to be met at some point during pod execution 200 (e.g. due to an update), the system may or may not try to 201 eventually evict the pod from its node. 202 properties: 203 nodeSelectorTerms: 204 description: Required. A list of node selector terms. 205 The terms are ORed. 206 items: 207 description: A null or empty node selector term matches 208 no objects. The requirements of them are ANDed. The 209 TopologySelectorTerm type implements a subset of the 210 NodeSelectorTerm. 211 properties: 212 matchExpressions: 213 description: A list of node selector requirements 214 by node's labels. 215 items: 216 description: A node selector requirement is a 217 selector that contains values, a key, and an 218 operator that relates the key and values. 219 properties: 220 key: 221 description: The label key that the selector 222 applies to. 223 type: string 224 operator: 225 description: Represents a key's relationship 226 to a set of values. Valid operators are 227 In, NotIn, Exists, DoesNotExist. Gt, and 228 Lt. 229 type: string 230 values: 231 description: An array of string values. If 232 the operator is In or NotIn, the values 233 array must be non-empty. If the operator 234 is Exists or DoesNotExist, the values array 235 must be empty. If the operator is Gt or 236 Lt, the values array must have a single 237 element, which will be interpreted as an 238 integer. This array is replaced during a 239 strategic merge patch. 240 items: 241 type: string 242 type: array 243 required: 244 - key 245 - operator 246 type: object 247 type: array 248 matchFields: 249 description: A list of node selector requirements 250 by node's fields. 251 items: 252 description: A node selector requirement is a 253 selector that contains values, a key, and an 254 operator that relates the key and values. 255 properties: 256 key: 257 description: The label key that the selector 258 applies to. 259 type: string 260 operator: 261 description: Represents a key's relationship 262 to a set of values. Valid operators are 263 In, NotIn, Exists, DoesNotExist. Gt, and 264 Lt. 265 type: string 266 values: 267 description: An array of string values. If 268 the operator is In or NotIn, the values 269 array must be non-empty. If the operator 270 is Exists or DoesNotExist, the values array 271 must be empty. If the operator is Gt or 272 Lt, the values array must have a single 273 element, which will be interpreted as an 274 integer. This array is replaced during a 275 strategic merge patch. 276 items: 277 type: string 278 type: array 279 required: 280 - key 281 - operator 282 type: object 283 type: array 284 type: object 285 x-kubernetes-map-type: atomic 286 type: array 287 required: 288 - nodeSelectorTerms 289 type: object 290 x-kubernetes-map-type: atomic 291 type: object 292 podAffinity: 293 description: Describes pod affinity scheduling rules (e.g. co-locate 294 this pod in the same node, zone, etc. as some other pod(s)). 295 properties: 296 preferredDuringSchedulingIgnoredDuringExecution: 297 description: The scheduler will prefer to schedule pods to 298 nodes that satisfy the affinity expressions specified by 299 this field, but it may choose a node that violates one or 300 more of the expressions. The node that is most preferred 301 is the one with the greatest sum of weights, i.e. for each 302 node that meets all of the scheduling requirements (resource 303 request, requiredDuringScheduling affinity expressions, 304 etc.), compute a sum by iterating through the elements of 305 this field and adding "weight" to the sum if the node has 306 pods which matches the corresponding podAffinityTerm; the 307 node(s) with the highest sum are the most preferred. 308 items: 309 description: The weights of all of the matched WeightedPodAffinityTerm 310 fields are added per-node to find the most preferred node(s) 311 properties: 312 podAffinityTerm: 313 description: Required. A pod affinity term, associated 314 with the corresponding weight. 315 properties: 316 labelSelector: 317 description: A label query over a set of resources, 318 in this case pods. 319 properties: 320 matchExpressions: 321 description: matchExpressions is a list of label 322 selector requirements. The requirements are 323 ANDed. 324 items: 325 description: A label selector requirement 326 is a selector that contains values, a key, 327 and an operator that relates the key and 328 values. 329 properties: 330 key: 331 description: key is the label key that 332 the selector applies to. 333 type: string 334 operator: 335 description: operator represents a key's 336 relationship to a set of values. Valid 337 operators are In, NotIn, Exists and 338 DoesNotExist. 339 type: string 340 values: 341 description: values is an array of string 342 values. If the operator is In or NotIn, 343 the values array must be non-empty. 344 If the operator is Exists or DoesNotExist, 345 the values array must be empty. This 346 array is replaced during a strategic 347 merge patch. 348 items: 349 type: string 350 type: array 351 required: 352 - key 353 - operator 354 type: object 355 type: array 356 matchLabels: 357 additionalProperties: 358 type: string 359 description: matchLabels is a map of {key,value} 360 pairs. A single {key,value} in the matchLabels 361 map is equivalent to an element of matchExpressions, 362 whose key field is "key", the operator is 363 "In", and the values array contains only "value". 364 The requirements are ANDed. 365 type: object 366 type: object 367 x-kubernetes-map-type: atomic 368 namespaceSelector: 369 description: A label query over the set of namespaces 370 that the term applies to. The term is applied 371 to the union of the namespaces selected by this 372 field and the ones listed in the namespaces field. 373 null selector and null or empty namespaces list 374 means "this pod's namespace". An empty selector 375 ({}) matches all namespaces. 376 properties: 377 matchExpressions: 378 description: matchExpressions is a list of label 379 selector requirements. The requirements are 380 ANDed. 381 items: 382 description: A label selector requirement 383 is a selector that contains values, a key, 384 and an operator that relates the key and 385 values. 386 properties: 387 key: 388 description: key is the label key that 389 the selector applies to. 390 type: string 391 operator: 392 description: operator represents a key's 393 relationship to a set of values. Valid 394 operators are In, NotIn, Exists and 395 DoesNotExist. 396 type: string 397 values: 398 description: values is an array of string 399 values. If the operator is In or NotIn, 400 the values array must be non-empty. 401 If the operator is Exists or DoesNotExist, 402 the values array must be empty. This 403 array is replaced during a strategic 404 merge patch. 405 items: 406 type: string 407 type: array 408 required: 409 - key 410 - operator 411 type: object 412 type: array 413 matchLabels: 414 additionalProperties: 415 type: string 416 description: matchLabels is a map of {key,value} 417 pairs. A single {key,value} in the matchLabels 418 map is equivalent to an element of matchExpressions, 419 whose key field is "key", the operator is 420 "In", and the values array contains only "value". 421 The requirements are ANDed. 422 type: object 423 type: object 424 x-kubernetes-map-type: atomic 425 namespaces: 426 description: namespaces specifies a static list 427 of namespace names that the term applies to. The 428 term is applied to the union of the namespaces 429 listed in this field and the ones selected by 430 namespaceSelector. null or empty namespaces list 431 and null namespaceSelector means "this pod's namespace". 432 items: 433 type: string 434 type: array 435 topologyKey: 436 description: This pod should be co-located (affinity) 437 or not co-located (anti-affinity) with the pods 438 matching the labelSelector in the specified namespaces, 439 where co-located is defined as running on a node 440 whose value of the label with key topologyKey 441 matches that of any node on which any of the selected 442 pods is running. Empty topologyKey is not allowed. 443 type: string 444 required: 445 - topologyKey 446 type: object 447 weight: 448 description: weight associated with matching the corresponding 449 podAffinityTerm, in the range 1-100. 450 format: int32 451 type: integer 452 required: 453 - podAffinityTerm 454 - weight 455 type: object 456 type: array 457 requiredDuringSchedulingIgnoredDuringExecution: 458 description: If the affinity requirements specified by this 459 field are not met at scheduling time, the pod will not be 460 scheduled onto the node. If the affinity requirements specified 461 by this field cease to be met at some point during pod execution 462 (e.g. due to a pod label update), the system may or may 463 not try to eventually evict the pod from its node. When 464 there are multiple elements, the lists of nodes corresponding 465 to each podAffinityTerm are intersected, i.e. all terms 466 must be satisfied. 467 items: 468 description: Defines a set of pods (namely those matching 469 the labelSelector relative to the given namespace(s)) 470 that this pod should be co-located (affinity) or not co-located 471 (anti-affinity) with, where co-located is defined as running 472 on a node whose value of the label with key <topologyKey> 473 matches that of any node on which a pod of the set of 474 pods is running 475 properties: 476 labelSelector: 477 description: A label query over a set of resources, 478 in this case pods. 479 properties: 480 matchExpressions: 481 description: matchExpressions is a list of label 482 selector requirements. The requirements are ANDed. 483 items: 484 description: A label selector requirement is a 485 selector that contains values, a key, and an 486 operator that relates the key and values. 487 properties: 488 key: 489 description: key is the label key that the 490 selector applies to. 491 type: string 492 operator: 493 description: operator represents a key's relationship 494 to a set of values. Valid operators are 495 In, NotIn, Exists and DoesNotExist. 496 type: string 497 values: 498 description: values is an array of string 499 values. If the operator is In or NotIn, 500 the values array must be non-empty. If the 501 operator is Exists or DoesNotExist, the 502 values array must be empty. This array is 503 replaced during a strategic merge patch. 504 items: 505 type: string 506 type: array 507 required: 508 - key 509 - operator 510 type: object 511 type: array 512 matchLabels: 513 additionalProperties: 514 type: string 515 description: matchLabels is a map of {key,value} 516 pairs. A single {key,value} in the matchLabels 517 map is equivalent to an element of matchExpressions, 518 whose key field is "key", the operator is "In", 519 and the values array contains only "value". The 520 requirements are ANDed. 521 type: object 522 type: object 523 x-kubernetes-map-type: atomic 524 namespaceSelector: 525 description: A label query over the set of namespaces 526 that the term applies to. The term is applied to the 527 union of the namespaces selected by this field and 528 the ones listed in the namespaces field. null selector 529 and null or empty namespaces list means "this pod's 530 namespace". An empty selector ({}) matches all namespaces. 531 properties: 532 matchExpressions: 533 description: matchExpressions is a list of label 534 selector requirements. The requirements are ANDed. 535 items: 536 description: A label selector requirement is a 537 selector that contains values, a key, and an 538 operator that relates the key and values. 539 properties: 540 key: 541 description: key is the label key that the 542 selector applies to. 543 type: string 544 operator: 545 description: operator represents a key's relationship 546 to a set of values. Valid operators are 547 In, NotIn, Exists and DoesNotExist. 548 type: string 549 values: 550 description: values is an array of string 551 values. If the operator is In or NotIn, 552 the values array must be non-empty. If the 553 operator is Exists or DoesNotExist, the 554 values array must be empty. This array is 555 replaced during a strategic merge patch. 556 items: 557 type: string 558 type: array 559 required: 560 - key 561 - operator 562 type: object 563 type: array 564 matchLabels: 565 additionalProperties: 566 type: string 567 description: matchLabels is a map of {key,value} 568 pairs. A single {key,value} in the matchLabels 569 map is equivalent to an element of matchExpressions, 570 whose key field is "key", the operator is "In", 571 and the values array contains only "value". The 572 requirements are ANDed. 573 type: object 574 type: object 575 x-kubernetes-map-type: atomic 576 namespaces: 577 description: namespaces specifies a static list of namespace 578 names that the term applies to. The term is applied 579 to the union of the namespaces listed in this field 580 and the ones selected by namespaceSelector. null or 581 empty namespaces list and null namespaceSelector means 582 "this pod's namespace". 583 items: 584 type: string 585 type: array 586 topologyKey: 587 description: This pod should be co-located (affinity) 588 or not co-located (anti-affinity) with the pods matching 589 the labelSelector in the specified namespaces, where 590 co-located is defined as running on a node whose value 591 of the label with key topologyKey matches that of 592 any node on which any of the selected pods is running. 593 Empty topologyKey is not allowed. 594 type: string 595 required: 596 - topologyKey 597 type: object 598 type: array 599 type: object 600 podAntiAffinity: 601 description: Describes pod anti-affinity scheduling rules (e.g. 602 avoid putting this pod in the same node, zone, etc. as some 603 other pod(s)). 604 properties: 605 preferredDuringSchedulingIgnoredDuringExecution: 606 description: The scheduler will prefer to schedule pods to 607 nodes that satisfy the anti-affinity expressions specified 608 by this field, but it may choose a node that violates one 609 or more of the expressions. The node that is most preferred 610 is the one with the greatest sum of weights, i.e. for each 611 node that meets all of the scheduling requirements (resource 612 request, requiredDuringScheduling anti-affinity expressions, 613 etc.), compute a sum by iterating through the elements of 614 this field and adding "weight" to the sum if the node has 615 pods which matches the corresponding podAffinityTerm; the 616 node(s) with the highest sum are the most preferred. 617 items: 618 description: The weights of all of the matched WeightedPodAffinityTerm 619 fields are added per-node to find the most preferred node(s) 620 properties: 621 podAffinityTerm: 622 description: Required. A pod affinity term, associated 623 with the corresponding weight. 624 properties: 625 labelSelector: 626 description: A label query over a set of resources, 627 in this case pods. 628 properties: 629 matchExpressions: 630 description: matchExpressions is a list of label 631 selector requirements. The requirements are 632 ANDed. 633 items: 634 description: A label selector requirement 635 is a selector that contains values, a key, 636 and an operator that relates the key and 637 values. 638 properties: 639 key: 640 description: key is the label key that 641 the selector applies to. 642 type: string 643 operator: 644 description: operator represents a key's 645 relationship to a set of values. Valid 646 operators are In, NotIn, Exists and 647 DoesNotExist. 648 type: string 649 values: 650 description: values is an array of string 651 values. If the operator is In or NotIn, 652 the values array must be non-empty. 653 If the operator is Exists or DoesNotExist, 654 the values array must be empty. This 655 array is replaced during a strategic 656 merge patch. 657 items: 658 type: string 659 type: array 660 required: 661 - key 662 - operator 663 type: object 664 type: array 665 matchLabels: 666 additionalProperties: 667 type: string 668 description: matchLabels is a map of {key,value} 669 pairs. A single {key,value} in the matchLabels 670 map is equivalent to an element of matchExpressions, 671 whose key field is "key", the operator is 672 "In", and the values array contains only "value". 673 The requirements are ANDed. 674 type: object 675 type: object 676 x-kubernetes-map-type: atomic 677 namespaceSelector: 678 description: A label query over the set of namespaces 679 that the term applies to. The term is applied 680 to the union of the namespaces selected by this 681 field and the ones listed in the namespaces field. 682 null selector and null or empty namespaces list 683 means "this pod's namespace". An empty selector 684 ({}) matches all namespaces. 685 properties: 686 matchExpressions: 687 description: matchExpressions is a list of label 688 selector requirements. The requirements are 689 ANDed. 690 items: 691 description: A label selector requirement 692 is a selector that contains values, a key, 693 and an operator that relates the key and 694 values. 695 properties: 696 key: 697 description: key is the label key that 698 the selector applies to. 699 type: string 700 operator: 701 description: operator represents a key's 702 relationship to a set of values. Valid 703 operators are In, NotIn, Exists and 704 DoesNotExist. 705 type: string 706 values: 707 description: values is an array of string 708 values. If the operator is In or NotIn, 709 the values array must be non-empty. 710 If the operator is Exists or DoesNotExist, 711 the values array must be empty. This 712 array is replaced during a strategic 713 merge patch. 714 items: 715 type: string 716 type: array 717 required: 718 - key 719 - operator 720 type: object 721 type: array 722 matchLabels: 723 additionalProperties: 724 type: string 725 description: matchLabels is a map of {key,value} 726 pairs. A single {key,value} in the matchLabels 727 map is equivalent to an element of matchExpressions, 728 whose key field is "key", the operator is 729 "In", and the values array contains only "value". 730 The requirements are ANDed. 731 type: object 732 type: object 733 x-kubernetes-map-type: atomic 734 namespaces: 735 description: namespaces specifies a static list 736 of namespace names that the term applies to. The 737 term is applied to the union of the namespaces 738 listed in this field and the ones selected by 739 namespaceSelector. null or empty namespaces list 740 and null namespaceSelector means "this pod's namespace". 741 items: 742 type: string 743 type: array 744 topologyKey: 745 description: This pod should be co-located (affinity) 746 or not co-located (anti-affinity) with the pods 747 matching the labelSelector in the specified namespaces, 748 where co-located is defined as running on a node 749 whose value of the label with key topologyKey 750 matches that of any node on which any of the selected 751 pods is running. Empty topologyKey is not allowed. 752 type: string 753 required: 754 - topologyKey 755 type: object 756 weight: 757 description: weight associated with matching the corresponding 758 podAffinityTerm, in the range 1-100. 759 format: int32 760 type: integer 761 required: 762 - podAffinityTerm 763 - weight 764 type: object 765 type: array 766 requiredDuringSchedulingIgnoredDuringExecution: 767 description: If the anti-affinity requirements specified by 768 this field are not met at scheduling time, the pod will 769 not be scheduled onto the node. If the anti-affinity requirements 770 specified by this field cease to be met at some point during 771 pod execution (e.g. due to a pod label update), the system 772 may or may not try to eventually evict the pod from its 773 node. When there are multiple elements, the lists of nodes 774 corresponding to each podAffinityTerm are intersected, i.e. 775 all terms must be satisfied. 776 items: 777 description: Defines a set of pods (namely those matching 778 the labelSelector relative to the given namespace(s)) 779 that this pod should be co-located (affinity) or not co-located 780 (anti-affinity) with, where co-located is defined as running 781 on a node whose value of the label with key <topologyKey> 782 matches that of any node on which a pod of the set of 783 pods is running 784 properties: 785 labelSelector: 786 description: A label query over a set of resources, 787 in this case pods. 788 properties: 789 matchExpressions: 790 description: matchExpressions is a list of label 791 selector requirements. The requirements are ANDed. 792 items: 793 description: A label selector requirement is a 794 selector that contains values, a key, and an 795 operator that relates the key and values. 796 properties: 797 key: 798 description: key is the label key that the 799 selector applies to. 800 type: string 801 operator: 802 description: operator represents a key's relationship 803 to a set of values. Valid operators are 804 In, NotIn, Exists and DoesNotExist. 805 type: string 806 values: 807 description: values is an array of string 808 values. If the operator is In or NotIn, 809 the values array must be non-empty. If the 810 operator is Exists or DoesNotExist, the 811 values array must be empty. This array is 812 replaced during a strategic merge patch. 813 items: 814 type: string 815 type: array 816 required: 817 - key 818 - operator 819 type: object 820 type: array 821 matchLabels: 822 additionalProperties: 823 type: string 824 description: matchLabels is a map of {key,value} 825 pairs. A single {key,value} in the matchLabels 826 map is equivalent to an element of matchExpressions, 827 whose key field is "key", the operator is "In", 828 and the values array contains only "value". The 829 requirements are ANDed. 830 type: object 831 type: object 832 x-kubernetes-map-type: atomic 833 namespaceSelector: 834 description: A label query over the set of namespaces 835 that the term applies to. The term is applied to the 836 union of the namespaces selected by this field and 837 the ones listed in the namespaces field. null selector 838 and null or empty namespaces list means "this pod's 839 namespace". An empty selector ({}) matches all namespaces. 840 properties: 841 matchExpressions: 842 description: matchExpressions is a list of label 843 selector requirements. The requirements are ANDed. 844 items: 845 description: A label selector requirement is a 846 selector that contains values, a key, and an 847 operator that relates the key and values. 848 properties: 849 key: 850 description: key is the label key that the 851 selector applies to. 852 type: string 853 operator: 854 description: operator represents a key's relationship 855 to a set of values. Valid operators are 856 In, NotIn, Exists and DoesNotExist. 857 type: string 858 values: 859 description: values is an array of string 860 values. If the operator is In or NotIn, 861 the values array must be non-empty. If the 862 operator is Exists or DoesNotExist, the 863 values array must be empty. This array is 864 replaced during a strategic merge patch. 865 items: 866 type: string 867 type: array 868 required: 869 - key 870 - operator 871 type: object 872 type: array 873 matchLabels: 874 additionalProperties: 875 type: string 876 description: matchLabels is a map of {key,value} 877 pairs. A single {key,value} in the matchLabels 878 map is equivalent to an element of matchExpressions, 879 whose key field is "key", the operator is "In", 880 and the values array contains only "value". The 881 requirements are ANDed. 882 type: object 883 type: object 884 x-kubernetes-map-type: atomic 885 namespaces: 886 description: namespaces specifies a static list of namespace 887 names that the term applies to. The term is applied 888 to the union of the namespaces listed in this field 889 and the ones selected by namespaceSelector. null or 890 empty namespaces list and null namespaceSelector means 891 "this pod's namespace". 892 items: 893 type: string 894 type: array 895 topologyKey: 896 description: This pod should be co-located (affinity) 897 or not co-located (anti-affinity) with the pods matching 898 the labelSelector in the specified namespaces, where 899 co-located is defined as running on a node whose value 900 of the label with key topologyKey matches that of 901 any node on which any of the selected pods is running. 902 Empty topologyKey is not allowed. 903 type: string 904 required: 905 - topologyKey 906 type: object 907 type: array 908 type: object 909 type: object 910 alertDropLabels: 911 description: AlertDropLabels configure the label names which should 912 be dropped in ThanosRuler alerts. The replica label `thanos_ruler_replica` 913 will always be dropped in alerts. 914 items: 915 type: string 916 type: array 917 alertQueryUrl: 918 description: The external Query URL the Thanos Ruler will set in the 919 'Source' field of all alerts. Maps to the '--alert.query-url' CLI 920 arg. 921 type: string 922 alertRelabelConfigFile: 923 description: AlertRelabelConfigFile specifies the path of the alert 924 relabeling configuration file. When used alongside with AlertRelabelConfigs, 925 alertRelabelConfigFile takes precedence. 926 type: string 927 alertRelabelConfigs: 928 description: 'AlertRelabelConfigs configures alert relabeling in ThanosRuler. 929 Alert relabel configurations must have the form as specified in 930 the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs 931 Alternative to AlertRelabelConfigFile, and lower order priority.' 932 properties: 933 key: 934 description: The key of the secret to select from. Must be a 935 valid secret key. 936 type: string 937 name: 938 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 939 TODO: Add other useful fields. apiVersion, kind, uid?' 940 type: string 941 optional: 942 description: Specify whether the Secret or its key must be defined 943 type: boolean 944 required: 945 - key 946 type: object 947 x-kubernetes-map-type: atomic 948 alertmanagersConfig: 949 description: Define configuration for connecting to alertmanager. Only 950 available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` 951 arg. 952 properties: 953 key: 954 description: The key of the secret to select from. Must be a 955 valid secret key. 956 type: string 957 name: 958 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 959 TODO: Add other useful fields. apiVersion, kind, uid?' 960 type: string 961 optional: 962 description: Specify whether the Secret or its key must be defined 963 type: boolean 964 required: 965 - key 966 type: object 967 x-kubernetes-map-type: atomic 968 alertmanagersUrl: 969 description: 'Define URLs to send alerts to Alertmanager. For Thanos 970 v0.10.0 and higher, AlertManagersConfig should be used instead. Note: 971 this field will be ignored if AlertManagersConfig is specified. 972 Maps to the `alertmanagers.url` arg.' 973 items: 974 type: string 975 type: array 976 containers: 977 description: 'Containers allows injecting additional containers or 978 modifying operator generated containers. This can be used to allow 979 adding an authentication proxy to a ThanosRuler pod or to change 980 the behavior of an operator generated container. Containers described 981 here modify an operator generated container if they share the same 982 name and modifications are done via a strategic merge patch. The 983 current container names are: `thanos-ruler` and `config-reloader`. 984 Overriding containers is entirely outside the scope of what the 985 maintainers will support and by doing so, you accept that this behaviour 986 may break at any time without notice.' 987 items: 988 description: A single application container that you want to run 989 within a pod. 990 properties: 991 args: 992 description: 'Arguments to the entrypoint. The container image''s 993 CMD is used if this is not provided. Variable references $(VAR_NAME) 994 are expanded using the container''s environment. If a variable 995 cannot be resolved, the reference in the input string will 996 be unchanged. Double $$ are reduced to a single $, which allows 997 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 998 produce the string literal "$(VAR_NAME)". Escaped references 999 will never be expanded, regardless of whether the variable 1000 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1001 items: 1002 type: string 1003 type: array 1004 command: 1005 description: 'Entrypoint array. Not executed within a shell. 1006 The container image''s ENTRYPOINT is used if this is not provided. 1007 Variable references $(VAR_NAME) are expanded using the container''s 1008 environment. If a variable cannot be resolved, the reference 1009 in the input string will be unchanged. Double $$ are reduced 1010 to a single $, which allows for escaping the $(VAR_NAME) syntax: 1011 i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1012 Escaped references will never be expanded, regardless of whether 1013 the variable exists or not. Cannot be updated. More info: 1014 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1015 items: 1016 type: string 1017 type: array 1018 env: 1019 description: List of environment variables to set in the container. 1020 Cannot be updated. 1021 items: 1022 description: EnvVar represents an environment variable present 1023 in a Container. 1024 properties: 1025 name: 1026 description: Name of the environment variable. Must be 1027 a C_IDENTIFIER. 1028 type: string 1029 value: 1030 description: 'Variable references $(VAR_NAME) are expanded 1031 using the previously defined environment variables in 1032 the container and any service environment variables. 1033 If a variable cannot be resolved, the reference in the 1034 input string will be unchanged. Double $$ are reduced 1035 to a single $, which allows for escaping the $(VAR_NAME) 1036 syntax: i.e. "$$(VAR_NAME)" will produce the string 1037 literal "$(VAR_NAME)". Escaped references will never 1038 be expanded, regardless of whether the variable exists 1039 or not. Defaults to "".' 1040 type: string 1041 valueFrom: 1042 description: Source for the environment variable's value. 