github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/config/prow/cluster/prowjob-crd/prowjob_customresourcedefinition.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 api-approved.kubernetes.io: https://github.com/kubernetes/test-infra/pull/8669 7 controller-gen.kubebuilder.io/version: v0.6.3-0.20210827222652-7b3a8699fa04 8 creationTimestamp: null 9 name: prowjobs.prow.k8s.io 10 spec: 11 preserveUnknownFields: false 12 group: prow.k8s.io 13 names: 14 kind: ProwJob 15 listKind: ProwJobList 16 plural: prowjobs 17 singular: prowjob 18 scope: Namespaced 19 versions: 20 - additionalPrinterColumns: 21 - description: The name of the job being run 22 jsonPath: .spec.job 23 name: Job 24 type: string 25 - description: The ID of the job being run. 26 jsonPath: .status.build_id 27 name: BuildId 28 type: string 29 - description: The type of job being run. 30 jsonPath: .spec.type 31 name: Type 32 type: string 33 - description: The org for which the job is running. 34 jsonPath: .spec.refs.org 35 name: Org 36 type: string 37 - description: The repo for which the job is running. 38 jsonPath: .spec.refs.repo 39 name: Repo 40 type: string 41 - description: The pulls for which the job is running. 42 jsonPath: .spec.refs.pulls[*].number 43 name: Pulls 44 type: string 45 - description: When the job started running. 46 jsonPath: .status.startTime 47 name: StartTime 48 type: date 49 - description: When the job finished running. 50 jsonPath: .status.completionTime 51 name: CompletionTime 52 type: date 53 - description: The state of the job. 54 jsonPath: .status.state 55 name: State 56 type: string 57 name: v1 58 schema: 59 openAPIV3Schema: 60 description: ProwJob contains the spec as well as runtime metadata. 61 properties: 62 apiVersion: 63 description: 'APIVersion defines the versioned schema of this representation 64 of an object. Servers should convert recognized schemas to the latest 65 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 66 type: string 67 kind: 68 description: 'Kind is a string value representing the REST resource this 69 object represents. Servers may infer this from the endpoint the client 70 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 71 type: string 72 metadata: 73 type: object 74 spec: 75 description: "ProwJobSpec configures the details of the prow job. \n Details 76 include the podspec, code to clone, the cluster it runs any child jobs, 77 concurrency limitations, etc." 78 properties: 79 agent: 80 description: Agent determines which controller fulfills this specific 81 ProwJobSpec and runs the job 82 type: string 83 cluster: 84 description: Cluster is which Kubernetes cluster is used to run the 85 job, only applicable for that specific agent 86 type: string 87 context: 88 description: Context is the name of the status context used to report 89 back to GitHub 90 type: string 91 decoration_config: 92 description: DecorationConfig holds configuration options for decorating 93 PodSpecs that users provide 94 properties: 95 blobless_fetch: 96 description: BloblessFetch tells Prow to avoid fetching objects 97 when cloning using the --filter=blob:none flag. 98 type: boolean 99 censor_secrets: 100 description: CensorSecrets enables censoring output logs and artifacts. 101 type: boolean 102 censoring_options: 103 description: CensoringOptions exposes options for censoring output 104 logs and artifacts. 105 properties: 106 censoring_buffer_size: 107 description: CensoringBufferSize is the size in bytes of the 108 buffer allocated for every file being censored. We want 109 to keep as little of the file in memory as possible in order 110 for censoring to be reasonably performant in space. However, 111 to guarantee that we censor every instance of every secret, 112 our buffer size must be at least two times larger than the 113 largest secret we are about to censor. While that size is 114 the smallest possible buffer we could use, if the secrets 115 being censored are small, censoring will not be performant 116 as the number of I/O actions per file would increase. If 117 unset, defaults to 10MiB. 118 type: integer 119 censoring_concurrency: 120 description: CensoringConcurrency is the maximum number of 121 goroutines that should be censoring artifacts and logs at 122 any time. If unset, defaults to 10. 123 format: int64 124 type: integer 125 exclude_directories: 126 description: ExcludeDirectories are directories which should 127 not have their content censored. If present, content in 128 these directories will not be censored even if the directory 129 also matches a glob in IncludeDirectories. Entries in this 130 list are relative to $ARTIFACTS, and are parsed with the 131 go-zglob library, allowing for globbed matches. 132 items: 133 type: string 134 type: array 135 include_directories: 136 description: IncludeDirectories are directories which should 137 have their content censored. If present, only content in 138 these directories will be censored. Entries in this list 139 are relative to $ARTIFACTS and are parsed with the go-zglob 140 library, allowing for globbed matches. 141 items: 142 type: string 143 type: array 144 type: object 145 cookiefile_secret: 146 description: CookieFileSecret is the name of a kubernetes secret 147 that contains a git http.cookiefile, which should be used during 148 the cloning process. 149 type: string 150 default_memory_request: 151 anyOf: 152 - type: integer 153 - type: string 154 description: DefaultMemoryRequest is the default requested memory 155 on a test container. If SetLimitEqualsMemoryRequest is also 156 true then the Limit will also be set the same as this request. 157 Could be overridden by memory request defined explicitly on 158 prowjob. 159 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 160 x-kubernetes-int-or-string: true 161 default_service_account_name: 162 description: DefaultServiceAccountName is the name of the Kubernetes 163 service account that should be used by the pod if one is not 164 specified in the podspec. 165 type: string 166 fs_group: 167 description: FsGroup defines special supplemental group ID used 168 in all containers in a Pod. This allows to change the ownership 169 of particular volumes by kubelet. This field will not override 170 the existing ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's 171 FsGroup 172 format: int64 173 type: integer 174 gcs_configuration: 175 description: GCSConfiguration holds options for pushing logs and 176 artifacts to GCS from a job. 177 properties: 178 bucket: 179 description: 'Bucket is the bucket to upload to, it can be: 180 * a GCS bucket: with gs:// prefix * a S3 bucket: with s3:// 181 prefix * a GCS bucket: without a prefix (deprecated, it''s 182 discouraged to use Bucket without prefix please add the 183 gs:// prefix)' 184 type: string 185 compress_file_types: 186 description: 'CompressFileTypes specify file types that should 187 be gzipped prior to upload. Matching files will be compressed 188 prior to upload, and the content-encoding on these files 189 will be set to gzip. GCS will transcode these gzipped files 190 transparently when viewing. See: https://cloud.google.com/storage/docs/transcoding 191 Example: "txt", "json" Use "*" for all' 192 items: 193 type: string 194 type: array 195 default_org: 196 description: DefaultOrg is omitted from GCS paths when using 197 the legacy or simple strategy 198 type: string 199 default_repo: 200 description: DefaultRepo is omitted from GCS paths when using 201 the legacy or simple strategy 202 type: string 203 job_url_prefix: 204 description: JobURLPrefix holds the baseURL under which the 205 jobs output can be viewed. If unset, this will be derived 206 based on org/repo from the job_url_prefix_config. 207 type: string 208 local_output_dir: 209 description: LocalOutputDir specifies a directory where files 210 should be copied INSTEAD of uploading to blob storage. This 211 option is useful for testing jobs that use the pod-utilities 212 without actually uploading. 213 type: string 214 mediaTypes: 215 additionalProperties: 216 type: string 217 description: 'MediaTypes holds additional extension media 218 types to add to Go''s builtin''s and the local system''s 219 defaults. This maps extensions to media types, for example: 220 MediaTypes["log"] = "text/plain"' 221 type: object 222 path_prefix: 223 description: PathPrefix is an optional path that follows the 224 bucket name and comes before any structure 225 type: string 226 path_strategy: 227 description: PathStrategy dictates how the org and repo are 228 used when calculating the full path to an artifact in GCS 229 type: string 230 type: object 231 gcs_credentials_secret: 232 description: GCSCredentialsSecret is the name of the Kubernetes 233 secret that holds GCS push credentials. 234 type: string 235 github_api_endpoints: 236 description: GitHubAPIEndpoints are the endpoints of GitHub APIs. 237 items: 238 type: string 239 type: array 240 github_app_id: 241 description: GitHubAppID is the ID of GitHub App, which is going 242 to be used for fetching a private repository. 243 type: string 244 github_app_private_key_secret: 245 description: GitHubAppPrivateKeySecret is a Kubernetes secret 246 that contains the GitHub App private key, which is going to 247 be used for fetching a private repository. 248 properties: 249 key: 250 description: Key is the key of the corresponding kubernetes 251 secret that holds the value of the GitHub App private key. 252 type: string 253 name: 254 description: Name is the name of a kubernetes secret. 255 type: string 256 type: object 257 grace_period: 258 description: GracePeriod is how long the pod utilities will wait 259 after sending SIGINT to send SIGKILL when aborting a job. Only 260 applicable if decorating the PodSpec. 261 type: string 262 oauth_token_secret: 263 description: OauthTokenSecret is a Kubernetes secret that contains 264 the OAuth token, which is going to be used for fetching a private 265 repository. 266 properties: 267 key: 268 description: Key is the key of the corresponding kubernetes 269 secret that holds the value of the OAuth token. 270 type: string 271 name: 272 description: Name is the name of a kubernetes secret. 273 type: string 274 type: object 275 pod_pending_timeout: 276 description: PodPendingTimeout defines how long the controller 277 will wait to perform garbage collection on pending pods. Specific 278 for OrgRepo or Cluster. If not set, it has a fallback inside 279 plank field. 280 type: string 281 pod_running_timeout: 282 description: PodRunningTimeout defines how long the controller 283 will wait to abort a prowjob pod stuck in running state. Specific 284 for OrgRepo or Cluster. If not set, it has a fallback inside 285 plank field. 286 type: string 287 pod_unscheduled_timeout: 288 description: PodUnscheduledTimeout defines how long the controller 289 will wait to abort a prowjob stuck in an unscheduled state. 290 Specific for OrgRepo or Cluster. If not set, it has a fallback 291 inside plank field. 292 type: string 293 resources: 294 description: Resources holds resource requests and limits for 295 utility containers used to decorate a PodSpec. 296 properties: 297 clonerefs: 298 description: ResourceRequirements describes the compute resource 299 requirements. 300 properties: 301 claims: 302 description: "Claims lists the names of resources, defined 303 in spec.resourceClaims, that are used by this container. 304 \n This is an alpha field and requires enabling the 305 DynamicResourceAllocation feature gate. \n This field 306 is immutable. It can only be set for containers." 307 items: 308 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 309 properties: 310 name: 311 description: Name must match the name of one entry 312 in pod.spec.resourceClaims of the Pod where this 313 field is used. It makes that resource available 314 inside a container. 315 type: string 316 required: 317 - name 318 type: object 319 type: array 320 x-kubernetes-list-map-keys: 321 - name 322 x-kubernetes-list-type: map 323 limits: 324 additionalProperties: 325 anyOf: 326 - type: integer 327 - type: string 328 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 329 x-kubernetes-int-or-string: true 330 description: 'Limits describes the maximum amount of compute 331 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 332 type: object 333 requests: 334 additionalProperties: 335 anyOf: 336 - type: integer 337 - type: string 338 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 339 x-kubernetes-int-or-string: true 340 description: 'Requests describes the minimum amount of 341 compute resources required. If Requests is omitted for 342 a container, it defaults to Limits if that is explicitly 343 specified, otherwise to an implementation-defined value. 344 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 345 type: object 346 type: object 347 initupload: 348 description: ResourceRequirements describes the compute resource 349 requirements. 350 properties: 351 claims: 352 description: "Claims lists the names of resources, defined 353 in spec.resourceClaims, that are used by this container. 354 \n This is an alpha field and requires enabling the 355 DynamicResourceAllocation feature gate. \n This field 356 is immutable. It can only be set for containers." 357 items: 358 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 359 properties: 360 name: 361 description: Name must match the name of one entry 362 in pod.spec.resourceClaims of the Pod where this 363 field is used. It makes that resource available 364 inside a container. 365 type: string 366 required: 367 - name 368 type: object 369 type: array 370 x-kubernetes-list-map-keys: 371 - name 372 x-kubernetes-list-type: map 373 limits: 374 additionalProperties: 375 anyOf: 376 - type: integer 377 - type: string 378 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 379 x-kubernetes-int-or-string: true 380 description: 'Limits describes the maximum amount of compute 381 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 382 type: object 383 requests: 384 additionalProperties: 385 anyOf: 386 - type: integer 387 - type: string 388 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 389 x-kubernetes-int-or-string: true 390 description: 'Requests describes the minimum amount of 391 compute resources required. If Requests is omitted for 392 a container, it defaults to Limits if that is explicitly 393 specified, otherwise to an implementation-defined value. 394 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 395 type: object 396 type: object 397 place_entrypoint: 398 description: ResourceRequirements describes the compute resource 399 requirements. 400 properties: 401 claims: 402 description: "Claims lists the names of resources, defined 403 in spec.resourceClaims, that are used by this container. 404 \n This is an alpha field and requires enabling the 405 DynamicResourceAllocation feature gate. \n This field 406 is immutable. It can only be set for containers." 407 items: 408 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 409 properties: 410 name: 411 description: Name must match the name of one entry 412 in pod.spec.resourceClaims of the Pod where this 413 field is used. It makes that resource available 414 inside a container. 415 type: string 416 required: 417 - name 418 type: object 419 type: array 420 x-kubernetes-list-map-keys: 421 - name 422 x-kubernetes-list-type: map 423 limits: 424 additionalProperties: 425 anyOf: 426 - type: integer 427 - type: string 428 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 429 x-kubernetes-int-or-string: true 430 description: 'Limits describes the maximum amount of compute 431 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 432 type: object 433 requests: 434 additionalProperties: 435 anyOf: 436 - type: integer 437 - type: string 438 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 439 x-kubernetes-int-or-string: true 440 description: 'Requests describes the minimum amount of 441 compute resources required. If Requests is omitted for 442 a container, it defaults to Limits if that is explicitly 443 specified, otherwise to an implementation-defined value. 444 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 445 type: object 446 type: object 447 sidecar: 448 description: ResourceRequirements describes the compute resource 449 requirements. 450 properties: 451 claims: 452 description: "Claims lists the names of resources, defined 453 in spec.resourceClaims, that are used by this container. 454 \n This is an alpha field and requires enabling the 455 DynamicResourceAllocation feature gate. \n This field 456 is immutable. It can only be set for containers." 457 items: 458 description: ResourceClaim references one entry in PodSpec.ResourceClaims. 459 properties: 460 name: 461 description: Name must match the name of one entry 462 in pod.spec.resourceClaims of the Pod where this 463 field is used. It makes that resource available 464 inside a container. 465 type: string 466 required: 467 - name 468 type: object 469 type: array 470 x-kubernetes-list-map-keys: 471 - name 472 x-kubernetes-list-type: map 473 limits: 474 additionalProperties: 475 anyOf: 476 - type: integer 477 - type: string 478 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 479 x-kubernetes-int-or-string: true 480 description: 'Limits describes the maximum amount of compute 481 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 482 type: object 483 requests: 484 additionalProperties: 485 anyOf: 486 - type: integer 487 - type: string 488 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 489 x-kubernetes-int-or-string: true 490 description: 'Requests describes the minimum amount of 491 compute resources required. If Requests is omitted for 492 a container, it defaults to Limits if that is explicitly 493 specified, otherwise to an implementation-defined value. 494 Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 495 type: object 496 type: object 497 type: object 498 run_as_group: 499 description: RunAsGroup defines GID of process in all containers 500 running in a Pod. This field will not override the existing 501 ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's 502 RunAsGroup 503 format: int64 504 type: integer 505 run_as_user: 506 description: RunAsUser defines UID for process in all containers 507 running in a Pod. This field will not override the existing 508 ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's 509 RunAsUser 510 format: int64 511 type: integer 512 s3_credentials_secret: 513 description: S3CredentialsSecret is the name of the Kubernetes 514 secret that holds blob storage push credentials. 515 type: string 516 set_limit_equals_memory_request: 517 description: SetLimitEqualsMemoryRequest sets memory limit equal 518 to request. 519 type: boolean 520 skip_cloning: 521 description: SkipCloning determines if we should clone source 522 code in the initcontainers for jobs that specify refs 523 type: boolean 524 ssh_host_fingerprints: 525 description: SSHHostFingerprints are the fingerprints of known 526 SSH hosts that the cloning process can trust. Create with ssh-keyscan 527 [-t rsa] host 528 items: 529 type: string 530 type: array 531 ssh_key_secrets: 532 description: SSHKeySecrets are the names of Kubernetes secrets 533 that contain SSK keys which should be used during the cloning 534 process. 535 items: 536 type: string 537 type: array 538 timeout: 539 description: Timeout is how long the pod utilities will wait before 540 aborting a job with SIGINT. 541 type: string 542 upload_ignores_interrupts: 543 description: UploadIgnoresInterrupts causes sidecar to ignore 544 interrupts for the upload process in hope that the test process 545 exits cleanly before starting an upload. 546 type: boolean 547 utility_images: 548 description: UtilityImages holds pull specs for utility container 549 images used to decorate a PodSpec. 550 properties: 551 clonerefs: 552 description: CloneRefs is the pull spec used for the clonerefs 553 utility 554 type: string 555 entrypoint: 556 description: Entrypoint is the pull spec used for the entrypoint 557 utility 558 type: string 559 initupload: 560 description: InitUpload is the pull spec used for the initupload 561 utility 562 type: string 563 sidecar: 564 description: sidecar is the pull spec used for the sidecar 565 utility 566 type: string 567 type: object 568 type: object 569 error_on_eviction: 570 description: ErrorOnEviction indicates that the ProwJob should be 571 completed and given the ErrorState status if the pod that is executing 572 the job is evicted. If this field is unspecified or false, a new 573 pod will be created to replace the evicted one. 574 type: boolean 575 extra_refs: 576 description: ExtraRefs are auxiliary repositories that need to be 577 cloned, determined from config 578 items: 579 description: Refs describes how the repo was constructed. 580 properties: 581 base_link: 582 description: BaseLink is a link to the commit identified by 583 BaseSHA. 584 type: string 585 base_ref: 586 type: string 587 base_sha: 588 type: string 589 blobless_fetch: 590 description: BloblessFetch tells prow to avoid fetching objects 591 when cloning using the --filter=blob:none flag. If unspecified, 592 defaults to DecorationConfig.BloblessFetch. 593 type: boolean 594 clone_depth: 595 description: CloneDepth is the depth of the clone that will 596 be used. A depth of zero will do a full clone. 597 type: integer 598 clone_uri: 599 description: CloneURI is the URI that is used to clone the repository. 600 If unset, will default to `https://github.com/org/repo.git`. 601 type: string 602 org: 603 description: Org is something like kubernetes or k8s.io 604 type: string 605 path_alias: 606 description: PathAlias is the location under <root-dir>/src 607 where this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo 608 will be used as the default. 609 type: string 610 pulls: 611 items: 612 description: Pull describes a pull request at a particular 613 point in time. 614 properties: 615 author: 616 type: string 617 author_link: 618 description: AuthorLink links to the author of the pull 619 request. 620 type: string 621 commit_link: 622 description: CommitLink links to the commit identified 623 by the SHA. 624 type: string 625 head_ref: 626 description: 'HeadRef is the git ref (branch name) of 627 the proposed change. This can be more human-readable 628 than just a PR #, and some tools want this metadata 629 to help associate the work with a pull request (e.g. 630 some code scanning services, or chromatic.com).' 631 type: string 632 link: 633 description: Link links to the pull request itself. 634 type: string 635 number: 636 type: integer 637 ref: 638 description: 'Ref is git ref can be checked out for a 639 change for example, github: pull/123/head gerrit: refs/changes/00/123/1' 640 type: string 641 sha: 642 type: string 643 title: 644 type: string 645 required: 646 - author 647 - number 648 - sha 649 type: object 650 type: array 651 repo: 652 description: Repo is something like test-infra 653 type: string 654 repo_link: 655 description: RepoLink links to the source for Repo. 656 type: string 657 skip_fetch_head: 658 description: SkipFetchHead tells prow to avoid a git fetch <remote> 659 call. Multiheaded repos may need to not make this call. The 660 git fetch <remote> <BaseRef> call occurs regardless. 661 type: boolean 662 skip_submodules: 663 description: SkipSubmodules determines if submodules should 664 be cloned when the job is run. Defaults to false. 665 type: boolean 666 workdir: 667 description: WorkDir defines if the location of the cloned repository 668 will be used as the default working directory. 669 type: boolean 670 required: 671 - org 672 - repo 673 type: object 674 type: array 675 hidden: 676 description: Hidden specifies if the Job is considered hidden. Hidden 677 jobs are only shown by deck instances that have the `--hiddenOnly=true` 678 or `--show-hidden=true` flag set. Presubmits and Postsubmits can 679 also be set to hidden by adding their repository in Decks `hidden_repo` 680 setting. 681 type: boolean 682 jenkins_spec: 683 description: JenkinsSpec holds configuration specific to Jenkins jobs 684 properties: 685 github_branch_source_job: 686 type: boolean 687 type: object 688 job: 689 description: Job is the name of the job 690 type: string 691 job_queue_name: 692 description: JobQueueName is an optional field with name of a queue 693 defining max concurrency. When several jobs from the same queue 694 try to run at the same time, the number of them that is actually 695 started is limited by JobQueueCapacities (part of Plank's config). 696 If this field is left undefined inifinite concurrency is assumed. 697 This behaviour may be superseded by MaxConcurrency field, if it 698 is set to a constraining value. 699 type: string 700 max_concurrency: 701 description: MaxConcurrency restricts the total number of instances 702 of this job that can run in parallel at once. This is a separate 703 mechanism to JobQueueName and the lowest max concurrency is selected 704 from these two. 705 minimum: 0 706 type: integer 707 namespace: 708 description: Namespace defines where to create pods/resources. 709 type: string 710 pipeline_run_spec: 711 description: PipelineRunSpec provides the basis for running the test 712 as a pipeline-crd resource https://github.com/tektoncd/pipeline 713 properties: 714 params: 715 description: Params is a list of parameter names and values. 