1043 Cannot be used if value is not empty. 1044 properties: 1045 configMapKeyRef: 1046 description: Selects a key of a ConfigMap. 1047 properties: 1048 key: 1049 description: The key to select. 1050 type: string 1051 name: 1052 description: 'Name of the referent. More info: 1053 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1054 TODO: Add other useful fields. apiVersion, kind, 1055 uid?' 1056 type: string 1057 optional: 1058 description: Specify whether the ConfigMap or 1059 its key must be defined 1060 type: boolean 1061 required: 1062 - key 1063 type: object 1064 x-kubernetes-map-type: atomic 1065 fieldRef: 1066 description: 'Selects a field of the pod: supports 1067 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 1068 `metadata.annotations[''<KEY>'']`, spec.nodeName, 1069 spec.serviceAccountName, status.hostIP, status.podIP, 1070 status.podIPs.' 1071 properties: 1072 apiVersion: 1073 description: Version of the schema the FieldPath 1074 is written in terms of, defaults to "v1". 1075 type: string 1076 fieldPath: 1077 description: Path of the field to select in the 1078 specified API version. 1079 type: string 1080 required: 1081 - fieldPath 1082 type: object 1083 x-kubernetes-map-type: atomic 1084 resourceFieldRef: 1085 description: 'Selects a resource of the container: 1086 only resources limits and requests (limits.cpu, 1087 limits.memory, limits.ephemeral-storage, requests.cpu, 1088 requests.memory and requests.ephemeral-storage) 1089 are currently supported.' 1090 properties: 1091 containerName: 1092 description: 'Container name: required for volumes, 1093 optional for env vars' 1094 type: string 1095 divisor: 1096 anyOf: 1097 - type: integer 1098 - type: string 1099 description: Specifies the output format of the 1100 exposed resources, defaults to "1" 1101 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1102 x-kubernetes-int-or-string: true 1103 resource: 1104 description: 'Required: resource to select' 1105 type: string 1106 required: 1107 - resource 1108 type: object 1109 x-kubernetes-map-type: atomic 1110 secretKeyRef: 1111 description: Selects a key of a secret in the pod's 1112 namespace 1113 properties: 1114 key: 1115 description: The key of the secret to select from. Must 1116 be a valid secret key. 1117 type: string 1118 name: 1119 description: 'Name of the referent. More info: 1120 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1121 TODO: Add other useful fields. apiVersion, kind, 1122 uid?' 1123 type: string 1124 optional: 1125 description: Specify whether the Secret or its 1126 key must be defined 1127 type: boolean 1128 required: 1129 - key 1130 type: object 1131 x-kubernetes-map-type: atomic 1132 type: object 1133 required: 1134 - name 1135 type: object 1136 type: array 1137 envFrom: 1138 description: List of sources to populate environment variables 1139 in the container. The keys defined within a source must be 1140 a C_IDENTIFIER. All invalid keys will be reported as an event 1141 when the container is starting. When a key exists in multiple 1142 sources, the value associated with the last source will take 1143 precedence. Values defined by an Env with a duplicate key 1144 will take precedence. Cannot be updated. 1145 items: 1146 description: EnvFromSource represents the source of a set 1147 of ConfigMaps 1148 properties: 1149 configMapRef: 1150 description: The ConfigMap to select from 1151 properties: 1152 name: 1153 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1154 TODO: Add other useful fields. apiVersion, kind, 1155 uid?' 1156 type: string 1157 optional: 1158 description: Specify whether the ConfigMap must be 1159 defined 1160 type: boolean 1161 type: object 1162 x-kubernetes-map-type: atomic 1163 prefix: 1164 description: An optional identifier to prepend to each 1165 key in the ConfigMap. Must be a C_IDENTIFIER. 1166 type: string 1167 secretRef: 1168 description: The Secret to select from 1169 properties: 1170 name: 1171 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1172 TODO: Add other useful fields. apiVersion, kind, 1173 uid?' 1174 type: string 1175 optional: 1176 description: Specify whether the Secret must be defined 1177 type: boolean 1178 type: object 1179 x-kubernetes-map-type: atomic 1180 type: object 1181 type: array 1182 image: 1183 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 1184 This field is optional to allow higher level config management 1185 to default or override container images in workload controllers 1186 like Deployments and StatefulSets.' 1187 type: string 1188 imagePullPolicy: 1189 description: 'Image pull policy. One of Always, Never, IfNotPresent. 1190 Defaults to Always if :latest tag is specified, or IfNotPresent 1191 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1192 type: string 1193 lifecycle: 1194 description: Actions that the management system should take 1195 in response to container lifecycle events. Cannot be updated. 1196 properties: 1197 postStart: 1198 description: 'PostStart is called immediately after a container 1199 is created. If the handler fails, the container is terminated 1200 and restarted according to its restart policy. Other management 1201 of the container blocks until the hook completes. More 1202 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1203 properties: 1204 exec: 1205 description: Exec specifies the action to take. 1206 properties: 1207 command: 1208 description: Command is the command line to execute 1209 inside the container, the working directory for 1210 the command is root ('/') in the container's 1211 filesystem. The command is simply exec'd, it is 1212 not run inside a shell, so traditional shell instructions 1213 ('|', etc) won't work. To use a shell, you need 1214 to explicitly call out to that shell. Exit status 1215 of 0 is treated as live/healthy and non-zero is 1216 unhealthy. 1217 items: 1218 type: string 1219 type: array 1220 type: object 1221 httpGet: 1222 description: HTTPGet specifies the http request to perform. 1223 properties: 1224 host: 1225 description: Host name to connect to, defaults to 1226 the pod IP. You probably want to set "Host" in 1227 httpHeaders instead. 1228 type: string 1229 httpHeaders: 1230 description: Custom headers to set in the request. 1231 HTTP allows repeated headers. 1232 items: 1233 description: HTTPHeader describes a custom header 1234 to be used in HTTP probes 1235 properties: 1236 name: 1237 description: The header field name 1238 type: string 1239 value: 1240 description: The header field value 1241 type: string 1242 required: 1243 - name 1244 - value 1245 type: object 1246 type: array 1247 path: 1248 description: Path to access on the HTTP server. 1249 type: string 1250 port: 1251 anyOf: 1252 - type: integer 1253 - type: string 1254 description: Name or number of the port to access 1255 on the container. Number must be in the range 1256 1 to 65535. Name must be an IANA_SVC_NAME. 1257 x-kubernetes-int-or-string: true 1258 scheme: 1259 description: Scheme to use for connecting to the 1260 host. Defaults to HTTP. 1261 type: string 1262 required: 1263 - port 1264 type: object 1265 tcpSocket: 1266 description: Deprecated. TCPSocket is NOT supported 1267 as a LifecycleHandler and kept for the backward compatibility. 1268 There are no validation of this field and lifecycle 1269 hooks will fail in runtime when tcp handler is specified. 1270 properties: 1271 host: 1272 description: 'Optional: Host name to connect to, 1273 defaults to the pod IP.' 1274 type: string 1275 port: 1276 anyOf: 1277 - type: integer 1278 - type: string 1279 description: Number or name of the port to access 1280 on the container. Number must be in the range 1281 1 to 65535. Name must be an IANA_SVC_NAME. 1282 x-kubernetes-int-or-string: true 1283 required: 1284 - port 1285 type: object 1286 type: object 1287 preStop: 1288 description: 'PreStop is called immediately before a container 1289 is terminated due to an API request or management event 1290 such as liveness/startup probe failure, preemption, resource 1291 contention, etc. The handler is not called if the container 1292 crashes or exits. The Pod''s termination grace period 1293 countdown begins before the PreStop hook is executed. 1294 Regardless of the outcome of the handler, the container 1295 will eventually terminate within the Pod''s termination 1296 grace period (unless delayed by finalizers). Other management 1297 of the container blocks until the hook completes or until 1298 the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1299 properties: 1300 exec: 1301 description: Exec specifies the action to take. 1302 properties: 1303 command: 1304 description: Command is the command line to execute 1305 inside the container, the working directory for 1306 the command is root ('/') in the container's 1307 filesystem. The command is simply exec'd, it is 1308 not run inside a shell, so traditional shell instructions 1309 ('|', etc) won't work. To use a shell, you need 1310 to explicitly call out to that shell. Exit status 1311 of 0 is treated as live/healthy and non-zero is 1312 unhealthy. 1313 items: 1314 type: string 1315 type: array 1316 type: object 1317 httpGet: 1318 description: HTTPGet specifies the http request to perform. 1319 properties: 1320 host: 1321 description: Host name to connect to, defaults to 1322 the pod IP. You probably want to set "Host" in 1323 httpHeaders instead. 1324 type: string 1325 httpHeaders: 1326 description: Custom headers to set in the request. 1327 HTTP allows repeated headers. 1328 items: 1329 description: HTTPHeader describes a custom header 1330 to be used in HTTP probes 1331 properties: 1332 name: 1333 description: The header field name 1334 type: string 1335 value: 1336 description: The header field value 1337 type: string 1338 required: 1339 - name 1340 - value 1341 type: object 1342 type: array 1343 path: 1344 description: Path to access on the HTTP server. 1345 type: string 1346 port: 1347 anyOf: 1348 - type: integer 1349 - type: string 1350 description: Name or number of the port to access 1351 on the container. Number must be in the range 1352 1 to 65535. Name must be an IANA_SVC_NAME. 1353 x-kubernetes-int-or-string: true 1354 scheme: 1355 description: Scheme to use for connecting to the 1356 host. Defaults to HTTP. 1357 type: string 1358 required: 1359 - port 1360 type: object 1361 tcpSocket: 1362 description: Deprecated. TCPSocket is NOT supported 1363 as a LifecycleHandler and kept for the backward compatibility. 1364 There are no validation of this field and lifecycle 1365 hooks will fail in runtime when tcp handler is specified. 1366 properties: 1367 host: 1368 description: 'Optional: Host name to connect to, 1369 defaults to the pod IP.' 1370 type: string 1371 port: 1372 anyOf: 1373 - type: integer 1374 - type: string 1375 description: Number or name of the port to access 1376 on the container. Number must be in the range 1377 1 to 65535. Name must be an IANA_SVC_NAME. 1378 x-kubernetes-int-or-string: true 1379 required: 1380 - port 1381 type: object 1382 type: object 1383 type: object 1384 livenessProbe: 1385 description: 'Periodic probe of container liveness. Container 1386 will be restarted if the probe fails. Cannot be updated. More 1387 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1388 properties: 1389 exec: 1390 description: Exec specifies the action to take. 1391 properties: 1392 command: 1393 description: Command is the command line to execute 1394 inside the container, the working directory for the 1395 command is root ('/') in the container's filesystem. 1396 The command is simply exec'd, it is not run inside 1397 a shell, so traditional shell instructions ('|', etc) 1398 won't work. To use a shell, you need to explicitly 1399 call out to that shell. Exit status of 0 is treated 1400 as live/healthy and non-zero is unhealthy. 1401 items: 1402 type: string 1403 type: array 1404 type: object 1405 failureThreshold: 1406 description: Minimum consecutive failures for the probe 1407 to be considered failed after having succeeded. Defaults 1408 to 3. Minimum value is 1. 1409 format: int32 1410 type: integer 1411 grpc: 1412 description: GRPC specifies an action involving a GRPC port. 1413 This is a beta field and requires enabling GRPCContainerProbe 1414 feature gate. 1415 properties: 1416 port: 1417 description: Port number of the gRPC service. Number 1418 must be in the range 1 to 65535. 1419 format: int32 1420 type: integer 1421 service: 1422 description: "Service is the name of the service to 1423 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1424 \n If this is not specified, the default behavior 1425 is defined by gRPC." 1426 type: string 1427 required: 1428 - port 1429 type: object 1430 httpGet: 1431 description: HTTPGet specifies the http request to perform. 1432 properties: 1433 host: 1434 description: Host name to connect to, defaults to the 1435 pod IP. You probably want to set "Host" in httpHeaders 1436 instead. 1437 type: string 1438 httpHeaders: 1439 description: Custom headers to set in the request. HTTP 1440 allows repeated headers. 1441 items: 1442 description: HTTPHeader describes a custom header 1443 to be used in HTTP probes 1444 properties: 1445 name: 1446 description: The header field name 1447 type: string 1448 value: 1449 description: The header field value 1450 type: string 1451 required: 1452 - name 1453 - value 1454 type: object 1455 type: array 1456 path: 1457 description: Path to access on the HTTP server. 1458 type: string 1459 port: 1460 anyOf: 1461 - type: integer 1462 - type: string 1463 description: Name or number of the port to access on 1464 the container. Number must be in the range 1 to 65535. 1465 Name must be an IANA_SVC_NAME. 1466 x-kubernetes-int-or-string: true 1467 scheme: 1468 description: Scheme to use for connecting to the host. 1469 Defaults to HTTP. 1470 type: string 1471 required: 1472 - port 1473 type: object 1474 initialDelaySeconds: 1475 description: 'Number of seconds after the container has 1476 started before liveness probes are initiated. More info: 1477 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1478 format: int32 1479 type: integer 1480 periodSeconds: 1481 description: How often (in seconds) to perform the probe. 1482 Default to 10 seconds. Minimum value is 1. 1483 format: int32 1484 type: integer 1485 successThreshold: 1486 description: Minimum consecutive successes for the probe 1487 to be considered successful after having failed. Defaults 1488 to 1. Must be 1 for liveness and startup. Minimum value 1489 is 1. 1490 format: int32 1491 type: integer 1492 tcpSocket: 1493 description: TCPSocket specifies an action involving a TCP 1494 port. 1495 properties: 1496 host: 1497 description: 'Optional: Host name to connect to, defaults 1498 to the pod IP.' 1499 type: string 1500 port: 1501 anyOf: 1502 - type: integer 1503 - type: string 1504 description: Number or name of the port to access on 1505 the container. Number must be in the range 1 to 65535. 1506 Name must be an IANA_SVC_NAME. 1507 x-kubernetes-int-or-string: true 1508 required: 1509 - port 1510 type: object 1511 terminationGracePeriodSeconds: 1512 description: Optional duration in seconds the pod needs 1513 to terminate gracefully upon probe failure. The grace 1514 period is the duration in seconds after the processes 1515 running in the pod are sent a termination signal and the 1516 time when the processes are forcibly halted with a kill 1517 signal. Set this value longer than the expected cleanup 1518 time for your process. If this value is nil, the pod's 1519 terminationGracePeriodSeconds will be used. Otherwise, 1520 this value overrides the value provided by the pod spec. 1521 Value must be non-negative integer. The value zero indicates 1522 stop immediately via the kill signal (no opportunity to 1523 shut down). This is a beta field and requires enabling 1524 ProbeTerminationGracePeriod feature gate. Minimum value 1525 is 1. spec.terminationGracePeriodSeconds is used if unset. 1526 format: int64 1527 type: integer 1528 timeoutSeconds: 1529 description: 'Number of seconds after which the probe times 1530 out. Defaults to 1 second. Minimum value is 1. More info: 1531 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1532 format: int32 1533 type: integer 1534 type: object 1535 name: 1536 description: Name of the container specified as a DNS_LABEL. 1537 Each container in a pod must have a unique name (DNS_LABEL). 1538 Cannot be updated. 1539 type: string 1540 ports: 1541 description: List of ports to expose from the container. Not 1542 specifying a port here DOES NOT prevent that port from being 1543 exposed. Any port which is listening on the default "0.0.0.0" 1544 address inside a container will be accessible from the network. 1545 Modifying this array with strategic merge patch may corrupt 1546 the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. 1547 Cannot be updated. 1548 items: 1549 description: ContainerPort represents a network port in a 1550 single container. 1551 properties: 1552 containerPort: 1553 description: Number of port to expose on the pod's IP 1554 address. This must be a valid port number, 0 < x < 65536. 1555 format: int32 1556 type: integer 1557 hostIP: 1558 description: What host IP to bind the external port to. 1559 type: string 1560 hostPort: 1561 description: Number of port to expose on the host. If 1562 specified, this must be a valid port number, 0 < x < 1563 65536. If HostNetwork is specified, this must match 1564 ContainerPort. Most containers do not need this. 1565 format: int32 1566 type: integer 1567 name: 1568 description: If specified, this must be an IANA_SVC_NAME 1569 and unique within the pod. Each named port in a pod 1570 must have a unique name. Name for the port that can 1571 be referred to by services. 1572 type: string 1573 protocol: 1574 default: TCP 1575 description: Protocol for port. Must be UDP, TCP, or SCTP. 1576 Defaults to "TCP". 1577 type: string 1578 required: 1579 - containerPort 1580 type: object 1581 type: array 1582 x-kubernetes-list-map-keys: 1583 - containerPort 1584 - protocol 1585 x-kubernetes-list-type: map 1586 readinessProbe: 1587 description: 'Periodic probe of container service readiness. 1588 Container will be removed from service endpoints if the probe 1589 fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1590 properties: 1591 exec: 1592 description: Exec specifies the action to take. 1593 properties: 1594 command: 1595 description: Command is the command line to execute 1596 inside the container, the working directory for the 1597 command is root ('/') in the container's filesystem. 1598 The command is simply exec'd, it is not run inside 1599 a shell, so traditional shell instructions ('|', etc) 1600 won't work. To use a shell, you need to explicitly 1601 call out to that shell. Exit status of 0 is treated 1602 as live/healthy and non-zero is unhealthy. 1603 items: 1604 type: string 1605 type: array 1606 type: object 1607 failureThreshold: 1608 description: Minimum consecutive failures for the probe 1609 to be considered failed after having succeeded. Defaults 1610 to 3. Minimum value is 1. 1611 format: int32 1612 type: integer 1613 grpc: 1614 description: GRPC specifies an action involving a GRPC port. 1615 This is a beta field and requires enabling GRPCContainerProbe 1616 feature gate. 1617 properties: 1618 port: 1619 description: Port number of the gRPC service. Number 1620 must be in the range 1 to 65535. 1621 format: int32 1622 type: integer 1623 service: 1624 description: "Service is the name of the service to 1625 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1626 \n If this is not specified, the default behavior 1627 is defined by gRPC." 1628 type: string 1629 required: 1630 - port 1631 type: object 1632 httpGet: 1633 description: HTTPGet specifies the http request to perform. 1634 properties: 1635 host: 1636 description: Host name to connect to, defaults to the 1637 pod IP. You probably want to set "Host" in httpHeaders 1638 instead. 1639 type: string 1640 httpHeaders: 1641 description: Custom headers to set in the request. HTTP 1642 allows repeated headers. 1643 items: 1644 description: HTTPHeader describes a custom header 1645 to be used in HTTP probes 1646 properties: 1647 name: 1648 description: The header field name 1649 type: string 1650 value: 1651 description: The header field value 1652 type: string 1653 required: 1654 - name 1655 - value 1656 type: object 1657 type: array 1658 path: 1659 description: Path to access on the HTTP server. 1660 type: string 1661 port: 1662 anyOf: 1663 - type: integer 1664 - type: string 1665 description: Name or number of the port to access on 1666 the container. Number must be in the range 1 to 65535. 1667 Name must be an IANA_SVC_NAME. 1668 x-kubernetes-int-or-string: true 1669 scheme: 1670 description: Scheme to use for connecting to the host. 1671 Defaults to HTTP. 1672 type: string 1673 required: 1674 - port 1675 type: object 1676 initialDelaySeconds: 1677 description: 'Number of seconds after the container has 1678 started before liveness probes are initiated. More info: 1679 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1680 format: int32 1681 type: integer 1682 periodSeconds: 1683 description: How often (in seconds) to perform the probe. 1684 Default to 10 seconds. Minimum value is 1. 1685 format: int32 1686 type: integer 1687 successThreshold: 1688 description: Minimum consecutive successes for the probe 1689 to be considered successful after having failed. Defaults 1690 to 1. Must be 1 for liveness and startup. Minimum value 1691 is 1. 1692 format: int32 1693 type: integer 1694 tcpSocket: 1695 description: TCPSocket specifies an action involving a TCP 1696 port. 1697 properties: 1698 host: 1699 description: 'Optional: Host name to connect to, defaults 1700 to the pod IP.' 1701 type: string 1702 port: 1703 anyOf: 1704 - type: integer 1705 - type: string 1706 description: Number or name of the port to access on 1707 the container. Number must be in the range 1 to 65535. 1708 Name must be an IANA_SVC_NAME. 1709 x-kubernetes-int-or-string: true 1710 required: 1711 - port 1712 type: object 1713 terminationGracePeriodSeconds: 1714 description: Optional duration in seconds the pod needs 1715 to terminate gracefully upon probe failure. The grace 1716 period is the duration in seconds after the processes 1717 running in the pod are sent a termination signal and the 1718 time when the processes are forcibly halted with a kill 1719 signal. Set this value longer than the expected cleanup 1720 time for your process. If this value is nil, the pod's 1721 terminationGracePeriodSeconds will be used. Otherwise, 1722 this value overrides the value provided by the pod spec. 1723 Value must be non-negative integer. The value zero indicates 1724 stop immediately via the kill signal (no opportunity to 1725 shut down). This is a beta field and requires enabling 1726 ProbeTerminationGracePeriod feature gate. Minimum value 1727 is 1. spec.terminationGracePeriodSeconds is used if unset. 1728 format: int64 1729 type: integer 1730 timeoutSeconds: 1731 description: 'Number of seconds after which the probe times 1732 out. Defaults to 1 second. Minimum value is 1. More info: 1733 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1734 format: int32 1735 type: integer 1736 type: object 1737 resources: 1738 description: 'Compute Resources required by this container. 1739 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1740 properties: 1741 claims: 1742 description: "Claims lists the names of resources, defined 1743 in spec.resourceClaims, that are used by this container. 1744 \n This is an alpha field and requires enabling the DynamicResourceAllocation 1745 feature gate. \n This field is immutable." 1746 items: 1747 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 1748 properties: 1749 name: 1750 description: Name must match the name of one entry 1751 in pod.spec.resourceClaims of the Pod where this 1752 field is used. It makes that resource available 1753 inside a container. 1754 type: string 1755 required: 1756 - name 1757 type: object 1758 type: array 1759 x-kubernetes-list-map-keys: 1760 - name 1761 x-kubernetes-list-type: map 1762 limits: 1763 additionalProperties: 1764 anyOf: 1765 - type: integer 1766 - type: string 1767 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1768 x-kubernetes-int-or-string: true 1769 description: 'Limits describes the maximum amount of compute 1770 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1771 type: object 1772 requests: 1773 additionalProperties: 1774 anyOf: 1775 - type: integer 1776 - type: string 1777 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1778 x-kubernetes-int-or-string: true 1779 description: 'Requests describes the minimum amount of compute 1780 resources required. If Requests is omitted for a container, 1781 it defaults to Limits if that is explicitly specified, 1782 otherwise to an implementation-defined value. More info: 1783 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 1784 type: object 1785 type: object 1786 securityContext: 1787 description: 'SecurityContext defines the security options the 1788 container should be run with. If set, the fields of SecurityContext 1789 override the equivalent fields of PodSecurityContext. More 1790 info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 1791 properties: 1792 allowPrivilegeEscalation: 1793 description: 'AllowPrivilegeEscalation controls whether 1794 a process can gain more privileges than its parent process. 1795 This bool directly controls if the no_new_privs flag will 1796 be set on the container process. AllowPrivilegeEscalation 1797 is true always when the container is: 1) run as Privileged 1798 2) has CAP_SYS_ADMIN Note that this field cannot be set 1799 when spec.os.name is windows.' 1800 type: boolean 1801 capabilities: 1802 description: The capabilities to add/drop when running containers. 1803 Defaults to the default set of capabilities granted by 1804 the container runtime. Note that this field cannot be 1805 set when spec.os.name is windows. 1806 properties: 1807 add: 1808 description: Added capabilities 1809 items: 1810 description: Capability represent POSIX capabilities 1811 type 1812 type: string 1813 type: array 1814 drop: 1815 description: Removed capabilities 1816 items: 1817 description: Capability represent POSIX capabilities 1818 type 1819 type: string 1820 type: array 1821 type: object 1822 privileged: 1823 description: Run container in privileged mode. Processes 1824 in privileged containers are essentially equivalent to 1825 root on the host. Defaults to false. Note that this field 1826 cannot be set when spec.os.name is windows. 1827 type: boolean 1828 procMount: 1829 description: procMount denotes the type of proc mount to 1830 use for the containers. The default is DefaultProcMount 1831 which uses the container runtime defaults for readonly 1832 paths and masked paths. This requires the ProcMountType 1833 feature flag to be enabled. Note that this field cannot 1834 be set when spec.os.name is windows. 1835 type: string 1836 readOnlyRootFilesystem: 1837 description: Whether this container has a read-only root 1838 filesystem. Default is false. Note that this field cannot 1839 be set when spec.os.name is windows. 1840 type: boolean 1841 runAsGroup: 1842 description: The GID to run the entrypoint of the container 1843 process. Uses runtime default if unset. May also be set 1844 in PodSecurityContext. If set in both SecurityContext 1845 and PodSecurityContext, the value specified in SecurityContext 1846 takes precedence. Note that this field cannot be set when 1847 spec.os.name is windows. 1848 format: int64 1849 type: integer 1850 runAsNonRoot: 1851 description: Indicates that the container must run as a 1852 non-root user. If true, the Kubelet will validate the 1853 image at runtime to ensure that it does not run as UID 1854 0 (root) and fail to start the container if it does. If 1855 unset or false, no such validation will be performed. 1856 May also be set in PodSecurityContext. If set in both 1857 SecurityContext and PodSecurityContext, the value specified 1858 in SecurityContext takes precedence. 1859 type: boolean 1860 runAsUser: 1861 description: The UID to run the entrypoint of the container 1862 process. Defaults to user specified in image metadata 1863 if unspecified. May also be set in PodSecurityContext. If 1864 set in both SecurityContext and PodSecurityContext, the 1865 value specified in SecurityContext takes precedence. Note 1866 that this field cannot be set when spec.os.name is windows. 1867 format: int64 1868 type: integer 1869 seLinuxOptions: 1870 description: The SELinux context to be applied to the container. 1871 If unspecified, the container runtime will allocate a 1872 random SELinux context for each container. May also be 1873 set in PodSecurityContext. If set in both SecurityContext 1874 and PodSecurityContext, the value specified in SecurityContext 1875 takes precedence. Note that this field cannot be set when 1876 spec.os.name is windows. 1877 properties: 1878 level: 1879 description: Level is SELinux level label that applies 1880 to the container. 1881 type: string 1882 role: 1883 description: Role is a SELinux role label that applies 1884 to the container. 1885 type: string 1886 type: 1887 description: Type is a SELinux type label that applies 1888 to the container. 1889 type: string 1890 user: 1891 description: User is a SELinux user label that applies 1892 to the container. 1893 type: string 1894 type: object 1895 seccompProfile: 1896 description: The seccomp options to use by this container. 1897 If seccomp options are provided at both the pod & container 1898 level, the container options override the pod options. 1899 Note that this field cannot be set when spec.os.name is 1900 windows. 1901 properties: 1902 localhostProfile: 1903 description: localhostProfile indicates a profile defined 1904 in a file on the node should be used. The profile 1905 must be preconfigured on the node to work. Must be 1906 a descending path, relative to the kubelet's configured 1907 seccomp profile location. Must only be set if type 1908 is "Localhost". 1909 type: string 1910 type: 1911 description: "type indicates which kind of seccomp profile 1912 will be applied. Valid options are: \n Localhost - 1913 a profile defined in a file on the node should be 1914 used. RuntimeDefault - the container runtime default 1915 profile should be used. Unconfined - no profile should 1916 be applied." 1917 type: string 1918 required: 1919 - type 1920 type: object 1921 windowsOptions: 1922 description: The Windows specific settings applied to all 1923 containers. If unspecified, the options from the PodSecurityContext 1924 will be used. If set in both SecurityContext and PodSecurityContext, 1925 the value specified in SecurityContext takes precedence. 1926 Note that this field cannot be set when spec.os.name is 1927 linux. 1928 properties: 1929 gmsaCredentialSpec: 1930 description: GMSACredentialSpec is where the GMSA admission 1931 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1932 inlines the contents of the GMSA credential spec named 1933 by the GMSACredentialSpecName field. 1934 type: string 1935 gmsaCredentialSpecName: 1936 description: GMSACredentialSpecName is the name of the 1937 GMSA credential spec to use. 1938 type: string 1939 hostProcess: 1940 description: HostProcess determines if a container should 1941 be run as a 'Host Process' container. This field is 1942 alpha-level and will only be honored by components 1943 that enable the WindowsHostProcessContainers feature 1944 flag. Setting this field without the feature flag 1945 will result in errors when validating the Pod. All 1946 of a Pod's containers must have the same effective 1947 HostProcess value (it is not allowed to have a mix 1948 of HostProcess containers and non-HostProcess containers). In 1949 addition, if HostProcess is true then HostNetwork 1950 must also be set to true. 1951 type: boolean 1952 runAsUserName: 1953 description: The UserName in Windows to run the entrypoint 1954 of the container process. Defaults to the user specified 1955 in image metadata if unspecified. May also be set 1956 in PodSecurityContext. If set in both SecurityContext 1957 and PodSecurityContext, the value specified in SecurityContext 1958 takes precedence. 1959 type: string 1960 type: object 1961 type: object 1962 startupProbe: 1963 description: 'StartupProbe indicates that the Pod has successfully 1964 initialized. If specified, no other probes are executed until 1965 this completes successfully. If this probe fails, the Pod 1966 will be restarted, just as if the livenessProbe failed. This 1967 can be used to provide different probe parameters at the beginning 1968 of a Pod''s lifecycle, when it might take a long time to load 1969 data or warm a cache, than during steady-state operation. 1970 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1971 properties: 1972 exec: 1973 description: Exec specifies the action to take. 1974 properties: 1975 command: 1976 description: Command is the command line to execute 1977 inside the container, the working directory for the 1978 command is root ('/') in the container's filesystem. 1979 The command is simply exec'd, it is not run inside 1980 a shell, so traditional shell instructions ('|', etc) 1981 won't work. To use a shell, you need to explicitly 1982 call out to that shell. Exit status of 0 is treated 1983 as live/healthy and non-zero is unhealthy. 1984 items: 1985 type: string 1986 type: array 1987 type: object 1988 failureThreshold: 1989 description: Minimum consecutive failures for the probe 1990 to be considered failed after having succeeded. Defaults 1991 to 3. Minimum value is 1. 1992 format: int32 1993 type: integer 1994 grpc: 1995 description: GRPC specifies an action involving a GRPC port. 1996 This is a beta field and requires enabling GRPCContainerProbe 1997 feature gate. 1998 properties: 1999 port: 2000 description: Port number of the gRPC service. Number 2001 must be in the range 1 to 65535. 2002 format: int32 2003 type: integer 2004 service: 2005 description: "Service is the name of the service to 2006 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2007 \n If this is not specified, the default behavior 2008 is defined by gRPC." 2009 type: string 2010 required: 2011 - port 2012 type: object 2013 httpGet: 2014 description: HTTPGet specifies the http request to perform. 2015 properties: 2016 host: 2017 description: Host name to connect to, defaults to the 2018 pod IP. You probably want to set "Host" in httpHeaders 2019 instead. 2020 type: string 2021 httpHeaders: 2022 description: Custom headers to set in the request. HTTP 2023 allows repeated headers. 2024 items: 2025 description: HTTPHeader describes a custom header 2026 to be used in HTTP probes 2027 properties: 2028 name: 2029 description: The header field name 2030 type: string 2031 value: 2032 description: The header field value 2033 type: string 2034 required: 2035 - name 2036 - value 2037 type: object 2038 type: array 2039 path: 2040 description: Path to access on the HTTP server. 2041 type: string 2042 port: 2043 anyOf: 2044 - type: integer 2045 - type: string 2046 description: Name or number of the port to access on 2047 the container. Number must be in the range 1 to 65535. 2048 Name must be an IANA_SVC_NAME. 2049 x-kubernetes-int-or-string: true 2050 scheme: 2051 description: Scheme to use for connecting to the host. 2052 Defaults to HTTP. 2053 type: string 2054 required: 2055 - port 2056 type: object 2057 initialDelaySeconds: 2058 description: 'Number of seconds after the container has 2059 started before liveness probes are initiated. More info: 2060 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2061 format: int32 2062 type: integer 2063 periodSeconds: 2064 description: How often (in seconds) to perform the probe. 2065 Default to 10 seconds. Minimum value is 1. 2066 format: int32 2067 type: integer 2068 successThreshold: 2069 description: Minimum consecutive successes for the probe 2070 to be considered successful after having failed. Defaults 2071 to 1. Must be 1 for liveness and startup. Minimum value 2072 is 1. 2073 format: int32 2074 type: integer 2075 tcpSocket: 2076 description: TCPSocket specifies an action involving a TCP 2077 port. 2078 properties: 2079 host: 2080 description: 'Optional: Host name to connect to, defaults 2081 to the pod IP.' 2082 type: string 2083 port: 2084 anyOf: 2085 - type: integer 2086 - type: string 2087 description: Number or name of the port to access on 2088 the container. Number must be in the range 1 to 65535. 2089 Name must be an IANA_SVC_NAME. 2090 x-kubernetes-int-or-string: true 2091 required: 2092 - port 2093 type: object 2094 terminationGracePeriodSeconds: 2095 description: Optional duration in seconds the pod needs 2096 to terminate gracefully upon probe failure. The grace 2097 period is the duration in seconds after the processes 2098 running in the pod are sent a termination signal and the 2099 time when the processes are forcibly halted with a kill 2100 signal. Set this value longer than the expected cleanup 2101 time for your process. If this value is nil, the pod's 2102 terminationGracePeriodSeconds will be used. Otherwise, 2103 this value overrides the value provided by the pod spec. 2104 Value must be non-negative integer. The value zero indicates 2105 stop immediately via the kill signal (no opportunity to 2106 shut down). This is a beta field and requires enabling 2107 ProbeTerminationGracePeriod feature gate. Minimum value 2108 is 1. spec.terminationGracePeriodSeconds is used if unset. 2109 format: int64 2110 type: integer 2111 timeoutSeconds: 2112 description: 'Number of seconds after which the probe times 2113 out. Defaults to 1 second. Minimum value is 1. More info: 2114 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2115 format: int32 2116 type: integer 2117 type: object 2118 stdin: 2119 description: Whether this container should allocate a buffer 2120 for stdin in the container runtime. If this is not set, reads 2121 from stdin in the container will always result in EOF. Default 2122 is false. 2123 type: boolean 2124 stdinOnce: 2125 description: Whether the container runtime should close the 2126 stdin channel after it has been opened by a single attach. 2127 When stdin is true the stdin stream will remain open across 2128 multiple attach sessions. If stdinOnce is set to true, stdin 2129 is opened on container start, is empty until the first client 2130 attaches to stdin, and then remains open and accepts data 2131 until the client disconnects, at which time stdin is closed 2132 and remains closed until the container is restarted. If this 2133 flag is false, a container processes that reads from stdin 2134 will never receive an EOF. Default is false 2135 type: boolean 2136 terminationMessagePath: 2137 description: 'Optional: Path at which the file to which the 2138 container''s termination message will be written is mounted 2139 into the container''s filesystem. Message written is intended 2140 to be brief final status, such as an assertion failure message. 2141 Will be truncated by the node if greater than 4096 bytes. 2142 The total message length across all containers will be limited 2143 to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 2144 type: string 2145 terminationMessagePolicy: 2146 description: Indicate how the termination message should be 2147 populated. File will use the contents of terminationMessagePath 2148 to populate the container status message on both success and 2149 failure. FallbackToLogsOnError will use the last chunk of 2150 container log output if the termination message file is empty 2151 and the container exited with an error. The log output is 2152 limited to 2048 bytes or 80 lines, whichever is smaller. Defaults 2153 to File. Cannot be updated. 2154 type: string 2155 tty: 2156 description: Whether this container should allocate a TTY for 2157 itself, also requires 'stdin' to be true. Default is false. 2158 type: boolean 2159 volumeDevices: 2160 description: volumeDevices is the list of block devices to be 2161 used by the container. 2162 items: 2163 description: volumeDevice describes a mapping of a raw block 2164 device within a container. 2165 properties: 2166 devicePath: 2167 description: devicePath is the path inside of the container 2168 that the device will be mapped to. 2169 type: string 2170 name: 2171 description: name must match the name of a persistentVolumeClaim 2172 in the pod 2173 type: string 2174 required: 2175 - devicePath 2176 - name 2177 type: object 2178 type: array 2179 volumeMounts: 2180 description: Pod volumes to mount into the container's filesystem. 2181 Cannot be updated. 2182 items: 2183 description: VolumeMount describes a mounting of a Volume 2184 within a container. 2185 properties: 2186 mountPath: 2187 description: Path within the container at which the volume 2188 should be mounted. Must not contain ':'. 2189 type: string 2190 mountPropagation: 2191 description: mountPropagation determines how mounts are 2192 propagated from the host to container and the other 2193 way around. When not set, MountPropagationNone is used. 2194 This field is beta in 1.10. 2195 type: string 2196 name: 2197 description: This must match the Name of a Volume. 2198 type: string 2199 readOnly: 2200 description: Mounted read-only if true, read-write otherwise 2201 (false or unspecified). Defaults to false. 2202 type: boolean 2203 subPath: 2204 description: Path within the volume from which the container's 2205 volume should be mounted. Defaults to "" (volume's root). 2206 type: string 2207 subPathExpr: 2208 description: Expanded path within the volume from which 2209 the container's volume should be mounted. Behaves similarly 2210 to SubPath but environment variable references $(VAR_NAME) 2211 are expanded using the container's environment. Defaults 2212 to "" (volume's root). SubPathExpr and SubPath are mutually 2213 exclusive. 2214 type: string 2215 required: 2216 - mountPath 2217 - name 2218 type: object 2219 type: array 2220 workingDir: 2221 description: Container's working directory. If not specified, 2222 the container runtime's default will be used, which might 2223 be configured in the container image. Cannot be updated. 2224 type: string 2225 required: 2226 - name 2227 type: object 2228 type: array 2229 enforcedNamespaceLabel: 2230 description: EnforcedNamespaceLabel enforces adding a namespace label 2231 of origin for each alert and metric that is user created. The label 2232 value will always be the namespace of the object that is being created. 2233 type: string 2234 evaluationInterval: 2235 default: 15s 2236 description: Interval between consecutive evaluations. 2237 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 2238 type: string 2239 excludedFromEnforcement: 2240 description: List of references to PrometheusRule objects to be excluded 2241 from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel 2242 set to true. 2243 items: 2244 description: ObjectReference references a PodMonitor, ServiceMonitor, 2245 Probe or PrometheusRule object. 2246 properties: 2247 group: 2248 default: monitoring.coreos.com 2249 description: Group of the referent. When not specified, it defaults 2250 to `monitoring.coreos.com` 2251 enum: 2252 - monitoring.coreos.com 2253 type: string 2254 name: 2255 description: Name of the referent. When not set, all resources 2256 are matched. 2257 type: string 2258 namespace: 2259 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 2260 minLength: 1 2261 type: string 2262 resource: 2263 description: Resource of the referent. 2264 enum: 2265 - prometheusrules 2266 - servicemonitors 2267 - podmonitors 2268 - probes 2269 type: string 2270 required: 2271 - namespace 2272 - resource 2273 type: object 2274 type: array 2275 externalPrefix: 2276 description: The external URL the Thanos Ruler instances will be available 2277 under. This is necessary to generate correct URLs. This is necessary 2278 if Thanos Ruler is not served from root of a DNS name. 2279 type: string 2280 grpcServerTlsConfig: 2281 description: 'GRPCServerTLSConfig configures the gRPC server from 2282 which Thanos Querier reads recorded rule data. Note: Currently only 2283 the CAFile, CertFile, and KeyFile fields are supported. Maps to 2284 the ''--grpc-server-tls-*'' CLI args.' 2285 properties: 2286 ca: 2287 description: Certificate authority used when verifying server 2288 certificates. 2289 properties: 2290 configMap: 2291 description: ConfigMap containing data to use for the targets. 2292 properties: 2293 key: 2294 description: The key to select. 2295 type: string 2296 name: 2297 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2298 TODO: Add other useful fields. apiVersion, kind, uid?' 2299 type: string 2300 optional: 2301 description: Specify whether the ConfigMap or its key 2302 must be defined 2303 type: boolean 2304 required: 2305 - key 2306 type: object 2307 x-kubernetes-map-type: atomic 2308 secret: 2309 description: Secret containing data to use for the targets. 2310 properties: 2311 key: 2312 description: The key of the secret to select from. Must 2313 be a valid secret key. 2314 type: string 2315 name: 2316 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2317 TODO: Add other useful fields. apiVersion, kind, uid?' 2318 type: string 2319 optional: 2320 description: Specify whether the Secret or its key must 2321 be defined 2322 type: boolean 2323 required: 2324 - key 2325 type: object 2326 x-kubernetes-map-type: atomic 2327 type: object 2328 caFile: 2329 description: Path to the CA cert in the Prometheus container to 2330 use for the targets. 2331 type: string 2332 cert: 2333 description: Client certificate to present when doing client-authentication. 2334 properties: 2335 configMap: 2336 description: ConfigMap containing data to use for the targets. 2337 properties: 2338 key: 2339 description: The key to select. 2340 type: string 2341 name: 2342 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2343 TODO: Add other useful fields. apiVersion, kind, uid?' 2344 type: string 2345 optional: 2346 description: Specify whether the ConfigMap or its key 2347 must be defined 2348 type: boolean 2349 required: 2350 - key 2351 type: object 2352 x-kubernetes-map-type: atomic 2353 secret: 2354 description: Secret containing data to use for the targets. 2355 properties: 2356 key: 2357 description: The key of the secret to select from. Must 2358 be a valid secret key. 2359 type: string 2360 name: 2361 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2362 TODO: Add other useful fields. apiVersion, kind, uid?' 2363 type: string 2364 optional: 2365 description: Specify whether the Secret or its key must 2366 be defined 2367 type: boolean 2368 required: 2369 - key 2370 type: object 2371 x-kubernetes-map-type: atomic 2372 type: object 2373 certFile: 2374 description: Path to the client cert file in the Prometheus container 2375 for the targets. 2376 type: string 2377 insecureSkipVerify: 2378 description: Disable target certificate validation. 2379 type: boolean 2380 keyFile: 2381 description: Path to the client key file in the Prometheus container 2382 for the targets. 2383 type: string 2384 keySecret: 2385 description: Secret containing the client key file for the targets. 2386 properties: 2387 key: 2388 description: The key of the secret to select from. Must be 2389 a valid secret key. 2390 type: string 2391 name: 2392 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2393 TODO: Add other useful fields. apiVersion, kind, uid?' 2394 type: string 2395 optional: 2396 description: Specify whether the Secret or its key must be 2397 defined 2398 type: boolean 2399 required: 2400 - key 2401 type: object 2402 x-kubernetes-map-type: atomic 2403 serverName: 2404 description: Used to verify the hostname for the targets. 2405 type: string 2406 type: object 2407 hostAliases: 2408 description: Pods' hostAliases configuration 2409 items: 2410 description: HostAlias holds the mapping between IP and hostnames 2411 that will be injected as an entry in the pod's hosts file. 2412 properties: 2413 hostnames: 2414 description: Hostnames for the above IP address. 2415 items: 2416 type: string 2417 type: array 2418 ip: 2419 description: IP address of the host file entry. 2420 type: string 2421 required: 2422 - hostnames 2423 - ip 2424 type: object 2425 type: array 2426 x-kubernetes-list-map-keys: 2427 - ip 2428 x-kubernetes-list-type: map 2429 image: 2430 description: Thanos container image URL. 2431 type: string 2432 imagePullPolicy: 2433 description: Image pull policy for the 'thanos', 'init-config-reloader' 2434 and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy 2435 for more details. 2436 enum: 2437 - "" 2438 - Always 2439 - Never 2440 - IfNotPresent 2441 type: string 2442 imagePullSecrets: 2443 description: An optional list of references to secrets in the same 2444 namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod 2445 items: 2446 description: LocalObjectReference contains enough information to 2447 let you locate the referenced object inside the same namespace. 2448 properties: 2449 name: 2450 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2451 TODO: Add other useful fields. apiVersion, kind, uid?' 2452 type: string 2453 type: object 2454 x-kubernetes-map-type: atomic 2455 type: array 2456 initContainers: 2457 description: 'InitContainers allows adding initContainers to the pod 2458 definition. Those can be used to e.g. fetch secrets for injection 2459 into the ThanosRuler configuration from external sources. Any errors 2460 during the execution of an initContainer will lead to a restart 2461 of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 2462 Using initContainers for any use case other then secret fetching 2463 is entirely outside the scope of what the maintainers will support 2464 and by doing so, you accept that this behaviour may break at any 2465 time without notice.' 2466 items: 2467 description: A single application container that you want to run 2468 within a pod. 2469 properties: 2470 args: 2471 description: 'Arguments to the entrypoint. The container image''s 2472 CMD is used if this is not provided. Variable references $(VAR_NAME) 2473 are expanded using the container''s environment. If a variable 2474 cannot be resolved, the reference in the input string will 2475 be unchanged. Double $$ are reduced to a single $, which allows 2476 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2477 produce the string literal "$(VAR_NAME)". Escaped references 2478 will never be expanded, regardless of whether the variable 2479 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2480 items: 2481 type: string 2482 type: array 2483 command: 2484 description: 'Entrypoint array. Not executed within a shell. 2485 The container image''s ENTRYPOINT is used if this is not provided. 2486 Variable references $(VAR_NAME) are expanded using the container''s 2487 environment. If a variable cannot be resolved, the reference 2488 in the input string will be unchanged. Double $$ are reduced 2489 to a single $, which allows for escaping the $(VAR_NAME) syntax: 2490 i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 2491 Escaped references will never be expanded, regardless of whether 2492 the variable exists or not. Cannot be updated. More info: 2493 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2494 items: 2495 type: string 2496 type: array 2497 env: 2498 description: List of environment variables to set in the container. 2499 Cannot be updated. 2500 items: 2501 description: EnvVar represents an environment variable present 2502 in a Container. 2503 properties: 2504 name: 2505 description: Name of the environment variable. Must be 2506 a C_IDENTIFIER. 2507 type: string 2508 value: 2509 description: 'Variable references $(VAR_NAME) are expanded 2510 using the previously defined environment variables in 2511 the container and any service environment variables. 2512 If a variable cannot be resolved, the reference in the 2513 input string will be unchanged. Double $$ are reduced 2514 to a single $, which allows for escaping the $(VAR_NAME) 2515 syntax: i.e. "$$(VAR_NAME)" will produce the string 2516 literal "$(VAR_NAME)". Escaped references will never 2517 be expanded, regardless of whether the variable exists 2518 or not. Defaults to "".' 2519 type: string 2520 valueFrom: 2521 description: Source for the environment variable's value. 2522 Cannot be used if value is not empty. 2523 properties: 2524 configMapKeyRef: 2525 description: Selects a key of a ConfigMap. 2526 properties: 2527 key: 2528 description: The key to select. 2529 type: string 2530 name: 2531 description: 'Name of the referent. More info: 2532 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2533 TODO: Add other useful fields. apiVersion, kind, 2534 uid?' 2535 type: string 2536 optional: 2537 description: Specify whether the ConfigMap or 2538 its key must be defined 2539 type: boolean 2540 required: 2541 - key 2542 type: object 2543 x-kubernetes-map-type: atomic 2544 fieldRef: 2545 description: 'Selects a field of the pod: supports 2546 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 2547 `metadata.annotations[''<KEY>'']`, spec.nodeName, 2548 spec.serviceAccountName, status.hostIP, status.podIP, 2549 status.podIPs.' 2550 properties: 2551 apiVersion: 2552 description: Version of the schema the FieldPath 2553 is written in terms of, defaults to "v1". 2554 type: string 2555 fieldPath: 2556 description: Path of the field to select in the 2557 specified API version. 2558 type: string 2559 required: 2560 - fieldPath 2561 type: object 2562 x-kubernetes-map-type: atomic 2563 resourceFieldRef: 2564 description: 'Selects a resource of the container: 2565 only resources limits and requests (limits.cpu, 2566 limits.memory, limits.ephemeral-storage, requests.cpu, 2567 requests.memory and requests.ephemeral-storage) 2568 are currently supported.' 2569 properties: 2570 containerName: 2571 description: 'Container name: required for volumes, 2572 optional for env vars' 2573 type: string 2574 divisor: 2575 anyOf: 2576 - type: integer 2577 - type: string 2578 description: Specifies the output format of the 2579 exposed resources, defaults to "1" 2580 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2581 x-kubernetes-int-or-string: true 2582 resource: 2583 description: 'Required: resource to select' 2584 type: string 2585 required: 2586 - resource 2587 type: object 2588 x-kubernetes-map-type: atomic 2589 secretKeyRef: 2590 description: Selects a key of a secret in the pod's 2591 namespace 2592 properties: 2593 key: 2594 description: The key of the secret to select from. Must 2595 be a valid secret key. 2596 type: string 2597 name: 2598 description: 'Name of the referent. More info: 2599 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2600 TODO: Add other useful fields. apiVersion, kind, 2601 uid?' 2602 type: string 2603 optional: 2604 description: Specify whether the Secret or its 2605 key must be defined 2606 type: boolean 2607 required: 2608 - key 2609 type: object 2610 x-kubernetes-map-type: atomic 2611 type: object 2612 required: 2613 - name 2614 type: object 2615 type: array 2616 envFrom: 2617 description: List of sources to populate environment variables 2618 in the container. The keys defined within a source must be 2619 a C_IDENTIFIER. All invalid keys will be reported as an event 2620 when the container is starting. When a key exists in multiple 2621 sources, the value associated with the last source will take 2622 precedence. Values defined by an Env with a duplicate key 2623 will take precedence. Cannot be updated. 2624 items: 2625 description: EnvFromSource represents the source of a set 2626 of ConfigMaps 2627 properties: 2628 configMapRef: 2629 description: The ConfigMap to select from 2630 properties: 2631 name: 2632 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2633 TODO: Add other useful fields. apiVersion, kind, 2634 uid?' 2635 type: string 2636 optional: 2637 description: Specify whether the ConfigMap must be 2638 defined 2639 type: boolean 2640 type: object 2641 x-kubernetes-map-type: atomic 2642 prefix: 2643 description: An optional identifier to prepend to each 2644 key in the ConfigMap. Must be a C_IDENTIFIER. 2645 type: string 2646 secretRef: 2647 description: The Secret to select from 2648 properties: 2649 name: 2650 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2651 TODO: Add other useful fields. apiVersion, kind, 2652 uid?' 2653 type: string 2654 optional: 2655 description: Specify whether the Secret must be defined 2656 type: boolean 2657 type: object 2658 x-kubernetes-map-type: atomic 2659 type: object 2660 type: array 2661 image: 2662 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 2663 This field is optional to allow higher level config management 2664 to default or override container images in workload controllers 2665 like Deployments and StatefulSets.' 2666 type: string 2667 imagePullPolicy: 2668 description: 'Image pull policy. One of Always, Never, IfNotPresent. 2669 Defaults to Always if :latest tag is specified, or IfNotPresent 2670 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 2671 type: string 2672 lifecycle: 2673 description: Actions that the management system should take 2674 in response to container lifecycle events. Cannot be updated. 2675 properties: 2676 postStart: 2677 description: 'PostStart is called immediately after a container 2678 is created. If the handler fails, the container is terminated 2679 and restarted according to its restart policy. Other management 2680 of the container blocks until the hook completes. More 2681 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2682 properties: 2683 exec: 2684 description: Exec specifies the action to take. 2685 properties: 2686 command: 2687 description: Command is the command line to execute 2688 inside the container, the working directory for 2689 the command is root ('/') in the container's 2690 filesystem. The command is simply exec'd, it is 2691 not run inside a shell, so traditional shell instructions 2692 ('|', etc) won't work. To use a shell, you need 2693 to explicitly call out to that shell. Exit status 2694 of 0 is treated as live/healthy and non-zero is 2695 unhealthy. 2696 items: 2697 type: string 2698 type: array 2699 type: object 2700 httpGet: 2701 description: HTTPGet specifies the http request to perform. 2702 properties: 2703 host: 2704 description: Host name to connect to, defaults to 2705 the pod IP. You probably want to set "Host" in 2706 httpHeaders instead. 2707 type: string 2708 httpHeaders: 2709 description: Custom headers to set in the request. 2710 HTTP allows repeated headers. 2711 items: 2712 description: HTTPHeader describes a custom header 2713 to be used in HTTP probes 2714 properties: 2715 name: 2716 description: The header field name 2717 type: string 2718 value: 2719 description: The header field value 2720 type: string 2721 required: 2722 - name 2723 - value 2724 type: object 2725 type: array 2726 path: 2727 description: Path to access on the HTTP server. 2728 type: string 2729 port: 2730 anyOf: 2731 - type: integer 2732 - type: string 2733 description: Name or number of the port to access 2734 on the container. Number must be in the range 2735 1 to 65535. Name must be an IANA_SVC_NAME. 2736 x-kubernetes-int-or-string: true 2737 scheme: 2738 description: Scheme to use for connecting to the 2739 host. Defaults to HTTP. 2740 type: string 2741 required: 2742 - port 2743 type: object 2744 tcpSocket: 2745 description: Deprecated. TCPSocket is NOT supported 2746 as a LifecycleHandler and kept for the backward compatibility. 