716 items: 717 description: Param declares an ParamValues to use for the parameter 718 called name. 719 properties: 720 name: 721 type: string 722 value: 723 description: ParamValue is a type that can hold a single 724 string or string array. Used in JSON unmarshalling so 725 that a single JSON field can accept either an individual 726 string or an array of strings. 727 properties: 728 arrayVal: 729 items: 730 type: string 731 type: array 732 x-kubernetes-list-type: atomic 733 objectVal: 734 additionalProperties: 735 type: string 736 type: object 737 stringVal: 738 type: string 739 type: 740 description: ParamType indicates the type of an input 741 parameter; Used to distinguish between a single string 742 and an array of strings. 743 type: string 744 required: 745 - arrayVal 746 - objectVal 747 - stringVal 748 - type 749 type: object 750 required: 751 - name 752 - value 753 type: object 754 type: array 755 x-kubernetes-list-type: atomic 756 pipelineRef: 757 description: PipelineRef can be used to refer to a specific instance 758 of a Pipeline. 759 properties: 760 apiVersion: 761 description: API version of the referent 762 type: string 763 bundle: 764 description: 'Bundle url reference to a Tekton Bundle. Deprecated: 765 Please use ResolverRef with the bundles resolver instead.' 766 type: string 767 name: 768 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 769 type: string 770 params: 771 description: Params contains the parameters used to identify 772 the referenced Tekton resource. Example entries might include 773 "repo" or "path" but the set of params ultimately depends 774 on the chosen resolver. 775 items: 776 description: Param declares an ParamValues to use for the 777 parameter called name. 778 properties: 779 name: 780 type: string 781 value: 782 description: ParamValue is a type that can hold a single 783 string or string array. Used in JSON unmarshalling 784 so that a single JSON field can accept either an individual 785 string or an array of strings. 786 properties: 787 arrayVal: 788 items: 789 type: string 790 type: array 791 x-kubernetes-list-type: atomic 792 objectVal: 793 additionalProperties: 794 type: string 795 type: object 796 stringVal: 797 type: string 798 type: 799 description: ParamType indicates the type of an 800 input parameter; Used to distinguish between a 801 single string and an array of strings. 802 type: string 803 required: 804 - arrayVal 805 - objectVal 806 - stringVal 807 - type 808 type: object 809 required: 810 - name 811 - value 812 type: object 813 type: array 814 x-kubernetes-list-type: atomic 815 resolver: 816 description: Resolver is the name of the resolver that should 817 perform resolution of the referenced Tekton resource, such 818 as "git". 819 type: string 820 type: object 821 pipelineSpec: 822 description: PipelineSpec defines the desired state of Pipeline. 823 properties: 824 description: 825 description: Description is a user-facing description of the 826 pipeline that may be used to populate a UI. 827 type: string 828 finally: 829 description: Finally declares the list of Tasks that execute 830 just before leaving the Pipeline i.e. either after all Tasks 831 are finished executing successfully or after a failure which 832 would result in ending the Pipeline 833 items: 834 description: PipelineTask defines a task in a Pipeline, 835 passing inputs from both Params and from the output of 836 previous tasks. 837 properties: 838 matrix: 839 description: Matrix declares parameters used to fan 840 out this task. 841 properties: 842 params: 843 description: Params is a list of parameters used 844 to fan out the pipelineTask Params takes only 845 `Parameters` of type `"array"` Each array element 846 is supplied to the `PipelineTask` by substituting 847 `params` of type `"string"` in the underlying 848 `Task`. The names of the `params` in the `Matrix` 849 must match the names of the `params` in the underlying 850 `Task` that they will be substituting. 851 items: 852 description: Param declares an ParamValues to 853 use for the parameter called name. 854 properties: 855 name: 856 type: string 857 value: 858 description: ParamValue is a type that can 859 hold a single string or string array. Used 860 in JSON unmarshalling so that a single JSON 861 field can accept either an individual string 862 or an array of strings. 863 properties: 864 arrayVal: 865 items: 866 type: string 867 type: array 868 x-kubernetes-list-type: atomic 869 objectVal: 870 additionalProperties: 871 type: string 872 type: object 873 stringVal: 874 type: string 875 type: 876 description: ParamType indicates the type 877 of an input parameter; Used to distinguish 878 between a single string and an array 879 of strings. 880 type: string 881 required: 882 - arrayVal 883 - objectVal 884 - stringVal 885 - type 886 type: object 887 required: 888 - name 889 - value 890 type: object 891 type: array 892 x-kubernetes-list-type: atomic 893 type: object 894 name: 895 description: Name is the name of this task within the 896 context of a Pipeline. Name is used as a coordinate 897 with the `from` and `runAfter` fields to establish 898 the execution order of tasks relative to one another. 899 type: string 900 params: 901 description: Parameters declares parameters passed to 902 this task. 903 items: 904 description: Param declares an ParamValues to use 905 for the parameter called name. 906 properties: 907 name: 908 type: string 909 value: 910 description: ParamValue is a type that can hold 911 a single string or string array. Used in JSON 912 unmarshalling so that a single JSON field can 913 accept either an individual string or an array 914 of strings. 915 properties: 916 arrayVal: 917 items: 918 type: string 919 type: array 920 x-kubernetes-list-type: atomic 921 objectVal: 922 additionalProperties: 923 type: string 924 type: object 925 stringVal: 926 type: string 927 type: 928 description: ParamType indicates the type 929 of an input parameter; Used to distinguish 930 between a single string and an array of 931 strings. 932 type: string 933 required: 934 - arrayVal 935 - objectVal 936 - stringVal 937 - type 938 type: object 939 required: 940 - name 941 - value 942 type: object 943 type: array 944 x-kubernetes-list-type: atomic 945 resources: 946 description: Resources declares the resources given 947 to this task as inputs and outputs. 948 properties: 949 inputs: 950 description: Inputs holds the mapping from the PipelineResources 951 declared in DeclaredPipelineResources to the input 952 PipelineResources required by the Task. 953 items: 954 description: PipelineTaskInputResource maps the 955 name of a declared PipelineResource input dependency 956 in a Task to the resource in the Pipeline's 957 DeclaredPipelineResources that should be used. 958 This input may come from a previous task. 959 properties: 960 from: 961 description: From is the list of PipelineTask 962 names that the resource has to come from. 963 (Implies an ordering in the execution graph.) 964 items: 965 type: string 966 type: array 967 x-kubernetes-list-type: atomic 968 name: 969 description: Name is the name of the PipelineResource 970 as declared by the Task. 971 type: string 972 resource: 973 description: Resource is the name of the DeclaredPipelineResource 974 to use. 975 type: string 976 required: 977 - name 978 - resource 979 type: object 980 type: array 981 x-kubernetes-list-type: atomic 982 outputs: 983 description: Outputs holds the mapping from the 984 PipelineResources declared in DeclaredPipelineResources 985 to the input PipelineResources required by the 986 Task. 987 items: 988 description: PipelineTaskOutputResource maps the 989 name of a declared PipelineResource output dependency 990 in a Task to the resource in the Pipeline's 991 DeclaredPipelineResources that should be used. 992 properties: 993 name: 994 description: Name is the name of the PipelineResource 995 as declared by the Task. 996 type: string 997 resource: 998 description: Resource is the name of the DeclaredPipelineResource 999 to use. 1000 type: string 1001 required: 1002 - name 1003 - resource 1004 type: object 1005 type: array 1006 x-kubernetes-list-type: atomic 1007 type: object 1008 retries: 1009 description: 'Retries represents how many times this 1010 task should be retried in case of task failure: ConditionSucceeded 1011 set to False' 1012 type: integer 1013 runAfter: 1014 description: RunAfter is the list of PipelineTask names 1015 that should be executed before this Task executes. 1016 (Used to force a specific ordering in graph execution.) 1017 items: 1018 type: string 1019 type: array 1020 x-kubernetes-list-type: atomic 1021 taskRef: 1022 description: TaskRef is a reference to a task definition. 1023 properties: 1024 apiVersion: 1025 description: API version of the referent 1026 type: string 1027 bundle: 1028 description: 'Bundle url reference to a Tekton Bundle. 1029 Deprecated: Please use ResolverRef with the bundles 1030 resolver instead.' 1031 type: string 1032 kind: 1033 description: TaskKind indicates the kind of the 1034 task, namespaced or cluster scoped. 1035 type: string 1036 name: 1037 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 1038 type: string 1039 params: 1040 description: Params contains the parameters used 1041 to identify the referenced Tekton resource. Example 1042 entries might include "repo" or "path" but the 1043 set of params ultimately depends on the chosen 1044 resolver. 1045 items: 1046 description: Param declares an ParamValues to 1047 use for the parameter called name. 1048 properties: 1049 name: 1050 type: string 1051 value: 1052 description: ParamValue is a type that can 1053 hold a single string or string array. Used 1054 in JSON unmarshalling so that a single JSON 1055 field can accept either an individual string 1056 or an array of strings. 1057 properties: 1058 arrayVal: 1059 items: 1060 type: string 1061 type: array 1062 x-kubernetes-list-type: atomic 1063 objectVal: 1064 additionalProperties: 1065 type: string 1066 type: object 1067 stringVal: 1068 type: string 1069 type: 1070 description: ParamType indicates the type 1071 of an input parameter; Used to distinguish 1072 between a single string and an array 1073 of strings. 1074 type: string 1075 required: 1076 - arrayVal 1077 - objectVal 1078 - stringVal 1079 - type 1080 type: object 1081 required: 1082 - name 1083 - value 1084 type: object 1085 type: array 1086 x-kubernetes-list-type: atomic 1087 resolver: 1088 description: Resolver is the name of the resolver 1089 that should perform resolution of the referenced 1090 Tekton resource, such as "git". 1091 type: string 1092 type: object 1093 taskSpec: 1094 description: TaskSpec is a specification of a task 1095 properties: 1096 apiVersion: 1097 type: string 1098 description: 1099 description: Description is a user-facing description 1100 of the task that may be used to populate a UI. 1101 type: string 1102 kind: 1103 type: string 1104 metadata: 1105 description: PipelineTaskMetadata contains the labels 1106 or annotations for an EmbeddedTask 1107 properties: 1108 annotations: 1109 additionalProperties: 1110 type: string 1111 type: object 1112 labels: 1113 additionalProperties: 1114 type: string 1115 type: object 1116 type: object 1117 params: 1118 description: Params is a list of input parameters 1119 required to run the task. Params must be supplied 1120 as inputs in TaskRuns unless they declare a default 1121 value. 1122 items: 1123 description: ParamSpec defines arbitrary parameters 1124 needed beyond typed inputs (such as resources). 1125 Parameter values are provided by users as inputs 1126 on a TaskRun or PipelineRun. 1127 properties: 1128 default: 1129 description: Default is the value a parameter 1130 takes if no input value is supplied. If 1131 default is set, a Task may be executed without 1132 a supplied value for the parameter. 1133 properties: 1134 arrayVal: 1135 items: 1136 type: string 1137 type: array 1138 x-kubernetes-list-type: atomic 1139 objectVal: 1140 additionalProperties: 1141 type: string 1142 type: object 1143 stringVal: 1144 type: string 1145 type: 1146 description: ParamType indicates the type 1147 of an input parameter; Used to distinguish 1148 between a single string and an array 1149 of strings. 1150 type: string 1151 required: 1152 - arrayVal 1153 - objectVal 1154 - stringVal 1155 - type 1156 type: object 1157 description: 1158 description: Description is a user-facing 1159 description of the parameter that may be 1160 used to populate a UI. 1161 type: string 1162 name: 1163 description: Name declares the name by which 1164 a parameter is referenced. 1165 type: string 1166 properties: 1167 additionalProperties: 1168 description: PropertySpec defines the struct 1169 for object keys 1170 properties: 1171 type: 1172 description: ParamType indicates the 1173 type of an input parameter; Used to 1174 distinguish between a single string 1175 and an array of strings. 1176 type: string 1177 type: object 1178 description: Properties is the JSON Schema 1179 properties to support key-value pairs parameter. 1180 type: object 1181 type: 1182 description: Type is the user-specified type 1183 of the parameter. The possible types are 1184 currently "string", "array" and "object", 1185 and "string" is the default. 1186 type: string 1187 required: 1188 - name 1189 type: object 1190 type: array 1191 x-kubernetes-list-type: atomic 1192 resources: 1193 description: Resources is a list input and output 1194 resource to run the task Resources are represented 1195 in TaskRuns as bindings to instances of PipelineResources. 1196 properties: 1197 inputs: 1198 description: Inputs holds the mapping from the 1199 PipelineResources declared in DeclaredPipelineResources 1200 to the input PipelineResources required by 1201 the Task. 1202 items: 1203 description: TaskResource defines an input 1204 or output Resource declared as a requirement 1205 by a Task. The Name field will be used to 1206 refer to these Resources within the Task 1207 definition, and when provided as an Input, 1208 the Name will be the path to the volume 1209 mounted containing this Resource as an input 1210 (e.g. an input Resource named `workspace` 1211 will be mounted at `/workspace`). 1212 properties: 1213 description: 1214 description: Description is a user-facing 1215 description of the declared resource 1216 that may be used to populate a UI. 1217 type: string 1218 name: 1219 description: Name declares the name by 1220 which a resource is referenced in the 1221 definition. Resources may be referenced 1222 by name in the definition of a Task's 1223 steps. 1224 type: string 1225 optional: 1226 description: 'Optional declares the resource 1227 as optional. By default optional is 1228 set to false which makes a resource 1229 required. optional: true - the resource 1230 is considered optional optional: false 1231 - the resource is considered required 1232 (equivalent of not specifying it)' 1233 type: boolean 1234 targetPath: 1235 description: TargetPath is the path in 1236 workspace directory where the resource 1237 will be copied. 1238 type: string 1239 type: 1240 description: Type is the type of this 1241 resource; 1242 type: string 1243 required: 1244 - name 1245 - type 1246 type: object 1247 type: array 1248 x-kubernetes-list-type: atomic 1249 outputs: 1250 description: Outputs holds the mapping from 1251 the PipelineResources declared in DeclaredPipelineResources 1252 to the input PipelineResources required by 1253 the Task. 1254 items: 1255 description: TaskResource defines an input 1256 or output Resource declared as a requirement 1257 by a Task. The Name field will be used to 1258 refer to these Resources within the Task 1259 definition, and when provided as an Input, 1260 the Name will be the path to the volume 1261 mounted containing this Resource as an input 1262 (e.g. an input Resource named `workspace` 1263 will be mounted at `/workspace`). 1264 properties: 1265 description: 1266 description: Description is a user-facing 1267 description of the declared resource 1268 that may be used to populate a UI. 1269 type: string 1270 name: 1271 description: Name declares the name by 1272 which a resource is referenced in the 1273 definition. Resources may be referenced 1274 by name in the definition of a Task's 1275 steps. 1276 type: string 1277 optional: 1278 description: 'Optional declares the resource 1279 as optional. By default optional is 1280 set to false which makes a resource 1281 required. optional: true - the resource 1282 is considered optional optional: false 1283 - the resource is considered required 1284 (equivalent of not specifying it)' 1285 type: boolean 1286 targetPath: 1287 description: TargetPath is the path in 1288 workspace directory where the resource 1289 will be copied. 1290 type: string 1291 type: 1292 description: Type is the type of this 1293 resource; 1294 type: string 1295 required: 1296 - name 1297 - type 1298 type: object 1299 type: array 1300 x-kubernetes-list-type: atomic 1301 type: object 1302 results: 1303 description: Results are values that this Task can 1304 output 1305 items: 1306 description: TaskResult used to describe the results 1307 of a task 1308 properties: 1309 description: 1310 description: Description is a human-readable 1311 description of the result 1312 type: string 1313 name: 1314 description: Name the given name 1315 type: string 1316 properties: 1317 additionalProperties: 1318 description: PropertySpec defines the struct 1319 for object keys 1320 properties: 1321 type: 1322 description: ParamType indicates the 1323 type of an input parameter; Used to 1324 distinguish between a single string 1325 and an array of strings. 1326 type: string 1327 type: object 1328 description: Properties is the JSON Schema 1329 properties to support key-value pairs results. 1330 type: object 1331 type: 1332 description: Type is the user-specified type 1333 of the result. The possible type is currently 1334 "string" and will support "array" in following 1335 work. 1336 type: string 1337 required: 1338 - name 1339 type: object 1340 type: array 1341 x-kubernetes-list-type: atomic 1342 sidecars: 1343 description: Sidecars are run alongside the Task's 1344 step containers. They begin before the steps start 1345 and end after the steps complete. 1346 items: 1347 description: Sidecar has nearly the same data 1348 structure as Step but does not have the ability 1349 to timeout. 1350 properties: 1351 args: 1352 description: 'Arguments to the entrypoint. 1353 The image''s CMD is used if this is not 1354 provided. Variable references $(VAR_NAME) 1355 are expanded using the container''s environment. 1356 If a variable cannot be resolved, the reference 1357 in the input string will be unchanged. Double 1358 $$ are reduced to a single $, which allows 1359 for escaping the $(VAR_NAME) syntax: i.e. 1360 "$$(VAR_NAME)" will produce the string literal 1361 "$(VAR_NAME)". Escaped references will never 1362 be expanded, regardless of whether the variable 1363 exists or not. Cannot be updated. More info: 1364 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1365 items: 1366 type: string 1367 type: array 1368 x-kubernetes-list-type: atomic 1369 command: 1370 description: 'Entrypoint array. Not executed 1371 within a shell. The image''s ENTRYPOINT 1372 is used if this is not provided. Variable 1373 references $(VAR_NAME) are expanded using 1374 the Sidecar''s environment. If a variable 1375 cannot be resolved, the reference in the 1376 input string will be unchanged. Double $$ 1377 are reduced to a single $, which allows 1378 for escaping the $(VAR_NAME) syntax: i.e. 1379 "$$(VAR_NAME)" will produce the string literal 1380 "$(VAR_NAME)". Escaped references will never 1381 be expanded, regardless of whether the variable 1382 exists or not. Cannot be updated. More info: 1383 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1384 items: 1385 type: string 1386 type: array 1387 x-kubernetes-list-type: atomic 1388 env: 1389 description: List of environment variables 1390 to set in the Sidecar. Cannot be updated. 1391 items: 1392 description: EnvVar represents an environment 1393 variable present in a Container. 1394 properties: 1395 name: 1396 description: Name of the environment 1397 variable. Must be a C_IDENTIFIER. 1398 type: string 1399 value: 1400 description: 'Variable references $(VAR_NAME) 1401 are expanded using the previously 1402 defined environment variables in the 1403 container and any service environment 1404 variables. If a variable cannot be 1405 resolved, the reference in the input 1406 string will be unchanged. Double $$ 1407 are reduced to a single $, which allows 1408 for escaping the $(VAR_NAME) syntax: 1409 i.e. "$$(VAR_NAME)" will produce the 1410 string literal "$(VAR_NAME)". Escaped 1411 references will never be expanded, 1412 regardless of whether the variable 1413 exists or not. Defaults to "".' 1414 type: string 1415 valueFrom: 1416 description: Source for the environment 1417 variable's value. Cannot be used if 1418 value is not empty. 1419 properties: 1420 configMapKeyRef: 1421 description: Selects a key of a 1422 ConfigMap. 1423 properties: 1424 key: 1425 description: The key to select. 1426 type: string 1427 name: 1428 description: 'Name of the referent. 1429 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1430 TODO: Add other useful fields. 1431 apiVersion, kind, uid?' 1432 type: string 1433 optional: 1434 description: Specify whether 1435 the ConfigMap or its key must 1436 be defined 1437 type: boolean 1438 required: 1439 - key 1440 type: object 1441 fieldRef: 1442 description: 'Selects a field of 1443 the pod: supports metadata.name, 1444 metadata.namespace, `metadata.labels[''<KEY>'']`, 1445 `metadata.annotations[''<KEY>'']`, 1446 spec.nodeName, spec.serviceAccountName, 1447 status.hostIP, status.podIP, status.podIPs.' 1448 properties: 1449 apiVersion: 1450 description: Version of the 1451 schema the FieldPath is written 1452 in terms of, defaults to "v1". 1453 type: string 1454 fieldPath: 1455 description: Path of the field 1456 to select in the specified 1457 API version. 1458 type: string 1459 required: 1460 - fieldPath 1461 type: object 1462 resourceFieldRef: 1463 description: 'Selects a resource 1464 of the container: only resources 1465 limits and requests (limits.cpu, 1466 limits.memory, limits.ephemeral-storage, 1467 requests.cpu, requests.memory 1468 and requests.ephemeral-storage) 1469 are currently supported.' 1470 properties: 1471 containerName: 1472 description: 'Container name: 1473 required for volumes, optional 1474 for env vars' 1475 type: string 1476 divisor: 1477 anyOf: 1478 - type: integer 1479 - type: string 1480 description: Specifies the output 1481 format of the exposed resources, 1482 defaults to "1" 1483 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1484 x-kubernetes-int-or-string: true 1485 resource: 1486 description: 'Required: resource 1487 to select' 1488 type: string 1489 required: 1490 - resource 1491 type: object 1492 secretKeyRef: 1493 description: Selects a key of a 1494 secret in the pod's namespace 1495 properties: 1496 key: 1497 description: The key of the 1498 secret to select from. Must 1499 be a valid secret key. 1500 type: string 1501 name: 1502 description: 'Name of the referent. 1503 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1504 TODO: Add other useful fields. 1505 apiVersion, kind, uid?' 1506 type: string 1507 optional: 1508 description: Specify whether 1509 the Secret or its key must 1510 be defined 1511 type: boolean 1512 required: 1513 - key 1514 type: object 1515 type: object 1516 required: 1517 - name 1518 type: object 1519 type: array 1520 x-kubernetes-list-type: atomic 1521 envFrom: 1522 description: List of sources to populate environment 1523 variables in the Sidecar. The keys defined 1524 within a source must be a C_IDENTIFIER. 1525 All invalid keys will be reported as an 1526 event when the Sidecar is starting. When 1527 a key exists in multiple sources, the value 1528 associated with the last source will take 1529 precedence. Values defined by an Env with 1530 a duplicate key will take precedence. Cannot 1531 be updated. 1532 items: 1533 description: EnvFromSource represents the 1534 source of a set of ConfigMaps 1535 properties: 1536 configMapRef: 1537 description: The ConfigMap to select 1538 from 1539 properties: 1540 name: 1541 description: 'Name of the referent. 1542 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1543 TODO: Add other useful fields. 1544 apiVersion, kind, uid?' 1545 type: string 1546 optional: 1547 description: Specify whether the 1548 ConfigMap must be defined 1549 type: boolean 1550 type: object 1551 prefix: 1552 description: An optional identifier 1553 to prepend to each key in the ConfigMap. 1554 Must be a C_IDENTIFIER. 1555 type: string 1556 secretRef: 1557 description: The Secret to select from 1558 properties: 1559 name: 1560 description: 'Name of the referent. 1561 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1562 TODO: Add other useful fields. 1563 apiVersion, kind, uid?' 1564 type: string 1565 optional: 1566 description: Specify whether the 1567 Secret must be defined 1568 type: boolean 1569 type: object 1570 type: object 1571 type: array 1572 x-kubernetes-list-type: atomic 1573 image: 1574 description: 'Image name to be used by the 1575 Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images' 1576 type: string 1577 imagePullPolicy: 1578 description: 'Image pull policy. One of Always, 1579 Never, IfNotPresent. Defaults to Always 1580 if :latest tag is specified, or IfNotPresent 1581 otherwise. Cannot be updated. More info: 1582 https://kubernetes.io/docs/concepts/containers/images#updating-images' 1583 type: string 1584 lifecycle: 1585 description: Actions that the management system 1586 should take in response to Sidecar lifecycle 1587 events. Cannot be updated. 