2747 There are no validation of this field and lifecycle 2748 hooks will fail in runtime when tcp handler is specified. 2749 properties: 2750 host: 2751 description: 'Optional: Host name to connect to, 2752 defaults to the pod IP.' 2753 type: string 2754 port: 2755 anyOf: 2756 - type: integer 2757 - type: string 2758 description: Number or name of the port to access 2759 on the container. Number must be in the range 2760 1 to 65535. Name must be an IANA_SVC_NAME. 2761 x-kubernetes-int-or-string: true 2762 required: 2763 - port 2764 type: object 2765 type: object 2766 preStop: 2767 description: 'PreStop is called immediately before a container 2768 is terminated due to an API request or management event 2769 such as liveness/startup probe failure, preemption, resource 2770 contention, etc. The handler is not called if the container 2771 crashes or exits. The Pod''s termination grace period 2772 countdown begins before the PreStop hook is executed. 2773 Regardless of the outcome of the handler, the container 2774 will eventually terminate within the Pod''s termination 2775 grace period (unless delayed by finalizers). Other management 2776 of the container blocks until the hook completes or until 2777 the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 2778 properties: 2779 exec: 2780 description: Exec specifies the action to take. 2781 properties: 2782 command: 2783 description: Command is the command line to execute 2784 inside the container, the working directory for 2785 the command is root ('/') in the container's 2786 filesystem. The command is simply exec'd, it is 2787 not run inside a shell, so traditional shell instructions 2788 ('|', etc) won't work. To use a shell, you need 2789 to explicitly call out to that shell. Exit status 2790 of 0 is treated as live/healthy and non-zero is 2791 unhealthy. 2792 items: 2793 type: string 2794 type: array 2795 type: object 2796 httpGet: 2797 description: HTTPGet specifies the http request to perform. 2798 properties: 2799 host: 2800 description: Host name to connect to, defaults to 2801 the pod IP. You probably want to set "Host" in 2802 httpHeaders instead. 2803 type: string 2804 httpHeaders: 2805 description: Custom headers to set in the request. 2806 HTTP allows repeated headers. 2807 items: 2808 description: HTTPHeader describes a custom header 2809 to be used in HTTP probes 2810 properties: 2811 name: 2812 description: The header field name 2813 type: string 2814 value: 2815 description: The header field value 2816 type: string 2817 required: 2818 - name 2819 - value 2820 type: object 2821 type: array 2822 path: 2823 description: Path to access on the HTTP server. 2824 type: string 2825 port: 2826 anyOf: 2827 - type: integer 2828 - type: string 2829 description: Name or number of the port to access 2830 on the container. Number must be in the range 2831 1 to 65535. Name must be an IANA_SVC_NAME. 2832 x-kubernetes-int-or-string: true 2833 scheme: 2834 description: Scheme to use for connecting to the 2835 host. Defaults to HTTP. 2836 type: string 2837 required: 2838 - port 2839 type: object 2840 tcpSocket: 2841 description: Deprecated. TCPSocket is NOT supported 2842 as a LifecycleHandler and kept for the backward compatibility. 2843 There are no validation of this field and lifecycle 2844 hooks will fail in runtime when tcp handler is specified. 2845 properties: 2846 host: 2847 description: 'Optional: Host name to connect to, 2848 defaults to the pod IP.' 2849 type: string 2850 port: 2851 anyOf: 2852 - type: integer 2853 - type: string 2854 description: Number or name of the port to access 2855 on the container. Number must be in the range 2856 1 to 65535. Name must be an IANA_SVC_NAME. 2857 x-kubernetes-int-or-string: true 2858 required: 2859 - port 2860 type: object 2861 type: object 2862 type: object 2863 livenessProbe: 2864 description: 'Periodic probe of container liveness. Container 2865 will be restarted if the probe fails. Cannot be updated. More 2866 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2867 properties: 2868 exec: 2869 description: Exec specifies the action to take. 2870 properties: 2871 command: 2872 description: Command is the command line to execute 2873 inside the container, the working directory for the 2874 command is root ('/') in the container's filesystem. 2875 The command is simply exec'd, it is not run inside 2876 a shell, so traditional shell instructions ('|', etc) 2877 won't work. To use a shell, you need to explicitly 2878 call out to that shell. Exit status of 0 is treated 2879 as live/healthy and non-zero is unhealthy. 2880 items: 2881 type: string 2882 type: array 2883 type: object 2884 failureThreshold: 2885 description: Minimum consecutive failures for the probe 2886 to be considered failed after having succeeded. Defaults 2887 to 3. Minimum value is 1. 2888 format: int32 2889 type: integer 2890 grpc: 2891 description: GRPC specifies an action involving a GRPC port. 2892 This is a beta field and requires enabling GRPCContainerProbe 2893 feature gate. 2894 properties: 2895 port: 2896 description: Port number of the gRPC service. Number 2897 must be in the range 1 to 65535. 2898 format: int32 2899 type: integer 2900 service: 2901 description: "Service is the name of the service to 2902 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2903 \n If this is not specified, the default behavior 2904 is defined by gRPC." 2905 type: string 2906 required: 2907 - port 2908 type: object 2909 httpGet: 2910 description: HTTPGet specifies the http request to perform. 2911 properties: 2912 host: 2913 description: Host name to connect to, defaults to the 2914 pod IP. You probably want to set "Host" in httpHeaders 2915 instead. 2916 type: string 2917 httpHeaders: 2918 description: Custom headers to set in the request. HTTP 2919 allows repeated headers. 2920 items: 2921 description: HTTPHeader describes a custom header 2922 to be used in HTTP probes 2923 properties: 2924 name: 2925 description: The header field name 2926 type: string 2927 value: 2928 description: The header field value 2929 type: string 2930 required: 2931 - name 2932 - value 2933 type: object 2934 type: array 2935 path: 2936 description: Path to access on the HTTP server. 2937 type: string 2938 port: 2939 anyOf: 2940 - type: integer 2941 - type: string 2942 description: Name or number of the port to access on 2943 the container. Number must be in the range 1 to 65535. 2944 Name must be an IANA_SVC_NAME. 2945 x-kubernetes-int-or-string: true 2946 scheme: 2947 description: Scheme to use for connecting to the host. 2948 Defaults to HTTP. 2949 type: string 2950 required: 2951 - port 2952 type: object 2953 initialDelaySeconds: 2954 description: 'Number of seconds after the container has 2955 started before liveness probes are initiated. More info: 2956 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2957 format: int32 2958 type: integer 2959 periodSeconds: 2960 description: How often (in seconds) to perform the probe. 2961 Default to 10 seconds. Minimum value is 1. 2962 format: int32 2963 type: integer 2964 successThreshold: 2965 description: Minimum consecutive successes for the probe 2966 to be considered successful after having failed. Defaults 2967 to 1. Must be 1 for liveness and startup. Minimum value 2968 is 1. 2969 format: int32 2970 type: integer 2971 tcpSocket: 2972 description: TCPSocket specifies an action involving a TCP 2973 port. 2974 properties: 2975 host: 2976 description: 'Optional: Host name to connect to, defaults 2977 to the pod IP.' 2978 type: string 2979 port: 2980 anyOf: 2981 - type: integer 2982 - type: string 2983 description: Number or name of the port to access on 2984 the container. Number must be in the range 1 to 65535. 2985 Name must be an IANA_SVC_NAME. 2986 x-kubernetes-int-or-string: true 2987 required: 2988 - port 2989 type: object 2990 terminationGracePeriodSeconds: 2991 description: Optional duration in seconds the pod needs 2992 to terminate gracefully upon probe failure. The grace 2993 period is the duration in seconds after the processes 2994 running in the pod are sent a termination signal and the 2995 time when the processes are forcibly halted with a kill 2996 signal. Set this value longer than the expected cleanup 2997 time for your process. If this value is nil, the pod's 2998 terminationGracePeriodSeconds will be used. Otherwise, 2999 this value overrides the value provided by the pod spec. 3000 Value must be non-negative integer. The value zero indicates 3001 stop immediately via the kill signal (no opportunity to 3002 shut down). This is a beta field and requires enabling 3003 ProbeTerminationGracePeriod feature gate. Minimum value 3004 is 1. spec.terminationGracePeriodSeconds is used if unset. 3005 format: int64 3006 type: integer 3007 timeoutSeconds: 3008 description: 'Number of seconds after which the probe times 3009 out. Defaults to 1 second. Minimum value is 1. More info: 3010 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3011 format: int32 3012 type: integer 3013 type: object 3014 name: 3015 description: Name of the container specified as a DNS_LABEL. 3016 Each container in a pod must have a unique name (DNS_LABEL). 3017 Cannot be updated. 3018 type: string 3019 ports: 3020 description: List of ports to expose from the container. Not 3021 specifying a port here DOES NOT prevent that port from being 3022 exposed. Any port which is listening on the default "0.0.0.0" 3023 address inside a container will be accessible from the network. 3024 Modifying this array with strategic merge patch may corrupt 3025 the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. 3026 Cannot be updated. 3027 items: 3028 description: ContainerPort represents a network port in a 3029 single container. 3030 properties: 3031 containerPort: 3032 description: Number of port to expose on the pod's IP 3033 address. This must be a valid port number, 0 < x < 65536. 3034 format: int32 3035 type: integer 3036 hostIP: 3037 description: What host IP to bind the external port to. 3038 type: string 3039 hostPort: 3040 description: Number of port to expose on the host. If 3041 specified, this must be a valid port number, 0 < x < 3042 65536. If HostNetwork is specified, this must match 3043 ContainerPort. Most containers do not need this. 3044 format: int32 3045 type: integer 3046 name: 3047 description: If specified, this must be an IANA_SVC_NAME 3048 and unique within the pod. Each named port in a pod 3049 must have a unique name. Name for the port that can 3050 be referred to by services. 3051 type: string 3052 protocol: 3053 default: TCP 3054 description: Protocol for port. Must be UDP, TCP, or SCTP. 3055 Defaults to "TCP". 3056 type: string 3057 required: 3058 - containerPort 3059 type: object 3060 type: array 3061 x-kubernetes-list-map-keys: 3062 - containerPort 3063 - protocol 3064 x-kubernetes-list-type: map 3065 readinessProbe: 3066 description: 'Periodic probe of container service readiness. 3067 Container will be removed from service endpoints if the probe 3068 fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3069 properties: 3070 exec: 3071 description: Exec specifies the action to take. 3072 properties: 3073 command: 3074 description: Command is the command line to execute 3075 inside the container, the working directory for the 3076 command is root ('/') in the container's filesystem. 3077 The command is simply exec'd, it is not run inside 3078 a shell, so traditional shell instructions ('|', etc) 3079 won't work. To use a shell, you need to explicitly 3080 call out to that shell. Exit status of 0 is treated 3081 as live/healthy and non-zero is unhealthy. 3082 items: 3083 type: string 3084 type: array 3085 type: object 3086 failureThreshold: 3087 description: Minimum consecutive failures for the probe 3088 to be considered failed after having succeeded. Defaults 3089 to 3. Minimum value is 1. 3090 format: int32 3091 type: integer 3092 grpc: 3093 description: GRPC specifies an action involving a GRPC port. 3094 This is a beta field and requires enabling GRPCContainerProbe 3095 feature gate. 3096 properties: 3097 port: 3098 description: Port number of the gRPC service. Number 3099 must be in the range 1 to 65535. 3100 format: int32 3101 type: integer 3102 service: 3103 description: "Service is the name of the service to 3104 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3105 \n If this is not specified, the default behavior 3106 is defined by gRPC." 3107 type: string 3108 required: 3109 - port 3110 type: object 3111 httpGet: 3112 description: HTTPGet specifies the http request to perform. 3113 properties: 3114 host: 3115 description: Host name to connect to, defaults to the 3116 pod IP. You probably want to set "Host" in httpHeaders 3117 instead. 3118 type: string 3119 httpHeaders: 3120 description: Custom headers to set in the request. HTTP 3121 allows repeated headers. 3122 items: 3123 description: HTTPHeader describes a custom header 3124 to be used in HTTP probes 3125 properties: 3126 name: 3127 description: The header field name 3128 type: string 3129 value: 3130 description: The header field value 3131 type: string 3132 required: 3133 - name 3134 - value 3135 type: object 3136 type: array 3137 path: 3138 description: Path to access on the HTTP server. 3139 type: string 3140 port: 3141 anyOf: 3142 - type: integer 3143 - type: string 3144 description: Name or number of the port to access on 3145 the container. Number must be in the range 1 to 65535. 3146 Name must be an IANA_SVC_NAME. 3147 x-kubernetes-int-or-string: true 3148 scheme: 3149 description: Scheme to use for connecting to the host. 3150 Defaults to HTTP. 3151 type: string 3152 required: 3153 - port 3154 type: object 3155 initialDelaySeconds: 3156 description: 'Number of seconds after the container has 3157 started before liveness probes are initiated. More info: 3158 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3159 format: int32 3160 type: integer 3161 periodSeconds: 3162 description: How often (in seconds) to perform the probe. 3163 Default to 10 seconds. Minimum value is 1. 3164 format: int32 3165 type: integer 3166 successThreshold: 3167 description: Minimum consecutive successes for the probe 3168 to be considered successful after having failed. Defaults 3169 to 1. Must be 1 for liveness and startup. Minimum value 3170 is 1. 3171 format: int32 3172 type: integer 3173 tcpSocket: 3174 description: TCPSocket specifies an action involving a TCP 3175 port. 3176 properties: 3177 host: 3178 description: 'Optional: Host name to connect to, defaults 3179 to the pod IP.' 3180 type: string 3181 port: 3182 anyOf: 3183 - type: integer 3184 - type: string 3185 description: Number or name of the port to access on 3186 the container. Number must be in the range 1 to 65535. 3187 Name must be an IANA_SVC_NAME. 3188 x-kubernetes-int-or-string: true 3189 required: 3190 - port 3191 type: object 3192 terminationGracePeriodSeconds: 3193 description: Optional duration in seconds the pod needs 3194 to terminate gracefully upon probe failure. The grace 3195 period is the duration in seconds after the processes 3196 running in the pod are sent a termination signal and the 3197 time when the processes are forcibly halted with a kill 3198 signal. Set this value longer than the expected cleanup 3199 time for your process. If this value is nil, the pod's 3200 terminationGracePeriodSeconds will be used. Otherwise, 3201 this value overrides the value provided by the pod spec. 3202 Value must be non-negative integer. The value zero indicates 3203 stop immediately via the kill signal (no opportunity to 3204 shut down). This is a beta field and requires enabling 3205 ProbeTerminationGracePeriod feature gate. Minimum value 3206 is 1. spec.terminationGracePeriodSeconds is used if unset. 3207 format: int64 3208 type: integer 3209 timeoutSeconds: 3210 description: 'Number of seconds after which the probe times 3211 out. Defaults to 1 second. Minimum value is 1. More info: 3212 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3213 format: int32 3214 type: integer 3215 type: object 3216 resources: 3217 description: 'Compute Resources required by this container. 3218 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3219 properties: 3220 claims: 3221 description: "Claims lists the names of resources, defined 3222 in spec.resourceClaims, that are used by this container. 3223 \n This is an alpha field and requires enabling the DynamicResourceAllocation 3224 feature gate. \n This field is immutable." 3225 items: 3226 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 3227 properties: 3228 name: 3229 description: Name must match the name of one entry 3230 in pod.spec.resourceClaims of the Pod where this 3231 field is used. It makes that resource available 3232 inside a container. 3233 type: string 3234 required: 3235 - name 3236 type: object 3237 type: array 3238 x-kubernetes-list-map-keys: 3239 - name 3240 x-kubernetes-list-type: map 3241 limits: 3242 additionalProperties: 3243 anyOf: 3244 - type: integer 3245 - type: string 3246 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3247 x-kubernetes-int-or-string: true 3248 description: 'Limits describes the maximum amount of compute 3249 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3250 type: object 3251 requests: 3252 additionalProperties: 3253 anyOf: 3254 - type: integer 3255 - type: string 3256 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3257 x-kubernetes-int-or-string: true 3258 description: 'Requests describes the minimum amount of compute 3259 resources required. If Requests is omitted for a container, 3260 it defaults to Limits if that is explicitly specified, 3261 otherwise to an implementation-defined value. More info: 3262 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3263 type: object 3264 type: object 3265 securityContext: 3266 description: 'SecurityContext defines the security options the 3267 container should be run with. If set, the fields of SecurityContext 3268 override the equivalent fields of PodSecurityContext. More 3269 info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3270 properties: 3271 allowPrivilegeEscalation: 3272 description: 'AllowPrivilegeEscalation controls whether 3273 a process can gain more privileges than its parent process. 3274 This bool directly controls if the no_new_privs flag will 3275 be set on the container process. AllowPrivilegeEscalation 3276 is true always when the container is: 1) run as Privileged 3277 2) has CAP_SYS_ADMIN Note that this field cannot be set 3278 when spec.os.name is windows.' 3279 type: boolean 3280 capabilities: 3281 description: The capabilities to add/drop when running containers. 3282 Defaults to the default set of capabilities granted by 3283 the container runtime. Note that this field cannot be 3284 set when spec.os.name is windows. 3285 properties: 3286 add: 3287 description: Added capabilities 3288 items: 3289 description: Capability represent POSIX capabilities 3290 type 3291 type: string 3292 type: array 3293 drop: 3294 description: Removed capabilities 3295 items: 3296 description: Capability represent POSIX capabilities 3297 type 3298 type: string 3299 type: array 3300 type: object 3301 privileged: 3302 description: Run container in privileged mode. Processes 3303 in privileged containers are essentially equivalent to 3304 root on the host. Defaults to false. Note that this field 3305 cannot be set when spec.os.name is windows. 3306 type: boolean 3307 procMount: 3308 description: procMount denotes the type of proc mount to 3309 use for the containers. The default is DefaultProcMount 3310 which uses the container runtime defaults for readonly 3311 paths and masked paths. This requires the ProcMountType 3312 feature flag to be enabled. Note that this field cannot 3313 be set when spec.os.name is windows. 3314 type: string 3315 readOnlyRootFilesystem: 3316 description: Whether this container has a read-only root 3317 filesystem. Default is false. Note that this field cannot 3318 be set when spec.os.name is windows. 3319 type: boolean 3320 runAsGroup: 3321 description: The GID to run the entrypoint of the container 3322 process. Uses runtime default if unset. May also be set 3323 in PodSecurityContext. If set in both SecurityContext 3324 and PodSecurityContext, the value specified in SecurityContext 3325 takes precedence. Note that this field cannot be set when 3326 spec.os.name is windows. 3327 format: int64 3328 type: integer 3329 runAsNonRoot: 3330 description: Indicates that the container must run as a 3331 non-root user. If true, the Kubelet will validate the 3332 image at runtime to ensure that it does not run as UID 3333 0 (root) and fail to start the container if it does. If 3334 unset or false, no such validation will be performed. 3335 May also be set in PodSecurityContext. If set in both 3336 SecurityContext and PodSecurityContext, the value specified 3337 in SecurityContext takes precedence. 3338 type: boolean 3339 runAsUser: 3340 description: The UID to run the entrypoint of the container 3341 process. Defaults to user specified in image metadata 3342 if unspecified. May also be set in PodSecurityContext. If 3343 set in both SecurityContext and PodSecurityContext, the 3344 value specified in SecurityContext takes precedence. Note 3345 that this field cannot be set when spec.os.name is windows. 3346 format: int64 3347 type: integer 3348 seLinuxOptions: 3349 description: The SELinux context to be applied to the container. 3350 If unspecified, the container runtime will allocate a 3351 random SELinux context for each container. May also be 3352 set in PodSecurityContext. If set in both SecurityContext 3353 and PodSecurityContext, the value specified in SecurityContext 3354 takes precedence. Note that this field cannot be set when 3355 spec.os.name is windows. 3356 properties: 3357 level: 3358 description: Level is SELinux level label that applies 3359 to the container. 3360 type: string 3361 role: 3362 description: Role is a SELinux role label that applies 3363 to the container. 3364 type: string 3365 type: 3366 description: Type is a SELinux type label that applies 3367 to the container. 3368 type: string 3369 user: 3370 description: User is a SELinux user label that applies 3371 to the container. 3372 type: string 3373 type: object 3374 seccompProfile: 3375 description: The seccomp options to use by this container. 3376 If seccomp options are provided at both the pod & container 3377 level, the container options override the pod options. 3378 Note that this field cannot be set when spec.os.name is 3379 windows. 3380 properties: 3381 localhostProfile: 3382 description: localhostProfile indicates a profile defined 3383 in a file on the node should be used. The profile 3384 must be preconfigured on the node to work. Must be 3385 a descending path, relative to the kubelet's configured 3386 seccomp profile location. Must only be set if type 3387 is "Localhost". 3388 type: string 3389 type: 3390 description: "type indicates which kind of seccomp profile 3391 will be applied. Valid options are: \n Localhost - 3392 a profile defined in a file on the node should be 3393 used. RuntimeDefault - the container runtime default 3394 profile should be used. Unconfined - no profile should 3395 be applied." 3396 type: string 3397 required: 3398 - type 3399 type: object 3400 windowsOptions: 3401 description: The Windows specific settings applied to all 3402 containers. If unspecified, the options from the PodSecurityContext 3403 will be used. If set in both SecurityContext and PodSecurityContext, 3404 the value specified in SecurityContext takes precedence. 3405 Note that this field cannot be set when spec.os.name is 3406 linux. 3407 properties: 3408 gmsaCredentialSpec: 3409 description: GMSACredentialSpec is where the GMSA admission 3410 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3411 inlines the contents of the GMSA credential spec named 3412 by the GMSACredentialSpecName field. 3413 type: string 3414 gmsaCredentialSpecName: 3415 description: GMSACredentialSpecName is the name of the 3416 GMSA credential spec to use. 3417 type: string 3418 hostProcess: 3419 description: HostProcess determines if a container should 3420 be run as a 'Host Process' container. This field is 3421 alpha-level and will only be honored by components 3422 that enable the WindowsHostProcessContainers feature 3423 flag. Setting this field without the feature flag 3424 will result in errors when validating the Pod. All 3425 of a Pod's containers must have the same effective 3426 HostProcess value (it is not allowed to have a mix 3427 of HostProcess containers and non-HostProcess containers). In 3428 addition, if HostProcess is true then HostNetwork 3429 must also be set to true. 3430 type: boolean 3431 runAsUserName: 3432 description: The UserName in Windows to run the entrypoint 3433 of the container process. Defaults to the user specified 3434 in image metadata if unspecified. May also be set 3435 in PodSecurityContext. If set in both SecurityContext 3436 and PodSecurityContext, the value specified in SecurityContext 3437 takes precedence. 3438 type: string 3439 type: object 3440 type: object 3441 startupProbe: 3442 description: 'StartupProbe indicates that the Pod has successfully 3443 initialized. If specified, no other probes are executed until 3444 this completes successfully. If this probe fails, the Pod 3445 will be restarted, just as if the livenessProbe failed. This 3446 can be used to provide different probe parameters at the beginning 3447 of a Pod''s lifecycle, when it might take a long time to load 3448 data or warm a cache, than during steady-state operation. 3449 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3450 properties: 3451 exec: 3452 description: Exec specifies the action to take. 3453 properties: 3454 command: 3455 description: Command is the command line to execute 3456 inside the container, the working directory for the 3457 command is root ('/') in the container's filesystem. 3458 The command is simply exec'd, it is not run inside 3459 a shell, so traditional shell instructions ('|', etc) 3460 won't work. To use a shell, you need to explicitly 3461 call out to that shell. Exit status of 0 is treated 3462 as live/healthy and non-zero is unhealthy. 3463 items: 3464 type: string 3465 type: array 3466 type: object 3467 failureThreshold: 3468 description: Minimum consecutive failures for the probe 3469 to be considered failed after having succeeded. Defaults 3470 to 3. Minimum value is 1. 3471 format: int32 3472 type: integer 3473 grpc: 3474 description: GRPC specifies an action involving a GRPC port. 3475 This is a beta field and requires enabling GRPCContainerProbe 3476 feature gate. 3477 properties: 3478 port: 3479 description: Port number of the gRPC service. Number 3480 must be in the range 1 to 65535. 3481 format: int32 3482 type: integer 3483 service: 3484 description: "Service is the name of the service to 3485 place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3486 \n If this is not specified, the default behavior 3487 is defined by gRPC." 3488 type: string 3489 required: 3490 - port 3491 type: object 3492 httpGet: 3493 description: HTTPGet specifies the http request to perform. 3494 properties: 3495 host: 3496 description: Host name to connect to, defaults to the 3497 pod IP. You probably want to set "Host" in httpHeaders 3498 instead. 3499 type: string 3500 httpHeaders: 3501 description: Custom headers to set in the request. HTTP 3502 allows repeated headers. 3503 items: 3504 description: HTTPHeader describes a custom header 3505 to be used in HTTP probes 3506 properties: 3507 name: 3508 description: The header field name 3509 type: string 3510 value: 3511 description: The header field value 3512 type: string 3513 required: 3514 - name 3515 - value 3516 type: object 3517 type: array 3518 path: 3519 description: Path to access on the HTTP server. 3520 type: string 3521 port: 3522 anyOf: 3523 - type: integer 3524 - type: string 3525 description: Name or number of the port to access on 3526 the container. Number must be in the range 1 to 65535. 3527 Name must be an IANA_SVC_NAME. 3528 x-kubernetes-int-or-string: true 3529 scheme: 3530 description: Scheme to use for connecting to the host. 3531 Defaults to HTTP. 3532 type: string 3533 required: 3534 - port 3535 type: object 3536 initialDelaySeconds: 3537 description: 'Number of seconds after the container has 3538 started before liveness probes are initiated. More info: 3539 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3540 format: int32 3541 type: integer 3542 periodSeconds: 3543 description: How often (in seconds) to perform the probe. 3544 Default to 10 seconds. Minimum value is 1. 3545 format: int32 3546 type: integer 3547 successThreshold: 3548 description: Minimum consecutive successes for the probe 3549 to be considered successful after having failed. Defaults 3550 to 1. Must be 1 for liveness and startup. Minimum value 3551 is 1. 3552 format: int32 3553 type: integer 3554 tcpSocket: 3555 description: TCPSocket specifies an action involving a TCP 3556 port. 3557 properties: 3558 host: 3559 description: 'Optional: Host name to connect to, defaults 3560 to the pod IP.' 3561 type: string 3562 port: 3563 anyOf: 3564 - type: integer 3565 - type: string 3566 description: Number or name of the port to access on 3567 the container. Number must be in the range 1 to 65535. 3568 Name must be an IANA_SVC_NAME. 3569 x-kubernetes-int-or-string: true 3570 required: 3571 - port 3572 type: object 3573 terminationGracePeriodSeconds: 3574 description: Optional duration in seconds the pod needs 3575 to terminate gracefully upon probe failure. The grace 3576 period is the duration in seconds after the processes 3577 running in the pod are sent a termination signal and the 3578 time when the processes are forcibly halted with a kill 3579 signal. Set this value longer than the expected cleanup 3580 time for your process. If this value is nil, the pod's 3581 terminationGracePeriodSeconds will be used. Otherwise, 3582 this value overrides the value provided by the pod spec. 3583 Value must be non-negative integer. The value zero indicates 3584 stop immediately via the kill signal (no opportunity to 3585 shut down). This is a beta field and requires enabling 3586 ProbeTerminationGracePeriod feature gate. Minimum value 3587 is 1. spec.terminationGracePeriodSeconds is used if unset. 3588 format: int64 3589 type: integer 3590 timeoutSeconds: 3591 description: 'Number of seconds after which the probe times 3592 out. Defaults to 1 second. Minimum value is 1. More info: 3593 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3594 format: int32 3595 type: integer 3596 type: object 3597 stdin: 3598 description: Whether this container should allocate a buffer 3599 for stdin in the container runtime. If this is not set, reads 3600 from stdin in the container will always result in EOF. Default 3601 is false. 3602 type: boolean 3603 stdinOnce: 3604 description: Whether the container runtime should close the 3605 stdin channel after it has been opened by a single attach. 3606 When stdin is true the stdin stream will remain open across 3607 multiple attach sessions. If stdinOnce is set to true, stdin 3608 is opened on container start, is empty until the first client 3609 attaches to stdin, and then remains open and accepts data 3610 until the client disconnects, at which time stdin is closed 3611 and remains closed until the container is restarted. If this 3612 flag is false, a container processes that reads from stdin 3613 will never receive an EOF. Default is false 3614 type: boolean 3615 terminationMessagePath: 3616 description: 'Optional: Path at which the file to which the 3617 container''s termination message will be written is mounted 3618 into the container''s filesystem. Message written is intended 3619 to be brief final status, such as an assertion failure message. 3620 Will be truncated by the node if greater than 4096 bytes. 3621 The total message length across all containers will be limited 3622 to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 3623 type: string 3624 terminationMessagePolicy: 3625 description: Indicate how the termination message should be 3626 populated. File will use the contents of terminationMessagePath 3627 to populate the container status message on both success and 3628 failure. FallbackToLogsOnError will use the last chunk of 3629 container log output if the termination message file is empty 3630 and the container exited with an error. The log output is 3631 limited to 2048 bytes or 80 lines, whichever is smaller. Defaults 3632 to File. Cannot be updated. 3633 type: string 3634 tty: 3635 description: Whether this container should allocate a TTY for 3636 itself, also requires 'stdin' to be true. Default is false. 3637 type: boolean 3638 volumeDevices: 3639 description: volumeDevices is the list of block devices to be 3640 used by the container. 3641 items: 3642 description: volumeDevice describes a mapping of a raw block 3643 device within a container. 3644 properties: 3645 devicePath: 3646 description: devicePath is the path inside of the container 3647 that the device will be mapped to. 3648 type: string 3649 name: 3650 description: name must match the name of a persistentVolumeClaim 3651 in the pod 3652 type: string 3653 required: 3654 - devicePath 3655 - name 3656 type: object 3657 type: array 3658 volumeMounts: 3659 description: Pod volumes to mount into the container's filesystem. 3660 Cannot be updated. 3661 items: 3662 description: VolumeMount describes a mounting of a Volume 3663 within a container. 3664 properties: 3665 mountPath: 3666 description: Path within the container at which the volume 3667 should be mounted. Must not contain ':'. 3668 type: string 3669 mountPropagation: 3670 description: mountPropagation determines how mounts are 3671 propagated from the host to container and the other 3672 way around. When not set, MountPropagationNone is used. 3673 This field is beta in 1.10. 3674 type: string 3675 name: 3676 description: This must match the Name of a Volume. 3677 type: string 3678 readOnly: 3679 description: Mounted read-only if true, read-write otherwise 3680 (false or unspecified). Defaults to false. 3681 type: boolean 3682 subPath: 3683 description: Path within the volume from which the container's 3684 volume should be mounted. Defaults to "" (volume's root). 3685 type: string 3686 subPathExpr: 3687 description: Expanded path within the volume from which 3688 the container's volume should be mounted. Behaves similarly 3689 to SubPath but environment variable references $(VAR_NAME) 3690 are expanded using the container's environment. Defaults 3691 to "" (volume's root). SubPathExpr and SubPath are mutually 3692 exclusive. 3693 type: string 3694 required: 3695 - mountPath 3696 - name 3697 type: object 3698 type: array 3699 workingDir: 3700 description: Container's working directory. If not specified, 3701 the container runtime's default will be used, which might 3702 be configured in the container image. Cannot be updated. 3703 type: string 3704 required: 3705 - name 3706 type: object 3707 type: array 3708 labels: 3709 additionalProperties: 3710 type: string 3711 description: Labels configure the external label pairs to ThanosRuler. 3712 A default replica label `thanos_ruler_replica` will be always added as 3713 a label with the value of the pod's name and it will be dropped 3714 in the alerts. 3715 type: object 3716 listenLocal: 3717 description: ListenLocal makes the Thanos ruler listen on loopback, 3718 so that it does not bind against the Pod IP. 3719 type: boolean 3720 logFormat: 3721 description: Log format for ThanosRuler to be configured with. 3722 enum: 3723 - "" 3724 - logfmt 3725 - json 3726 type: string 3727 logLevel: 3728 description: Log level for ThanosRuler to be configured with. 3729 enum: 3730 - "" 3731 - debug 3732 - info 3733 - warn 3734 - error 3735 type: string 3736 minReadySeconds: 3737 description: Minimum number of seconds for which a newly created pod 3738 should be ready without any of its container crashing for it to 3739 be considered available. Defaults to 0 (pod will be considered available 3740 as soon as it is ready) This is an alpha field from kubernetes 1.22 3741 until 1.24 which requires enabling the StatefulSetMinReadySeconds 3742 feature gate. 3743 format: int32 3744 type: integer 3745 nodeSelector: 3746 additionalProperties: 3747 type: string 3748 description: Define which Nodes the Pods are scheduled on. 3749 type: object 3750 objectStorageConfig: 3751 description: ObjectStorageConfig configures object storage in Thanos. 3752 Alternative to ObjectStorageConfigFile, and lower order priority. 3753 properties: 3754 key: 3755 description: The key of the secret to select from. Must be a 3756 valid secret key. 3757 type: string 3758 name: 3759 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3760 TODO: Add other useful fields. apiVersion, kind, uid?' 3761 type: string 3762 optional: 3763 description: Specify whether the Secret or its key must be defined 3764 type: boolean 3765 required: 3766 - key 3767 type: object 3768 x-kubernetes-map-type: atomic 3769 objectStorageConfigFile: 3770 description: ObjectStorageConfigFile specifies the path of the object 3771 storage configuration file. When used alongside with ObjectStorageConfig, 3772 ObjectStorageConfigFile takes precedence. 3773 type: string 3774 paused: 3775 description: When a ThanosRuler deployment is paused, no actions except 3776 for deletion will be performed on the underlying objects. 3777 type: boolean 3778 podMetadata: 3779 description: PodMetadata contains Labels and Annotations gets propagated 3780 to the thanos ruler pods. 3781 properties: 3782 annotations: 3783 additionalProperties: 3784 type: string 3785 description: 'Annotations is an unstructured key value map stored 3786 with a resource that may be set by external tools to store and 3787 retrieve arbitrary metadata. They are not queryable and should 3788 be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 3789 type: object 3790 labels: 3791 additionalProperties: 3792 type: string 3793 description: 'Map of string keys and values that can be used to 3794 organize and categorize (scope and select) objects. May match 3795 selectors of replication controllers and services. More info: 3796 http://kubernetes.io/docs/user-guide/labels' 3797 type: object 3798 name: 3799 description: 'Name must be unique within a namespace. Is required 3800 when creating resources, although some resources may allow a 3801 client to request the generation of an appropriate name automatically. 3802 Name is primarily intended for creation idempotence and configuration 3803 definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 3804 type: string 3805 type: object 3806 portName: 3807 description: Port name used for the pods and governing service. This 3808 defaults to web 3809 type: string 3810 priorityClassName: 3811 description: Priority class assigned to the Pods 3812 type: string 3813 prometheusRulesExcludedFromEnforce: 3814 description: 'PrometheusRulesExcludedFromEnforce - list of Prometheus 3815 rules to be excluded from enforcing of adding namespace labels. 3816 Works only if enforcedNamespaceLabel set to true. Make sure both 3817 ruleNamespace and ruleName are set for each pair Deprecated: use 3818 excludedFromEnforcement instead.' 3819 items: 3820 description: PrometheusRuleExcludeConfig enables users to configure 3821 excluded PrometheusRule names and their namespaces to be ignored 3822 while enforcing namespace label for alerts and metrics. 3823 properties: 3824 ruleName: 3825 description: RuleNamespace - name of excluded rule 3826 type: string 3827 ruleNamespace: 3828 description: RuleNamespace - namespace of excluded rule 3829 type: string 3830 required: 3831 - ruleName 3832 - ruleNamespace 3833 type: object 3834 type: array 3835 queryConfig: 3836 description: Define configuration for connecting to thanos query instances. 3837 If this is defined, the QueryEndpoints field will be ignored. Maps 3838 to the `query.config` CLI argument. Only available with thanos v0.11.0 3839 and higher. 3840 properties: 3841 key: 3842 description: The key of the secret to select from. Must be a 3843 valid secret key. 3844 type: string 3845 name: 3846 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3847 TODO: Add other useful fields. apiVersion, kind, uid?' 3848 type: string 3849 optional: 3850 description: Specify whether the Secret or its key must be defined 3851 type: boolean 3852 required: 3853 - key 3854 type: object 3855 x-kubernetes-map-type: atomic 3856 queryEndpoints: 3857 description: QueryEndpoints defines Thanos querier endpoints from 3858 which to query metrics. Maps to the --query flag of thanos ruler. 3859 items: 3860 type: string 3861 type: array 3862 replicas: 3863 description: Number of thanos ruler instances to deploy. 3864 format: int32 3865 type: integer 3866 resources: 3867 description: Resources defines the resource requirements for single 3868 Pods. If not provided, no requests/limits will be set 3869 properties: 3870 claims: 3871 description: "Claims lists the names of resources, defined in 3872 spec.resourceClaims, that are used by this container. \n This 3873 is an alpha field and requires enabling the DynamicResourceAllocation 3874 feature gate. \n This field is immutable." 3875 items: 3876 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 3877 properties: 3878 name: 3879 description: Name must match the name of one entry in pod.spec.resourceClaims 3880 of the Pod where this field is used. It makes that resource 3881 available inside a container. 3882 type: string 3883 required: 3884 - name 3885 type: object 3886 type: array 3887 x-kubernetes-list-map-keys: 3888 - name 3889 x-kubernetes-list-type: map 3890 limits: 3891 additionalProperties: 3892 anyOf: 3893 - type: integer 3894 - type: string 3895 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3896 x-kubernetes-int-or-string: true 3897 description: 'Limits describes the maximum amount of compute resources 3898 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3899 type: object 3900 requests: 3901 additionalProperties: 3902 anyOf: 3903 - type: integer 3904 - type: string 3905 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3906 x-kubernetes-int-or-string: true 3907 description: 'Requests describes the minimum amount of compute 3908 resources required. If Requests is omitted for a container, 3909 it defaults to Limits if that is explicitly specified, otherwise 3910 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3911 type: object 3912 type: object 3913 retention: 3914 default: 24h 3915 description: Time duration ThanosRuler shall retain data for. Default 3916 is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` 3917 (milliseconds seconds minutes hours days weeks years). 3918 pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ 3919 type: string 3920 routePrefix: 3921 description: The route prefix ThanosRuler registers HTTP handlers 3922 for. This allows thanos UI to be served on a sub-path. 3923 type: string 3924 ruleNamespaceSelector: 3925 description: Namespaces to be selected for Rules discovery. If unspecified, 3926 only the same namespace as the ThanosRuler object is in is used. 3927 properties: 3928 matchExpressions: 3929 description: matchExpressions is a list of label selector requirements. 3930 The requirements are ANDed. 3931 items: 3932 description: A label selector requirement is a selector that 3933 contains values, a key, and an operator that relates the key 3934 and values. 3935 properties: 3936 key: 3937 description: key is the label key that the selector applies 3938 to. 3939 type: string 3940 operator: 3941 description: operator represents a key's relationship to 3942 a set of values. Valid operators are In, NotIn, Exists 3943 and DoesNotExist. 3944 type: string 3945 values: 3946 description: values is an array of string values. If the 3947 operator is In or NotIn, the values array must be non-empty. 3948 If the operator is Exists or DoesNotExist, the values 3949 array must be empty. This array is replaced during a strategic 3950 merge patch. 3951 items: 3952 type: string 3953 type: array 3954 required: 3955 - key 3956 - operator 3957 type: object 3958 type: array 3959 matchLabels: 3960 additionalProperties: 3961 type: string 3962 description: matchLabels is a map of {key,value} pairs. A single 3963 {key,value} in the matchLabels map is equivalent to an element 3964 of matchExpressions, whose key field is "key", the operator 3965 is "In", and the values array contains only "value". The requirements 3966 are ANDed. 3967 type: object 3968 type: object 3969 x-kubernetes-map-type: atomic 3970 ruleSelector: 3971 description: A label selector to select which PrometheusRules to mount 3972 for alerting and recording. 3973 properties: 3974 matchExpressions: 3975 description: matchExpressions is a list of label selector requirements. 3976 The requirements are ANDed. 3977 items: 3978 description: A label selector requirement is a selector that 3979 contains values, a key, and an operator that relates the key 3980 and values. 3981 properties: 3982 key: 3983 description: key is the label key that the selector applies 3984 to. 3985 type: string 3986 operator: 3987 description: operator represents a key's relationship to 3988 a set of values. Valid operators are In, NotIn, Exists 3989 and DoesNotExist. 3990 type: string 3991 values: 3992 description: values is an array of string values. If the 3993 operator is In or NotIn, the values array must be non-empty. 3994 If the operator is Exists or DoesNotExist, the values 3995 array must be empty. This array is replaced during a strategic 3996 merge patch. 3997 items: 3998 type: string 3999 type: array 4000 required: 4001 - key 4002 - operator 4003 type: object 4004 type: array 4005 matchLabels: 4006 additionalProperties: 4007 type: string 4008 description: matchLabels is a map of {key,value} pairs. A single 4009 {key,value} in the matchLabels map is equivalent to an element 4010 of matchExpressions, whose key field is "key", the operator 4011 is "In", and the values array contains only "value". The requirements 4012 are ANDed. 4013 type: object 4014 type: object 4015 x-kubernetes-map-type: atomic 4016 securityContext: 4017 description: SecurityContext holds pod-level security attributes and 4018 common container settings. This defaults to the default PodSecurityContext. 4019 properties: 4020 fsGroup: 4021 description: "A special supplemental group that applies to all 4022 containers in a pod. Some volume types allow the Kubelet to 4023 change the ownership of that volume to be owned by the pod: 4024 \n 1. The owning GID will be the FSGroup 2. The setgid bit is 4025 set (new files created in the volume will be owned by FSGroup) 4026 3. The permission bits are OR'd with rw-rw---- \n If unset, 4027 the Kubelet will not modify the ownership and permissions of 4028 any volume. Note that this field cannot be set when spec.os.name 4029 is windows." 4030 format: int64 4031 type: integer 4032 fsGroupChangePolicy: 4033 description: 'fsGroupChangePolicy defines behavior of changing 4034 ownership and permission of the volume before being exposed 4035 inside Pod. This field will only apply to volume types which 4036 support fsGroup based ownership(and permissions). It will have 4037 no effect on ephemeral volume types such as: secret, configmaps 4038 and emptydir. Valid values are "OnRootMismatch" and "Always". 4039 If not specified, "Always" is used. Note that this field cannot 4040 be set when spec.os.name is windows.' 4041 type: string 4042 runAsGroup: 4043 description: The GID to run the entrypoint of the container process. 4044 Uses runtime default if unset. May also be set in SecurityContext. If 4045 set in both SecurityContext and PodSecurityContext, the value 4046 specified in SecurityContext takes precedence for that container. 4047 Note that this field cannot be set when spec.os.name is windows. 4048 format: int64 4049 type: integer 4050 runAsNonRoot: 4051 description: Indicates that the container must run as a non-root 4052 user. If true, the Kubelet will validate the image at runtime 4053 to ensure that it does not run as UID 0 (root) and fail to start 4054 the container if it does. If unset or false, no such validation 4055 will be performed. May also be set in SecurityContext. If set 4056 in both SecurityContext and PodSecurityContext, the value specified 4057 in SecurityContext takes precedence. 4058 type: boolean 4059 runAsUser: 4060 description: The UID to run the entrypoint of the container process. 4061 Defaults to user specified in image metadata if unspecified. 4062 May also be set in SecurityContext. If set in both SecurityContext 4063 and PodSecurityContext, the value specified in SecurityContext 4064 takes precedence for that container. Note that this field cannot 4065 be set when spec.os.name is windows. 4066 format: int64 4067 type: integer 4068 seLinuxOptions: 4069 description: The SELinux context to be applied to all containers. 4070 If unspecified, the container runtime will allocate a random 4071 SELinux context for each container. May also be set in SecurityContext. If 4072 set in both SecurityContext and PodSecurityContext, the value 4073 specified in SecurityContext takes precedence for that container. 4074 Note that this field cannot be set when spec.os.name is windows. 4075 properties: 4076 level: 4077 description: Level is SELinux level label that applies to 4078 the container. 4079 type: string 4080 role: 4081 description: Role is a SELinux role label that applies to 4082 the container. 4083 type: string 4084 type: 4085 description: Type is a SELinux type label that applies to 4086 the container. 4087 type: string 4088 user: 4089 description: User is a SELinux user label that applies to 4090 the container. 4091 type: string 4092 type: object 4093 seccompProfile: 4094 description: The seccomp options to use by the containers in this 4095 pod. Note that this field cannot be set when spec.os.name is 4096 windows. 4097 properties: 4098 localhostProfile: 4099 description: localhostProfile indicates a profile defined 4100 in a file on the node should be used. The profile must be 4101 preconfigured on the node to work. Must be a descending 4102 path, relative to the kubelet's configured seccomp profile 4103 location. Must only be set if type is "Localhost". 4104 type: string 4105 type: 4106 description: "type indicates which kind of seccomp profile 4107 will be applied. Valid options are: \n Localhost - a profile 4108 defined in a file on the node should be used. RuntimeDefault 4109 - the container runtime default profile should be used. 4110 Unconfined - no profile should be applied." 4111 type: string 4112 required: 4113 - type 4114 type: object 4115 supplementalGroups: 4116 description: A list of groups applied to the first process run 4117 in each container, in addition to the container's primary GID, 4118 the fsGroup (if specified), and group memberships defined in 4119 the container image for the uid of the container process. If 4120 unspecified, no additional groups are added to any container. 4121 Note that group memberships defined in the container image for 4122 the uid of the container process are still effective, even if 4123 they are not included in this list. Note that this field cannot 4124 be set when spec.os.name is windows. 4125 items: 4126 format: int64 4127 type: integer 4128 type: array 4129 sysctls: 4130 description: Sysctls hold a list of namespaced sysctls used for 4131 the pod. Pods with unsupported sysctls (by the container runtime) 4132 might fail to launch. Note that this field cannot be set when 4133 spec.os.name is windows. 4134 items: 4135 description: Sysctl defines a kernel parameter to be set 4136 properties: 4137 name: 4138 description: Name of a property to set 4139 type: string 4140 value: 4141 description: Value of a property to set 4142 type: string 4143 required: 4144 - name 4145 - value 4146 type: object 4147 type: array 4148 windowsOptions: 4149 description: The Windows specific settings applied to all containers. 4150 If unspecified, the options within a container's SecurityContext 4151 will be used. If set in both SecurityContext and PodSecurityContext, 4152 the value specified in SecurityContext takes precedence. Note 4153 that this field cannot be set when spec.os.name is linux. 4154 properties: 4155 gmsaCredentialSpec: 4156 description: GMSACredentialSpec is where the GMSA admission 4157 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4158 inlines the contents of the GMSA credential spec named by 4159 the GMSACredentialSpecName field. 4160 type: string 4161 gmsaCredentialSpecName: 4162 description: GMSACredentialSpecName is the name of the GMSA 4163 credential spec to use. 4164 type: string 4165 hostProcess: 4166 description: HostProcess determines if a container should 4167 be run as a 'Host Process' container. This field is alpha-level 4168 and will only be honored by components that enable the WindowsHostProcessContainers 4169 feature flag. Setting this field without the feature flag 4170 will result in errors when validating the Pod. All of a 4171 Pod's containers must have the same effective HostProcess 4172 value (it is not allowed to have a mix of HostProcess containers 4173 and non-HostProcess containers). In addition, if HostProcess 4174 is true then HostNetwork must also be set to true. 4175 type: boolean 4176 runAsUserName: 4177 description: The UserName in Windows to run the entrypoint 4178 of the container process. Defaults to the user specified 4179 in image metadata if unspecified. May also be set in PodSecurityContext. 4180 If set in both SecurityContext and PodSecurityContext, the 4181 value specified in SecurityContext takes precedence. 4182 type: string 4183 type: object 4184 type: object 4185 serviceAccountName: 4186 description: ServiceAccountName is the name of the ServiceAccount 4187 to use to run the Thanos Ruler Pods. 4188 type: string 4189 storage: 4190 description: Storage spec to specify how storage shall be used. 4191 properties: 4192 disableMountSubPath: 4193 description: 'Deprecated: subPath usage will be disabled by default 4194 in a future release, this option will become unnecessary. DisableMountSubPath 4195 allows to remove any subPath usage in volume mounts.' 4196 type: boolean 4197 emptyDir: 4198 description: 'EmptyDirVolumeSource to be used by the StatefulSet. 4199 If specified, used in place of any volumeClaimTemplate. More 4200 info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' 4201 properties: 4202 medium: 4203 description: 'medium represents what type of storage medium 4204 should back this directory. The default is "" which means 4205 to use the node''s default medium. Must be an empty string 4206 (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 4207 type: string 4208 sizeLimit: 4209 anyOf: 4210 - type: integer 4211 - type: string 4212 description: 'sizeLimit is the total amount of local storage 4213 required for this EmptyDir volume. The size limit is also 4214 applicable for memory medium. The maximum usage on memory 4215 medium EmptyDir would be the minimum value between the SizeLimit 4216 specified here and the sum of memory limits of all containers 4217 in a pod. The default is nil which means that the limit 4218 is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 4219 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4220 x-kubernetes-int-or-string: true 4221 type: object 4222 ephemeral: 4223 description: 'EphemeralVolumeSource to be used by the StatefulSet. 4224 This is a beta field in k8s 1.21, for lower versions, starting 4225 with k8s 1.19, it requires enabling the GenericEphemeralVolume 4226 feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' 4227 properties: 4228 volumeClaimTemplate: 4229 description: "Will be used to create a stand-alone PVC to 4230 provision the volume. The pod in which this EphemeralVolumeSource 4231 is embedded will be the owner of the PVC, i.e. the PVC will 4232 be deleted together with the pod. The name of the PVC will 4233 be `<pod name>-<volume name>` where `<volume name>` is the 4234 name from the `PodSpec.Volumes` array entry. Pod validation 4235 will reject the pod if the concatenated name is not valid 4236 for a PVC (for example, too long). \n An existing PVC with 4237 that name that is not owned by the pod will *not* be used 4238 for the pod to avoid using an unrelated volume by mistake. 4239 Starting the pod is then blocked until the unrelated PVC 4240 is removed. If such a pre-created PVC is meant to be used 4241 by the pod, the PVC has to updated with an owner reference 4242 to the pod once the pod exists. Normally this should not 4243 be necessary, but it may be useful when manually reconstructing 4244 a broken cluster. \n This field is read-only and no changes 4245 will be made by Kubernetes to the PVC after it has been 4246 created. \n Required, must not be nil." 4247 properties: 4248 metadata: 4249 description: May contain labels and annotations that will 4250 be copied into the PVC when creating it. No other fields 4251 are allowed and will be rejected during validation. 4252 type: object 4253 spec: 4254 description: The specification for the PersistentVolumeClaim. 4255 The entire content is copied unchanged into the PVC 4256 that gets created from this template. The same fields 4257 as in a PersistentVolumeClaim are also valid here. 4258 properties: 4259 accessModes: 4260 description: 'accessModes contains the desired access 4261 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4262 items: 4263 type: string 4264 type: array 4265 dataSource: 4266 description: 'dataSource field can be used to specify 4267 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 4268 * An existing PVC (PersistentVolumeClaim) If the 4269 provisioner or an external controller can support 4270 the specified data source, it will create a new 4271 volume based on the contents of the specified data 4272 source. When the AnyVolumeDataSource feature gate 4273 is enabled, dataSource contents will be copied to 4274 dataSourceRef, and dataSourceRef contents will be 4275 copied to dataSource when dataSourceRef.namespace 4276 is not specified. If the namespace is specified, 4277 then dataSourceRef will not be copied to dataSource.' 4278 properties: 4279 apiGroup: 4280 description: APIGroup is the group for the resource 4281 being referenced. If APIGroup is not specified, 4282 the specified Kind must be in the core API group. 4283 For any other third-party types, APIGroup is 4284 required. 4285 type: string 4286 kind: 4287 description: Kind is the type of resource being 4288 referenced 4289 type: string 4290 name: 4291 description: Name is the name of resource being 4292 referenced 4293 type: string 4294 required: 4295 - kind 4296 - name 4297 type: object 4298 x-kubernetes-map-type: atomic 4299 dataSourceRef: 4300 description: 'dataSourceRef specifies the object from 4301 which to populate the volume with data, if a non-empty 4302 volume is desired. This may be any object from a 4303 non-empty API group (non core object) or a PersistentVolumeClaim 4304 object. When this field is specified, volume binding 4305 will only succeed if the type of the specified object 4306 matches some installed volume populator or dynamic 4307 provisioner. This field will replace the functionality 4308 of the dataSource field and as such if both fields 4309 are non-empty, they must have the same value. For 4310 backwards compatibility, when namespace isn''t specified 4311 in dataSourceRef, both fields (dataSource and dataSourceRef) 4312 will be set to the same value automatically if one 4313 of them is empty and the other is non-empty. When 4314 namespace is specified in dataSourceRef, dataSource 4315 isn''t set to the same value and must be empty. 