1588 properties: 1589 postStart: 1590 description: 'PostStart is called immediately 1591 after a container is created. If the 1592 handler fails, the container is terminated 1593 and restarted according to its restart 1594 policy. Other management of the container 1595 blocks until the hook completes. More 1596 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1597 properties: 1598 exec: 1599 description: Exec specifies the action 1600 to take. 1601 properties: 1602 command: 1603 description: Command is the command 1604 line to execute inside the container, 1605 the working directory for the 1606 command is root ('/') in the 1607 container's filesystem. The 1608 command is simply exec'd, it 1609 is not run inside a shell, so 1610 traditional shell instructions 1611 ('|', etc) won't work. To use 1612 a shell, you need to explicitly 1613 call out to that shell. Exit 1614 status of 0 is treated as live/healthy 1615 and non-zero is unhealthy. 1616 items: 1617 type: string 1618 type: array 1619 type: object 1620 httpGet: 1621 description: HTTPGet specifies the 1622 http request to perform. 1623 properties: 1624 host: 1625 description: Host name to connect 1626 to, defaults to the pod IP. 1627 You probably want to set "Host" 1628 in httpHeaders instead. 1629 type: string 1630 httpHeaders: 1631 description: Custom headers to 1632 set in the request. HTTP allows 1633 repeated headers. 1634 items: 1635 description: HTTPHeader describes 1636 a custom header to be used 1637 in HTTP probes 1638 properties: 1639 name: 1640 description: The header 1641 field name. This will 1642 be canonicalized upon 1643 output, so case-variant 1644 names will be understood 1645 as the same header. 1646 type: string 1647 value: 1648 description: The header 1649 field value 1650 type: string 1651 required: 1652 - name 1653 - value 1654 type: object 1655 type: array 1656 path: 1657 description: Path to access on 1658 the HTTP server. 1659 type: string 1660 port: 1661 anyOf: 1662 - type: integer 1663 - type: string 1664 description: Name or number of 1665 the port to access on the container. 1666 Number must be in the range 1667 1 to 65535. Name must be an 1668 IANA_SVC_NAME. 1669 x-kubernetes-int-or-string: true 1670 scheme: 1671 description: Scheme to use for 1672 connecting to the host. Defaults 1673 to HTTP. 1674 type: string 1675 required: 1676 - port 1677 type: object 1678 tcpSocket: 1679 description: Deprecated. TCPSocket 1680 is NOT supported as a LifecycleHandler 1681 and kept for the backward compatibility. 1682 There are no validation of this 1683 field and lifecycle hooks will fail 1684 in runtime when tcp handler is specified. 1685 properties: 1686 host: 1687 description: 'Optional: Host name 1688 to connect to, defaults to the 1689 pod IP.' 1690 type: string 1691 port: 1692 anyOf: 1693 - type: integer 1694 - type: string 1695 description: Number or name of 1696 the port to access on the container. 1697 Number must be in the range 1698 1 to 65535. Name must be an 1699 IANA_SVC_NAME. 1700 x-kubernetes-int-or-string: true 1701 required: 1702 - port 1703 type: object 1704 type: object 1705 preStop: 1706 description: 'PreStop is called immediately 1707 before a container is terminated due 1708 to an API request or management event 1709 such as liveness/startup probe failure, 1710 preemption, resource contention, etc. 1711 The handler is not called if the container 1712 crashes or exits. The Pod''s termination 1713 grace period countdown begins before 1714 the PreStop hook is executed. Regardless 1715 of the outcome of the handler, the container 1716 will eventually terminate within the 1717 Pod''s termination grace period (unless 1718 delayed by finalizers). Other management 1719 of the container blocks until the hook 1720 completes or until the termination grace 1721 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1722 properties: 1723 exec: 1724 description: Exec specifies the action 1725 to take. 1726 properties: 1727 command: 1728 description: Command is the command 1729 line to execute inside the container, 1730 the working directory for the 1731 command is root ('/') in the 1732 container's filesystem. The 1733 command is simply exec'd, it 1734 is not run inside a shell, so 1735 traditional shell instructions 1736 ('|', etc) won't work. To use 1737 a shell, you need to explicitly 1738 call out to that shell. Exit 1739 status of 0 is treated as live/healthy 1740 and non-zero is unhealthy. 1741 items: 1742 type: string 1743 type: array 1744 type: object 1745 httpGet: 1746 description: HTTPGet specifies the 1747 http request to perform. 1748 properties: 1749 host: 1750 description: Host name to connect 1751 to, defaults to the pod IP. 1752 You probably want to set "Host" 1753 in httpHeaders instead. 1754 type: string 1755 httpHeaders: 1756 description: Custom headers to 1757 set in the request. HTTP allows 1758 repeated headers. 1759 items: 1760 description: HTTPHeader describes 1761 a custom header to be used 1762 in HTTP probes 1763 properties: 1764 name: 1765 description: The header 1766 field name. This will 1767 be canonicalized upon 1768 output, so case-variant 1769 names will be understood 1770 as the same header. 1771 type: string 1772 value: 1773 description: The header 1774 field value 1775 type: string 1776 required: 1777 - name 1778 - value 1779 type: object 1780 type: array 1781 path: 1782 description: Path to access on 1783 the HTTP server. 1784 type: string 1785 port: 1786 anyOf: 1787 - type: integer 1788 - type: string 1789 description: Name or number of 1790 the port to access on the container. 1791 Number must be in the range 1792 1 to 65535. Name must be an 1793 IANA_SVC_NAME. 1794 x-kubernetes-int-or-string: true 1795 scheme: 1796 description: Scheme to use for 1797 connecting to the host. Defaults 1798 to HTTP. 1799 type: string 1800 required: 1801 - port 1802 type: object 1803 tcpSocket: 1804 description: Deprecated. TCPSocket 1805 is NOT supported as a LifecycleHandler 1806 and kept for the backward compatibility. 1807 There are no validation of this 1808 field and lifecycle hooks will fail 1809 in runtime when tcp handler is specified. 1810 properties: 1811 host: 1812 description: 'Optional: Host name 1813 to connect to, defaults to the 1814 pod IP.' 1815 type: string 1816 port: 1817 anyOf: 1818 - type: integer 1819 - type: string 1820 description: Number or name of 1821 the port to access on the container. 1822 Number must be in the range 1823 1 to 65535. Name must be an 1824 IANA_SVC_NAME. 1825 x-kubernetes-int-or-string: true 1826 required: 1827 - port 1828 type: object 1829 type: object 1830 type: object 1831 livenessProbe: 1832 description: 'Periodic probe of Sidecar liveness. 1833 Container will be restarted if the probe 1834 fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1835 properties: 1836 exec: 1837 description: Exec specifies the action 1838 to take. 1839 properties: 1840 command: 1841 description: Command is the command 1842 line to execute inside the container, 1843 the working directory for the command is 1844 root ('/') in the container's filesystem. 1845 The command is simply exec'd, it 1846 is not run inside a shell, so traditional 1847 shell instructions ('|', etc) won't 1848 work. To use a shell, you need to 1849 explicitly call out to that shell. 1850 Exit status of 0 is treated as live/healthy 1851 and non-zero is unhealthy. 1852 items: 1853 type: string 1854 type: array 1855 type: object 1856 failureThreshold: 1857 description: Minimum consecutive failures 1858 for the probe to be considered failed 1859 after having succeeded. Defaults to 1860 3. Minimum value is 1. 1861 format: int32 1862 type: integer 1863 grpc: 1864 description: GRPC specifies an action 1865 involving a GRPC port. 1866 properties: 1867 port: 1868 description: Port number of the gRPC 1869 service. Number must be in the range 1870 1 to 65535. 1871 format: int32 1872 type: integer 1873 service: 1874 description: "Service is the name 1875 of the service to place in the gRPC 1876 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1877 \n If this is not specified, the 1878 default behavior is defined by gRPC." 1879 type: string 1880 required: 1881 - port 1882 type: object 1883 httpGet: 1884 description: HTTPGet specifies the http 1885 request to perform. 1886 properties: 1887 host: 1888 description: Host name to connect 1889 to, defaults to the pod IP. You 1890 probably want to set "Host" in httpHeaders 1891 instead. 1892 type: string 1893 httpHeaders: 1894 description: Custom headers to set 1895 in the request. HTTP allows repeated 1896 headers. 1897 items: 1898 description: HTTPHeader describes 1899 a custom header to be used in 1900 HTTP probes 1901 properties: 1902 name: 1903 description: The header field 1904 name. This will be canonicalized 1905 upon output, so case-variant 1906 names will be understood as 1907 the same header. 1908 type: string 1909 value: 1910 description: The header field 1911 value 1912 type: string 1913 required: 1914 - name 1915 - value 1916 type: object 1917 type: array 1918 path: 1919 description: Path to access on the 1920 HTTP server. 1921 type: string 1922 port: 1923 anyOf: 1924 - type: integer 1925 - type: string 1926 description: Name or number of the 1927 port to access on the container. 1928 Number must be in the range 1 to 1929 65535. Name must be an IANA_SVC_NAME. 1930 x-kubernetes-int-or-string: true 1931 scheme: 1932 description: Scheme to use for connecting 1933 to the host. Defaults to HTTP. 1934 type: string 1935 required: 1936 - port 1937 type: object 1938 initialDelaySeconds: 1939 description: 'Number of seconds after 1940 the container has started before liveness 1941 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1942 format: int32 1943 type: integer 1944 periodSeconds: 1945 description: How often (in seconds) to 1946 perform the probe. Default to 10 seconds. 1947 Minimum value is 1. 1948 format: int32 1949 type: integer 1950 successThreshold: 1951 description: Minimum consecutive successes 1952 for the probe to be considered successful 1953 after having failed. Defaults to 1. 1954 Must be 1 for liveness and startup. 1955 Minimum value is 1. 1956 format: int32 1957 type: integer 1958 tcpSocket: 1959 description: TCPSocket specifies an action 1960 involving a TCP port. 1961 properties: 1962 host: 1963 description: 'Optional: Host name 1964 to connect to, defaults to the pod 1965 IP.' 1966 type: string 1967 port: 1968 anyOf: 1969 - type: integer 1970 - type: string 1971 description: Number or name of the 1972 port to access on the container. 1973 Number must be in the range 1 to 1974 65535. Name must be an IANA_SVC_NAME. 1975 x-kubernetes-int-or-string: true 1976 required: 1977 - port 1978 type: object 1979 terminationGracePeriodSeconds: 1980 description: Optional duration in seconds 1981 the pod needs to terminate gracefully 1982 upon probe failure. The grace period 1983 is the duration in seconds after the 1984 processes running in the pod are sent 1985 a termination signal and the time when 1986 the processes are forcibly halted with 1987 a kill signal. Set this value longer 1988 than the expected cleanup time for your 1989 process. If this value is nil, the pod's 1990 terminationGracePeriodSeconds will be 1991 used. Otherwise, this value overrides 1992 the value provided by the pod spec. 1993 Value must be non-negative integer. 1994 The value zero indicates stop immediately 1995 via the kill signal (no opportunity 1996 to shut down). This is a beta field 1997 and requires enabling ProbeTerminationGracePeriod 1998 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 1999 is used if unset. 2000 format: int64 2001 type: integer 2002 timeoutSeconds: 2003 description: 'Number of seconds after 2004 which the probe times out. Defaults 2005 to 1 second. Minimum value is 1. More 2006 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2007 format: int32 2008 type: integer 2009 type: object 2010 name: 2011 description: Name of the Sidecar specified 2012 as a DNS_LABEL. Each Sidecar in a Task must 2013 have a unique name (DNS_LABEL). Cannot be 2014 updated. 2015 type: string 2016 ports: 2017 description: List of ports to expose from 2018 the Sidecar. Exposing a port here gives 2019 the system additional information about 2020 the network connections a container uses, 2021 but is primarily informational. Not specifying 2022 a port here DOES NOT prevent that port from 2023 being exposed. Any port which is listening 2024 on the default "0.0.0.0" address inside 2025 a container will be accessible from the 2026 network. Cannot be updated. 2027 items: 2028 description: ContainerPort represents a 2029 network port in a single container. 2030 properties: 2031 containerPort: 2032 description: Number of port to expose 2033 on the pod's IP address. This must 2034 be a valid port number, 0 < x < 65536. 2035 format: int32 2036 type: integer 2037 hostIP: 2038 description: What host IP to bind the 2039 external port to. 2040 type: string 2041 hostPort: 2042 description: Number of port to expose 2043 on the host. If specified, this must 2044 be a valid port number, 0 < x < 65536. 2045 If HostNetwork is specified, this 2046 must match ContainerPort. Most containers 2047 do not need this. 2048 format: int32 2049 type: integer 2050 name: 2051 description: If specified, this must 2052 be an IANA_SVC_NAME and unique within 2053 the pod. Each named port in a pod 2054 must have a unique name. Name for 2055 the port that can be referred to by 2056 services. 2057 type: string 2058 protocol: 2059 default: TCP 2060 description: Protocol for port. Must 2061 be UDP, TCP, or SCTP. Defaults to 2062 "TCP". 2063 type: string 2064 required: 2065 - containerPort 2066 type: object 2067 type: array 2068 x-kubernetes-list-map-keys: 2069 - containerPort 2070 - protocol 2071 x-kubernetes-list-type: map 2072 readinessProbe: 2073 description: 'Periodic probe of Sidecar service 2074 readiness. Container will be removed from 2075 service endpoints if the probe fails. Cannot 2076 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2077 properties: 2078 exec: 2079 description: Exec specifies the action 2080 to take. 2081 properties: 2082 command: 2083 description: Command is the command 2084 line to execute inside the container, 2085 the working directory for the command is 2086 root ('/') in the container's filesystem. 2087 The command is simply exec'd, it 2088 is not run inside a shell, so traditional 2089 shell instructions ('|', etc) won't 2090 work. To use a shell, you need to 2091 explicitly call out to that shell. 2092 Exit status of 0 is treated as live/healthy 2093 and non-zero is unhealthy. 2094 items: 2095 type: string 2096 type: array 2097 type: object 2098 failureThreshold: 2099 description: Minimum consecutive failures 2100 for the probe to be considered failed 2101 after having succeeded. Defaults to 2102 3. Minimum value is 1. 2103 format: int32 2104 type: integer 2105 grpc: 2106 description: GRPC specifies an action 2107 involving a GRPC port. 2108 properties: 2109 port: 2110 description: Port number of the gRPC 2111 service. Number must be in the range 2112 1 to 65535. 2113 format: int32 2114 type: integer 2115 service: 2116 description: "Service is the name 2117 of the service to place in the gRPC 2118 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2119 \n If this is not specified, the 2120 default behavior is defined by gRPC." 2121 type: string 2122 required: 2123 - port 2124 type: object 2125 httpGet: 2126 description: HTTPGet specifies the http 2127 request to perform. 2128 properties: 2129 host: 2130 description: Host name to connect 2131 to, defaults to the pod IP. You 2132 probably want to set "Host" in httpHeaders 2133 instead. 2134 type: string 2135 httpHeaders: 2136 description: Custom headers to set 2137 in the request. HTTP allows repeated 2138 headers. 2139 items: 2140 description: HTTPHeader describes 2141 a custom header to be used in 2142 HTTP probes 2143 properties: 2144 name: 2145 description: The header field 2146 name. This will be canonicalized 2147 upon output, so case-variant 2148 names will be understood as 2149 the same header. 2150 type: string 2151 value: 2152 description: The header field 2153 value 2154 type: string 2155 required: 2156 - name 2157 - value 2158 type: object 2159 type: array 2160 path: 2161 description: Path to access on the 2162 HTTP server. 2163 type: string 2164 port: 2165 anyOf: 2166 - type: integer 2167 - type: string 2168 description: Name or number of the 2169 port to access on the container. 2170 Number must be in the range 1 to 2171 65535. Name must be an IANA_SVC_NAME. 2172 x-kubernetes-int-or-string: true 2173 scheme: 2174 description: Scheme to use for connecting 2175 to the host. Defaults to HTTP. 2176 type: string 2177 required: 2178 - port 2179 type: object 2180 initialDelaySeconds: 2181 description: 'Number of seconds after 2182 the container has started before liveness 2183 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2184 format: int32 2185 type: integer 2186 periodSeconds: 2187 description: How often (in seconds) to 2188 perform the probe. Default to 10 seconds. 2189 Minimum value is 1. 2190 format: int32 2191 type: integer 2192 successThreshold: 2193 description: Minimum consecutive successes 2194 for the probe to be considered successful 2195 after having failed. Defaults to 1. 2196 Must be 1 for liveness and startup. 2197 Minimum value is 1. 2198 format: int32 2199 type: integer 2200 tcpSocket: 2201 description: TCPSocket specifies an action 2202 involving a TCP port. 2203 properties: 2204 host: 2205 description: 'Optional: Host name 2206 to connect to, defaults to the pod 2207 IP.' 2208 type: string 2209 port: 2210 anyOf: 2211 - type: integer 2212 - type: string 2213 description: Number or name of the 2214 port to access on the container. 2215 Number must be in the range 1 to 2216 65535. Name must be an IANA_SVC_NAME. 2217 x-kubernetes-int-or-string: true 2218 required: 2219 - port 2220 type: object 2221 terminationGracePeriodSeconds: 2222 description: Optional duration in seconds 2223 the pod needs to terminate gracefully 2224 upon probe failure. The grace period 2225 is the duration in seconds after the 2226 processes running in the pod are sent 2227 a termination signal and the time when 2228 the processes are forcibly halted with 2229 a kill signal. Set this value longer 2230 than the expected cleanup time for your 2231 process. If this value is nil, the pod's 2232 terminationGracePeriodSeconds will be 2233 used. Otherwise, this value overrides 2234 the value provided by the pod spec. 2235 Value must be non-negative integer. 2236 The value zero indicates stop immediately 2237 via the kill signal (no opportunity 2238 to shut down). This is a beta field 2239 and requires enabling ProbeTerminationGracePeriod 2240 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2241 is used if unset. 2242 format: int64 2243 type: integer 2244 timeoutSeconds: 2245 description: 'Number of seconds after 2246 which the probe times out. Defaults 2247 to 1 second. Minimum value is 1. More 2248 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2249 format: int32 2250 type: integer 2251 type: object 2252 resources: 2253 description: 'Compute Resources required by 2254 this Sidecar. Cannot be updated. More info: 2255 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2256 properties: 2257 claims: 2258 description: "Claims lists the names of 2259 resources, defined in spec.resourceClaims, 2260 that are used by this container. \n 2261 This is an alpha field and requires 2262 enabling the DynamicResourceAllocation 2263 feature gate. \n This field is immutable. 2264 It can only be set for containers." 2265 items: 2266 description: ResourceClaim references 2267 one entry in PodSpec.ResourceClaims. 2268 properties: 2269 name: 2270 description: Name must match the 2271 name of one entry in pod.spec.resourceClaims 2272 of the Pod where this field is 2273 used. It makes that resource available 2274 inside a container. 2275 type: string 2276 required: 2277 - name 2278 type: object 2279 type: array 2280 x-kubernetes-list-map-keys: 2281 - name 2282 x-kubernetes-list-type: map 2283 limits: 2284 additionalProperties: 2285 anyOf: 2286 - type: integer 2287 - type: string 2288 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2289 x-kubernetes-int-or-string: true 2290 description: 'Limits describes the maximum 2291 amount of compute resources allowed. 2292 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2293 type: object 2294 requests: 2295 additionalProperties: 2296 anyOf: 2297 - type: integer 2298 - type: string 2299 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2300 x-kubernetes-int-or-string: true 2301 description: 'Requests describes the minimum 2302 amount of compute resources required. 2303 If Requests is omitted for a container, 2304 it defaults to Limits if that is explicitly 2305 specified, otherwise to an implementation-defined 2306 value. Requests cannot exceed Limits. 2307 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 2308 type: object 2309 type: object 2310 script: 2311 description: "Script is the contents of an 2312 executable file to execute. \n If Script 2313 is not empty, the Step cannot have an Command 2314 or Args." 2315 type: string 2316 securityContext: 2317 description: 'SecurityContext defines the 2318 security options the Sidecar should be run 2319 with. If set, the fields of SecurityContext 2320 override the equivalent fields of PodSecurityContext. 2321 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 2322 properties: 2323 allowPrivilegeEscalation: 2324 description: 'AllowPrivilegeEscalation 2325 controls whether a process can gain 2326 more privileges than its parent process. 2327 This bool directly controls if the no_new_privs 2328 flag will be set on the container process. 2329 AllowPrivilegeEscalation is true always 2330 when the container is: 1) run as Privileged 2331 2) has CAP_SYS_ADMIN Note that this 2332 field cannot be set when spec.os.name 2333 is windows.' 2334 type: boolean 2335 capabilities: 2336 description: The capabilities to add/drop 2337 when running containers. Defaults to 2338 the default set of capabilities granted 2339 by the container runtime. Note that 2340 this field cannot be set when spec.os.name 2341 is windows. 2342 properties: 2343 add: 2344 description: Added capabilities 2345 items: 2346 description: Capability represent 2347 POSIX capabilities type 2348 type: string 2349 type: array 2350 drop: 2351 description: Removed capabilities 2352 items: 2353 description: Capability represent 2354 POSIX capabilities type 2355 type: string 2356 type: array 2357 type: object 2358 privileged: 2359 description: Run container in privileged 2360 mode. Processes in privileged containers 2361 are essentially equivalent to root on 2362 the host. Defaults to false. Note that 2363 this field cannot be set when spec.os.name 2364 is windows. 2365 type: boolean 2366 procMount: 2367 description: procMount denotes the type 2368 of proc mount to use for the containers. 2369 The default is DefaultProcMount which 2370 uses the container runtime defaults 2371 for readonly paths and masked paths. 2372 This requires the ProcMountType feature 2373 flag to be enabled. Note that this field 2374 cannot be set when spec.os.name is windows. 2375 type: string 2376 readOnlyRootFilesystem: 2377 description: Whether this container has 2378 a read-only root filesystem. Default 2379 is false. Note that this field cannot 2380 be set when spec.os.name is windows. 2381 type: boolean 2382 runAsGroup: 2383 description: The GID to run the entrypoint 2384 of the container process. Uses runtime 2385 default if unset. May also be set in 2386 PodSecurityContext. If set in both 2387 SecurityContext and PodSecurityContext, 2388 the value specified in SecurityContext 2389 takes precedence. Note that this field 2390 cannot be set when spec.os.name is windows. 2391 format: int64 2392 type: integer 2393 runAsNonRoot: 2394 description: Indicates that the container 2395 must run as a non-root user. If true, 2396 the Kubelet will validate the image 2397 at runtime to ensure that it does not 2398 run as UID 0 (root) and fail to start 2399 the container if it does. If unset or 2400 false, no such validation will be performed. 2401 May also be set in PodSecurityContext. If 2402 set in both SecurityContext and PodSecurityContext, 2403 the value specified in SecurityContext 2404 takes precedence. 2405 type: boolean 2406 runAsUser: 2407 description: The UID to run the entrypoint 2408 of the container process. Defaults to 2409 user specified in image metadata if 2410 unspecified. May also be set in PodSecurityContext. If 2411 set in both SecurityContext and PodSecurityContext, 2412 the value specified in SecurityContext 2413 takes precedence. Note that this field 2414 cannot be set when spec.os.name is windows. 