4316 There are three important differences between dataSource 4317 and dataSourceRef: * While dataSource only allows 4318 two specific types of objects, dataSourceRef allows 4319 any non-core object, as well as PersistentVolumeClaim 4320 objects. * While dataSource ignores disallowed values 4321 (dropping them), dataSourceRef preserves all values, 4322 and generates an error if a disallowed value is 4323 specified. * While dataSource only allows local 4324 objects, dataSourceRef allows objects in any namespaces. 4325 (Beta) Using this field requires the AnyVolumeDataSource 4326 feature gate to be enabled. (Alpha) Using the namespace 4327 field of dataSourceRef requires the CrossNamespaceVolumeDataSource 4328 feature gate to be enabled.' 4329 properties: 4330 apiGroup: 4331 description: APIGroup is the group for the resource 4332 being referenced. If APIGroup is not specified, 4333 the specified Kind must be in the core API group. 4334 For any other third-party types, APIGroup is 4335 required. 4336 type: string 4337 kind: 4338 description: Kind is the type of resource being 4339 referenced 4340 type: string 4341 name: 4342 description: Name is the name of resource being 4343 referenced 4344 type: string 4345 namespace: 4346 description: Namespace is the namespace of resource 4347 being referenced Note that when a namespace 4348 is specified, a gateway.networking.k8s.io/ReferenceGrant 4349 object is required in the referent namespace 4350 to allow that namespace's owner to accept the 4351 reference. See the ReferenceGrant documentation 4352 for details. (Alpha) This field requires the 4353 CrossNamespaceVolumeDataSource feature gate 4354 to be enabled. 4355 type: string 4356 required: 4357 - kind 4358 - name 4359 type: object 4360 resources: 4361 description: 'resources represents the minimum resources 4362 the volume should have. If RecoverVolumeExpansionFailure 4363 feature is enabled users are allowed to specify 4364 resource requirements that are lower than previous 4365 value but must still be higher than capacity recorded 4366 in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 4367 properties: 4368 claims: 4369 description: "Claims lists the names of resources, 4370 defined in spec.resourceClaims, that are used 4371 by this container. \n This is an alpha field 4372 and requires enabling the DynamicResourceAllocation 4373 feature gate. \n This field is immutable." 4374 items: 4375 description: ResourceClaim references one entry 4376 in PodSpec.ResourceClaims. 4377 properties: 4378 name: 4379 description: Name must match the name of 4380 one entry in pod.spec.resourceClaims of 4381 the Pod where this field is used. It makes 4382 that resource available inside a container. 4383 type: string 4384 required: 4385 - name 4386 type: object 4387 type: array 4388 x-kubernetes-list-map-keys: 4389 - name 4390 x-kubernetes-list-type: map 4391 limits: 4392 additionalProperties: 4393 anyOf: 4394 - type: integer 4395 - type: string 4396 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4397 x-kubernetes-int-or-string: true 4398 description: 'Limits describes the maximum amount 4399 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4400 type: object 4401 requests: 4402 additionalProperties: 4403 anyOf: 4404 - type: integer 4405 - type: string 4406 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4407 x-kubernetes-int-or-string: true 4408 description: 'Requests describes the minimum amount 4409 of compute resources required. If Requests is 4410 omitted for a container, it defaults to Limits 4411 if that is explicitly specified, otherwise to 4412 an implementation-defined value. More info: 4413 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4414 type: object 4415 type: object 4416 selector: 4417 description: selector is a label query over volumes 4418 to consider for binding. 4419 properties: 4420 matchExpressions: 4421 description: matchExpressions is a list of label 4422 selector requirements. The requirements are 4423 ANDed. 4424 items: 4425 description: A label selector requirement is 4426 a selector that contains values, a key, and 4427 an operator that relates the key and values. 4428 properties: 4429 key: 4430 description: key is the label key that the 4431 selector applies to. 4432 type: string 4433 operator: 4434 description: operator represents a key's 4435 relationship to a set of values. Valid 4436 operators are In, NotIn, Exists and DoesNotExist. 4437 type: string 4438 values: 4439 description: values is an array of string 4440 values. If the operator is In or NotIn, 4441 the values array must be non-empty. If 4442 the operator is Exists or DoesNotExist, 4443 the values array must be empty. This array 4444 is replaced during a strategic merge patch. 4445 items: 4446 type: string 4447 type: array 4448 required: 4449 - key 4450 - operator 4451 type: object 4452 type: array 4453 matchLabels: 4454 additionalProperties: 4455 type: string 4456 description: matchLabels is a map of {key,value} 4457 pairs. A single {key,value} in the matchLabels 4458 map is equivalent to an element of matchExpressions, 4459 whose key field is "key", the operator is "In", 4460 and the values array contains only "value". 4461 The requirements are ANDed. 4462 type: object 4463 type: object 4464 x-kubernetes-map-type: atomic 4465 storageClassName: 4466 description: 'storageClassName is the name of the 4467 StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 4468 type: string 4469 volumeMode: 4470 description: volumeMode defines what type of volume 4471 is required by the claim. Value of Filesystem is 4472 implied when not included in claim spec. 4473 type: string 4474 volumeName: 4475 description: volumeName is the binding reference to 4476 the PersistentVolume backing this claim. 4477 type: string 4478 type: object 4479 required: 4480 - spec 4481 type: object 4482 type: object 4483 volumeClaimTemplate: 4484 description: A PVC spec to be used by the StatefulSet. The easiest 4485 way to use a volume that cannot be automatically provisioned 4486 (for whatever reason) is to use a label selector alongside manually 4487 created PersistentVolumes. 4488 properties: 4489 apiVersion: 4490 description: 'APIVersion defines the versioned schema of this 4491 representation of an object. Servers should convert recognized 4492 schemas to the latest internal value, and may reject unrecognized 4493 values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 4494 type: string 4495 kind: 4496 description: 'Kind is a string value representing the REST 4497 resource this object represents. Servers may infer this 4498 from the endpoint the client submits requests to. Cannot 4499 be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 4500 type: string 4501 metadata: 4502 description: EmbeddedMetadata contains metadata relevant to 4503 an EmbeddedResource. 4504 properties: 4505 annotations: 4506 additionalProperties: 4507 type: string 4508 description: 'Annotations is an unstructured key value 4509 map stored with a resource that may be set by external 4510 tools to store and retrieve arbitrary metadata. They 4511 are not queryable and should be preserved when modifying 4512 objects. More info: http://kubernetes.io/docs/user-guide/annotations' 4513 type: object 4514 labels: 4515 additionalProperties: 4516 type: string 4517 description: 'Map of string keys and values that can be 4518 used to organize and categorize (scope and select) objects. 4519 May match selectors of replication controllers and services. 4520 More info: http://kubernetes.io/docs/user-guide/labels' 4521 type: object 4522 name: 4523 description: 'Name must be unique within a namespace. 4524 Is required when creating resources, although some resources 4525 may allow a client to request the generation of an appropriate 4526 name automatically. Name is primarily intended for creation 4527 idempotence and configuration definition. Cannot be 4528 updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 4529 type: string 4530 type: object 4531 spec: 4532 description: 'Spec defines the desired characteristics of 4533 a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4534 properties: 4535 accessModes: 4536 description: 'accessModes contains the desired access 4537 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4538 items: 4539 type: string 4540 type: array 4541 dataSource: 4542 description: 'dataSource field can be used to specify 4543 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 4544 * An existing PVC (PersistentVolumeClaim) If the provisioner 4545 or an external controller can support the specified 4546 data source, it will create a new volume based on the 4547 contents of the specified data source. When the AnyVolumeDataSource 4548 feature gate is enabled, dataSource contents will be 4549 copied to dataSourceRef, and dataSourceRef contents 4550 will be copied to dataSource when dataSourceRef.namespace 4551 is not specified. If the namespace is specified, then 4552 dataSourceRef will not be copied to dataSource.' 4553 properties: 4554 apiGroup: 4555 description: APIGroup is the group for the resource 4556 being referenced. If APIGroup is not specified, 4557 the specified Kind must be in the core API group. 4558 For any other third-party types, APIGroup is required. 4559 type: string 4560 kind: 4561 description: Kind is the type of resource being referenced 4562 type: string 4563 name: 4564 description: Name is the name of resource being referenced 4565 type: string 4566 required: 4567 - kind 4568 - name 4569 type: object 4570 x-kubernetes-map-type: atomic 4571 dataSourceRef: 4572 description: 'dataSourceRef specifies the object from 4573 which to populate the volume with data, if a non-empty 4574 volume is desired. This may be any object from a non-empty 4575 API group (non core object) or a PersistentVolumeClaim 4576 object. When this field is specified, volume binding 4577 will only succeed if the type of the specified object 4578 matches some installed volume populator or dynamic provisioner. 4579 This field will replace the functionality of the dataSource 4580 field and as such if both fields are non-empty, they 4581 must have the same value. For backwards compatibility, 4582 when namespace isn''t specified in dataSourceRef, both 4583 fields (dataSource and dataSourceRef) will be set to 4584 the same value automatically if one of them is empty 4585 and the other is non-empty. When namespace is specified 4586 in dataSourceRef, dataSource isn''t set to the same 4587 value and must be empty. There are three important differences 4588 between dataSource and dataSourceRef: * While dataSource 4589 only allows two specific types of objects, dataSourceRef 4590 allows any non-core object, as well as PersistentVolumeClaim 4591 objects. * While dataSource ignores disallowed values 4592 (dropping them), dataSourceRef preserves all values, 4593 and generates an error if a disallowed value is specified. 4594 * While dataSource only allows local objects, dataSourceRef 4595 allows objects in any namespaces. (Beta) Using this 4596 field requires the AnyVolumeDataSource feature gate 4597 to be enabled. (Alpha) Using the namespace field of 4598 dataSourceRef requires the CrossNamespaceVolumeDataSource 4599 feature gate to be enabled.' 4600 properties: 4601 apiGroup: 4602 description: APIGroup is the group for the resource 4603 being referenced. If APIGroup is not specified, 4604 the specified Kind must be in the core API group. 4605 For any other third-party types, APIGroup is required. 4606 type: string 4607 kind: 4608 description: Kind is the type of resource being referenced 4609 type: string 4610 name: 4611 description: Name is the name of resource being referenced 4612 type: string 4613 namespace: 4614 description: Namespace is the namespace of resource 4615 being referenced Note that when a namespace is specified, 4616 a gateway.networking.k8s.io/ReferenceGrant object 4617 is required in the referent namespace to allow that 4618 namespace's owner to accept the reference. See the 4619 ReferenceGrant documentation for details. (Alpha) 4620 This field requires the CrossNamespaceVolumeDataSource 4621 feature gate to be enabled. 4622 type: string 4623 required: 4624 - kind 4625 - name 4626 type: object 4627 resources: 4628 description: 'resources represents the minimum resources 4629 the volume should have. If RecoverVolumeExpansionFailure 4630 feature is enabled users are allowed to specify resource 4631 requirements that are lower than previous value but 4632 must still be higher than capacity recorded in the status 4633 field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 4634 properties: 4635 claims: 4636 description: "Claims lists the names of resources, 4637 defined in spec.resourceClaims, that are used by 4638 this container. \n This is an alpha field and requires 4639 enabling the DynamicResourceAllocation feature gate. 4640 \n This field is immutable." 4641 items: 4642 description: ResourceClaim references one entry 4643 in PodSpec.ResourceClaims. 4644 properties: 4645 name: 4646 description: Name must match the name of one 4647 entry in pod.spec.resourceClaims of the Pod 4648 where this field is used. It makes that resource 4649 available inside a container. 4650 type: string 4651 required: 4652 - name 4653 type: object 4654 type: array 4655 x-kubernetes-list-map-keys: 4656 - name 4657 x-kubernetes-list-type: map 4658 limits: 4659 additionalProperties: 4660 anyOf: 4661 - type: integer 4662 - type: string 4663 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4664 x-kubernetes-int-or-string: true 4665 description: 'Limits describes the maximum amount 4666 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4667 type: object 4668 requests: 4669 additionalProperties: 4670 anyOf: 4671 - type: integer 4672 - type: string 4673 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4674 x-kubernetes-int-or-string: true 4675 description: 'Requests describes the minimum amount 4676 of compute resources required. If Requests is omitted 4677 for a container, it defaults to Limits if that is 4678 explicitly specified, otherwise to an implementation-defined 4679 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 4680 type: object 4681 type: object 4682 selector: 4683 description: selector is a label query over volumes to 4684 consider for binding. 4685 properties: 4686 matchExpressions: 4687 description: matchExpressions is a list of label selector 4688 requirements. The requirements are ANDed. 4689 items: 4690 description: A label selector requirement is a selector 4691 that contains values, a key, and an operator that 4692 relates the key and values. 4693 properties: 4694 key: 4695 description: key is the label key that the selector 4696 applies to. 4697 type: string 4698 operator: 4699 description: operator represents a key's relationship 4700 to a set of values. Valid operators are In, 4701 NotIn, Exists and DoesNotExist. 4702 type: string 4703 values: 4704 description: values is an array of string values. 4705 If the operator is In or NotIn, the values 4706 array must be non-empty. If the operator is 4707 Exists or DoesNotExist, the values array must 4708 be empty. This array is replaced during a 4709 strategic merge patch. 4710 items: 4711 type: string 4712 type: array 4713 required: 4714 - key 4715 - operator 4716 type: object 4717 type: array 4718 matchLabels: 4719 additionalProperties: 4720 type: string 4721 description: matchLabels is a map of {key,value} pairs. 4722 A single {key,value} in the matchLabels map is equivalent 4723 to an element of matchExpressions, whose key field 4724 is "key", the operator is "In", and the values array 4725 contains only "value". The requirements are ANDed. 4726 type: object 4727 type: object 4728 x-kubernetes-map-type: atomic 4729 storageClassName: 4730 description: 'storageClassName is the name of the StorageClass 4731 required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 4732 type: string 4733 volumeMode: 4734 description: volumeMode defines what type of volume is 4735 required by the claim. Value of Filesystem is implied 4736 when not included in claim spec. 4737 type: string 4738 volumeName: 4739 description: volumeName is the binding reference to the 4740 PersistentVolume backing this claim. 4741 type: string 4742 type: object 4743 status: 4744 description: 'Status represents the current information/status 4745 of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 4746 properties: 4747 accessModes: 4748 description: 'accessModes contains the actual access modes 4749 the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 4750 items: 4751 type: string 4752 type: array 4753 allocatedResources: 4754 additionalProperties: 4755 anyOf: 4756 - type: integer 4757 - type: string 4758 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4759 x-kubernetes-int-or-string: true 4760 description: allocatedResources is the storage resource 4761 within AllocatedResources tracks the capacity allocated 4762 to a PVC. It may be larger than the actual capacity 4763 when a volume expansion operation is requested. For 4764 storage quota, the larger value from allocatedResources 4765 and PVC.spec.resources is used. If allocatedResources 4766 is not set, PVC.spec.resources alone is used for quota 4767 calculation. If a volume expansion capacity request 4768 is lowered, allocatedResources is only lowered if there 4769 are no expansion operations in progress and if the actual 4770 volume capacity is equal or lower than the requested 4771 capacity. This is an alpha field and requires enabling 4772 RecoverVolumeExpansionFailure feature. 4773 type: object 4774 capacity: 4775 additionalProperties: 4776 anyOf: 4777 - type: integer 4778 - type: string 4779 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4780 x-kubernetes-int-or-string: true 4781 description: capacity represents the actual resources 4782 of the underlying volume. 4783 type: object 4784 conditions: 4785 description: conditions is the current Condition of persistent 4786 volume claim. If underlying persistent volume is being 4787 resized then the Condition will be set to 'ResizeStarted'. 4788 items: 4789 description: PersistentVolumeClaimCondition contails 4790 details about state of pvc 4791 properties: 4792 lastProbeTime: 4793 description: lastProbeTime is the time we probed 4794 the condition. 4795 format: date-time 4796 type: string 4797 lastTransitionTime: 4798 description: lastTransitionTime is the time the 4799 condition transitioned from one status to another. 4800 format: date-time 4801 type: string 4802 message: 4803 description: message is the human-readable message 4804 indicating details about last transition. 4805 type: string 4806 reason: 4807 description: reason is a unique, this should be 4808 a short, machine understandable string that gives 4809 the reason for condition's last transition. If 4810 it reports "ResizeStarted" that means the underlying 4811 persistent volume is being resized. 4812 type: string 4813 status: 4814 type: string 4815 type: 4816 description: PersistentVolumeClaimConditionType 4817 is a valid value of PersistentVolumeClaimCondition.Type 4818 type: string 4819 required: 4820 - status 4821 - type 4822 type: object 4823 type: array 4824 phase: 4825 description: phase represents the current phase of PersistentVolumeClaim. 4826 type: string 4827 resizeStatus: 4828 description: resizeStatus stores status of resize operation. 4829 ResizeStatus is not set by default but when expansion 4830 is complete resizeStatus is set to empty string by resize 4831 controller or kubelet. This is an alpha field and requires 4832 enabling RecoverVolumeExpansionFailure feature. 4833 type: string 4834 type: object 4835 type: object 4836 type: object 4837 tolerations: 4838 description: If specified, the pod's tolerations. 4839 items: 4840 description: The pod this Toleration is attached to tolerates any 4841 taint that matches the triple <key,value,effect> using the matching 4842 operator <operator>. 4843 properties: 4844 effect: 4845 description: Effect indicates the taint effect to match. Empty 4846 means match all taint effects. When specified, allowed values 4847 are NoSchedule, PreferNoSchedule and NoExecute. 4848 type: string 4849 key: 4850 description: Key is the taint key that the toleration applies 4851 to. Empty means match all taint keys. If the key is empty, 4852 operator must be Exists; this combination means to match all 4853 values and all keys. 4854 type: string 4855 operator: 4856 description: Operator represents a key's relationship to the 4857 value. Valid operators are Exists and Equal. Defaults to Equal. 4858 Exists is equivalent to wildcard for value, so that a pod 4859 can tolerate all taints of a particular category. 4860 type: string 4861 tolerationSeconds: 4862 description: TolerationSeconds represents the period of time 4863 the toleration (which must be of effect NoExecute, otherwise 4864 this field is ignored) tolerates the taint. By default, it 4865 is not set, which means tolerate the taint forever (do not 4866 evict). Zero and negative values will be treated as 0 (evict 4867 immediately) by the system. 4868 format: int64 4869 type: integer 4870 value: 4871 description: Value is the taint value the toleration matches 4872 to. If the operator is Exists, the value should be empty, 4873 otherwise just a regular string. 4874 type: string 4875 type: object 4876 type: array 4877 topologySpreadConstraints: 4878 description: If specified, the pod's topology spread constraints. 4879 items: 4880 description: TopologySpreadConstraint specifies how to spread matching 4881 pods among the given topology. 4882 properties: 4883 labelSelector: 4884 description: LabelSelector is used to find matching pods. Pods 4885 that match this label selector are counted to determine the 4886 number of pods in their corresponding topology domain. 4887 properties: 4888 matchExpressions: 4889 description: matchExpressions is a list of label selector 4890 requirements. The requirements are ANDed. 4891 items: 4892 description: A label selector requirement is a selector 4893 that contains values, a key, and an operator that relates 4894 the key and values. 4895 properties: 4896 key: 4897 description: key is the label key that the selector 4898 applies to. 4899 type: string 4900 operator: 4901 description: operator represents a key's relationship 4902 to a set of values. Valid operators are In, NotIn, 4903 Exists and DoesNotExist. 4904 type: string 4905 values: 4906 description: values is an array of string values. 4907 If the operator is In or NotIn, the values array 4908 must be non-empty. If the operator is Exists or 4909 DoesNotExist, the values array must be empty. This 4910 array is replaced during a strategic merge patch. 4911 items: 4912 type: string 4913 type: array 4914 required: 4915 - key 4916 - operator 4917 type: object 4918 type: array 4919 matchLabels: 4920 additionalProperties: 4921 type: string 4922 description: matchLabels is a map of {key,value} pairs. 4923 A single {key,value} in the matchLabels map is equivalent 4924 to an element of matchExpressions, whose key field is 4925 "key", the operator is "In", and the values array contains 4926 only "value". The requirements are ANDed. 4927 type: object 4928 type: object 4929 x-kubernetes-map-type: atomic 4930 matchLabelKeys: 4931 description: MatchLabelKeys is a set of pod label keys to select 4932 the pods over which spreading will be calculated. The keys 4933 are used to lookup values from the incoming pod labels, those 4934 key-value labels are ANDed with labelSelector to select the 4935 group of existing pods over which spreading will be calculated 4936 for the incoming pod. Keys that don't exist in the incoming 4937 pod labels will be ignored. A null or empty list means only 4938 match against labelSelector. 4939 items: 4940 type: string 4941 type: array 4942 x-kubernetes-list-type: atomic 4943 maxSkew: 4944 description: 'MaxSkew describes the degree to which pods may 4945 be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 4946 it is the maximum permitted difference between the number 4947 of matching pods in the target topology and the global minimum. 4948 The global minimum is the minimum number of matching pods 4949 in an eligible domain or zero if the number of eligible domains 4950 is less than MinDomains. For example, in a 3-zone cluster, 4951 MaxSkew is set to 1, and pods with the same labelSelector 4952 spread as 2/2/1: In this case, the global minimum is 1. | 4953 zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew 4954 is 1, incoming pod can only be scheduled to zone3 to become 4955 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) 4956 on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming 4957 pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 4958 it is used to give higher precedence to topologies that satisfy 4959 it. It''s a required field. Default value is 1 and 0 is not 4960 allowed.' 4961 format: int32 4962 type: integer 4963 minDomains: 4964 description: "MinDomains indicates a minimum number of eligible 4965 domains. When the number of eligible domains with matching 4966 topology keys is less than minDomains, Pod Topology Spread 4967 treats \"global minimum\" as 0, and then the calculation of 4968 Skew is performed. And when the number of eligible domains 4969 with matching topology keys equals or greater than minDomains, 4970 this value has no effect on scheduling. As a result, when 4971 the number of eligible domains is less than minDomains, scheduler 4972 won't schedule more than maxSkew Pods to those domains. If 4973 value is nil, the constraint behaves as if MinDomains is equal 4974 to 1. Valid values are integers greater than 0. When value 4975 is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For 4976 example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains 4977 is set to 5 and pods with the same labelSelector spread as 4978 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | 4979 The number of domains is less than 5(MinDomains), so \"global 4980 minimum\" is treated as 0. In this situation, new pod with 4981 the same labelSelector cannot be scheduled, because computed 4982 skew will be 3(3 - 0) if new Pod is scheduled to any of the 4983 three zones, it will violate MaxSkew. \n This is a beta field 4984 and requires the MinDomainsInPodTopologySpread feature gate 4985 to be enabled (enabled by default)." 4986 format: int32 4987 type: integer 4988 nodeAffinityPolicy: 4989 description: "NodeAffinityPolicy indicates how we will treat 4990 Pod's nodeAffinity/nodeSelector when calculating pod topology 4991 spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector 4992 are included in the calculations. - Ignore: nodeAffinity/nodeSelector 4993 are ignored. All nodes are included in the calculations. \n 4994 If this value is nil, the behavior is equivalent to the Honor 4995 policy. This is a beta-level feature default enabled by the 4996 NodeInclusionPolicyInPodTopologySpread feature flag." 4997 type: string 4998 nodeTaintsPolicy: 4999 description: "NodeTaintsPolicy indicates how we will treat node 5000 taints when calculating pod topology spread skew. Options 5001 are: - Honor: nodes without taints, along with tainted nodes 5002 for which the incoming pod has a toleration, are included. 5003 - Ignore: node taints are ignored. All nodes are included. 5004 \n If this value is nil, the behavior is equivalent to the 5005 Ignore policy. This is a beta-level feature default enabled 5006 by the NodeInclusionPolicyInPodTopologySpread feature flag." 5007 type: string 5008 topologyKey: 5009 description: TopologyKey is the key of node labels. Nodes that 5010 have a label with this key and identical values are considered 5011 to be in the same topology. We consider each <key, value> 5012 as a "bucket", and try to put balanced number of pods into 5013 each bucket. We define a domain as a particular instance of 5014 a topology. Also, we define an eligible domain as a domain 5015 whose nodes meet the requirements of nodeAffinityPolicy and 5016 nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", 5017 each Node is a domain of that topology. And, if TopologyKey 5018 is "topology.kubernetes.io/zone", each zone is a domain of 5019 that topology. It's a required field. 5020 type: string 5021 whenUnsatisfiable: 5022 description: 'WhenUnsatisfiable indicates how to deal with a 5023 pod if it doesn''t satisfy the spread constraint. - DoNotSchedule 5024 (default) tells the scheduler not to schedule it. - ScheduleAnyway 5025 tells the scheduler to schedule the pod in any location, but 5026 giving higher precedence to topologies that would help reduce 5027 the skew. A constraint is considered "Unsatisfiable" for an 5028 incoming pod if and only if every possible node assignment 5029 for that pod would violate "MaxSkew" on some topology. For 5030 example, in a 3-zone cluster, MaxSkew is set to 1, and pods 5031 with the same labelSelector spread as 3/1/1: | zone1 | zone2 5032 | zone3 | | P P P | P | P | If WhenUnsatisfiable is 5033 set to DoNotSchedule, incoming pod can only be scheduled to 5034 zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on 5035 zone2(zone3) satisfies MaxSkew(1). In other words, the cluster 5036 can still be imbalanced, but scheduler won''t make it *more* 5037 imbalanced. It''s a required field.' 