2415 format: int64 2416 type: integer 2417 seLinuxOptions: 2418 description: The SELinux context to be 2419 applied to the container. If unspecified, 2420 the container runtime will allocate 2421 a random SELinux context for each container. May 2422 also be set in PodSecurityContext. If 2423 set in both SecurityContext and PodSecurityContext, 2424 the value specified in SecurityContext 2425 takes precedence. Note that this field 2426 cannot be set when spec.os.name is windows. 2427 properties: 2428 level: 2429 description: Level is SELinux level 2430 label that applies to the container. 2431 type: string 2432 role: 2433 description: Role is a SELinux role 2434 label that applies to the container. 2435 type: string 2436 type: 2437 description: Type is a SELinux type 2438 label that applies to the container. 2439 type: string 2440 user: 2441 description: User is a SELinux user 2442 label that applies to the container. 2443 type: string 2444 type: object 2445 seccompProfile: 2446 description: The seccomp options to use 2447 by this container. If seccomp options 2448 are provided at both the pod & container 2449 level, the container options override 2450 the pod options. Note that this field 2451 cannot be set when spec.os.name is windows. 2452 properties: 2453 localhostProfile: 2454 description: localhostProfile indicates 2455 a profile defined in a file on the 2456 node should be used. The profile 2457 must be preconfigured on the node 2458 to work. Must be a descending path, 2459 relative to the kubelet's configured 2460 seccomp profile location. Must be 2461 set if type is "Localhost". Must 2462 NOT be set for any other type. 2463 type: string 2464 type: 2465 description: "type indicates which 2466 kind of seccomp profile will be 2467 applied. Valid options are: \n Localhost 2468 - a profile defined in a file on 2469 the node should be used. RuntimeDefault 2470 - the container runtime default 2471 profile should be used. Unconfined 2472 - no profile should be applied." 2473 type: string 2474 required: 2475 - type 2476 type: object 2477 windowsOptions: 2478 description: The Windows specific settings 2479 applied to all containers. If unspecified, 2480 the options from the PodSecurityContext 2481 will be used. If set in both SecurityContext 2482 and PodSecurityContext, the value specified 2483 in SecurityContext takes precedence. 2484 Note that this field cannot be set when 2485 spec.os.name is linux. 2486 properties: 2487 gmsaCredentialSpec: 2488 description: GMSACredentialSpec is 2489 where the GMSA admission webhook 2490 (https://github.com/kubernetes-sigs/windows-gmsa) 2491 inlines the contents of the GMSA 2492 credential spec named by the GMSACredentialSpecName 2493 field. 2494 type: string 2495 gmsaCredentialSpecName: 2496 description: GMSACredentialSpecName 2497 is the name of the GMSA credential 2498 spec to use. 2499 type: string 2500 hostProcess: 2501 description: HostProcess determines 2502 if a container should be run as 2503 a 'Host Process' container. All 2504 of a Pod's containers must have 2505 the same effective HostProcess value 2506 (it is not allowed to have a mix 2507 of HostProcess containers and non-HostProcess 2508 containers). In addition, if HostProcess 2509 is true then HostNetwork must also 2510 be set to true. 2511 type: boolean 2512 runAsUserName: 2513 description: The UserName in Windows 2514 to run the entrypoint of the container 2515 process. Defaults to the user specified 2516 in image metadata if unspecified. 2517 May also be set in PodSecurityContext. 2518 If set in both SecurityContext and 2519 PodSecurityContext, the value specified 2520 in SecurityContext takes precedence. 2521 type: string 2522 type: object 2523 type: object 2524 startupProbe: 2525 description: 'StartupProbe indicates that 2526 the Pod the Sidecar is running in has successfully 2527 initialized. If specified, no other probes 2528 are executed until this completes successfully. 2529 If this probe fails, the Pod will be restarted, 2530 just as if the livenessProbe failed. This 2531 can be used to provide different probe parameters 2532 at the beginning of a Pod''s lifecycle, 2533 when it might take a long time to load data 2534 or warm a cache, than during steady-state 2535 operation. This cannot be updated. More 2536 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2537 properties: 2538 exec: 2539 description: Exec specifies the action 2540 to take. 2541 properties: 2542 command: 2543 description: Command is the command 2544 line to execute inside the container, 2545 the working directory for the command is 2546 root ('/') in the container's filesystem. 2547 The command is simply exec'd, it 2548 is not run inside a shell, so traditional 2549 shell instructions ('|', etc) won't 2550 work. To use a shell, you need to 2551 explicitly call out to that shell. 2552 Exit status of 0 is treated as live/healthy 2553 and non-zero is unhealthy. 2554 items: 2555 type: string 2556 type: array 2557 type: object 2558 failureThreshold: 2559 description: Minimum consecutive failures 2560 for the probe to be considered failed 2561 after having succeeded. Defaults to 2562 3. Minimum value is 1. 2563 format: int32 2564 type: integer 2565 grpc: 2566 description: GRPC specifies an action 2567 involving a GRPC port. 2568 properties: 2569 port: 2570 description: Port number of the gRPC 2571 service. Number must be in the range 2572 1 to 65535. 2573 format: int32 2574 type: integer 2575 service: 2576 description: "Service is the name 2577 of the service to place in the gRPC 2578 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2579 \n If this is not specified, the 2580 default behavior is defined by gRPC." 2581 type: string 2582 required: 2583 - port 2584 type: object 2585 httpGet: 2586 description: HTTPGet specifies the http 2587 request to perform. 2588 properties: 2589 host: 2590 description: Host name to connect 2591 to, defaults to the pod IP. You 2592 probably want to set "Host" in httpHeaders 2593 instead. 2594 type: string 2595 httpHeaders: 2596 description: Custom headers to set 2597 in the request. HTTP allows repeated 2598 headers. 2599 items: 2600 description: HTTPHeader describes 2601 a custom header to be used in 2602 HTTP probes 2603 properties: 2604 name: 2605 description: The header field 2606 name. This will be canonicalized 2607 upon output, so case-variant 2608 names will be understood as 2609 the same header. 2610 type: string 2611 value: 2612 description: The header field 2613 value 2614 type: string 2615 required: 2616 - name 2617 - value 2618 type: object 2619 type: array 2620 path: 2621 description: Path to access on the 2622 HTTP server. 2623 type: string 2624 port: 2625 anyOf: 2626 - type: integer 2627 - type: string 2628 description: Name or number of the 2629 port to access on the container. 2630 Number must be in the range 1 to 2631 65535. Name must be an IANA_SVC_NAME. 2632 x-kubernetes-int-or-string: true 2633 scheme: 2634 description: Scheme to use for connecting 2635 to the host. Defaults to HTTP. 2636 type: string 2637 required: 2638 - port 2639 type: object 2640 initialDelaySeconds: 2641 description: 'Number of seconds after 2642 the container has started before liveness 2643 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2644 format: int32 2645 type: integer 2646 periodSeconds: 2647 description: How often (in seconds) to 2648 perform the probe. Default to 10 seconds. 2649 Minimum value is 1. 2650 format: int32 2651 type: integer 2652 successThreshold: 2653 description: Minimum consecutive successes 2654 for the probe to be considered successful 2655 after having failed. Defaults to 1. 2656 Must be 1 for liveness and startup. 2657 Minimum value is 1. 2658 format: int32 2659 type: integer 2660 tcpSocket: 2661 description: TCPSocket specifies an action 2662 involving a TCP port. 2663 properties: 2664 host: 2665 description: 'Optional: Host name 2666 to connect to, defaults to the pod 2667 IP.' 2668 type: string 2669 port: 2670 anyOf: 2671 - type: integer 2672 - type: string 2673 description: Number or name of the 2674 port to access on the container. 2675 Number must be in the range 1 to 2676 65535. Name must be an IANA_SVC_NAME. 2677 x-kubernetes-int-or-string: true 2678 required: 2679 - port 2680 type: object 2681 terminationGracePeriodSeconds: 2682 description: Optional duration in seconds 2683 the pod needs to terminate gracefully 2684 upon probe failure. The grace period 2685 is the duration in seconds after the 2686 processes running in the pod are sent 2687 a termination signal and the time when 2688 the processes are forcibly halted with 2689 a kill signal. Set this value longer 2690 than the expected cleanup time for your 2691 process. If this value is nil, the pod's 2692 terminationGracePeriodSeconds will be 2693 used. Otherwise, this value overrides 2694 the value provided by the pod spec. 2695 Value must be non-negative integer. 2696 The value zero indicates stop immediately 2697 via the kill signal (no opportunity 2698 to shut down). This is a beta field 2699 and requires enabling ProbeTerminationGracePeriod 2700 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 2701 is used if unset. 2702 format: int64 2703 type: integer 2704 timeoutSeconds: 2705 description: 'Number of seconds after 2706 which the probe times out. Defaults 2707 to 1 second. Minimum value is 1. More 2708 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 2709 format: int32 2710 type: integer 2711 type: object 2712 stdin: 2713 description: Whether this Sidecar should allocate 2714 a buffer for stdin in the container runtime. 2715 If this is not set, reads from stdin in 2716 the Sidecar will always result in EOF. Default 2717 is false. 2718 type: boolean 2719 stdinOnce: 2720 description: Whether the container runtime 2721 should close the stdin channel after it 2722 has been opened by a single attach. When 2723 stdin is true the stdin stream will remain 2724 open across multiple attach sessions. If 2725 stdinOnce is set to true, stdin is opened 2726 on Sidecar start, is empty until the first 2727 client attaches to stdin, and then remains 2728 open and accepts data until the client disconnects, 2729 at which time stdin is closed and remains 2730 closed until the Sidecar is restarted. If 2731 this flag is false, a container processes 2732 that reads from stdin will never receive 2733 an EOF. Default is false 2734 type: boolean 2735 terminationMessagePath: 2736 description: 'Optional: Path at which the 2737 file to which the Sidecar''s termination 2738 message will be written is mounted into 2739 the Sidecar''s filesystem. Message written 2740 is intended to be brief final status, such 2741 as an assertion failure message. Will be 2742 truncated by the node if greater than 4096 2743 bytes. The total message length across all 2744 containers will be limited to 12kb. Defaults 2745 to /dev/termination-log. Cannot be updated.' 2746 type: string 2747 terminationMessagePolicy: 2748 description: Indicate how the termination 2749 message should be populated. File will use 2750 the contents of terminationMessagePath to 2751 populate the Sidecar status message on both 2752 success and failure. FallbackToLogsOnError 2753 will use the last chunk of Sidecar log output 2754 if the termination message file is empty 2755 and the Sidecar exited with an error. The 2756 log output is limited to 2048 bytes or 80 2757 lines, whichever is smaller. Defaults to 2758 File. Cannot be updated. 2759 type: string 2760 tty: 2761 description: Whether this Sidecar should allocate 2762 a TTY for itself, also requires 'stdin' 2763 to be true. Default is false. 2764 type: boolean 2765 volumeDevices: 2766 description: volumeDevices is the list of 2767 block devices to be used by the Sidecar. 2768 items: 2769 description: volumeDevice describes a mapping 2770 of a raw block device within a container. 2771 properties: 2772 devicePath: 2773 description: devicePath is the path 2774 inside of the container that the device 2775 will be mapped to. 2776 type: string 2777 name: 2778 description: name must match the name 2779 of a persistentVolumeClaim in the 2780 pod 2781 type: string 2782 required: 2783 - devicePath 2784 - name 2785 type: object 2786 type: array 2787 x-kubernetes-list-type: atomic 2788 volumeMounts: 2789 description: Volumes to mount into the Sidecar's 2790 filesystem. Cannot be updated. 2791 items: 2792 description: VolumeMount describes a mounting 2793 of a Volume within a container. 2794 properties: 2795 mountPath: 2796 description: Path within the container 2797 at which the volume should be mounted. Must 2798 not contain ':'. 2799 type: string 2800 mountPropagation: 2801 description: mountPropagation determines 2802 how mounts are propagated from the 2803 host to container and the other way 2804 around. When not set, MountPropagationNone 2805 is used. This field is beta in 1.10. 2806 type: string 2807 name: 2808 description: This must match the Name 2809 of a Volume. 2810 type: string 2811 readOnly: 2812 description: Mounted read-only if true, 2813 read-write otherwise (false or unspecified). 2814 Defaults to false. 2815 type: boolean 2816 subPath: 2817 description: Path within the volume 2818 from which the container's volume 2819 should be mounted. Defaults to "" 2820 (volume's root). 2821 type: string 2822 subPathExpr: 2823 description: Expanded path within the 2824 volume from which the container's 2825 volume should be mounted. Behaves 2826 similarly to SubPath but environment 2827 variable references $(VAR_NAME) are 2828 expanded using the container's environment. 2829 Defaults to "" (volume's root). SubPathExpr 2830 and SubPath are mutually exclusive. 2831 type: string 2832 required: 2833 - mountPath 2834 - name 2835 type: object 2836 type: array 2837 x-kubernetes-list-type: atomic 2838 workingDir: 2839 description: Sidecar's working directory. 2840 If not specified, the container runtime's 2841 default will be used, which might be configured 2842 in the container image. Cannot be updated. 2843 type: string 2844 workspaces: 2845 description: "This is an alpha field. You 2846 must set the \"enable-api-fields\" feature 2847 flag to \"alpha\" for this field to be supported. 2848 \n Workspaces is a list of workspaces from 2849 the Task that this Sidecar wants exclusive 2850 access to. Adding a workspace to this list 2851 means that any other Step or Sidecar that 2852 does not also request this Workspace will 2853 not have access to it." 2854 items: 2855 description: WorkspaceUsage is used by a 2856 Step or Sidecar to declare that it wants 2857 isolated access to a Workspace defined 2858 in a Task. 2859 properties: 2860 mountPath: 2861 description: MountPath is the path that 2862 the workspace should be mounted to 2863 inside the Step or Sidecar, overriding 2864 any MountPath specified in the Task's 2865 WorkspaceDeclaration. 2866 type: string 2867 name: 2868 description: Name is the name of the 2869 workspace this Step or Sidecar wants 2870 access to. 2871 type: string 2872 required: 2873 - mountPath 2874 - name 2875 type: object 2876 type: array 2877 x-kubernetes-list-type: atomic 2878 required: 2879 - name 2880 type: object 2881 type: array 2882 x-kubernetes-list-type: atomic 2883 spec: 2884 description: Spec is a specification of a custom 2885 task 2886 type: object 2887 stepTemplate: 2888 description: StepTemplate can be used as the basis 2889 for all step containers within the Task, so that 2890 the steps inherit settings on the base container. 2891 properties: 2892 args: 2893 description: 'Arguments to the entrypoint. The 2894 image''s CMD is used if this is not provided. 2895 Variable references $(VAR_NAME) are expanded 2896 using the Step''s environment. If a variable 2897 cannot be resolved, the reference in the input 2898 string will be unchanged. Double $$ are reduced 2899 to a single $, which allows for escaping the 2900 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2901 produce the string literal "$(VAR_NAME)". 2902 Escaped references will never be expanded, 2903 regardless of whether the variable exists 2904 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2905 items: 2906 type: string 2907 type: array 2908 x-kubernetes-list-type: atomic 2909 command: 2910 description: 'Entrypoint array. Not executed 2911 within a shell. The docker image''s ENTRYPOINT 2912 is used if this is not provided. Variable 2913 references $(VAR_NAME) are expanded using 2914 the Step''s environment. If a variable cannot 2915 be resolved, the reference in the input string 2916 will be unchanged. Double $$ are reduced to 2917 a single $, which allows for escaping the 2918 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2919 produce the string literal "$(VAR_NAME)". 2920 Escaped references will never be expanded, 2921 regardless of whether the variable exists 2922 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 2923 items: 2924 type: string 2925 type: array 2926 x-kubernetes-list-type: atomic 2927 env: 2928 description: List of environment variables to 2929 set in the container. Cannot be updated. 2930 items: 2931 description: EnvVar represents an environment 2932 variable present in a Container. 2933 properties: 2934 name: 2935 description: Name of the environment variable. 2936 Must be a C_IDENTIFIER. 2937 type: string 2938 value: 2939 description: 'Variable references $(VAR_NAME) 2940 are expanded using the previously defined 2941 environment variables in the container 2942 and any service environment variables. 2943 If a variable cannot be resolved, the 2944 reference in the input string will be 2945 unchanged. Double $$ are reduced to 2946 a single $, which allows for escaping 2947 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 2948 will produce the string literal "$(VAR_NAME)". 2949 Escaped references will never be expanded, 2950 regardless of whether the variable exists 2951 or not. Defaults to "".' 2952 type: string 2953 valueFrom: 2954 description: Source for the environment 2955 variable's value. Cannot be used if 2956 value is not empty. 2957 properties: 2958 configMapKeyRef: 2959 description: Selects a key of a ConfigMap. 2960 properties: 2961 key: 2962 description: The key to select. 2963 type: string 2964 name: 2965 description: 'Name of the referent. 2966 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2967 TODO: Add other useful fields. 2968 apiVersion, kind, uid?' 2969 type: string 2970 optional: 2971 description: Specify whether the 2972 ConfigMap or its key must be 2973 defined 2974 type: boolean 2975 required: 2976 - key 2977 type: object 2978 fieldRef: 2979 description: 'Selects a field of the 2980 pod: supports metadata.name, metadata.namespace, 2981 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 2982 spec.nodeName, spec.serviceAccountName, 2983 status.hostIP, status.podIP, status.podIPs.' 2984 properties: 2985 apiVersion: 2986 description: Version of the schema 2987 the FieldPath is written in 2988 terms of, defaults to "v1". 2989 type: string 2990 fieldPath: 2991 description: Path of the field 2992 to select in the specified API 2993 version. 2994 type: string 2995 required: 2996 - fieldPath 2997 type: object 2998 resourceFieldRef: 2999 description: 'Selects a resource of 3000 the container: only resources limits 3001 and requests (limits.cpu, limits.memory, 3002 limits.ephemeral-storage, requests.cpu, 3003 requests.memory and requests.ephemeral-storage) 3004 are currently supported.' 3005 properties: 3006 containerName: 3007 description: 'Container name: 3008 required for volumes, optional 3009 for env vars' 3010 type: string 3011 divisor: 3012 anyOf: 3013 - type: integer 3014 - type: string 3015 description: Specifies the output 3016 format of the exposed resources, 3017 defaults to "1" 3018 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3019 x-kubernetes-int-or-string: true 3020 resource: 3021 description: 'Required: resource 3022 to select' 3023 type: string 3024 required: 3025 - resource 3026 type: object 3027 secretKeyRef: 3028 description: Selects a key of a secret 3029 in the pod's namespace 3030 properties: 3031 key: 3032 description: The key of the secret 3033 to select from. Must be a valid 3034 secret key. 3035 type: string 3036 name: 3037 description: 'Name of the referent. 3038 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3039 TODO: Add other useful fields. 3040 apiVersion, kind, uid?' 3041 type: string 3042 optional: 3043 description: Specify whether the 3044 Secret or its key must be defined 3045 type: boolean 3046 required: 3047 - key 3048 type: object 3049 type: object 3050 required: 3051 - name 3052 type: object 3053 type: array 3054 x-kubernetes-list-type: atomic 3055 envFrom: 3056 description: List of sources to populate environment 3057 variables in the Step. The keys defined within 3058 a source must be a C_IDENTIFIER. All invalid 3059 keys will be reported as an event when the 3060 container is starting. When a key exists in 3061 multiple sources, the value associated with 3062 the last source will take precedence. Values 3063 defined by an Env with a duplicate key will 3064 take precedence. Cannot be updated. 3065 items: 3066 description: EnvFromSource represents the 3067 source of a set of ConfigMaps 3068 properties: 3069 configMapRef: 3070 description: The ConfigMap to select from 3071 properties: 3072 name: 3073 description: 'Name of the referent. 3074 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3075 TODO: Add other useful fields. apiVersion, 3076 kind, uid?' 3077 type: string 3078 optional: 3079 description: Specify whether the ConfigMap 3080 must be defined 3081 type: boolean 3082 type: object 3083 prefix: 3084 description: An optional identifier to 3085 prepend to each key in the ConfigMap. 3086 Must be a C_IDENTIFIER. 3087 type: string 3088 secretRef: 3089 description: The Secret to select from 3090 properties: 3091 name: 3092 description: 'Name of the referent. 3093 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3094 TODO: Add other useful fields. apiVersion, 3095 kind, uid?' 3096 type: string 3097 optional: 3098 description: Specify whether the Secret 3099 must be defined 3100 type: boolean 3101 type: object 3102 type: object 3103 type: array 3104 x-kubernetes-list-type: atomic 3105 image: 3106 description: 'Default image name to use for 3107 each Step. More info: https://kubernetes.io/docs/concepts/containers/images 3108 This field is optional to allow higher level 3109 config management to default or override container 3110 images in workload controllers like Deployments 3111 and StatefulSets.' 3112 type: string 3113 imagePullPolicy: 3114 description: 'Image pull policy. One of Always, 3115 Never, IfNotPresent. Defaults to Always if 3116 :latest tag is specified, or IfNotPresent 3117 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 3118 type: string 3119 lifecycle: 3120 description: Deprecated. This field will be 3121 removed in a future release. Actions that 3122 the management system should take in response 3123 to container lifecycle events. Cannot be updated. 3124 properties: 3125 postStart: 3126 description: 'PostStart is called immediately 3127 after a container is created. If the handler 3128 fails, the container is terminated and 3129 restarted according to its restart policy. 3130 Other management of the container blocks 3131 until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3132 properties: 3133 exec: 3134 description: Exec specifies the action 3135 to take. 3136 properties: 3137 command: 3138 description: Command is the command 3139 line to execute inside the container, 3140 the working directory for the 3141 command is root ('/') in the 3142 container's filesystem. The command 3143 is simply exec'd, it is not run 3144 inside a shell, so traditional 3145 shell instructions ('|', etc) 3146 won't work. To use a shell, you 3147 need to explicitly call out to 3148 that shell. Exit status of 0 is 3149 treated as live/healthy and non-zero 3150 is unhealthy. 3151 items: 3152 type: string 3153 type: array 3154 type: object 3155 httpGet: 3156 description: HTTPGet specifies the http 3157 request to perform. 3158 properties: 3159 host: 3160 description: Host name to connect 3161 to, defaults to the pod IP. You 3162 probably want to set "Host" in 3163 httpHeaders instead. 3164 type: string 3165 httpHeaders: 3166 description: Custom headers to set 3167 in the request. HTTP allows repeated 3168 headers. 3169 items: 3170 description: HTTPHeader describes 3171 a custom header to be used in 3172 HTTP probes 3173 properties: 3174 name: 3175 description: The header field 3176 name. This will be canonicalized 3177 upon output, so case-variant 3178 names will be understood 3179 as the same header. 3180 type: string 3181 value: 3182 description: The header field 3183 value 3184 type: string 3185 required: 3186 - name 3187 - value 3188 type: object 3189 type: array 3190 path: 3191 description: Path to access on the 3192 HTTP server. 3193 type: string 3194 port: 3195 anyOf: 3196 - type: integer 3197 - type: string 3198 description: Name or number of the 3199 port to access on the container. 3200 Number must be in the range 1 3201 to 65535. Name must be an IANA_SVC_NAME. 3202 x-kubernetes-int-or-string: true 3203 scheme: 3204 description: Scheme to use for connecting 3205 to the host. Defaults to HTTP. 3206 type: string 3207 required: 3208 - port 3209 type: object 3210 tcpSocket: 3211 description: Deprecated. TCPSocket is 3212 NOT supported as a LifecycleHandler 3213 and kept for the backward compatibility. 3214 There are no validation of this field 3215 and lifecycle hooks will fail in runtime 3216 when tcp handler is specified. 3217 properties: 3218 host: 3219 description: 'Optional: Host name 3220 to connect to, defaults to the 3221 pod IP.' 3222 type: string 3223 port: 3224 anyOf: 3225 - type: integer 3226 - type: string 3227 description: Number or name of the 3228 port to access on the container. 3229 Number must be in the range 1 3230 to 65535. Name must be an IANA_SVC_NAME. 3231 x-kubernetes-int-or-string: true 3232 required: 3233 - port 3234 type: object 3235 type: object 3236 preStop: 3237 description: 'PreStop is called immediately 3238 before a container is terminated due to 3239 an API request or management event such 3240 as liveness/startup probe failure, preemption, 3241 resource contention, etc. The handler 3242 is not called if the container crashes 3243 or exits. The Pod''s termination grace 3244 period countdown begins before the PreStop 3245 hook is executed. Regardless of the outcome 3246 of the handler, the container will eventually 3247 terminate within the Pod''s termination 3248 grace period (unless delayed by finalizers). 3249 Other management of the container blocks 3250 until the hook completes or until the 3251 termination grace period is reached. More 3252 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 3253 properties: 3254 exec: 3255 description: Exec specifies the action 3256 to take. 3257 properties: 3258 command: 3259 description: Command is the command 3260 line to execute inside the container, 3261 the working directory for the 3262 command is root ('/') in the 3263 container's filesystem. The command 3264 is simply exec'd, it is not run 3265 inside a shell, so traditional 3266 shell instructions ('|', etc) 3267 won't work. To use a shell, you 3268 need to explicitly call out to 3269 that shell. Exit status of 0 is 3270 treated as live/healthy and non-zero 3271 is unhealthy. 3272 items: 3273 type: string 3274 type: array 3275 type: object 3276 httpGet: 3277 description: HTTPGet specifies the http 3278 request to perform. 3279 properties: 3280 host: 3281 description: Host name to connect 3282 to, defaults to the pod IP. You 3283 probably want to set "Host" in 3284 httpHeaders instead. 3285 type: string 3286 httpHeaders: 3287 description: Custom headers to set 3288 in the request. HTTP allows repeated 3289 headers. 3290 items: 3291 description: HTTPHeader describes 3292 a custom header to be used in 3293 HTTP probes 3294 properties: 3295 name: 3296 description: The header field 3297 name. This will be canonicalized 3298 upon output, so case-variant 3299 names will be understood 3300 as the same header. 3301 type: string 3302 value: 3303 description: The header field 3304 value 3305 type: string 3306 required: 3307 - name 3308 - value 3309 type: object 3310 type: array 3311 path: 3312 description: Path to access on the 3313 HTTP server. 3314 type: string 3315 port: 3316 anyOf: 3317 - type: integer 3318 - type: string 3319 description: Name or number of the 3320 port to access on the container. 3321 Number must be in the range 1 3322 to 65535. Name must be an IANA_SVC_NAME. 3323 x-kubernetes-int-or-string: true 3324 scheme: 3325 description: Scheme to use for connecting 3326 to the host. Defaults to HTTP. 3327 type: string 3328 required: 3329 - port 3330 type: object 3331 tcpSocket: 3332 description: Deprecated. TCPSocket is 3333 NOT supported as a LifecycleHandler 3334 and kept for the backward compatibility. 3335 There are no validation of this field 3336 and lifecycle hooks will fail in runtime 3337 when tcp handler is specified. 3338 properties: 3339 host: 3340 description: 'Optional: Host name 3341 to connect to, defaults to the 3342 pod IP.' 3343 type: string 3344 port: 3345 anyOf: 3346 - type: integer 3347 - type: string 3348 description: Number or name of the 3349 port to access on the container. 3350 Number must be in the range 1 3351 to 65535. Name must be an IANA_SVC_NAME. 3352 x-kubernetes-int-or-string: true 3353 required: 3354 - port 3355 type: object 3356 type: object 3357 type: object 3358 livenessProbe: 3359 description: 'Deprecated. This field will be 3360 removed in a future release. Periodic probe 3361 of container liveness. Container will be restarted 3362 if the probe fails. Cannot be updated. More 3363 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3364 properties: 3365 exec: 3366 description: Exec specifies the action to 3367 take. 3368 properties: 3369 command: 3370 description: Command is the command 3371 line to execute inside the container, 3372 the working directory for the command is 3373 root ('/') in the container's filesystem. 3374 The command is simply exec'd, it is 3375 not run inside a shell, so traditional 3376 shell instructions ('|', etc) won't 3377 work. To use a shell, you need to 3378 explicitly call out to that shell. 3379 Exit status of 0 is treated as live/healthy 3380 and non-zero is unhealthy. 3381 items: 3382 type: string 3383 type: array 3384 type: object 3385 failureThreshold: 3386 description: Minimum consecutive failures 3387 for the probe to be considered failed 3388 after having succeeded. Defaults to 3. 3389 Minimum value is 1. 3390 format: int32 3391 type: integer 3392 grpc: 3393 description: GRPC specifies an action involving 3394 a GRPC port. 3395 properties: 3396 port: 3397 description: Port number of the gRPC 3398 service. Number must be in the range 3399 1 to 65535. 3400 format: int32 3401 type: integer 3402 service: 3403 description: "Service is the name of 3404 the service to place in the gRPC HealthCheckRequest 3405 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3406 \n If this is not specified, the default 3407 behavior is defined by gRPC." 3408 type: string 3409 required: 3410 - port 3411 type: object 3412 httpGet: 3413 description: HTTPGet specifies the http 3414 request to perform. 3415 properties: 3416 host: 3417 description: Host name to connect to, 3418 defaults to the pod IP. You probably 3419 want to set "Host" in httpHeaders 3420 instead. 3421 type: string 3422 httpHeaders: 3423 description: Custom headers to set in 3424 the request. HTTP allows repeated 3425 headers. 3426 items: 3427 description: HTTPHeader describes 3428 a custom header to be used in HTTP 3429 probes 3430 properties: 3431 name: 3432 description: The header field 3433 name. This will be canonicalized 3434 upon output, so case-variant 3435 names will be understood as 3436 the same header. 3437 type: string 3438 value: 3439 description: The header field 3440 value 3441 type: string 3442 required: 3443 - name 3444 - value 3445 type: object 3446 type: array 3447 path: 3448 description: Path to access on the HTTP 3449 server. 3450 type: string 3451 port: 3452 anyOf: 3453 - type: integer 3454 - type: string 3455 description: Name or number of the port 3456 to access on the container. Number 3457 must be in the range 1 to 65535. Name 3458 must be an IANA_SVC_NAME. 3459 x-kubernetes-int-or-string: true 3460 scheme: 3461 description: Scheme to use for connecting 3462 to the host. Defaults to HTTP. 3463 type: string 3464 required: 3465 - port 3466 type: object 3467 initialDelaySeconds: 3468 description: 'Number of seconds after the 3469 container has started before liveness 3470 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3471 format: int32 3472 type: integer 3473 periodSeconds: 3474 description: How often (in seconds) to perform 3475 the probe. Default to 10 seconds. Minimum 3476 value is 1. 3477 format: int32 3478 type: integer 3479 successThreshold: 3480 description: Minimum consecutive successes 3481 for the probe to be considered successful 3482 after having failed. Defaults to 1. Must 3483 be 1 for liveness and startup. Minimum 3484 value is 1. 3485 format: int32 3486 type: integer 3487 tcpSocket: 3488 description: TCPSocket specifies an action 3489 involving a TCP port. 3490 properties: 3491 host: 3492 description: 'Optional: Host name to 3493 connect to, defaults to the pod IP.' 3494 type: string 3495 port: 3496 anyOf: 3497 - type: integer 3498 - type: string 3499 description: Number or name of the port 3500 to access on the container. Number 3501 must be in the range 1 to 65535. Name 3502 must be an IANA_SVC_NAME. 3503 x-kubernetes-int-or-string: true 3504 required: 3505 - port 3506 type: object 3507 terminationGracePeriodSeconds: 3508 description: Optional duration in seconds 3509 the pod needs to terminate gracefully 3510 upon probe failure. The grace period is 3511 the duration in seconds after the processes 3512 running in the pod are sent a termination 3513 signal and the time when the processes 3514 are forcibly halted with a kill signal. 3515 Set this value longer than the expected 3516 cleanup time for your process. If this 3517 value is nil, the pod's terminationGracePeriodSeconds 3518 will be used. Otherwise, this value overrides 3519 the value provided by the pod spec. Value 3520 must be non-negative integer. The value 3521 zero indicates stop immediately via the 3522 kill signal (no opportunity to shut down). 3523 This is a beta field and requires enabling 3524 ProbeTerminationGracePeriod feature gate. 3525 Minimum value is 1. spec.terminationGracePeriodSeconds 3526 is used if unset. 3527 format: int64 3528 type: integer 3529 timeoutSeconds: 3530 description: 'Number of seconds after which 3531 the probe times out. Defaults to 1 second. 3532 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3533 format: int32 3534 type: integer 3535 type: object 3536 name: 3537 description: Deprecated. This field will be 3538 removed in a future release. Default name 3539 for each Step specified as a DNS_LABEL. Each 3540 Step in a Task must have a unique name. Cannot 3541 be updated. 3542 type: string 3543 ports: 3544 description: Deprecated. This field will be 3545 removed in a future release. List of ports 3546 to expose from the Step's container. Exposing 3547 a port here gives the system additional information 3548 about the network connections a container 3549 uses, but is primarily informational. Not 3550 specifying a port here DOES NOT prevent that 3551 port from being exposed. Any port which is 3552 listening on the default "0.0.0.0" address 3553 inside a container will be accessible from 3554 the network. Cannot be updated. 3555 items: 3556 description: ContainerPort represents a network 3557 port in a single container. 3558 properties: 3559 containerPort: 3560 description: Number of port to expose 3561 on the pod's IP address. This must be 3562 a valid port number, 0 < x < 65536. 3563 format: int32 3564 type: integer 3565 hostIP: 3566 description: What host IP to bind the 3567 external port to. 3568 type: string 3569 hostPort: 3570 description: Number of port to expose 3571 on the host. If specified, this must 3572 be a valid port number, 0 < x < 65536. 3573 If HostNetwork is specified, this must 3574 match ContainerPort. Most containers 3575 do not need this. 3576 format: int32 3577 type: integer 3578 name: 3579 description: If specified, this must be 3580 an IANA_SVC_NAME and unique within the 3581 pod. Each named port in a pod must have 3582 a unique name. Name for the port that 3583 can be referred to by services. 3584 type: string 3585 protocol: 3586 default: TCP 3587 description: Protocol for port. Must be 3588 UDP, TCP, or SCTP. Defaults to "TCP". 3589 type: string 3590 required: 3591 - containerPort 3592 type: object 3593 type: array 3594 x-kubernetes-list-map-keys: 3595 - containerPort 3596 - protocol 3597 x-kubernetes-list-type: map 3598 readinessProbe: 3599 description: 'Deprecated. This field will be 3600 removed in a future release. Periodic probe 3601 of container service readiness. Container 3602 will be removed from service endpoints if 3603 the probe fails. Cannot be updated. More info: 3604 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3605 properties: 3606 exec: 3607 description: Exec specifies the action to 3608 take. 3609 properties: 3610 command: 3611 description: Command is the command 3612 line to execute inside the container, 3613 the working directory for the command is 3614 root ('/') in the container's filesystem. 3615 The command is simply exec'd, it is 3616 not run inside a shell, so traditional 3617 shell instructions ('|', etc) won't 3618 work. To use a shell, you need to 3619 explicitly call out to that shell. 3620 Exit status of 0 is treated as live/healthy 3621 and non-zero is unhealthy. 3622 items: 3623 type: string 3624 type: array 3625 type: object 3626 failureThreshold: 3627 description: Minimum consecutive failures 3628 for the probe to be considered failed 3629 after having succeeded. Defaults to 3. 3630 Minimum value is 1. 3631 format: int32 3632 type: integer 3633 grpc: 3634 description: GRPC specifies an action involving 3635 a GRPC port. 3636 properties: 3637 port: 3638 description: Port number of the gRPC 3639 service. Number must be in the range 3640 1 to 65535. 3641 format: int32 3642 type: integer 3643 service: 3644 description: "Service is the name of 3645 the service to place in the gRPC HealthCheckRequest 3646 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3647 \n If this is not specified, the default 3648 behavior is defined by gRPC." 3649 type: string 3650 required: 3651 - port 3652 type: object 3653 httpGet: 3654 description: HTTPGet specifies the http 3655 request to perform. 3656 properties: 3657 host: 3658 description: Host name to connect to, 3659 defaults to the pod IP. You probably 3660 want to set "Host" in httpHeaders 3661 instead. 3662 type: string 3663 httpHeaders: 3664 description: Custom headers to set in 3665 the request. HTTP allows repeated 3666 headers. 3667 items: 3668 description: HTTPHeader describes 3669 a custom header to be used in HTTP 3670 probes 3671 properties: 3672 name: 3673 description: The header field 3674 name. This will be canonicalized 3675 upon output, so case-variant 3676 names will be understood as 3677 the same header. 3678 type: string 3679 value: 3680 description: The header field 3681 value 3682 type: string 3683 required: 3684 - name 3685 - value 3686 type: object 3687 type: array 3688 path: 3689 description: Path to access on the HTTP 3690 server. 3691 type: string 3692 port: 3693 anyOf: 3694 - type: integer 3695 - type: string 3696 description: Name or number of the port 3697 to access on the container. Number 3698 must be in the range 1 to 65535. Name 3699 must be an IANA_SVC_NAME. 3700 x-kubernetes-int-or-string: true 3701 scheme: 3702 description: Scheme to use for connecting 3703 to the host. Defaults to HTTP. 3704 type: string 3705 required: 3706 - port 3707 type: object 3708 initialDelaySeconds: 3709 description: 'Number of seconds after the 3710 container has started before liveness 3711 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3712 format: int32 3713 type: integer 3714 periodSeconds: 3715 description: How often (in seconds) to perform 3716 the probe. Default to 10 seconds. Minimum 3717 value is 1. 3718 format: int32 3719 type: integer 3720 successThreshold: 3721 description: Minimum consecutive successes 3722 for the probe to be considered successful 3723 after having failed. Defaults to 1. Must 3724 be 1 for liveness and startup. Minimum 3725 value is 1. 3726 format: int32 3727 type: integer 3728 tcpSocket: 3729 description: TCPSocket specifies an action 3730 involving a TCP port. 3731 properties: 3732 host: 3733 description: 'Optional: Host name to 3734 connect to, defaults to the pod IP.' 3735 type: string 3736 port: 3737 anyOf: 3738 - type: integer 3739 - type: string 3740 description: Number or name of the port 3741 to access on the container. Number 3742 must be in the range 1 to 65535. Name 3743 must be an IANA_SVC_NAME. 3744 x-kubernetes-int-or-string: true 3745 required: 3746 - port 3747 type: object 3748 terminationGracePeriodSeconds: 3749 description: Optional duration in seconds 3750 the pod needs to terminate gracefully 3751 upon probe failure. The grace period is 3752 the duration in seconds after the processes 3753 running in the pod are sent a termination 3754 signal and the time when the processes 3755 are forcibly halted with a kill signal. 3756 Set this value longer than the expected 3757 cleanup time for your process. If this 3758 value is nil, the pod's terminationGracePeriodSeconds 3759 will be used. Otherwise, this value overrides 3760 the value provided by the pod spec. Value 3761 must be non-negative integer. The value 3762 zero indicates stop immediately via the 3763 kill signal (no opportunity to shut down). 3764 This is a beta field and requires enabling 3765 ProbeTerminationGracePeriod feature gate. 3766 Minimum value is 1. spec.terminationGracePeriodSeconds 3767 is used if unset. 3768 format: int64 3769 type: integer 3770 timeoutSeconds: 3771 description: 'Number of seconds after which 3772 the probe times out. Defaults to 1 second. 3773 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 3774 format: int32 3775 type: integer 3776 type: object 3777 resources: 3778 description: 'Compute Resources required by 3779 this Step. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3780 properties: 3781 claims: 3782 description: "Claims lists the names of 3783 resources, defined in spec.resourceClaims, 3784 that are used by this container. \n This 3785 is an alpha field and requires enabling 3786 the DynamicResourceAllocation feature 3787 gate. \n This field is immutable. It can 3788 only be set for containers." 3789 items: 3790 description: ResourceClaim references 3791 one entry in PodSpec.ResourceClaims. 3792 properties: 3793 name: 3794 description: Name must match the name 3795 of one entry in pod.spec.resourceClaims 3796 of the Pod where this field is used. 3797 It makes that resource available 3798 inside a container. 3799 type: string 3800 required: 3801 - name 3802 type: object 3803 type: array 3804 x-kubernetes-list-map-keys: 3805 - name 3806 x-kubernetes-list-type: map 3807 limits: 3808 additionalProperties: 3809 anyOf: 3810 - type: integer 3811 - type: string 3812 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3813 x-kubernetes-int-or-string: true 3814 description: 'Limits describes the maximum 3815 amount of compute resources allowed. More 3816 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3817 type: object 3818 requests: 3819 additionalProperties: 3820 anyOf: 3821 - type: integer 3822 - type: string 3823 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3824 x-kubernetes-int-or-string: true 3825 description: 'Requests describes the minimum 3826 amount of compute resources required. 3827 If Requests is omitted for a container, 3828 it defaults to Limits if that is explicitly 3829 specified, otherwise to an implementation-defined 3830 value. Requests cannot exceed Limits. 3831 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 3832 type: object 3833 type: object 3834 securityContext: 3835 description: 'SecurityContext defines the security 3836 options the Step should be run with. If set, 3837 the fields of SecurityContext override the 3838 equivalent fields of PodSecurityContext. More 3839 info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 3840 properties: 3841 allowPrivilegeEscalation: 3842 description: 'AllowPrivilegeEscalation controls 3843 whether a process can gain more privileges 3844 than its parent process. This bool directly 3845 controls if the no_new_privs flag will 3846 be set on the container process. AllowPrivilegeEscalation 3847 is true always when the container is: 3848 1) run as Privileged 2) has CAP_SYS_ADMIN 3849 Note that this field cannot be set when 3850 spec.os.name is windows.' 3851 type: boolean 3852 capabilities: 3853 description: The capabilities to add/drop 3854 when running containers. Defaults to the 3855 default set of capabilities granted by 3856 the container runtime. Note that this 3857 field cannot be set when spec.os.name 3858 is windows. 3859 properties: 3860 add: 3861 description: Added capabilities 3862 items: 3863 description: Capability represent 3864 POSIX capabilities type 3865 type: string 3866 type: array 3867 drop: 3868 description: Removed capabilities 3869 items: 3870 description: Capability represent 3871 POSIX capabilities type 3872 type: string 3873 type: array 3874 type: object 3875 privileged: 3876 description: Run container in privileged 3877 mode. Processes in privileged containers 3878 are essentially equivalent to root on 3879 the host. Defaults to false. Note that 3880 this field cannot be set when spec.os.name 3881 is windows. 3882 type: boolean 3883 procMount: 3884 description: procMount denotes the type 3885 of proc mount to use for the containers. 3886 The default is DefaultProcMount which 3887 uses the container runtime defaults for 3888 readonly paths and masked paths. This 3889 requires the ProcMountType feature flag 3890 to be enabled. Note that this field cannot 3891 be set when spec.os.name is windows. 3892 type: string 3893 readOnlyRootFilesystem: 3894 description: Whether this container has 3895 a read-only root filesystem. Default is 3896 false. Note that this field cannot be 3897 set when spec.os.name is windows. 3898 type: boolean 3899 runAsGroup: 3900 description: The GID to run the entrypoint 3901 of the container process. Uses runtime 3902 default if unset. May also be set in PodSecurityContext. If 3903 set in both SecurityContext and PodSecurityContext, 3904 the value specified in SecurityContext 3905 takes precedence. Note that this field 3906 cannot be set when spec.os.name is windows. 3907 format: int64 3908 type: integer 3909 runAsNonRoot: 3910 description: Indicates that the container 3911 must run as a non-root user. If true, 3912 the Kubelet will validate the image at 3913 runtime to ensure that it does not run 3914 as UID 0 (root) and fail to start the 3915 container if it does. If unset or false, 3916 no such validation will be performed. 3917 May also be set in PodSecurityContext. If 3918 set in both SecurityContext and PodSecurityContext, 3919 the value specified in SecurityContext 3920 takes precedence. 3921 type: boolean 3922 runAsUser: 3923 description: The UID to run the entrypoint 3924 of the container process. Defaults to 3925 user specified in image metadata if unspecified. 3926 May also be set in PodSecurityContext. If 3927 set in both SecurityContext and PodSecurityContext, 3928 the value specified in SecurityContext 3929 takes precedence. Note that this field 3930 cannot be set when spec.os.name is windows. 3931 format: int64 3932 type: integer 3933 seLinuxOptions: 3934 description: The SELinux context to be applied 3935 to the container. If unspecified, the 3936 container runtime will allocate a random 3937 SELinux context for each container. May 3938 also be set in PodSecurityContext. If 3939 set in both SecurityContext and PodSecurityContext, 3940 the value specified in SecurityContext 3941 takes precedence. Note that this field 3942 cannot be set when spec.os.name is windows. 3943 properties: 3944 level: 3945 description: Level is SELinux level 3946 label that applies to the container. 3947 type: string 3948 role: 3949 description: Role is a SELinux role 3950 label that applies to the container. 3951 type: string 3952 type: 3953 description: Type is a SELinux type 3954 label that applies to the container. 3955 type: string 3956 user: 3957 description: User is a SELinux user 3958 label that applies to the container. 3959 type: string 3960 type: object 3961 seccompProfile: 3962 description: The seccomp options to use 3963 by this container. If seccomp options 3964 are provided at both the pod & container 3965 level, the container options override 3966 the pod options. Note that this field 3967 cannot be set when spec.os.name is windows. 3968 properties: 3969 localhostProfile: 3970 description: localhostProfile indicates 3971 a profile defined in a file on the 3972 node should be used. The profile must 3973 be preconfigured on the node to work. 3974 Must be a descending path, relative 3975 to the kubelet's configured seccomp 3976 profile location. Must be set if type 3977 is "Localhost". Must NOT be set for 3978 any other type. 3979 type: string 3980 type: 3981 description: "type indicates which kind 3982 of seccomp profile will be applied. 3983 Valid options are: \n Localhost - 3984 a profile defined in a file on the 3985 node should be used. RuntimeDefault 3986 - the container runtime default profile 3987 should be used. Unconfined - no profile 3988 should be applied." 3989 type: string 3990 required: 3991 - type 3992 type: object 3993 windowsOptions: 3994 description: The Windows specific settings 3995 applied to all containers. If unspecified, 3996 the options from the PodSecurityContext 3997 will be used. If set in both SecurityContext 3998 and PodSecurityContext, the value specified 3999 in SecurityContext takes precedence. Note 4000 that this field cannot be set when spec.os.name 4001 is linux. 4002 properties: 4003 gmsaCredentialSpec: 4004 description: GMSACredentialSpec is where 4005 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4006 inlines the contents of the GMSA credential 4007 spec named by the GMSACredentialSpecName 4008 field. 4009 type: string 4010 gmsaCredentialSpecName: 4011 description: GMSACredentialSpecName 4012 is the name of the GMSA credential 4013 spec to use. 4014 type: string 4015 hostProcess: 4016 description: HostProcess determines 4017 if a container should be run as a 4018 'Host Process' container. All of a 4019 Pod's containers must have the same 4020 effective HostProcess value (it is 4021 not allowed to have a mix of HostProcess 4022 containers and non-HostProcess containers). 