5038 type: string 5039 required: 5040 - maxSkew 5041 - topologyKey 5042 - whenUnsatisfiable 5043 type: object 5044 type: array 5045 tracingConfig: 5046 description: TracingConfig configures tracing in Thanos. This is an 5047 experimental feature, it may change in any upcoming release in a 5048 breaking way. 5049 properties: 5050 key: 5051 description: The key of the secret to select from. Must be a 5052 valid secret key. 5053 type: string 5054 name: 5055 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5056 TODO: Add other useful fields. apiVersion, kind, uid?' 5057 type: string 5058 optional: 5059 description: Specify whether the Secret or its key must be defined 5060 type: boolean 5061 required: 5062 - key 5063 type: object 5064 x-kubernetes-map-type: atomic 5065 tracingConfigFile: 5066 description: TracingConfig specifies the path of the tracing configuration 5067 file. When used alongside with TracingConfig, TracingConfigFile 5068 takes precedence. 5069 type: string 5070 version: 5071 description: Version of Thanos to be deployed. 5072 type: string 5073 volumes: 5074 description: Volumes allows configuration of additional volumes on 5075 the output StatefulSet definition. Volumes specified will be appended 5076 to other volumes that are generated as a result of StorageSpec objects. 5077 items: 5078 description: Volume represents a named volume in a pod that may 5079 be accessed by any container in the pod. 5080 properties: 5081 awsElasticBlockStore: 5082 description: 'awsElasticBlockStore represents an AWS Disk resource 5083 that is attached to a kubelet''s host machine and then exposed 5084 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5085 properties: 5086 fsType: 5087 description: 'fsType is the filesystem type of the volume 5088 that you want to mount. Tip: Ensure that the filesystem 5089 type is supported by the host operating system. Examples: 5090 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5091 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 5092 TODO: how do we prevent errors in the filesystem from 5093 compromising the machine' 5094 type: string 5095 partition: 5096 description: 'partition is the partition in the volume that 5097 you want to mount. If omitted, the default is to mount 5098 by volume name. Examples: For volume /dev/sda1, you specify 5099 the partition as "1". Similarly, the volume partition 5100 for /dev/sda is "0" (or you can leave the property empty).' 5101 format: int32 5102 type: integer 5103 readOnly: 5104 description: 'readOnly value true will force the readOnly 5105 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5106 type: boolean 5107 volumeID: 5108 description: 'volumeID is unique ID of the persistent disk 5109 resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5110 type: string 5111 required: 5112 - volumeID 5113 type: object 5114 azureDisk: 5115 description: azureDisk represents an Azure Data Disk mount on 5116 the host and bind mount to the pod. 5117 properties: 5118 cachingMode: 5119 description: 'cachingMode is the Host Caching mode: None, 5120 Read Only, Read Write.' 5121 type: string 5122 diskName: 5123 description: diskName is the Name of the data disk in the 5124 blob storage 5125 type: string 5126 diskURI: 5127 description: diskURI is the URI of data disk in the blob 5128 storage 5129 type: string 5130 fsType: 5131 description: fsType is Filesystem type to mount. Must be 5132 a filesystem type supported by the host operating system. 5133 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5134 if unspecified. 5135 type: string 5136 kind: 5137 description: 'kind expected values are Shared: multiple 5138 blob disks per storage account Dedicated: single blob 5139 disk per storage account Managed: azure managed data 5140 disk (only in managed availability set). defaults to shared' 5141 type: string 5142 readOnly: 5143 description: readOnly Defaults to false (read/write). ReadOnly 5144 here will force the ReadOnly setting in VolumeMounts. 5145 type: boolean 5146 required: 5147 - diskName 5148 - diskURI 5149 type: object 5150 azureFile: 5151 description: azureFile represents an Azure File Service mount 5152 on the host and bind mount to the pod. 5153 properties: 5154 readOnly: 5155 description: readOnly defaults to false (read/write). ReadOnly 5156 here will force the ReadOnly setting in VolumeMounts. 5157 type: boolean 5158 secretName: 5159 description: secretName is the name of secret that contains 5160 Azure Storage Account Name and Key 5161 type: string 5162 shareName: 5163 description: shareName is the azure share Name 5164 type: string 5165 required: 5166 - secretName 5167 - shareName 5168 type: object 5169 cephfs: 5170 description: cephFS represents a Ceph FS mount on the host that 5171 shares a pod's lifetime 5172 properties: 5173 monitors: 5174 description: 'monitors is Required: Monitors is a collection 5175 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 5176 items: 5177 type: string 5178 type: array 5179 path: 5180 description: 'path is Optional: Used as the mounted root, 5181 rather than the full Ceph tree, default is /' 5182 type: string 5183 readOnly: 5184 description: 'readOnly is Optional: Defaults to false (read/write). 5185 ReadOnly here will force the ReadOnly setting in VolumeMounts. 5186 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 5187 type: boolean 5188 secretFile: 5189 description: 'secretFile is Optional: SecretFile is the 5190 path to key ring for User, default is /etc/ceph/user.secret 5191 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 5192 type: string 5193 secretRef: 5194 description: 'secretRef is Optional: SecretRef is reference 5195 to the authentication secret for User, default is empty. 5196 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 5197 properties: 5198 name: 5199 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5200 TODO: Add other useful fields. apiVersion, kind, uid?' 5201 type: string 5202 type: object 5203 x-kubernetes-map-type: atomic 5204 user: 5205 description: 'user is optional: User is the rados user name, 5206 default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 5207 type: string 5208 required: 5209 - monitors 5210 type: object 5211 cinder: 5212 description: 'cinder represents a cinder volume attached and 5213 mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 5214 properties: 5215 fsType: 5216 description: 'fsType is the filesystem type to mount. Must 5217 be a filesystem type supported by the host operating system. 5218 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to 5219 be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 5220 type: string 5221 readOnly: 5222 description: 'readOnly defaults to false (read/write). ReadOnly 5223 here will force the ReadOnly setting in VolumeMounts. 5224 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 5225 type: boolean 5226 secretRef: 5227 description: 'secretRef is optional: points to a secret 5228 object containing parameters used to connect to OpenStack.' 5229 properties: 5230 name: 5231 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5232 TODO: Add other useful fields. apiVersion, kind, uid?' 5233 type: string 5234 type: object 5235 x-kubernetes-map-type: atomic 5236 volumeID: 5237 description: 'volumeID used to identify the volume in cinder. 5238 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 5239 type: string 5240 required: 5241 - volumeID 5242 type: object 5243 configMap: 5244 description: configMap represents a configMap that should populate 5245 this volume 5246 properties: 5247 defaultMode: 5248 description: 'defaultMode is optional: mode bits used to 5249 set permissions on created files by default. Must be an 5250 octal value between 0000 and 0777 or a decimal value between 5251 0 and 511. YAML accepts both octal and decimal values, 5252 JSON requires decimal values for mode bits. Defaults to 5253 0644. Directories within the path are not affected by 5254 this setting. This might be in conflict with other options 5255 that affect the file mode, like fsGroup, and the result 5256 can be other mode bits set.' 5257 format: int32 5258 type: integer 5259 items: 5260 description: items if unspecified, each key-value pair in 5261 the Data field of the referenced ConfigMap will be projected 5262 into the volume as a file whose name is the key and content 5263 is the value. If specified, the listed keys will be projected 5264 into the specified paths, and unlisted keys will not be 5265 present. If a key is specified which is not present in 5266 the ConfigMap, the volume setup will error unless it is 5267 marked optional. Paths must be relative and may not contain 5268 the '..' path or start with '..'. 5269 items: 5270 description: Maps a string key to a path within a volume. 5271 properties: 5272 key: 5273 description: key is the key to project. 5274 type: string 5275 mode: 5276 description: 'mode is Optional: mode bits used to 5277 set permissions on this file. Must be an octal value 5278 between 0000 and 0777 or a decimal value between 5279 0 and 511. YAML accepts both octal and decimal values, 5280 JSON requires decimal values for mode bits. If not 5281 specified, the volume defaultMode will be used. 5282 This might be in conflict with other options that 5283 affect the file mode, like fsGroup, and the result 5284 can be other mode bits set.' 5285 format: int32 5286 type: integer 5287 path: 5288 description: path is the relative path of the file 5289 to map the key to. May not be an absolute path. 5290 May not contain the path element '..'. May not start 5291 with the string '..'. 5292 type: string 5293 required: 5294 - key 5295 - path 5296 type: object 5297 type: array 5298 name: 5299 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5300 TODO: Add other useful fields. apiVersion, kind, uid?' 5301 type: string 5302 optional: 5303 description: optional specify whether the ConfigMap or its 5304 keys must be defined 5305 type: boolean 5306 type: object 5307 x-kubernetes-map-type: atomic 5308 csi: 5309 description: csi (Container Storage Interface) represents ephemeral 5310 storage that is handled by certain external CSI drivers (Beta 5311 feature). 5312 properties: 5313 driver: 5314 description: driver is the name of the CSI driver that handles 5315 this volume. Consult with your admin for the correct name 5316 as registered in the cluster. 5317 type: string 5318 fsType: 5319 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 5320 If not provided, the empty value is passed to the associated 5321 CSI driver which will determine the default filesystem 5322 to apply. 5323 type: string 5324 nodePublishSecretRef: 5325 description: nodePublishSecretRef is a reference to the 5326 secret object containing sensitive information to pass 5327 to the CSI driver to complete the CSI NodePublishVolume 5328 and NodeUnpublishVolume calls. This field is optional, 5329 and may be empty if no secret is required. If the secret 5330 object contains more than one secret, all secret references 5331 are passed. 5332 properties: 5333 name: 5334 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5335 TODO: Add other useful fields. apiVersion, kind, uid?' 5336 type: string 5337 type: object 5338 x-kubernetes-map-type: atomic 5339 readOnly: 5340 description: readOnly specifies a read-only configuration 5341 for the volume. Defaults to false (read/write). 5342 type: boolean 5343 volumeAttributes: 5344 additionalProperties: 5345 type: string 5346 description: volumeAttributes stores driver-specific properties 5347 that are passed to the CSI driver. Consult your driver's 5348 documentation for supported values. 5349 type: object 5350 required: 5351 - driver 5352 type: object 5353 downwardAPI: 5354 description: downwardAPI represents downward API about the pod 5355 that should populate this volume 5356 properties: 5357 defaultMode: 5358 description: 'Optional: mode bits to use on created files 5359 by default. Must be a Optional: mode bits used to set 5360 permissions on created files by default. Must be an octal 5361 value between 0000 and 0777 or a decimal value between 5362 0 and 511. YAML accepts both octal and decimal values, 5363 JSON requires decimal values for mode bits. Defaults to 5364 0644. Directories within the path are not affected by 5365 this setting. This might be in conflict with other options 5366 that affect the file mode, like fsGroup, and the result 5367 can be other mode bits set.' 5368 format: int32 5369 type: integer 5370 items: 5371 description: Items is a list of downward API volume file 5372 items: 5373 description: DownwardAPIVolumeFile represents information 5374 to create the file containing the pod field 5375 properties: 5376 fieldRef: 5377 description: 'Required: Selects a field of the pod: 5378 only annotations, labels, name and namespace are 5379 supported.' 5380 properties: 5381 apiVersion: 5382 description: Version of the schema the FieldPath 5383 is written in terms of, defaults to "v1". 5384 type: string 5385 fieldPath: 5386 description: Path of the field to select in the 5387 specified API version. 5388 type: string 5389 required: 5390 - fieldPath 5391 type: object 5392 x-kubernetes-map-type: atomic 5393 mode: 5394 description: 'Optional: mode bits used to set permissions 5395 on this file, must be an octal value between 0000 5396 and 0777 or a decimal value between 0 and 511. YAML 5397 accepts both octal and decimal values, JSON requires 5398 decimal values for mode bits. If not specified, 5399 the volume defaultMode will be used. This might 5400 be in conflict with other options that affect the 5401 file mode, like fsGroup, and the result can be other 5402 mode bits set.' 5403 format: int32 5404 type: integer 5405 path: 5406 description: 'Required: Path is the relative path 5407 name of the file to be created. Must not be absolute 5408 or contain the ''..'' path. Must be utf-8 encoded. 5409 The first item of the relative path must not start 5410 with ''..''' 5411 type: string 5412 resourceFieldRef: 5413 description: 'Selects a resource of the container: 5414 only resources limits and requests (limits.cpu, 5415 limits.memory, requests.cpu and requests.memory) 5416 are currently supported.' 5417 properties: 5418 containerName: 5419 description: 'Container name: required for volumes, 5420 optional for env vars' 5421 type: string 5422 divisor: 5423 anyOf: 5424 - type: integer 5425 - type: string 5426 description: Specifies the output format of the 5427 exposed resources, defaults to "1" 5428 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5429 x-kubernetes-int-or-string: true 5430 resource: 5431 description: 'Required: resource to select' 5432 type: string 5433 required: 5434 - resource 5435 type: object 5436 x-kubernetes-map-type: atomic 5437 required: 5438 - path 5439 type: object 5440 type: array 5441 type: object 5442 emptyDir: 5443 description: 'emptyDir represents a temporary directory that 5444 shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 5445 properties: 5446 medium: 5447 description: 'medium represents what type of storage medium 5448 should back this directory. The default is "" which means 5449 to use the node''s default medium. Must be an empty string 5450 (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 5451 type: string 5452 sizeLimit: 5453 anyOf: 5454 - type: integer 5455 - type: string 5456 description: 'sizeLimit is the total amount of local storage 5457 required for this EmptyDir volume. The size limit is also 5458 applicable for memory medium. The maximum usage on memory 5459 medium EmptyDir would be the minimum value between the 5460 SizeLimit specified here and the sum of memory limits 5461 of all containers in a pod. The default is nil which means 5462 that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 5463 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5464 x-kubernetes-int-or-string: true 5465 type: object 5466 ephemeral: 5467 description: "ephemeral represents a volume that is handled 5468 by a cluster storage driver. The volume's lifecycle is tied 5469 to the pod that defines it - it will be created before the 5470 pod starts, and deleted when the pod is removed. \n Use this 5471 if: a) the volume is only needed while the pod runs, b) features 5472 of normal volumes like restoring from snapshot or capacity 5473 tracking are needed, c) the storage driver is specified through 5474 a storage class, and d) the storage driver supports dynamic 5475 volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource 5476 for more information on the connection between this volume 5477 type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 5478 or one of the vendor-specific APIs for volumes that persist 5479 for longer than the lifecycle of an individual pod. \n Use 5480 CSI for light-weight local ephemeral volumes if the CSI driver 5481 is meant to be used that way - see the documentation of the 5482 driver for more information. \n A pod can use both types of 5483 ephemeral volumes and persistent volumes at the same time." 5484 properties: 5485 volumeClaimTemplate: 5486 description: "Will be used to create a stand-alone PVC to 5487 provision the volume. The pod in which this EphemeralVolumeSource 5488 is embedded will be the owner of the PVC, i.e. the PVC 5489 will be deleted together with the pod. The name of the 5490 PVC will be `<pod name>-<volume name>` where `<volume 5491 name>` is the name from the `PodSpec.Volumes` array entry. 5492 Pod validation will reject the pod if the concatenated 5493 name is not valid for a PVC (for example, too long). \n 5494 An existing PVC with that name that is not owned by the 5495 pod will *not* be used for the pod to avoid using an unrelated 5496 volume by mistake. Starting the pod is then blocked until 5497 the unrelated PVC is removed. If such a pre-created PVC 5498 is meant to be used by the pod, the PVC has to updated 5499 with an owner reference to the pod once the pod exists. 5500 Normally this should not be necessary, but it may be useful 5501 when manually reconstructing a broken cluster. \n This 5502 field is read-only and no changes will be made by Kubernetes 5503 to the PVC after it has been created. \n Required, must 5504 not be nil." 5505 properties: 5506 metadata: 5507 description: May contain labels and annotations that 5508 will be copied into the PVC when creating it. No other 5509 fields are allowed and will be rejected during validation. 5510 type: object 5511 spec: 5512 description: The specification for the PersistentVolumeClaim. 5513 The entire content is copied unchanged into the PVC 5514 that gets created from this template. The same fields 5515 as in a PersistentVolumeClaim are also valid here. 5516 properties: 5517 accessModes: 5518 description: 'accessModes contains the desired access 5519 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 5520 items: 5521 type: string 5522 type: array 5523 dataSource: 5524 description: 'dataSource field can be used to specify 5525 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 5526 * An existing PVC (PersistentVolumeClaim) If the 5527 provisioner or an external controller can support 5528 the specified data source, it will create a new 5529 volume based on the contents of the specified 5530 data source. When the AnyVolumeDataSource feature 5531 gate is enabled, dataSource contents will be copied 5532 to dataSourceRef, and dataSourceRef contents will 5533 be copied to dataSource when dataSourceRef.namespace 5534 is not specified. If the namespace is specified, 5535 then dataSourceRef will not be copied to dataSource.' 5536 properties: 5537 apiGroup: 5538 description: APIGroup is the group for the resource 5539 being referenced. If APIGroup is not specified, 5540 the specified Kind must be in the core API 5541 group. For any other third-party types, APIGroup 5542 is required. 5543 type: string 5544 kind: 5545 description: Kind is the type of resource being 5546 referenced 5547 type: string 5548 name: 5549 description: Name is the name of resource being 5550 referenced 5551 type: string 5552 required: 5553 - kind 5554 - name 5555 type: object 5556 x-kubernetes-map-type: atomic 5557 dataSourceRef: 5558 description: 'dataSourceRef specifies the object 5559 from which to populate the volume with data, if 5560 a non-empty volume is desired. This may be any 5561 object from a non-empty API group (non core object) 5562 or a PersistentVolumeClaim object. When this field 5563 is specified, volume binding will only succeed 5564 if the type of the specified object matches some 5565 installed volume populator or dynamic provisioner. 5566 This field will replace the functionality of the 5567 dataSource field and as such if both fields are 5568 non-empty, they must have the same value. For 5569 backwards compatibility, when namespace isn''t 5570 specified in dataSourceRef, both fields (dataSource 5571 and dataSourceRef) will be set to the same value 5572 automatically if one of them is empty and the 5573 other is non-empty. When namespace is specified 5574 in dataSourceRef, dataSource isn''t set to the 5575 same value and must be empty. There are three 5576 important differences between dataSource and dataSourceRef: 5577 * While dataSource only allows two specific types 5578 of objects, dataSourceRef allows any non-core 5579 object, as well as PersistentVolumeClaim objects. 5580 * While dataSource ignores disallowed values (dropping 5581 them), dataSourceRef preserves all values, and 5582 generates an error if a disallowed value is specified. 5583 * While dataSource only allows local objects, 5584 dataSourceRef allows objects in any namespaces. 5585 (Beta) Using this field requires the AnyVolumeDataSource 5586 feature gate to be enabled. (Alpha) Using the 5587 namespace field of dataSourceRef requires the 5588 CrossNamespaceVolumeDataSource feature gate to 5589 be enabled.' 5590 properties: 5591 apiGroup: 5592 description: APIGroup is the group for the resource 5593 being referenced. If APIGroup is not specified, 5594 the specified Kind must be in the core API 5595 group. For any other third-party types, APIGroup 5596 is required. 5597 type: string 5598 kind: 5599 description: Kind is the type of resource being 5600 referenced 5601 type: string 5602 name: 5603 description: Name is the name of resource being 5604 referenced 5605 type: string 5606 namespace: 5607 description: Namespace is the namespace of resource 5608 being referenced Note that when a namespace 5609 is specified, a gateway.networking.k8s.io/ReferenceGrant 5610 object is required in the referent namespace 5611 to allow that namespace's owner to accept 5612 the reference. See the ReferenceGrant documentation 5613 for details. (Alpha) This field requires the 5614 CrossNamespaceVolumeDataSource feature gate 5615 to be enabled. 5616 type: string 5617 required: 5618 - kind 5619 - name 5620 type: object 5621 resources: 5622 description: 'resources represents the minimum resources 5623 the volume should have. If RecoverVolumeExpansionFailure 5624 feature is enabled users are allowed to specify 5625 resource requirements that are lower than previous 5626 value but must still be higher than capacity recorded 5627 in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 5628 properties: 5629 claims: 5630 description: "Claims lists the names of resources, 5631 defined in spec.resourceClaims, that are used 5632 by this container. \n This is an alpha field 5633 and requires enabling the DynamicResourceAllocation 5634 feature gate. \n This field is immutable." 5635 items: 5636 description: ResourceClaim references one 5637 entry in PodSpec.ResourceClaims. 5638 properties: 5639 name: 5640 description: Name must match the name 5641 of one entry in pod.spec.resourceClaims 5642 of the Pod where this field is used. 5643 It makes that resource available inside 5644 a container. 5645 type: string 5646 required: 5647 - name 5648 type: object 5649 type: array 5650 x-kubernetes-list-map-keys: 5651 - name 5652 x-kubernetes-list-type: map 5653 limits: 5654 additionalProperties: 5655 anyOf: 5656 - type: integer 5657 - type: string 5658 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5659 x-kubernetes-int-or-string: true 5660 description: 'Limits describes the maximum amount 5661 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5662 type: object 5663 requests: 5664 additionalProperties: 5665 anyOf: 5666 - type: integer 5667 - type: string 5668 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5669 x-kubernetes-int-or-string: true 5670 description: 'Requests describes the minimum 5671 amount of compute resources required. If Requests 5672 is omitted for a container, it defaults to 5673 Limits if that is explicitly specified, otherwise 5674 to an implementation-defined value. More info: 5675 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5676 type: object 5677 type: object 5678 selector: 5679 description: selector is a label query over volumes 5680 to consider for binding. 5681 properties: 5682 matchExpressions: 5683 description: matchExpressions is a list of label 5684 selector requirements. The requirements are 5685 ANDed. 5686 items: 5687 description: A label selector requirement 5688 is a selector that contains values, a key, 5689 and an operator that relates the key and 5690 values. 5691 properties: 5692 key: 5693 description: key is the label key that 5694 the selector applies to. 5695 type: string 5696 operator: 5697 description: operator represents a key's 5698 relationship to a set of values. Valid 5699 operators are In, NotIn, Exists and 5700 DoesNotExist. 5701 type: string 5702 values: 5703 description: values is an array of string 5704 values. If the operator is In or NotIn, 5705 the values array must be non-empty. 5706 If the operator is Exists or DoesNotExist, 5707 the values array must be empty. This 5708 array is replaced during a strategic 5709 merge patch. 5710 items: 5711 type: string 5712 type: array 5713 required: 5714 - key 5715 - operator 5716 type: object 5717 type: array 5718 matchLabels: 5719 additionalProperties: 5720 type: string 5721 description: matchLabels is a map of {key,value} 5722 pairs. A single {key,value} in the matchLabels 5723 map is equivalent to an element of matchExpressions, 5724 whose key field is "key", the operator is 5725 "In", and the values array contains only "value". 5726 The requirements are ANDed. 5727 type: object 5728 type: object 5729 x-kubernetes-map-type: atomic 5730 storageClassName: 5731 description: 'storageClassName is the name of the 5732 StorageClass required by the claim. More info: 5733 https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 5734 type: string 5735 volumeMode: 5736 description: volumeMode defines what type of volume 5737 is required by the claim. Value of Filesystem 5738 is implied when not included in claim spec. 5739 type: string 5740 volumeName: 5741 description: volumeName is the binding reference 5742 to the PersistentVolume backing this claim. 5743 type: string 5744 type: object 5745 required: 5746 - spec 5747 type: object 5748 type: object 5749 fc: 5750 description: fc represents a Fibre Channel resource that is 5751 attached to a kubelet's host machine and then exposed to the 5752 pod. 5753 properties: 5754 fsType: 5755 description: 'fsType is the filesystem type to mount. Must 5756 be a filesystem type supported by the host operating system. 5757 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5758 if unspecified. TODO: how do we prevent errors in the 5759 filesystem from compromising the machine' 5760 type: string 5761 lun: 5762 description: 'lun is Optional: FC target lun number' 5763 format: int32 5764 type: integer 5765 readOnly: 5766 description: 'readOnly is Optional: Defaults to false (read/write). 5767 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 5768 type: boolean 5769 targetWWNs: 5770 description: 'targetWWNs is Optional: FC target worldwide 5771 names (WWNs)' 5772 items: 5773 type: string 5774 type: array 5775 wwids: 5776 description: 'wwids Optional: FC volume world wide identifiers 5777 (wwids) Either wwids or combination of targetWWNs and 5778 lun must be set, but not both simultaneously.' 5779 items: 5780 type: string 5781 type: array 5782 type: object 5783 flexVolume: 5784 description: flexVolume represents a generic volume resource 5785 that is provisioned/attached using an exec based plugin. 5786 properties: 5787 driver: 5788 description: driver is the name of the driver to use for 5789 this volume. 5790 type: string 5791 fsType: 5792 description: fsType is the filesystem type to mount. Must 5793 be a filesystem type supported by the host operating system. 5794 Ex. "ext4", "xfs", "ntfs". The default filesystem depends 5795 on FlexVolume script. 5796 type: string 5797 options: 5798 additionalProperties: 5799 type: string 5800 description: 'options is Optional: this field holds extra 5801 command options if any.' 5802 type: object 5803 readOnly: 5804 description: 'readOnly is Optional: defaults to false (read/write). 5805 ReadOnly here will force the ReadOnly setting in VolumeMounts.' 5806 type: boolean 5807 secretRef: 5808 description: 'secretRef is Optional: secretRef is reference 5809 to the secret object containing sensitive information 5810 to pass to the plugin scripts. This may be empty if no 5811 secret object is specified. If the secret object contains 5812 more than one secret, all secrets are passed to the plugin 5813 scripts.' 