4023 In addition, if HostProcess is true 4024 then HostNetwork must also be set 4025 to true. 4026 type: boolean 4027 runAsUserName: 4028 description: The UserName in Windows 4029 to run the entrypoint of the container 4030 process. Defaults to the user specified 4031 in image metadata if unspecified. 4032 May also be set in PodSecurityContext. 4033 If set in both SecurityContext and 4034 PodSecurityContext, the value specified 4035 in SecurityContext takes precedence. 4036 type: string 4037 type: object 4038 type: object 4039 startupProbe: 4040 description: 'Deprecated. This field will be 4041 removed in a future release. DeprecatedStartupProbe 4042 indicates that the Pod has successfully initialized. 4043 If specified, no other probes are executed 4044 until this completes successfully. If this 4045 probe fails, the Pod will be restarted, just 4046 as if the livenessProbe failed. This can be 4047 used to provide different probe parameters 4048 at the beginning of a Pod''s lifecycle, when 4049 it might take a long time to load data or 4050 warm a cache, than during steady-state operation. 4051 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4052 properties: 4053 exec: 4054 description: Exec specifies the action to 4055 take. 4056 properties: 4057 command: 4058 description: Command is the command 4059 line to execute inside the container, 4060 the working directory for the command is 4061 root ('/') in the container's filesystem. 4062 The command is simply exec'd, it is 4063 not run inside a shell, so traditional 4064 shell instructions ('|', etc) won't 4065 work. To use a shell, you need to 4066 explicitly call out to that shell. 4067 Exit status of 0 is treated as live/healthy 4068 and non-zero is unhealthy. 4069 items: 4070 type: string 4071 type: array 4072 type: object 4073 failureThreshold: 4074 description: Minimum consecutive failures 4075 for the probe to be considered failed 4076 after having succeeded. Defaults to 3. 4077 Minimum value is 1. 4078 format: int32 4079 type: integer 4080 grpc: 4081 description: GRPC specifies an action involving 4082 a GRPC port. 4083 properties: 4084 port: 4085 description: Port number of the gRPC 4086 service. Number must be in the range 4087 1 to 65535. 4088 format: int32 4089 type: integer 4090 service: 4091 description: "Service is the name of 4092 the service to place in the gRPC HealthCheckRequest 4093 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4094 \n If this is not specified, the default 4095 behavior is defined by gRPC." 4096 type: string 4097 required: 4098 - port 4099 type: object 4100 httpGet: 4101 description: HTTPGet specifies the http 4102 request to perform. 4103 properties: 4104 host: 4105 description: Host name to connect to, 4106 defaults to the pod IP. You probably 4107 want to set "Host" in httpHeaders 4108 instead. 4109 type: string 4110 httpHeaders: 4111 description: Custom headers to set in 4112 the request. HTTP allows repeated 4113 headers. 4114 items: 4115 description: HTTPHeader describes 4116 a custom header to be used in HTTP 4117 probes 4118 properties: 4119 name: 4120 description: The header field 4121 name. This will be canonicalized 4122 upon output, so case-variant 4123 names will be understood as 4124 the same header. 4125 type: string 4126 value: 4127 description: The header field 4128 value 4129 type: string 4130 required: 4131 - name 4132 - value 4133 type: object 4134 type: array 4135 path: 4136 description: Path to access on the HTTP 4137 server. 4138 type: string 4139 port: 4140 anyOf: 4141 - type: integer 4142 - type: string 4143 description: Name or number of the port 4144 to access on the container. Number 4145 must be in the range 1 to 65535. Name 4146 must be an IANA_SVC_NAME. 4147 x-kubernetes-int-or-string: true 4148 scheme: 4149 description: Scheme to use for connecting 4150 to the host. Defaults to HTTP. 4151 type: string 4152 required: 4153 - port 4154 type: object 4155 initialDelaySeconds: 4156 description: 'Number of seconds after the 4157 container has started before liveness 4158 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4159 format: int32 4160 type: integer 4161 periodSeconds: 4162 description: How often (in seconds) to perform 4163 the probe. Default to 10 seconds. Minimum 4164 value is 1. 4165 format: int32 4166 type: integer 4167 successThreshold: 4168 description: Minimum consecutive successes 4169 for the probe to be considered successful 4170 after having failed. Defaults to 1. Must 4171 be 1 for liveness and startup. Minimum 4172 value is 1. 4173 format: int32 4174 type: integer 4175 tcpSocket: 4176 description: TCPSocket specifies an action 4177 involving a TCP port. 4178 properties: 4179 host: 4180 description: 'Optional: Host name to 4181 connect to, defaults to the pod IP.' 4182 type: string 4183 port: 4184 anyOf: 4185 - type: integer 4186 - type: string 4187 description: Number or name of the port 4188 to access on the container. Number 4189 must be in the range 1 to 65535. Name 4190 must be an IANA_SVC_NAME. 4191 x-kubernetes-int-or-string: true 4192 required: 4193 - port 4194 type: object 4195 terminationGracePeriodSeconds: 4196 description: Optional duration in seconds 4197 the pod needs to terminate gracefully 4198 upon probe failure. The grace period is 4199 the duration in seconds after the processes 4200 running in the pod are sent a termination 4201 signal and the time when the processes 4202 are forcibly halted with a kill signal. 4203 Set this value longer than the expected 4204 cleanup time for your process. If this 4205 value is nil, the pod's terminationGracePeriodSeconds 4206 will be used. Otherwise, this value overrides 4207 the value provided by the pod spec. Value 4208 must be non-negative integer. The value 4209 zero indicates stop immediately via the 4210 kill signal (no opportunity to shut down). 4211 This is a beta field and requires enabling 4212 ProbeTerminationGracePeriod feature gate. 4213 Minimum value is 1. spec.terminationGracePeriodSeconds 4214 is used if unset. 4215 format: int64 4216 type: integer 4217 timeoutSeconds: 4218 description: 'Number of seconds after which 4219 the probe times out. Defaults to 1 second. 4220 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4221 format: int32 4222 type: integer 4223 type: object 4224 stdin: 4225 description: Deprecated. This field will be 4226 removed in a future release. Whether this 4227 Step should allocate a buffer for stdin in 4228 the container runtime. If this is not set, 4229 reads from stdin in the Step will always result 4230 in EOF. Default is false. 4231 type: boolean 4232 stdinOnce: 4233 description: Deprecated. This field will be 4234 removed in a future release. Whether the container 4235 runtime should close the stdin channel after 4236 it has been opened by a single attach. When 4237 stdin is true the stdin stream will remain 4238 open across multiple attach sessions. If stdinOnce 4239 is set to true, stdin is opened on container 4240 start, is empty until the first client attaches 4241 to stdin, and then remains open and accepts 4242 data until the client disconnects, at which 4243 time stdin is closed and remains closed until 4244 the container is restarted. If this flag is 4245 false, a container processes that reads from 4246 stdin will never receive an EOF. Default is 4247 false 4248 type: boolean 4249 terminationMessagePath: 4250 description: Deprecated. This field will be 4251 removed in a future release and cannot be 4252 meaningfully used. 4253 type: string 4254 terminationMessagePolicy: 4255 description: Deprecated. This field will be 4256 removed in a future release and cannot be 4257 meaningfully used. 4258 type: string 4259 tty: 4260 description: Deprecated. This field will be 4261 removed in a future release. Whether this 4262 Step should allocate a DeprecatedTTY for itself, 4263 also requires 'stdin' to be true. Default 4264 is false. 4265 type: boolean 4266 volumeDevices: 4267 description: volumeDevices is the list of block 4268 devices to be used by the Step. 4269 items: 4270 description: volumeDevice describes a mapping 4271 of a raw block device within a container. 4272 properties: 4273 devicePath: 4274 description: devicePath is the path inside 4275 of the container that the device will 4276 be mapped to. 4277 type: string 4278 name: 4279 description: name must match the name 4280 of a persistentVolumeClaim in the pod 4281 type: string 4282 required: 4283 - devicePath 4284 - name 4285 type: object 4286 type: array 4287 x-kubernetes-list-type: atomic 4288 volumeMounts: 4289 description: Volumes to mount into the Step's 4290 filesystem. Cannot be updated. 4291 items: 4292 description: VolumeMount describes a mounting 4293 of a Volume within a container. 4294 properties: 4295 mountPath: 4296 description: Path within the container 4297 at which the volume should be mounted. Must 4298 not contain ':'. 4299 type: string 4300 mountPropagation: 4301 description: mountPropagation determines 4302 how mounts are propagated from the host 4303 to container and the other way around. 4304 When not set, MountPropagationNone is 4305 used. This field is beta in 1.10. 4306 type: string 4307 name: 4308 description: This must match the Name 4309 of a Volume. 4310 type: string 4311 readOnly: 4312 description: Mounted read-only if true, 4313 read-write otherwise (false or unspecified). 4314 Defaults to false. 4315 type: boolean 4316 subPath: 4317 description: Path within the volume from 4318 which the container's volume should 4319 be mounted. Defaults to "" (volume's 4320 root). 4321 type: string 4322 subPathExpr: 4323 description: Expanded path within the 4324 volume from which the container's volume 4325 should be mounted. Behaves similarly 4326 to SubPath but environment variable 4327 references $(VAR_NAME) are expanded 4328 using the container's environment. Defaults 4329 to "" (volume's root). SubPathExpr and 4330 SubPath are mutually exclusive. 4331 type: string 4332 required: 4333 - mountPath 4334 - name 4335 type: object 4336 type: array 4337 x-kubernetes-list-type: atomic 4338 workingDir: 4339 description: Step's working directory. If not 4340 specified, the container runtime's default 4341 will be used, which might be configured in 4342 the container image. Cannot be updated. 4343 type: string 4344 required: 4345 - name 4346 type: object 4347 steps: 4348 description: Steps are the steps of the build; each 4349 step is run sequentially with the source mounted 4350 into /workspace. 4351 items: 4352 description: Step runs a subcomponent of a Task 4353 properties: 4354 args: 4355 description: 'Arguments to the entrypoint. 4356 The image''s CMD is used if this is not 4357 provided. Variable references $(VAR_NAME) 4358 are expanded using the container''s environment. 4359 If a variable cannot be resolved, the reference 4360 in the input string will be unchanged. Double 4361 $$ are reduced to a single $, which allows 4362 for escaping the $(VAR_NAME) syntax: i.e. 4363 "$$(VAR_NAME)" will produce the string literal 4364 "$(VAR_NAME)". Escaped references will never 4365 be expanded, regardless of whether the variable 4366 exists or not. Cannot be updated. More info: 4367 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4368 items: 4369 type: string 4370 type: array 4371 x-kubernetes-list-type: atomic 4372 command: 4373 description: 'Entrypoint array. Not executed 4374 within a shell. The image''s ENTRYPOINT 4375 is used if this is not provided. Variable 4376 references $(VAR_NAME) are expanded using 4377 the container''s environment. If a variable 4378 cannot be resolved, the reference in the 4379 input string will be unchanged. Double $$ 4380 are reduced to a single $, which allows 4381 for escaping the $(VAR_NAME) syntax: i.e. 4382 "$$(VAR_NAME)" will produce the string literal 4383 "$(VAR_NAME)". Escaped references will never 4384 be expanded, regardless of whether the variable 4385 exists or not. Cannot be updated. More info: 4386 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 4387 items: 4388 type: string 4389 type: array 4390 x-kubernetes-list-type: atomic 4391 env: 4392 description: List of environment variables 4393 to set in the container. Cannot be updated. 4394 items: 4395 description: EnvVar represents an environment 4396 variable present in a Container. 4397 properties: 4398 name: 4399 description: Name of the environment 4400 variable. Must be a C_IDENTIFIER. 4401 type: string 4402 value: 4403 description: 'Variable references $(VAR_NAME) 4404 are expanded using the previously 4405 defined environment variables in the 4406 container and any service environment 4407 variables. If a variable cannot be 4408 resolved, the reference in the input 4409 string will be unchanged. Double $$ 4410 are reduced to a single $, which allows 4411 for escaping the $(VAR_NAME) syntax: 4412 i.e. "$$(VAR_NAME)" will produce the 4413 string literal "$(VAR_NAME)". Escaped 4414 references will never be expanded, 4415 regardless of whether the variable 4416 exists or not. Defaults to "".' 4417 type: string 4418 valueFrom: 4419 description: Source for the environment 4420 variable's value. Cannot be used if 4421 value is not empty. 4422 properties: 4423 configMapKeyRef: 4424 description: Selects a key of a 4425 ConfigMap. 4426 properties: 4427 key: 4428 description: The key to select. 4429 type: string 4430 name: 4431 description: 'Name of the referent. 4432 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4433 TODO: Add other useful fields. 4434 apiVersion, kind, uid?' 4435 type: string 4436 optional: 4437 description: Specify whether 4438 the ConfigMap or its key must 4439 be defined 4440 type: boolean 4441 required: 4442 - key 4443 type: object 4444 fieldRef: 4445 description: 'Selects a field of 4446 the pod: supports metadata.name, 4447 metadata.namespace, `metadata.labels[''<KEY>'']`, 4448 `metadata.annotations[''<KEY>'']`, 4449 spec.nodeName, spec.serviceAccountName, 4450 status.hostIP, status.podIP, status.podIPs.' 4451 properties: 4452 apiVersion: 4453 description: Version of the 4454 schema the FieldPath is written 4455 in terms of, defaults to "v1". 4456 type: string 4457 fieldPath: 4458 description: Path of the field 4459 to select in the specified 4460 API version. 4461 type: string 4462 required: 4463 - fieldPath 4464 type: object 4465 resourceFieldRef: 4466 description: 'Selects a resource 4467 of the container: only resources 4468 limits and requests (limits.cpu, 4469 limits.memory, limits.ephemeral-storage, 4470 requests.cpu, requests.memory 4471 and requests.ephemeral-storage) 4472 are currently supported.' 4473 properties: 4474 containerName: 4475 description: 'Container name: 4476 required for volumes, optional 4477 for env vars' 4478 type: string 4479 divisor: 4480 anyOf: 4481 - type: integer 4482 - type: string 4483 description: Specifies the output 4484 format of the exposed resources, 4485 defaults to "1" 4486 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4487 x-kubernetes-int-or-string: true 4488 resource: 4489 description: 'Required: resource 4490 to select' 4491 type: string 4492 required: 4493 - resource 4494 type: object 4495 secretKeyRef: 4496 description: Selects a key of a 4497 secret in the pod's namespace 4498 properties: 4499 key: 4500 description: The key of the 4501 secret to select from. Must 4502 be a valid secret key. 4503 type: string 4504 name: 4505 description: 'Name of the referent. 4506 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4507 TODO: Add other useful fields. 4508 apiVersion, kind, uid?' 4509 type: string 4510 optional: 4511 description: Specify whether 4512 the Secret or its key must 4513 be defined 4514 type: boolean 4515 required: 4516 - key 4517 type: object 4518 type: object 4519 required: 4520 - name 4521 type: object 4522 type: array 4523 x-kubernetes-list-type: atomic 4524 envFrom: 4525 description: List of sources to populate environment 4526 variables in the container. The keys defined 4527 within a source must be a C_IDENTIFIER. 4528 All invalid keys will be reported as an 4529 event when the container is starting. When 4530 a key exists in multiple sources, the value 4531 associated with the last source will take 4532 precedence. Values defined by an Env with 4533 a duplicate key will take precedence. Cannot 4534 be updated. 4535 items: 4536 description: EnvFromSource represents the 4537 source of a set of ConfigMaps 4538 properties: 4539 configMapRef: 4540 description: The ConfigMap to select 4541 from 4542 properties: 4543 name: 4544 description: 'Name of the referent. 4545 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4546 TODO: Add other useful fields. 4547 apiVersion, kind, uid?' 4548 type: string 4549 optional: 4550 description: Specify whether the 4551 ConfigMap must be defined 4552 type: boolean 4553 type: object 4554 prefix: 4555 description: An optional identifier 4556 to prepend to each key in the ConfigMap. 4557 Must be a C_IDENTIFIER. 4558 type: string 4559 secretRef: 4560 description: The Secret to select from 4561 properties: 4562 name: 4563 description: 'Name of the referent. 4564 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4565 TODO: Add other useful fields. 4566 apiVersion, kind, uid?' 4567 type: string 4568 optional: 4569 description: Specify whether the 4570 Secret must be defined 4571 type: boolean 4572 type: object 4573 type: object 4574 type: array 4575 x-kubernetes-list-type: atomic 4576 image: 4577 description: 'Image reference name to run 4578 for this Step. More info: https://kubernetes.io/docs/concepts/containers/images' 4579 type: string 4580 imagePullPolicy: 4581 description: 'Image pull policy. One of Always, 4582 Never, IfNotPresent. Defaults to Always 4583 if :latest tag is specified, or IfNotPresent 4584 otherwise. Cannot be updated. More info: 4585 https://kubernetes.io/docs/concepts/containers/images#updating-images' 4586 type: string 4587 lifecycle: 4588 description: Deprecated. This field will be 4589 removed in a future release. Actions that 4590 the management system should take in response 4591 to container lifecycle events. Cannot be 4592 updated. 4593 properties: 4594 postStart: 4595 description: 'PostStart is called immediately 4596 after a container is created. If the 4597 handler fails, the container is terminated 4598 and restarted according to its restart 4599 policy. Other management of the container 4600 blocks until the hook completes. More 4601 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4602 properties: 4603 exec: 4604 description: Exec specifies the action 4605 to take. 4606 properties: 4607 command: 4608 description: Command is the command 4609 line to execute inside the container, 4610 the working directory for the 4611 command is root ('/') in the 4612 container's filesystem. The 4613 command is simply exec'd, it 4614 is not run inside a shell, so 4615 traditional shell instructions 4616 ('|', etc) won't work. To use 4617 a shell, you need to explicitly 4618 call out to that shell. Exit 4619 status of 0 is treated as live/healthy 4620 and non-zero is unhealthy. 4621 items: 4622 type: string 4623 type: array 4624 type: object 4625 httpGet: 4626 description: HTTPGet specifies the 4627 http request to perform. 4628 properties: 4629 host: 4630 description: Host name to connect 4631 to, defaults to the pod IP. 4632 You probably want to set "Host" 4633 in httpHeaders instead. 4634 type: string 4635 httpHeaders: 4636 description: Custom headers to 4637 set in the request. HTTP allows 4638 repeated headers. 4639 items: 4640 description: HTTPHeader describes 4641 a custom header to be used 4642 in HTTP probes 4643 properties: 4644 name: 4645 description: The header 4646 field name. This will 4647 be canonicalized upon 4648 output, so case-variant 4649 names will be understood 4650 as the same header. 4651 type: string 4652 value: 4653 description: The header 4654 field value 4655 type: string 4656 required: 4657 - name 4658 - value 4659 type: object 4660 type: array 4661 path: 4662 description: Path to access on 4663 the HTTP server. 4664 type: string 4665 port: 4666 anyOf: 4667 - type: integer 4668 - type: string 4669 description: Name or number of 4670 the port to access on the container. 4671 Number must be in the range 4672 1 to 65535. Name must be an 4673 IANA_SVC_NAME. 4674 x-kubernetes-int-or-string: true 4675 scheme: 4676 description: Scheme to use for 4677 connecting to the host. Defaults 4678 to HTTP. 4679 type: string 4680 required: 4681 - port 4682 type: object 4683 tcpSocket: 4684 description: Deprecated. TCPSocket 4685 is NOT supported as a LifecycleHandler 4686 and kept for the backward compatibility. 4687 There are no validation of this 4688 field and lifecycle hooks will fail 4689 in runtime when tcp handler is specified. 4690 properties: 4691 host: 4692 description: 'Optional: Host name 4693 to connect to, defaults to the 4694 pod IP.' 4695 type: string 4696 port: 4697 anyOf: 4698 - type: integer 4699 - type: string 4700 description: Number or name of 4701 the port to access on the container. 4702 Number must be in the range 4703 1 to 65535. Name must be an 4704 IANA_SVC_NAME. 4705 x-kubernetes-int-or-string: true 4706 required: 4707 - port 4708 type: object 4709 type: object 4710 preStop: 4711 description: 'PreStop is called immediately 4712 before a container is terminated due 4713 to an API request or management event 4714 such as liveness/startup probe failure, 4715 preemption, resource contention, etc. 4716 The handler is not called if the container 4717 crashes or exits. The Pod''s termination 4718 grace period countdown begins before 4719 the PreStop hook is executed. Regardless 4720 of the outcome of the handler, the container 4721 will eventually terminate within the 4722 Pod''s termination grace period (unless 4723 delayed by finalizers). Other management 4724 of the container blocks until the hook 4725 completes or until the termination grace 4726 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 4727 properties: 4728 exec: 4729 description: Exec specifies the action 4730 to take. 4731 properties: 4732 command: 4733 description: Command is the command 4734 line to execute inside the container, 4735 the working directory for the 4736 command is root ('/') in the 4737 container's filesystem. The 4738 command is simply exec'd, it 4739 is not run inside a shell, so 4740 traditional shell instructions 4741 ('|', etc) won't work. To use 4742 a shell, you need to explicitly 4743 call out to that shell. Exit 4744 status of 0 is treated as live/healthy 4745 and non-zero is unhealthy. 4746 items: 4747 type: string 4748 type: array 4749 type: object 4750 httpGet: 4751 description: HTTPGet specifies the 4752 http request to perform. 4753 properties: 4754 host: 4755 description: Host name to connect 4756 to, defaults to the pod IP. 4757 You probably want to set "Host" 4758 in httpHeaders instead. 4759 type: string 4760 httpHeaders: 4761 description: Custom headers to 4762 set in the request. HTTP allows 4763 repeated headers. 4764 items: 4765 description: HTTPHeader describes 4766 a custom header to be used 4767 in HTTP probes 4768 properties: 4769 name: 4770 description: The header 4771 field name. This will 4772 be canonicalized upon 4773 output, so case-variant 4774 names will be understood 4775 as the same header. 4776 type: string 4777 value: 4778 description: The header 4779 field value 4780 type: string 4781 required: 4782 - name 4783 - value 4784 type: object 4785 type: array 4786 path: 4787 description: Path to access on 4788 the HTTP server. 4789 type: string 4790 port: 4791 anyOf: 4792 - type: integer 4793 - type: string 4794 description: Name or number of 4795 the port to access on the container. 4796 Number must be in the range 4797 1 to 65535. Name must be an 4798 IANA_SVC_NAME. 4799 x-kubernetes-int-or-string: true 4800 scheme: 4801 description: Scheme to use for 4802 connecting to the host. Defaults 4803 to HTTP. 4804 type: string 4805 required: 4806 - port 4807 type: object 4808 tcpSocket: 4809 description: Deprecated. TCPSocket 4810 is NOT supported as a LifecycleHandler 4811 and kept for the backward compatibility. 4812 There are no validation of this 4813 field and lifecycle hooks will fail 4814 in runtime when tcp handler is specified. 4815 properties: 4816 host: 4817 description: 'Optional: Host name 4818 to connect to, defaults to the 4819 pod IP.' 4820 type: string 4821 port: 4822 anyOf: 4823 - type: integer 4824 - type: string 4825 description: Number or name of 4826 the port to access on the container. 4827 Number must be in the range 4828 1 to 65535. Name must be an 4829 IANA_SVC_NAME. 4830 x-kubernetes-int-or-string: true 4831 required: 4832 - port 4833 type: object 4834 type: object 4835 type: object 4836 livenessProbe: 4837 description: 'Deprecated. This field will 4838 be removed in a future release. Periodic 4839 probe of container liveness. Step will be 4840 restarted if the probe fails. Cannot be 4841 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4842 properties: 4843 exec: 4844 description: Exec specifies the action 4845 to take. 4846 properties: 4847 command: 4848 description: Command is the command 4849 line to execute inside the container, 4850 the working directory for the command is 4851 root ('/') in the container's filesystem. 