5814 properties: 5815 name: 5816 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5817 TODO: Add other useful fields. apiVersion, kind, uid?' 5818 type: string 5819 type: object 5820 x-kubernetes-map-type: atomic 5821 required: 5822 - driver 5823 type: object 5824 flocker: 5825 description: flocker represents a Flocker volume attached to 5826 a kubelet's host machine. This depends on the Flocker control 5827 service being running 5828 properties: 5829 datasetName: 5830 description: datasetName is Name of the dataset stored as 5831 metadata -> name on the dataset for Flocker should be 5832 considered as deprecated 5833 type: string 5834 datasetUUID: 5835 description: datasetUUID is the UUID of the dataset. This 5836 is unique identifier of a Flocker dataset 5837 type: string 5838 type: object 5839 gcePersistentDisk: 5840 description: 'gcePersistentDisk represents a GCE Disk resource 5841 that is attached to a kubelet''s host machine and then exposed 5842 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5843 properties: 5844 fsType: 5845 description: 'fsType is filesystem type of the volume that 5846 you want to mount. Tip: Ensure that the filesystem type 5847 is supported by the host operating system. Examples: "ext4", 5848 "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5849 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 5850 TODO: how do we prevent errors in the filesystem from 5851 compromising the machine' 5852 type: string 5853 partition: 5854 description: 'partition is the partition in the volume that 5855 you want to mount. If omitted, the default is to mount 5856 by volume name. Examples: For volume /dev/sda1, you specify 5857 the partition as "1". Similarly, the volume partition 5858 for /dev/sda is "0" (or you can leave the property empty). 5859 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5860 format: int32 5861 type: integer 5862 pdName: 5863 description: 'pdName is unique name of the PD resource in 5864 GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5865 type: string 5866 readOnly: 5867 description: 'readOnly here will force the ReadOnly setting 5868 in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 5869 type: boolean 5870 required: 5871 - pdName 5872 type: object 5873 gitRepo: 5874 description: 'gitRepo represents a git repository at a particular 5875 revision. DEPRECATED: GitRepo is deprecated. To provision 5876 a container with a git repo, mount an EmptyDir into an InitContainer 5877 that clones the repo using git, then mount the EmptyDir into 5878 the Pod''s container.' 5879 properties: 5880 directory: 5881 description: directory is the target directory name. Must 5882 not contain or start with '..'. If '.' is supplied, the 5883 volume directory will be the git repository. Otherwise, 5884 if specified, the volume will contain the git repository 5885 in the subdirectory with the given name. 5886 type: string 5887 repository: 5888 description: repository is the URL 5889 type: string 5890 revision: 5891 description: revision is the commit hash for the specified 5892 revision. 5893 type: string 5894 required: 5895 - repository 5896 type: object 5897 glusterfs: 5898 description: 'glusterfs represents a Glusterfs mount on the 5899 host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 5900 properties: 5901 endpoints: 5902 description: 'endpoints is the endpoint name that details 5903 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5904 type: string 5905 path: 5906 description: 'path is the Glusterfs volume path. More info: 5907 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5908 type: string 5909 readOnly: 5910 description: 'readOnly here will force the Glusterfs volume 5911 to be mounted with read-only permissions. Defaults to 5912 false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 5913 type: boolean 5914 required: 5915 - endpoints 5916 - path 5917 type: object 5918 hostPath: 5919 description: 'hostPath represents a pre-existing file or directory 5920 on the host machine that is directly exposed to the container. 5921 This is generally used for system agents or other privileged 5922 things that are allowed to see the host machine. Most containers 5923 will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 5924 --- TODO(jonesdl) We need to restrict who can use host directory 5925 mounts and who can/can not mount host directories as read/write.' 5926 properties: 5927 path: 5928 description: 'path of the directory on the host. If the 5929 path is a symlink, it will follow the link to the real 5930 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 5931 type: string 5932 type: 5933 description: 'type for HostPath Volume Defaults to "" More 5934 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 5935 type: string 5936 required: 5937 - path 5938 type: object 5939 iscsi: 5940 description: 'iscsi represents an ISCSI Disk resource that is 5941 attached to a kubelet''s host machine and then exposed to 5942 the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 5943 properties: 5944 chapAuthDiscovery: 5945 description: chapAuthDiscovery defines whether support iSCSI 5946 Discovery CHAP authentication 5947 type: boolean 5948 chapAuthSession: 5949 description: chapAuthSession defines whether support iSCSI 5950 Session CHAP authentication 5951 type: boolean 5952 fsType: 5953 description: 'fsType is the filesystem type of the volume 5954 that you want to mount. Tip: Ensure that the filesystem 5955 type is supported by the host operating system. Examples: 5956 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 5957 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 5958 TODO: how do we prevent errors in the filesystem from 5959 compromising the machine' 5960 type: string 5961 initiatorName: 5962 description: initiatorName is the custom iSCSI Initiator 5963 Name. If initiatorName is specified with iscsiInterface 5964 simultaneously, new iSCSI interface <target portal>:<volume 5965 name> will be created for the connection. 5966 type: string 5967 iqn: 5968 description: iqn is the target iSCSI Qualified Name. 5969 type: string 5970 iscsiInterface: 5971 description: iscsiInterface is the interface Name that uses 5972 an iSCSI transport. Defaults to 'default' (tcp). 5973 type: string 5974 lun: 5975 description: lun represents iSCSI Target Lun number. 5976 format: int32 5977 type: integer 5978 portals: 5979 description: portals is the iSCSI Target Portal List. The 5980 portal is either an IP or ip_addr:port if the port is 5981 other than default (typically TCP ports 860 and 3260). 5982 items: 5983 type: string 5984 type: array 5985 readOnly: 5986 description: readOnly here will force the ReadOnly setting 5987 in VolumeMounts. Defaults to false. 5988 type: boolean 5989 secretRef: 5990 description: secretRef is the CHAP Secret for iSCSI target 5991 and initiator authentication 5992 properties: 5993 name: 5994 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5995 TODO: Add other useful fields. apiVersion, kind, uid?' 5996 type: string 5997 type: object 5998 x-kubernetes-map-type: atomic 5999 targetPortal: 6000 description: targetPortal is iSCSI Target Portal. The Portal 6001 is either an IP or ip_addr:port if the port is other than 6002 default (typically TCP ports 860 and 3260). 6003 type: string 6004 required: 6005 - iqn 6006 - lun 6007 - targetPortal 6008 type: object 6009 name: 6010 description: 'name of the volume. Must be a DNS_LABEL and unique 6011 within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 6012 type: string 6013 nfs: 6014 description: 'nfs represents an NFS mount on the host that shares 6015 a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6016 properties: 6017 path: 6018 description: 'path that is exported by the NFS server. More 6019 info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6020 type: string 6021 readOnly: 6022 description: 'readOnly here will force the NFS export to 6023 be mounted with read-only permissions. Defaults to false. 6024 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6025 type: boolean 6026 server: 6027 description: 'server is the hostname or IP address of the 6028 NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 6029 type: string 6030 required: 6031 - path 6032 - server 6033 type: object 6034 persistentVolumeClaim: 6035 description: 'persistentVolumeClaimVolumeSource represents a 6036 reference to a PersistentVolumeClaim in the same namespace. 6037 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6038 properties: 6039 claimName: 6040 description: 'claimName is the name of a PersistentVolumeClaim 6041 in the same namespace as the pod using this volume. More 6042 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 6043 type: string 6044 readOnly: 6045 description: readOnly Will force the ReadOnly setting in 6046 VolumeMounts. Default false. 6047 type: boolean 6048 required: 6049 - claimName 6050 type: object 6051 photonPersistentDisk: 6052 description: photonPersistentDisk represents a PhotonController 6053 persistent disk attached and mounted on kubelets host machine 6054 properties: 6055 fsType: 6056 description: fsType is the filesystem type to mount. Must 6057 be a filesystem type supported by the host operating system. 6058 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 6059 if unspecified. 6060 type: string 6061 pdID: 6062 description: pdID is the ID that identifies Photon Controller 6063 persistent disk 6064 type: string 6065 required: 6066 - pdID 6067 type: object 6068 portworxVolume: 6069 description: portworxVolume represents a portworx volume attached 6070 and mounted on kubelets host machine 6071 properties: 6072 fsType: 6073 description: fSType represents the filesystem type to mount 6074 Must be a filesystem type supported by the host operating 6075 system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" 6076 if unspecified. 6077 type: string 6078 readOnly: 6079 description: readOnly defaults to false (read/write). ReadOnly 6080 here will force the ReadOnly setting in VolumeMounts. 6081 type: boolean 6082 volumeID: 6083 description: volumeID uniquely identifies a Portworx volume 6084 type: string 6085 required: 6086 - volumeID 6087 type: object 6088 projected: 6089 description: projected items for all in one resources secrets, 6090 configmaps, and downward API 6091 properties: 6092 defaultMode: 6093 description: defaultMode are the mode bits used to set permissions 6094 on created files by default. Must be an octal value between 6095 0000 and 0777 or a decimal value between 0 and 511. YAML 6096 accepts both octal and decimal values, JSON requires decimal 6097 values for mode bits. Directories within the path are 6098 not affected by this setting. This might be in conflict 6099 with other options that affect the file mode, like fsGroup, 6100 and the result can be other mode bits set. 6101 format: int32 6102 type: integer 6103 sources: 6104 description: sources is the list of volume projections 6105 items: 6106 description: Projection that may be projected along with 6107 other supported volume types 6108 properties: 6109 configMap: 6110 description: configMap information about the configMap 6111 data to project 6112 properties: 6113 items: 6114 description: items if unspecified, each key-value 6115 pair in the Data field of the referenced ConfigMap 6116 will be projected into the volume as a file 6117 whose name is the key and content is the value. 6118 If specified, the listed keys will be projected 6119 into the specified paths, and unlisted keys 6120 will not be present. If a key is specified which 6121 is not present in the ConfigMap, the volume 6122 setup will error unless it is marked optional. 6123 Paths must be relative and may not contain the 6124 '..' path or start with '..'. 6125 items: 6126 description: Maps a string key to a path within 6127 a volume. 6128 properties: 6129 key: 6130 description: key is the key to project. 6131 type: string 6132 mode: 6133 description: 'mode is Optional: mode bits 6134 used to set permissions on this file. 6135 Must be an octal value between 0000 and 6136 0777 or a decimal value between 0 and 6137 511. YAML accepts both octal and decimal 6138 values, JSON requires decimal values for 6139 mode bits. If not specified, the volume 6140 defaultMode will be used. This might be 6141 in conflict with other options that affect 6142 the file mode, like fsGroup, and the result 6143 can be other mode bits set.' 6144 format: int32 6145 type: integer 6146 path: 6147 description: path is the relative path of 6148 the file to map the key to. May not be 6149 an absolute path. May not contain the 6150 path element '..'. May not start with 6151 the string '..'. 6152 type: string 6153 required: 6154 - key 6155 - path 6156 type: object 6157 type: array 6158 name: 6159 description: 'Name of the referent. More info: 6160 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6161 TODO: Add other useful fields. apiVersion, kind, 6162 uid?' 6163 type: string 6164 optional: 6165 description: optional specify whether the ConfigMap 6166 or its keys must be defined 6167 type: boolean 6168 type: object 6169 x-kubernetes-map-type: atomic 6170 downwardAPI: 6171 description: downwardAPI information about the downwardAPI 6172 data to project 6173 properties: 6174 items: 6175 description: Items is a list of DownwardAPIVolume 6176 file 6177 items: 6178 description: DownwardAPIVolumeFile represents 6179 information to create the file containing 6180 the pod field 6181 properties: 6182 fieldRef: 6183 description: 'Required: Selects a field 6184 of the pod: only annotations, labels, 6185 name and namespace are supported.' 6186 properties: 6187 apiVersion: 6188 description: Version of the schema the 6189 FieldPath is written in terms of, 6190 defaults to "v1". 6191 type: string 6192 fieldPath: 6193 description: Path of the field to select 6194 in the specified API version. 6195 type: string 6196 required: 6197 - fieldPath 6198 type: object 6199 x-kubernetes-map-type: atomic 6200 mode: 6201 description: 'Optional: mode bits used to 6202 set permissions on this file, must be 6203 an octal value between 0000 and 0777 or 6204 a decimal value between 0 and 511. YAML 6205 accepts both octal and decimal values, 6206 JSON requires decimal values for mode 6207 bits. If not specified, the volume defaultMode 6208 will be used. This might be in conflict 6209 with other options that affect the file 6210 mode, like fsGroup, and the result can 6211 be other mode bits set.' 6212 format: int32 6213 type: integer 6214 path: 6215 description: 'Required: Path is the relative 6216 path name of the file to be created. Must 6217 not be absolute or contain the ''..'' 6218 path. Must be utf-8 encoded. The first 6219 item of the relative path must not start 6220 with ''..''' 6221 type: string 6222 resourceFieldRef: 6223 description: 'Selects a resource of the 6224 container: only resources limits and requests 6225 (limits.cpu, limits.memory, requests.cpu 6226 and requests.memory) are currently supported.' 6227 properties: 6228 containerName: 6229 description: 'Container name: required 6230 for volumes, optional for env vars' 6231 type: string 6232 divisor: 6233 anyOf: 6234 - type: integer 6235 - type: string 6236 description: Specifies the output format 6237 of the exposed resources, defaults 6238 to "1" 6239 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6240 x-kubernetes-int-or-string: true 6241 resource: 6242 description: 'Required: resource to 6243 select' 6244 type: string 6245 required: 6246 - resource 6247 type: object 6248 x-kubernetes-map-type: atomic 6249 required: 6250 - path 6251 type: object 6252 type: array 6253 type: object 6254 secret: 6255 description: secret information about the secret data 6256 to project 6257 properties: 6258 items: 6259 description: items if unspecified, each key-value 6260 pair in the Data field of the referenced Secret 6261 will be projected into the volume as a file 6262 whose name is the key and content is the value. 6263 If specified, the listed keys will be projected 6264 into the specified paths, and unlisted keys 6265 will not be present. If a key is specified which 6266 is not present in the Secret, the volume setup 6267 will error unless it is marked optional. Paths 6268 must be relative and may not contain the '..' 6269 path or start with '..'. 6270 items: 6271 description: Maps a string key to a path within 6272 a volume. 6273 properties: 6274 key: 6275 description: key is the key to project. 6276 type: string 6277 mode: 6278 description: 'mode is Optional: mode bits 6279 used to set permissions on this file. 6280 Must be an octal value between 0000 and 6281 0777 or a decimal value between 0 and 6282 511. YAML accepts both octal and decimal 6283 values, JSON requires decimal values for 6284 mode bits. If not specified, the volume 6285 defaultMode will be used. This might be 6286 in conflict with other options that affect 6287 the file mode, like fsGroup, and the result 6288 can be other mode bits set.' 6289 format: int32 6290 type: integer 6291 path: 6292 description: path is the relative path of 6293 the file to map the key to. May not be 6294 an absolute path. May not contain the 6295 path element '..'. May not start with 6296 the string '..'. 6297 type: string 6298 required: 6299 - key 6300 - path 6301 type: object 6302 type: array 6303 name: 6304 description: 'Name of the referent. More info: 6305 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6306 TODO: Add other useful fields. apiVersion, kind, 6307 uid?' 6308 type: string 6309 optional: 6310 description: optional field specify whether the 6311 Secret or its key must be defined 6312 type: boolean 6313 type: object 6314 x-kubernetes-map-type: atomic 6315 serviceAccountToken: 6316 description: serviceAccountToken is information about 6317 the serviceAccountToken data to project 6318 properties: 6319 audience: 6320 description: audience is the intended audience 6321 of the token. A recipient of a token must identify 6322 itself with an identifier specified in the audience 6323 of the token, and otherwise should reject the 6324 token. The audience defaults to the identifier 6325 of the apiserver. 6326 type: string 6327 expirationSeconds: 6328 description: expirationSeconds is the requested 6329 duration of validity of the service account 6330 token. As the token approaches expiration, the 6331 kubelet volume plugin will proactively rotate 6332 the service account token. The kubelet will 6333 start trying to rotate the token if the token 6334 is older than 80 percent of its time to live 6335 or if the token is older than 24 hours.Defaults 6336 to 1 hour and must be at least 10 minutes. 6337 format: int64 6338 type: integer 6339 path: 6340 description: path is the path relative to the 6341 mount point of the file to project the token 6342 into. 6343 type: string 6344 required: 6345 - path 6346 type: object 6347 type: object 6348 type: array 6349 type: object 6350 quobyte: 6351 description: quobyte represents a Quobyte mount on the host 6352 that shares a pod's lifetime 6353 properties: 6354 group: 6355 description: group to map volume access to Default is no 6356 group 6357 type: string 6358 readOnly: 6359 description: readOnly here will force the Quobyte volume 6360 to be mounted with read-only permissions. Defaults to 6361 false. 6362 type: boolean 6363 registry: 6364 description: registry represents a single or multiple Quobyte 6365 Registry services specified as a string as host:port pair 6366 (multiple entries are separated with commas) which acts 6367 as the central registry for volumes 6368 type: string 6369 tenant: 6370 description: tenant owning the given Quobyte volume in the 6371 Backend Used with dynamically provisioned Quobyte volumes, 6372 value is set by the plugin 6373 type: string 6374 user: 6375 description: user to map volume access to Defaults to serivceaccount 6376 user 6377 type: string 6378 volume: 6379 description: volume is a string that references an already 6380 created Quobyte volume by name. 6381 type: string 6382 required: 6383 - registry 6384 - volume 6385 type: object 6386 rbd: 6387 description: 'rbd represents a Rados Block Device mount on the 6388 host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 6389 properties: 6390 fsType: 6391 description: 'fsType is the filesystem type of the volume 6392 that you want to mount. Tip: Ensure that the filesystem 6393 type is supported by the host operating system. Examples: 6394 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 6395 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 6396 TODO: how do we prevent errors in the filesystem from 6397 compromising the machine' 6398 type: string 6399 image: 6400 description: 'image is the rados image name. More info: 6401 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6402 type: string 6403 keyring: 6404 description: 'keyring is the path to key ring for RBDUser. 6405 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6406 type: string 6407 monitors: 6408 description: 'monitors is a collection of Ceph monitors. 6409 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6410 items: 6411 type: string 6412 type: array 6413 pool: 6414 description: 'pool is the rados pool name. Default is rbd. 6415 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6416 type: string 6417 readOnly: 6418 description: 'readOnly here will force the ReadOnly setting 6419 in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6420 type: boolean 6421 secretRef: 6422 description: 'secretRef is name of the authentication secret 6423 for RBDUser. If provided overrides keyring. Default is 6424 nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6425 properties: 6426 name: 6427 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6428 TODO: Add other useful fields. apiVersion, kind, uid?' 6429 type: string 6430 type: object 6431 x-kubernetes-map-type: atomic 6432 user: 6433 description: 'user is the rados user name. Default is admin. 6434 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 6435 type: string 6436 required: 6437 - image 6438 - monitors 6439 type: object 6440 scaleIO: 6441 description: scaleIO represents a ScaleIO persistent volume 6442 attached and mounted on Kubernetes nodes. 6443 properties: 6444 fsType: 6445 description: fsType is the filesystem type to mount. Must 6446 be a filesystem type supported by the host operating system. 6447 Ex. "ext4", "xfs", "ntfs". Default is "xfs". 6448 type: string 6449 gateway: 6450 description: gateway is the host address of the ScaleIO 6451 API Gateway. 6452 type: string 6453 protectionDomain: 6454 description: protectionDomain is the name of the ScaleIO 6455 Protection Domain for the configured storage. 6456 type: string 6457 readOnly: 6458 description: readOnly Defaults to false (read/write). ReadOnly 6459 here will force the ReadOnly setting in VolumeMounts. 6460 type: boolean 6461 secretRef: 6462 description: secretRef references to the secret for ScaleIO 6463 user and other sensitive information. If this is not provided, 6464 Login operation will fail. 6465 properties: 6466 name: 6467 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6468 TODO: Add other useful fields. apiVersion, kind, uid?' 6469 type: string 6470 type: object 6471 x-kubernetes-map-type: atomic 6472 sslEnabled: 6473 description: sslEnabled Flag enable/disable SSL communication 6474 with Gateway, default false 6475 type: boolean 6476 storageMode: 6477 description: storageMode indicates whether the storage for 6478 a volume should be ThickProvisioned or ThinProvisioned. 6479 Default is ThinProvisioned. 6480 type: string 6481 storagePool: 6482 description: storagePool is the ScaleIO Storage Pool associated 6483 with the protection domain. 6484 type: string 6485 system: 6486 description: system is the name of the storage system as 6487 configured in ScaleIO. 6488 type: string 6489 volumeName: 6490 description: volumeName is the name of a volume already 6491 created in the ScaleIO system that is associated with 6492 this volume source. 6493 type: string 6494 required: 6495 - gateway 6496 - secretRef 6497 - system 6498 type: object 6499 secret: 6500 description: 'secret represents a secret that should populate 6501 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 6502 properties: 6503 defaultMode: 6504 description: 'defaultMode is Optional: mode bits used to 6505 set permissions on created files by default. Must be an 6506 octal value between 0000 and 0777 or a decimal value between 6507 0 and 511. YAML accepts both octal and decimal values, 6508 JSON requires decimal values for mode bits. Defaults to 6509 0644. Directories within the path are not affected by 6510 this setting. This might be in conflict with other options 6511 that affect the file mode, like fsGroup, and the result 6512 can be other mode bits set.' 6513 format: int32 6514 type: integer 6515 items: 6516 description: items If unspecified, each key-value pair in 6517 the Data field of the referenced Secret will be projected 6518 into the volume as a file whose name is the key and content 6519 is the value. If specified, the listed keys will be projected 6520 into the specified paths, and unlisted keys will not be 6521 present. If a key is specified which is not present in 6522 the Secret, the volume setup will error unless it is marked 6523 optional. Paths must be relative and may not contain the 6524 '..' path or start with '..'. 6525 items: 6526 description: Maps a string key to a path within a volume. 6527 properties: 6528 key: 6529 description: key is the key to project. 6530 type: string 6531 mode: 6532 description: 'mode is Optional: mode bits used to 6533 set permissions on this file. Must be an octal value 6534 between 0000 and 0777 or a decimal value between 6535 0 and 511. YAML accepts both octal and decimal values, 6536 JSON requires decimal values for mode bits. If not 6537 specified, the volume defaultMode will be used. 6538 This might be in conflict with other options that 6539 affect the file mode, like fsGroup, and the result 6540 can be other mode bits set.' 6541 format: int32 6542 type: integer 6543 path: 6544 description: path is the relative path of the file 6545 to map the key to. May not be an absolute path. 6546 May not contain the path element '..'. May not start 6547 with the string '..'. 6548 type: string 6549 required: 6550 - key 6551 - path 6552 type: object 6553 type: array 6554 optional: 6555 description: optional field specify whether the Secret or 6556 its keys must be defined 6557 type: boolean 6558 secretName: 6559 description: 'secretName is the name of the secret in the 6560 pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 6561 type: string 6562 type: object 6563 storageos: 6564 description: storageOS represents a StorageOS volume attached 6565 and mounted on Kubernetes nodes. 6566 properties: 6567 fsType: 6568 description: fsType is the filesystem type to mount. Must 6569 be a filesystem type supported by the host operating system. 6570 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 6571 if unspecified. 6572 type: string 6573 readOnly: 6574 description: readOnly defaults to false (read/write). ReadOnly 6575 here will force the ReadOnly setting in VolumeMounts. 6576 type: boolean 6577 secretRef: 6578 description: secretRef specifies the secret to use for obtaining 6579 the StorageOS API credentials. If not specified, default 6580 values will be attempted. 6581 properties: 6582 name: 6583 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6584 TODO: Add other useful fields. apiVersion, kind, uid?' 6585 type: string 6586 type: object 6587 x-kubernetes-map-type: atomic 6588 volumeName: 6589 description: volumeName is the human-readable name of the 6590 StorageOS volume. Volume names are only unique within 6591 a namespace. 6592 type: string 6593 volumeNamespace: 6594 description: volumeNamespace specifies the scope of the 6595 volume within StorageOS. If no namespace is specified 6596 then the Pod's namespace will be used. This allows the 6597 Kubernetes name scoping to be mirrored within StorageOS 6598 for tighter integration. Set VolumeName to any name to 6599 override the default behaviour. Set to "default" if you 6600 are not using namespaces within StorageOS. Namespaces 6601 that do not pre-exist within StorageOS will be created. 6602 type: string 6603 type: object 6604 vsphereVolume: 6605 description: vsphereVolume represents a vSphere volume attached 6606 and mounted on kubelets host machine 6607 properties: 6608 fsType: 6609 description: fsType is filesystem type to mount. Must be 6610 a filesystem type supported by the host operating system. 6611 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 6612 if unspecified. 6613 type: string 6614 storagePolicyID: 6615 description: storagePolicyID is the storage Policy Based 6616 Management (SPBM) profile ID associated with the StoragePolicyName. 6617 type: string 6618 storagePolicyName: 6619 description: storagePolicyName is the storage Policy Based 6620 Management (SPBM) profile name. 6621 type: string 6622 volumePath: 6623 description: volumePath is the path that identifies vSphere 6624 volume vmdk 6625 type: string 6626 required: 6627 - volumePath 6628 type: object 6629 required: 6630 - name 6631 type: object 6632 type: array 6633 type: object 6634 status: 6635 description: 'Most recent observed status of the ThanosRuler cluster. 6636 Read-only. Not included when requesting from the apiserver, only from 6637 the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 6638 properties: 6639 availableReplicas: 6640 description: Total number of available pods (ready for at least minReadySeconds) 6641 targeted by this ThanosRuler deployment. 6642 format: int32 6643 type: integer 6644 paused: 6645 description: Represents whether any actions on the underlying managed 6646 objects are being performed. Only delete actions will be performed. 6647 type: boolean 6648 replicas: 6649 description: Total number of non-terminated pods targeted by this 6650 ThanosRuler deployment (their labels match the selector). 6651 format: int32 6652 type: integer 6653 unavailableReplicas: 6654 description: Total number of unavailable pods targeted by this ThanosRuler 6655 deployment. 6656 format: int32 6657 type: integer 6658 updatedReplicas: 6659 description: Total number of non-terminated pods targeted by this 6660 ThanosRuler deployment that have the desired version spec. 6661 format: int32 6662 type: integer 6663 required: 6664 - availableReplicas 6665 - paused 6666 - replicas 6667 - unavailableReplicas 6668 - updatedReplicas 6669 type: object 6670 required: 6671 - spec 6672 type: object 6673 served: true 6674 storage: true 6675 subresources: {}