4852 The command is simply exec'd, it 4853 is not run inside a shell, so traditional 4854 shell instructions ('|', etc) won't 4855 work. To use a shell, you need to 4856 explicitly call out to that shell. 4857 Exit status of 0 is treated as live/healthy 4858 and non-zero is unhealthy. 4859 items: 4860 type: string 4861 type: array 4862 type: object 4863 failureThreshold: 4864 description: Minimum consecutive failures 4865 for the probe to be considered failed 4866 after having succeeded. Defaults to 4867 3. Minimum value is 1. 4868 format: int32 4869 type: integer 4870 grpc: 4871 description: GRPC specifies an action 4872 involving a GRPC port. 4873 properties: 4874 port: 4875 description: Port number of the gRPC 4876 service. Number must be in the range 4877 1 to 65535. 4878 format: int32 4879 type: integer 4880 service: 4881 description: "Service is the name 4882 of the service to place in the gRPC 4883 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4884 \n If this is not specified, the 4885 default behavior is defined by gRPC." 4886 type: string 4887 required: 4888 - port 4889 type: object 4890 httpGet: 4891 description: HTTPGet specifies the http 4892 request to perform. 4893 properties: 4894 host: 4895 description: Host name to connect 4896 to, defaults to the pod IP. You 4897 probably want to set "Host" in httpHeaders 4898 instead. 4899 type: string 4900 httpHeaders: 4901 description: Custom headers to set 4902 in the request. HTTP allows repeated 4903 headers. 4904 items: 4905 description: HTTPHeader describes 4906 a custom header to be used in 4907 HTTP probes 4908 properties: 4909 name: 4910 description: The header field 4911 name. This will be canonicalized 4912 upon output, so case-variant 4913 names will be understood as 4914 the same header. 4915 type: string 4916 value: 4917 description: The header field 4918 value 4919 type: string 4920 required: 4921 - name 4922 - value 4923 type: object 4924 type: array 4925 path: 4926 description: Path to access on the 4927 HTTP server. 4928 type: string 4929 port: 4930 anyOf: 4931 - type: integer 4932 - type: string 4933 description: Name or number of the 4934 port to access on the container. 4935 Number must be in the range 1 to 4936 65535. Name must be an IANA_SVC_NAME. 4937 x-kubernetes-int-or-string: true 4938 scheme: 4939 description: Scheme to use for connecting 4940 to the host. Defaults to HTTP. 4941 type: string 4942 required: 4943 - port 4944 type: object 4945 initialDelaySeconds: 4946 description: 'Number of seconds after 4947 the container has started before liveness 4948 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 4949 format: int32 4950 type: integer 4951 periodSeconds: 4952 description: How often (in seconds) to 4953 perform the probe. Default to 10 seconds. 4954 Minimum value is 1. 4955 format: int32 4956 type: integer 4957 successThreshold: 4958 description: Minimum consecutive successes 4959 for the probe to be considered successful 4960 after having failed. Defaults to 1. 4961 Must be 1 for liveness and startup. 4962 Minimum value is 1. 4963 format: int32 4964 type: integer 4965 tcpSocket: 4966 description: TCPSocket specifies an action 4967 involving a TCP port. 4968 properties: 4969 host: 4970 description: 'Optional: Host name 4971 to connect to, defaults to the pod 4972 IP.' 4973 type: string 4974 port: 4975 anyOf: 4976 - type: integer 4977 - type: string 4978 description: Number or name of the 4979 port to access on the container. 4980 Number must be in the range 1 to 4981 65535. Name must be an IANA_SVC_NAME. 4982 x-kubernetes-int-or-string: true 4983 required: 4984 - port 4985 type: object 4986 terminationGracePeriodSeconds: 4987 description: Optional duration in seconds 4988 the pod needs to terminate gracefully 4989 upon probe failure. The grace period 4990 is the duration in seconds after the 4991 processes running in the pod are sent 4992 a termination signal and the time when 4993 the processes are forcibly halted with 4994 a kill signal. Set this value longer 4995 than the expected cleanup time for your 4996 process. If this value is nil, the pod's 4997 terminationGracePeriodSeconds will be 4998 used. Otherwise, this value overrides 4999 the value provided by the pod spec. 5000 Value must be non-negative integer. 5001 The value zero indicates stop immediately 5002 via the kill signal (no opportunity 5003 to shut down). This is a beta field 5004 and requires enabling ProbeTerminationGracePeriod 5005 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5006 is used if unset. 5007 format: int64 5008 type: integer 5009 timeoutSeconds: 5010 description: 'Number of seconds after 5011 which the probe times out. Defaults 5012 to 1 second. Minimum value is 1. More 5013 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5014 format: int32 5015 type: integer 5016 type: object 5017 name: 5018 description: Name of the Step specified as 5019 a DNS_LABEL. Each Step in a Task must have 5020 a unique name. 5021 type: string 5022 onError: 5023 description: OnError defines the exiting behavior 5024 of a container on error can be set to [ 5025 continue | stopAndFail ] 5026 type: string 5027 ports: 5028 description: Deprecated. This field will be 5029 removed in a future release. List of ports 5030 to expose from the Step's container. Exposing 5031 a port here gives the system additional 5032 information about the network connections 5033 a container uses, but is primarily informational. 5034 Not specifying a port here DOES NOT prevent 5035 that port from being exposed. Any port which 5036 is listening on the default "0.0.0.0" address 5037 inside a container will be accessible from 5038 the network. Cannot be updated. 5039 items: 5040 description: ContainerPort represents a 5041 network port in a single container. 5042 properties: 5043 containerPort: 5044 description: Number of port to expose 5045 on the pod's IP address. This must 5046 be a valid port number, 0 < x < 65536. 5047 format: int32 5048 type: integer 5049 hostIP: 5050 description: What host IP to bind the 5051 external port to. 5052 type: string 5053 hostPort: 5054 description: Number of port to expose 5055 on the host. If specified, this must 5056 be a valid port number, 0 < x < 65536. 5057 If HostNetwork is specified, this 5058 must match ContainerPort. Most containers 5059 do not need this. 5060 format: int32 5061 type: integer 5062 name: 5063 description: If specified, this must 5064 be an IANA_SVC_NAME and unique within 5065 the pod. Each named port in a pod 5066 must have a unique name. Name for 5067 the port that can be referred to by 5068 services. 5069 type: string 5070 protocol: 5071 default: TCP 5072 description: Protocol for port. Must 5073 be UDP, TCP, or SCTP. Defaults to 5074 "TCP". 5075 type: string 5076 required: 5077 - containerPort 5078 type: object 5079 type: array 5080 x-kubernetes-list-map-keys: 5081 - containerPort 5082 - protocol 5083 x-kubernetes-list-type: map 5084 readinessProbe: 5085 description: 'Deprecated. This field will 5086 be removed in a future release. Periodic 5087 probe of container service readiness. Step 5088 will be removed from service endpoints if 5089 the probe fails. Cannot be updated. More 5090 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5091 properties: 5092 exec: 5093 description: Exec specifies the action 5094 to take. 5095 properties: 5096 command: 5097 description: Command is the command 5098 line to execute inside the container, 5099 the working directory for the command is 5100 root ('/') in the container's filesystem. 5101 The command is simply exec'd, it 5102 is not run inside a shell, so traditional 5103 shell instructions ('|', etc) won't 5104 work. To use a shell, you need to 5105 explicitly call out to that shell. 5106 Exit status of 0 is treated as live/healthy 5107 and non-zero is unhealthy. 5108 items: 5109 type: string 5110 type: array 5111 type: object 5112 failureThreshold: 5113 description: Minimum consecutive failures 5114 for the probe to be considered failed 5115 after having succeeded. Defaults to 5116 3. Minimum value is 1. 5117 format: int32 5118 type: integer 5119 grpc: 5120 description: GRPC specifies an action 5121 involving a GRPC port. 5122 properties: 5123 port: 5124 description: Port number of the gRPC 5125 service. Number must be in the range 5126 1 to 65535. 5127 format: int32 5128 type: integer 5129 service: 5130 description: "Service is the name 5131 of the service to place in the gRPC 5132 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5133 \n If this is not specified, the 5134 default behavior is defined by gRPC." 5135 type: string 5136 required: 5137 - port 5138 type: object 5139 httpGet: 5140 description: HTTPGet specifies the http 5141 request to perform. 5142 properties: 5143 host: 5144 description: Host name to connect 5145 to, defaults to the pod IP. You 5146 probably want to set "Host" in httpHeaders 5147 instead. 5148 type: string 5149 httpHeaders: 5150 description: Custom headers to set 5151 in the request. HTTP allows repeated 5152 headers. 5153 items: 5154 description: HTTPHeader describes 5155 a custom header to be used in 5156 HTTP probes 5157 properties: 5158 name: 5159 description: The header field 5160 name. This will be canonicalized 5161 upon output, so case-variant 5162 names will be understood as 5163 the same header. 5164 type: string 5165 value: 5166 description: The header field 5167 value 5168 type: string 5169 required: 5170 - name 5171 - value 5172 type: object 5173 type: array 5174 path: 5175 description: Path to access on the 5176 HTTP server. 5177 type: string 5178 port: 5179 anyOf: 5180 - type: integer 5181 - type: string 5182 description: Name or number of the 5183 port to access on the container. 5184 Number must be in the range 1 to 5185 65535. Name must be an IANA_SVC_NAME. 5186 x-kubernetes-int-or-string: true 5187 scheme: 5188 description: Scheme to use for connecting 5189 to the host. Defaults to HTTP. 5190 type: string 5191 required: 5192 - port 5193 type: object 5194 initialDelaySeconds: 5195 description: 'Number of seconds after 5196 the container has started before liveness 5197 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5198 format: int32 5199 type: integer 5200 periodSeconds: 5201 description: How often (in seconds) to 5202 perform the probe. Default to 10 seconds. 5203 Minimum value is 1. 5204 format: int32 5205 type: integer 5206 successThreshold: 5207 description: Minimum consecutive successes 5208 for the probe to be considered successful 5209 after having failed. Defaults to 1. 5210 Must be 1 for liveness and startup. 5211 Minimum value is 1. 5212 format: int32 5213 type: integer 5214 tcpSocket: 5215 description: TCPSocket specifies an action 5216 involving a TCP port. 5217 properties: 5218 host: 5219 description: 'Optional: Host name 5220 to connect to, defaults to the pod 5221 IP.' 5222 type: string 5223 port: 5224 anyOf: 5225 - type: integer 5226 - type: string 5227 description: Number or name of the 5228 port to access on the container. 5229 Number must be in the range 1 to 5230 65535. Name must be an IANA_SVC_NAME. 5231 x-kubernetes-int-or-string: true 5232 required: 5233 - port 5234 type: object 5235 terminationGracePeriodSeconds: 5236 description: Optional duration in seconds 5237 the pod needs to terminate gracefully 5238 upon probe failure. The grace period 5239 is the duration in seconds after the 5240 processes running in the pod are sent 5241 a termination signal and the time when 5242 the processes are forcibly halted with 5243 a kill signal. Set this value longer 5244 than the expected cleanup time for your 5245 process. If this value is nil, the pod's 5246 terminationGracePeriodSeconds will be 5247 used. Otherwise, this value overrides 5248 the value provided by the pod spec. 5249 Value must be non-negative integer. 5250 The value zero indicates stop immediately 5251 via the kill signal (no opportunity 5252 to shut down). This is a beta field 5253 and requires enabling ProbeTerminationGracePeriod 5254 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5255 is used if unset. 5256 format: int64 5257 type: integer 5258 timeoutSeconds: 5259 description: 'Number of seconds after 5260 which the probe times out. Defaults 5261 to 1 second. Minimum value is 1. More 5262 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5263 format: int32 5264 type: integer 5265 type: object 5266 resources: 5267 description: 'Compute Resources required by 5268 this Step. Cannot be updated. More info: 5269 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5270 properties: 5271 claims: 5272 description: "Claims lists the names of 5273 resources, defined in spec.resourceClaims, 5274 that are used by this container. \n 5275 This is an alpha field and requires 5276 enabling the DynamicResourceAllocation 5277 feature gate. \n This field is immutable. 5278 It can only be set for containers." 5279 items: 5280 description: ResourceClaim references 5281 one entry in PodSpec.ResourceClaims. 5282 properties: 5283 name: 5284 description: Name must match the 5285 name of one entry in pod.spec.resourceClaims 5286 of the Pod where this field is 5287 used. It makes that resource available 5288 inside a container. 5289 type: string 5290 required: 5291 - name 5292 type: object 5293 type: array 5294 x-kubernetes-list-map-keys: 5295 - name 5296 x-kubernetes-list-type: map 5297 limits: 5298 additionalProperties: 5299 anyOf: 5300 - type: integer 5301 - type: string 5302 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5303 x-kubernetes-int-or-string: true 5304 description: 'Limits describes the maximum 5305 amount of compute resources allowed. 5306 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5307 type: object 5308 requests: 5309 additionalProperties: 5310 anyOf: 5311 - type: integer 5312 - type: string 5313 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5314 x-kubernetes-int-or-string: true 5315 description: 'Requests describes the minimum 5316 amount of compute resources required. 5317 If Requests is omitted for a container, 5318 it defaults to Limits if that is explicitly 5319 specified, otherwise to an implementation-defined 5320 value. Requests cannot exceed Limits. 5321 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 5322 type: object 5323 type: object 5324 script: 5325 description: "Script is the contents of an 5326 executable file to execute. \n If Script 5327 is not empty, the Step cannot have an Command 5328 and the Args will be passed to the Script." 5329 type: string 5330 securityContext: 5331 description: 'SecurityContext defines the 5332 security options the Step should be run 5333 with. If set, the fields of SecurityContext 5334 override the equivalent fields of PodSecurityContext. 5335 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 5336 properties: 5337 allowPrivilegeEscalation: 5338 description: 'AllowPrivilegeEscalation 5339 controls whether a process can gain 5340 more privileges than its parent process. 5341 This bool directly controls if the no_new_privs 5342 flag will be set on the container process. 5343 AllowPrivilegeEscalation is true always 5344 when the container is: 1) run as Privileged 5345 2) has CAP_SYS_ADMIN Note that this 5346 field cannot be set when spec.os.name 5347 is windows.' 5348 type: boolean 5349 capabilities: 5350 description: The capabilities to add/drop 5351 when running containers. Defaults to 5352 the default set of capabilities granted 5353 by the container runtime. Note that 5354 this field cannot be set when spec.os.name 5355 is windows. 5356 properties: 5357 add: 5358 description: Added capabilities 5359 items: 5360 description: Capability represent 5361 POSIX capabilities type 5362 type: string 5363 type: array 5364 drop: 5365 description: Removed capabilities 5366 items: 5367 description: Capability represent 5368 POSIX capabilities type 5369 type: string 5370 type: array 5371 type: object 5372 privileged: 5373 description: Run container in privileged 5374 mode. Processes in privileged containers 5375 are essentially equivalent to root on 5376 the host. Defaults to false. Note that 5377 this field cannot be set when spec.os.name 5378 is windows. 5379 type: boolean 5380 procMount: 5381 description: procMount denotes the type 5382 of proc mount to use for the containers. 5383 The default is DefaultProcMount which 5384 uses the container runtime defaults 5385 for readonly paths and masked paths. 5386 This requires the ProcMountType feature 5387 flag to be enabled. Note that this field 5388 cannot be set when spec.os.name is windows. 5389 type: string 5390 readOnlyRootFilesystem: 5391 description: Whether this container has 5392 a read-only root filesystem. Default 5393 is false. Note that this field cannot 5394 be set when spec.os.name is windows. 5395 type: boolean 5396 runAsGroup: 5397 description: The GID to run the entrypoint 5398 of the container process. Uses runtime 5399 default if unset. May also be set in 5400 PodSecurityContext. If set in both 5401 SecurityContext and PodSecurityContext, 5402 the value specified in SecurityContext 5403 takes precedence. Note that this field 5404 cannot be set when spec.os.name is windows. 5405 format: int64 5406 type: integer 5407 runAsNonRoot: 5408 description: Indicates that the container 5409 must run as a non-root user. If true, 5410 the Kubelet will validate the image 5411 at runtime to ensure that it does not 5412 run as UID 0 (root) and fail to start 5413 the container if it does. If unset or 5414 false, no such validation will be performed. 5415 May also be set in PodSecurityContext. If 5416 set in both SecurityContext and PodSecurityContext, 5417 the value specified in SecurityContext 5418 takes precedence. 5419 type: boolean 5420 runAsUser: 5421 description: The UID to run the entrypoint 5422 of the container process. Defaults to 5423 user specified in image metadata if 5424 unspecified. May also be set in PodSecurityContext. If 5425 set in both SecurityContext and PodSecurityContext, 5426 the value specified in SecurityContext 5427 takes precedence. Note that this field 5428 cannot be set when spec.os.name is windows. 5429 format: int64 5430 type: integer 5431 seLinuxOptions: 5432 description: The SELinux context to be 5433 applied to the container. If unspecified, 5434 the container runtime will allocate 5435 a random SELinux context for each container. May 5436 also be set in PodSecurityContext. If 5437 set in both SecurityContext and PodSecurityContext, 5438 the value specified in SecurityContext 5439 takes precedence. Note that this field 5440 cannot be set when spec.os.name is windows. 5441 properties: 5442 level: 5443 description: Level is SELinux level 5444 label that applies to the container. 5445 type: string 5446 role: 5447 description: Role is a SELinux role 5448 label that applies to the container. 5449 type: string 5450 type: 5451 description: Type is a SELinux type 5452 label that applies to the container. 5453 type: string 5454 user: 5455 description: User is a SELinux user 5456 label that applies to the container. 5457 type: string 5458 type: object 5459 seccompProfile: 5460 description: The seccomp options to use 5461 by this container. If seccomp options 5462 are provided at both the pod & container 5463 level, the container options override 5464 the pod options. Note that this field 5465 cannot be set when spec.os.name is windows. 5466 properties: 5467 localhostProfile: 5468 description: localhostProfile indicates 5469 a profile defined in a file on the 5470 node should be used. The profile 5471 must be preconfigured on the node 5472 to work. Must be a descending path, 5473 relative to the kubelet's configured 5474 seccomp profile location. Must be 5475 set if type is "Localhost". Must 5476 NOT be set for any other type. 5477 type: string 5478 type: 5479 description: "type indicates which 5480 kind of seccomp profile will be 5481 applied. Valid options are: \n Localhost 5482 - a profile defined in a file on 5483 the node should be used. RuntimeDefault 5484 - the container runtime default 5485 profile should be used. Unconfined 5486 - no profile should be applied." 5487 type: string 5488 required: 5489 - type 5490 type: object 5491 windowsOptions: 5492 description: The Windows specific settings 5493 applied to all containers. If unspecified, 5494 the options from the PodSecurityContext 5495 will be used. If set in both SecurityContext 5496 and PodSecurityContext, the value specified 5497 in SecurityContext takes precedence. 5498 Note that this field cannot be set when 5499 spec.os.name is linux. 5500 properties: 5501 gmsaCredentialSpec: 5502 description: GMSACredentialSpec is 5503 where the GMSA admission webhook 5504 (https://github.com/kubernetes-sigs/windows-gmsa) 5505 inlines the contents of the GMSA 5506 credential spec named by the GMSACredentialSpecName 5507 field. 5508 type: string 5509 gmsaCredentialSpecName: 5510 description: GMSACredentialSpecName 5511 is the name of the GMSA credential 5512 spec to use. 5513 type: string 5514 hostProcess: 5515 description: HostProcess determines 5516 if a container should be run as 5517 a 'Host Process' container. All 5518 of a Pod's containers must have 5519 the same effective HostProcess value 5520 (it is not allowed to have a mix 5521 of HostProcess containers and non-HostProcess 5522 containers). In addition, if HostProcess 5523 is true then HostNetwork must also 5524 be set to true. 5525 type: boolean 5526 runAsUserName: 5527 description: The UserName in Windows 5528 to run the entrypoint of the container 5529 process. Defaults to the user specified 5530 in image metadata if unspecified. 5531 May also be set in PodSecurityContext. 5532 If set in both SecurityContext and 5533 PodSecurityContext, the value specified 5534 in SecurityContext takes precedence. 5535 type: string 5536 type: object 5537 type: object 5538 startupProbe: 5539 description: 'Deprecated. This field will 5540 be removed in a future release. DeprecatedStartupProbe 5541 indicates that the Pod this Step runs in 5542 has successfully initialized. If specified, 5543 no other probes are executed until this 5544 completes successfully. If this probe fails, 5545 the Pod will be restarted, just as if the 5546 livenessProbe failed. This can be used to 5547 provide different probe parameters at the 5548 beginning of a Pod''s lifecycle, when it 5549 might take a long time to load data or warm 5550 a cache, than during steady-state operation. 5551 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5552 properties: 5553 exec: 5554 description: Exec specifies the action 5555 to take. 5556 properties: 5557 command: 5558 description: Command is the command 5559 line to execute inside the container, 5560 the working directory for the command is 5561 root ('/') in the container's filesystem. 5562 The command is simply exec'd, it 5563 is not run inside a shell, so traditional 5564 shell instructions ('|', etc) won't 5565 work. To use a shell, you need to 5566 explicitly call out to that shell. 5567 Exit status of 0 is treated as live/healthy 5568 and non-zero is unhealthy. 5569 items: 5570 type: string 5571 type: array 5572 type: object 5573 failureThreshold: 5574 description: Minimum consecutive failures 5575 for the probe to be considered failed 5576 after having succeeded. Defaults to 5577 3. Minimum value is 1. 5578 format: int32 5579 type: integer 5580 grpc: 5581 description: GRPC specifies an action 5582 involving a GRPC port. 5583 properties: 5584 port: 5585 description: Port number of the gRPC 5586 service. Number must be in the range 5587 1 to 65535. 5588 format: int32 5589 type: integer 5590 service: 5591 description: "Service is the name 5592 of the service to place in the gRPC 5593 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5594 \n If this is not specified, the 5595 default behavior is defined by gRPC." 5596 type: string 5597 required: 5598 - port 5599 type: object 5600 httpGet: 5601 description: HTTPGet specifies the http 5602 request to perform. 5603 properties: 5604 host: 5605 description: Host name to connect 5606 to, defaults to the pod IP. You 5607 probably want to set "Host" in httpHeaders 5608 instead. 5609 type: string 5610 httpHeaders: 5611 description: Custom headers to set 5612 in the request. HTTP allows repeated 5613 headers. 5614 items: 5615 description: HTTPHeader describes 5616 a custom header to be used in 5617 HTTP probes 5618 properties: 5619 name: 5620 description: The header field 5621 name. This will be canonicalized 5622 upon output, so case-variant 5623 names will be understood as 5624 the same header. 5625 type: string 5626 value: 5627 description: The header field 5628 value 5629 type: string 5630 required: 5631 - name 5632 - value 5633 type: object 5634 type: array 5635 path: 5636 description: Path to access on the 5637 HTTP server. 5638 type: string 5639 port: 5640 anyOf: 5641 - type: integer 5642 - type: string 5643 description: Name or number of the 5644 port to access on the container. 5645 Number must be in the range 1 to 5646 65535. Name must be an IANA_SVC_NAME. 5647 x-kubernetes-int-or-string: true 5648 scheme: 5649 description: Scheme to use for connecting 5650 to the host. Defaults to HTTP. 5651 type: string 5652 required: 5653 - port 5654 type: object 5655 initialDelaySeconds: 5656 description: 'Number of seconds after 5657 the container has started before liveness 5658 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5659 format: int32 5660 type: integer 5661 periodSeconds: 5662 description: How often (in seconds) to 5663 perform the probe. Default to 10 seconds. 5664 Minimum value is 1. 5665 format: int32 5666 type: integer 5667 successThreshold: 5668 description: Minimum consecutive successes 5669 for the probe to be considered successful 5670 after having failed. Defaults to 1. 5671 Must be 1 for liveness and startup. 5672 Minimum value is 1. 5673 format: int32 5674 type: integer 5675 tcpSocket: 5676 description: TCPSocket specifies an action 5677 involving a TCP port. 5678 properties: 5679 host: 5680 description: 'Optional: Host name 5681 to connect to, defaults to the pod 5682 IP.' 5683 type: string 5684 port: 5685 anyOf: 5686 - type: integer 5687 - type: string 5688 description: Number or name of the 5689 port to access on the container. 5690 Number must be in the range 1 to 5691 65535. Name must be an IANA_SVC_NAME. 5692 x-kubernetes-int-or-string: true 5693 required: 5694 - port 5695 type: object 5696 terminationGracePeriodSeconds: 5697 description: Optional duration in seconds 5698 the pod needs to terminate gracefully 5699 upon probe failure. The grace period 5700 is the duration in seconds after the 5701 processes running in the pod are sent 5702 a termination signal and the time when 5703 the processes are forcibly halted with 5704 a kill signal. Set this value longer 5705 than the expected cleanup time for your 5706 process. If this value is nil, the pod's 5707 terminationGracePeriodSeconds will be 5708 used. Otherwise, this value overrides 5709 the value provided by the pod spec. 5710 Value must be non-negative integer. 5711 The value zero indicates stop immediately 5712 via the kill signal (no opportunity 5713 to shut down). This is a beta field 5714 and requires enabling ProbeTerminationGracePeriod 5715 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 5716 is used if unset. 5717 format: int64 5718 type: integer 5719 timeoutSeconds: 5720 description: 'Number of seconds after 5721 which the probe times out. Defaults 5722 to 1 second. Minimum value is 1. More 5723 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 5724 format: int32 5725 type: integer 5726 type: object 5727 stderrConfig: 5728 description: Stores configuration for the 5729 stderr stream of the step. 5730 properties: 5731 path: 5732 description: Path to duplicate stdout 5733 stream to on container's local filesystem. 5734 type: string 5735 type: object 5736 stdin: 5737 description: Deprecated. This field will be 5738 removed in a future release. Whether this 5739 container should allocate a buffer for stdin 5740 in the container runtime. If this is not 5741 set, reads from stdin in the container will 5742 always result in EOF. Default is false. 5743 type: boolean 5744 stdinOnce: 5745 description: Deprecated. This field will be 5746 removed in a future release. Whether the 5747 container runtime should close the stdin 5748 channel after it has been opened by a single 5749 attach. When stdin is true the stdin stream 5750 will remain open across multiple attach 5751 sessions. If stdinOnce is set to true, stdin 5752 is opened on container start, is empty until 5753 the first client attaches to stdin, and 5754 then remains open and accepts data until 5755 the client disconnects, at which time stdin 5756 is closed and remains closed until the container 5757 is restarted. If this flag is false, a container 5758 processes that reads from stdin will never 5759 receive an EOF. Default is false 5760 type: boolean 5761 stdoutConfig: 5762 description: Stores configuration for the 5763 stdout stream of the step. 5764 properties: 5765 path: 5766 description: Path to duplicate stdout 5767 stream to on container's local filesystem. 5768 type: string 5769 type: object 5770 terminationMessagePath: 5771 description: Deprecated. This field will be 5772 removed in a future release and can't be 5773 meaningfully used. 5774 type: string 5775 terminationMessagePolicy: 5776 description: Deprecated. This field will be 5777 removed in a future release and can't be 5778 meaningfully used. 5779 type: string 5780 timeout: 5781 description: 'Timeout is the time after which 5782 the step times out. Defaults to never. Refer 5783 to Go''s ParseDuration documentation for 5784 expected format: https://golang.org/pkg/time/#ParseDuration' 5785 type: string 5786 tty: 5787 description: Deprecated. This field will be 5788 removed in a future release. Whether this 5789 container should allocate a DeprecatedTTY 5790 for itself, also requires 'stdin' to be 5791 true. Default is false. 5792 type: boolean 5793 volumeDevices: 5794 description: volumeDevices is the list of 5795 block devices to be used by the Step. 5796 items: 5797 description: volumeDevice describes a mapping 5798 of a raw block device within a container. 5799 properties: 5800 devicePath: 5801 description: devicePath is the path 5802 inside of the container that the device 5803 will be mapped to. 5804 type: string 5805 name: 5806 description: name must match the name 5807 of a persistentVolumeClaim in the 5808 pod 5809 type: string 5810 required: 5811 - devicePath 5812 - name 5813 type: object 5814 type: array 5815 x-kubernetes-list-type: atomic 5816 volumeMounts: 5817 description: Volumes to mount into the Step's 5818 filesystem. Cannot be updated. 5819 items: 5820 description: VolumeMount describes a mounting 5821 of a Volume within a container. 5822 properties: 5823 mountPath: 5824 description: Path within the container 5825 at which the volume should be mounted. Must 5826 not contain ':'. 5827 type: string 5828 mountPropagation: 5829 description: mountPropagation determines 5830 how mounts are propagated from the 5831 host to container and the other way 5832 around. When not set, MountPropagationNone 5833 is used. This field is beta in 1.10. 5834 type: string 5835 name: 5836 description: This must match the Name 5837 of a Volume. 5838 type: string 5839 readOnly: 5840 description: Mounted read-only if true, 5841 read-write otherwise (false or unspecified). 5842 Defaults to false. 5843 type: boolean 5844 subPath: 5845 description: Path within the volume 5846 from which the container's volume 5847 should be mounted. Defaults to "" 5848 (volume's root). 5849 type: string 5850 subPathExpr: 5851 description: Expanded path within the 5852 volume from which the container's 5853 volume should be mounted. Behaves 5854 similarly to SubPath but environment 5855 variable references $(VAR_NAME) are 5856 expanded using the container's environment. 5857 Defaults to "" (volume's root). SubPathExpr 5858 and SubPath are mutually exclusive. 5859 type: string 5860 required: 5861 - mountPath 5862 - name 5863 type: object 5864 type: array 5865 x-kubernetes-list-type: atomic 5866 workingDir: 5867 description: Step's working directory. If 5868 not specified, the container runtime's default 5869 will be used, which might be configured 5870 in the container image. Cannot be updated. 5871 type: string 5872 workspaces: 5873 description: "This is an alpha field. You 5874 must set the \"enable-api-fields\" feature 5875 flag to \"alpha\" for this field to be supported. 5876 \n Workspaces is a list of workspaces from 5877 the Task that this Step wants exclusive 5878 access to. Adding a workspace to this list 5879 means that any other Step or Sidecar that 5880 does not also request this Workspace will 5881 not have access to it." 5882 items: 5883 description: WorkspaceUsage is used by a 5884 Step or Sidecar to declare that it wants 5885 isolated access to a Workspace defined 5886 in a Task. 5887 properties: 5888 mountPath: 5889 description: MountPath is the path that 5890 the workspace should be mounted to 5891 inside the Step or Sidecar, overriding 5892 any MountPath specified in the Task's 5893 WorkspaceDeclaration. 5894 type: string 5895 name: 5896 description: Name is the name of the 5897 workspace this Step or Sidecar wants 5898 access to. 5899 type: string 5900 required: 5901 - mountPath 5902 - name 5903 type: object 5904 type: array 5905 x-kubernetes-list-type: atomic 5906 required: 5907 - name 5908 type: object 5909 type: array 5910 x-kubernetes-list-type: atomic 5911 volumes: 5912 description: Volumes is a collection of volumes 5913 that are available to mount into the steps of 5914 the build. 5915 items: 5916 description: Volume represents a named volume 5917 in a pod that may be accessed by any container 5918 in the pod. 5919 properties: 5920 awsElasticBlockStore: 5921 description: 'awsElasticBlockStore represents 5922 an AWS Disk resource that is attached to 5923 a kubelet''s host machine and then exposed 5924 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5925 properties: 5926 fsType: 5927 description: 'fsType is the filesystem 5928 type of the volume that you want to 5929 mount. Tip: Ensure that the filesystem 5930 type is supported by the host operating 5931 system. Examples: "ext4", "xfs", "ntfs". 5932 Implicitly inferred to be "ext4" if 5933 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 5934 TODO: how do we prevent errors in the 5935 filesystem from compromising the machine' 5936 type: string 5937 partition: 5938 description: 'partition is the partition 5939 in the volume that you want to mount. 5940 If omitted, the default is to mount 5941 by volume name. Examples: For volume 5942 /dev/sda1, you specify the partition 5943 as "1". Similarly, the volume partition 5944 for /dev/sda is "0" (or you can leave 5945 the property empty).' 5946 format: int32 5947 type: integer 5948 readOnly: 5949 description: 'readOnly value true will 5950 force the readOnly setting in VolumeMounts. 5951 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5952 type: boolean 5953 volumeID: 5954 description: 'volumeID is unique ID of 5955 the persistent disk resource in AWS 5956 (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 5957 type: string 5958 required: 5959 - volumeID 5960 type: object 5961 azureDisk: 5962 description: azureDisk represents an Azure 5963 Data Disk mount on the host and bind mount 5964 to the pod. 5965 properties: 5966 cachingMode: 5967 description: 'cachingMode is the Host 5968 Caching mode: None, Read Only, Read 5969 Write.' 5970 type: string 5971 diskName: 5972 description: diskName is the Name of the 5973 data disk in the blob storage 5974 type: string 5975 diskURI: 5976 description: diskURI is the URI of data 5977 disk in the blob storage 5978 type: string 5979 fsType: 5980 description: fsType is Filesystem type 5981 to mount. Must be a filesystem type 5982 supported by the host operating system. 5983 Ex. "ext4", "xfs", "ntfs". Implicitly 5984 inferred to be "ext4" if unspecified. 5985 type: string 5986 kind: 5987 description: 'kind expected values are 5988 Shared: multiple blob disks per storage 5989 account Dedicated: single blob disk 5990 per storage account Managed: azure 5991 managed data disk (only in managed availability 5992 set). defaults to shared' 5993 type: string 5994 readOnly: 5995 description: readOnly Defaults to false 5996 (read/write). ReadOnly here will force 5997 the ReadOnly setting in VolumeMounts. 5998 type: boolean 5999 required: 6000 - diskName 6001 - diskURI 6002 type: object 6003 azureFile: 6004 description: azureFile represents an Azure 6005 File Service mount on the host and bind 6006 mount to the pod. 6007 properties: 6008 readOnly: 6009 description: readOnly defaults to false 6010 (read/write). ReadOnly here will force 6011 the ReadOnly setting in VolumeMounts. 6012 type: boolean 6013 secretName: 6014 description: secretName is the name of 6015 secret that contains Azure Storage Account 6016 Name and Key 6017 type: string 6018 shareName: 6019 description: shareName is the azure share 6020 Name 6021 type: string 6022 required: 6023 - secretName 6024 - shareName 6025 type: object 6026 cephfs: 6027 description: cephFS represents a Ceph FS mount 6028 on the host that shares a pod's lifetime 6029 properties: 6030 monitors: 6031 description: 'monitors is Required: Monitors 6032 is a collection of Ceph monitors More 6033 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6034 items: 6035 type: string 6036 type: array 6037 path: 6038 description: 'path is Optional: Used as 6039 the mounted root, rather than the full 6040 Ceph tree, default is /' 6041 type: string 6042 readOnly: 6043 description: 'readOnly is Optional: Defaults 6044 to false (read/write). ReadOnly here 6045 will force the ReadOnly setting in VolumeMounts. 6046 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6047 type: boolean 6048 secretFile: 6049 description: 'secretFile is Optional: 6050 SecretFile is the path to key ring for 6051 User, default is /etc/ceph/user.secret 6052 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6053 type: string 6054 secretRef: 6055 description: 'secretRef is Optional: SecretRef 6056 is reference to the authentication secret 6057 for User, default is empty. More info: 6058 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6059 properties: 6060 name: 6061 description: 'Name of the referent. 6062 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6063 TODO: Add other useful fields. apiVersion, 6064 kind, uid?' 6065 type: string 6066 type: object 6067 user: 6068 description: 'user is optional: User is 6069 the rados user name, default is admin 6070 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 6071 type: string 6072 required: 6073 - monitors 6074 type: object 6075 cinder: 6076 description: 'cinder represents a cinder volume 6077 attached and mounted on kubelets host machine. 6078 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6079 properties: 6080 fsType: 6081 description: 'fsType is the filesystem 6082 type to mount. Must be a filesystem 6083 type supported by the host operating 6084 system. Examples: "ext4", "xfs", "ntfs". 6085 Implicitly inferred to be "ext4" if 6086 unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6087 type: string 6088 readOnly: 6089 description: 'readOnly defaults to false 6090 (read/write). ReadOnly here will force 6091 the ReadOnly setting in VolumeMounts. 6092 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6093 type: boolean 6094 secretRef: 6095 description: 'secretRef is optional: points 6096 to a secret object containing parameters 6097 used to connect to OpenStack.' 6098 properties: 6099 name: 6100 description: 'Name of the referent. 6101 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6102 TODO: Add other useful fields. apiVersion, 6103 kind, uid?' 6104 type: string 6105 type: object 6106 volumeID: 6107 description: 'volumeID used to identify 6108 the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 6109 type: string 6110 required: 6111 - volumeID 6112 type: object 6113 configMap: 6114 description: configMap represents a configMap 6115 that should populate this volume 6116 properties: 6117 defaultMode: 6118 description: 'defaultMode is optional: 6119 mode bits used to set permissions on 6120 created files by default. Must be an 6121 octal value between 0000 and 0777 or 6122 a decimal value between 0 and 511. YAML 6123 accepts both octal and decimal values, 6124 JSON requires decimal values for mode 6125 bits. Defaults to 0644. Directories 6126 within the path are not affected by 6127 this setting. This might be in conflict 6128 with other options that affect the file 6129 mode, like fsGroup, and the result can 6130 be other mode bits set.' 6131 format: int32 6132 type: integer 6133 items: 6134 description: items if unspecified, each 6135 key-value pair in the Data field of 6136 the referenced ConfigMap will be projected 6137 into the volume as a file whose name 6138 is the key and content is the value. 6139 If specified, the listed keys will be 6140 projected into the specified paths, 6141 and unlisted keys will not be present. 6142 If a key is specified which is not present 6143 in the ConfigMap, the volume setup will 6144 error unless it is marked optional. 6145 Paths must be relative and may not contain 6146 the '..' path or start with '..'. 6147 items: 6148 description: Maps a string key to a 6149 path within a volume. 6150 properties: 6151 key: 6152 description: key is the key to project. 6153 type: string 6154 mode: 6155 description: 'mode is Optional: 6156 mode bits used to set permissions 6157 on this file. Must be an octal 6158 value between 0000 and 0777 or 6159 a decimal value between 0 and 6160 511. YAML accepts both octal and 6161 decimal values, JSON requires 6162 decimal values for mode bits. 6163 If not specified, the volume defaultMode 6164 will be used. This might be in 6165 conflict with other options that 6166 affect the file mode, like fsGroup, 6167 and the result can be other mode 6168 bits set.' 6169 format: int32 6170 type: integer 6171 path: 6172 description: path is the relative 6173 path of the file to map the key 6174 to. May not be an absolute path. 6175 May not contain the path element 6176 '..'. May not start with the string 6177 '..'. 6178 type: string 6179 required: 6180 - key 6181 - path 6182 type: object 6183 type: array 6184 name: 6185 description: 'Name of the referent. More 6186 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6187 TODO: Add other useful fields. apiVersion, 6188 kind, uid?' 6189 type: string 6190 optional: 6191 description: optional specify whether 6192 the ConfigMap or its keys must be defined 6193 type: boolean 6194 type: object 6195 csi: 6196 description: csi (Container Storage Interface) 6197 represents ephemeral storage that is handled 6198 by certain external CSI drivers (Beta feature). 6199 properties: 6200 driver: 6201 description: driver is the name of the 6202 CSI driver that handles this volume. 6203 Consult with your admin for the correct 6204 name as registered in the cluster. 6205 type: string 6206 fsType: 6207 description: fsType to mount. Ex. "ext4", 6208 "xfs", "ntfs". If not provided, the 6209 empty value is passed to the associated 6210 CSI driver which will determine the 6211 default filesystem to apply. 6212 type: string 6213 nodePublishSecretRef: 6214 description: nodePublishSecretRef is a 6215 reference to the secret object containing 6216 sensitive information to pass to the 6217 CSI driver to complete the CSI NodePublishVolume 6218 and NodeUnpublishVolume calls. This 6219 field is optional, and may be empty 6220 if no secret is required. If the secret 6221 object contains more than one secret, 6222 all secret references are passed. 6223 properties: 6224 name: 6225 description: 'Name of the referent. 6226 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6227 TODO: Add other useful fields. apiVersion, 6228 kind, uid?' 6229 type: string 6230 type: object 6231 readOnly: 6232 description: readOnly specifies a read-only 6233 configuration for the volume. Defaults 6234 to false (read/write). 6235 type: boolean 6236 volumeAttributes: 6237 additionalProperties: 6238 type: string 6239 description: volumeAttributes stores driver-specific 6240 properties that are passed to the CSI 6241 driver. Consult your driver's documentation 6242 for supported values. 6243 type: object 6244 required: 6245 - driver 6246 type: object 6247 downwardAPI: 6248 description: downwardAPI represents downward 6249 API about the pod that should populate this 6250 volume 6251 properties: 6252 defaultMode: 6253 description: 'Optional: mode bits to use 6254 on created files by default. Must be 6255 a Optional: mode bits used to set permissions 6256 on created files by default. Must be 6257 an octal value between 0000 and 0777 6258 or a decimal value between 0 and 511. 6259 YAML accepts both octal and decimal 6260 values, JSON requires decimal values 6261 for mode bits. Defaults to 0644. Directories 6262 within the path are not affected by 6263 this setting. This might be in conflict 6264 with other options that affect the file 6265 mode, like fsGroup, and the result can 6266 be other mode bits set.' 6267 format: int32 6268 type: integer 6269 items: 6270 description: Items is a list of downward 6271 API volume file 6272 items: 6273 description: DownwardAPIVolumeFile represents 6274 information to create the file containing 6275 the pod field 6276 properties: 6277 fieldRef: 6278 description: 'Required: Selects 6279 a field of the pod: only annotations, 6280 labels, name and namespace are 6281 supported.' 6282 properties: 6283 apiVersion: 6284 description: Version of the 6285 schema the FieldPath is written 6286 in terms of, defaults to "v1". 6287 type: string 6288 fieldPath: 6289 description: Path of the field 6290 to select in the specified 6291 API version. 6292 type: string 6293 required: 6294 - fieldPath 6295 type: object 6296 mode: 6297 description: 'Optional: mode bits 6298 used to set permissions on this 6299 file, must be an octal value between 6300 0000 and 0777 or a decimal value 6301 between 0 and 511. YAML accepts 6302 both octal and decimal values, 6303 JSON requires decimal values for 6304 mode bits. If not specified, the 6305 volume defaultMode will be used. 6306 This might be in conflict with 6307 other options that affect the 6308 file mode, like fsGroup, and the 6309 result can be other mode bits 6310 set.' 6311 format: int32 6312 type: integer 6313 path: 6314 description: 'Required: Path is the 6315 relative path name of the file 6316 to be created. Must not be absolute 6317 or contain the ''..'' path. Must 6318 be utf-8 encoded. The first item 6319 of the relative path must not 6320 start with ''..''' 6321 type: string 6322 resourceFieldRef: 6323 description: 'Selects a resource 6324 of the container: only resources 6325 limits and requests (limits.cpu, 6326 limits.memory, requests.cpu and 6327 requests.memory) are currently 6328 supported.' 6329 properties: 6330 containerName: 6331 description: 'Container name: 6332 required for volumes, optional 6333 for env vars' 6334 type: string 6335 divisor: 6336 anyOf: 6337 - type: integer 6338 - type: string 6339 description: Specifies the output 6340 format of the exposed resources, 6341 defaults to "1" 6342 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6343 x-kubernetes-int-or-string: true 6344 resource: 6345 description: 'Required: resource 6346 to select' 6347 type: string 6348 required: 6349 - resource 6350 type: object 6351 required: 6352 - path 6353 type: object 6354 type: array 6355 type: object 6356 emptyDir: 6357 description: 'emptyDir represents a temporary 6358 directory that shares a pod''s lifetime. 6359 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6360 properties: 6361 medium: 6362 description: 'medium represents what type 6363 of storage medium should back this directory. 6364 The default is "" which means to use 6365 the node''s default medium. Must be 6366 an empty string (default) or Memory. 6367 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6368 type: string 6369 sizeLimit: 6370 anyOf: 6371 - type: integer 6372 - type: string 6373 description: 'sizeLimit is the total amount 6374 of local storage required for this EmptyDir 6375 volume. The size limit is also applicable 6376 for memory medium. The maximum usage 6377 on memory medium EmptyDir would be the 6378 minimum value between the SizeLimit 6379 specified here and the sum of memory 6380 limits of all containers in a pod. The 6381 default is nil which means that the 6382 limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 6383 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6384 x-kubernetes-int-or-string: true 6385 type: object 6386 ephemeral: 6387 description: "ephemeral represents a volume 6388 that is handled by a cluster storage driver. 6389 The volume's lifecycle is tied to the pod 6390 that defines it - it will be created before 6391 the pod starts, and deleted when the pod 6392 is removed. \n Use this if: a) the volume 6393 is only needed while the pod runs, b) features 6394 of normal volumes like restoring from snapshot 6395 or capacity tracking are needed, c) the 6396 storage driver is specified through a storage 6397 class, and d) the storage driver supports 6398 dynamic volume provisioning through a 6399 PersistentVolumeClaim (see EphemeralVolumeSource 6400 for more information on the connection 6401 between this volume type and PersistentVolumeClaim). 6402 \n Use PersistentVolumeClaim or one of the 6403 vendor-specific APIs for volumes that persist 6404 for longer than the lifecycle of an individual 6405 pod. \n Use CSI for light-weight local ephemeral 6406 volumes if the CSI driver is meant to be 6407 used that way - see the documentation of 6408 the driver for more information. \n A pod 6409 can use both types of ephemeral volumes 6410 and persistent volumes at the same time." 6411 properties: 6412 volumeClaimTemplate: 6413 description: "Will be used to create a 6414 stand-alone PVC to provision the volume. 6415 The pod in which this EphemeralVolumeSource 6416 is embedded will be the owner of the 6417 PVC, i.e. the PVC will be deleted together 6418 with the pod. The name of the PVC will 6419 be `<pod name>-<volume name>` where 6420 `<volume name>` is the name from the 6421 `PodSpec.Volumes` array entry. Pod validation 6422 will reject the pod if the concatenated 6423 name is not valid for a PVC (for example, 6424 too long). \n An existing PVC with that 6425 name that is not owned by the pod will 6426 *not* be used for the pod to avoid using 6427 an unrelated volume by mistake. Starting 6428 the pod is then blocked until the unrelated 6429 PVC is removed. If such a pre-created 6430 PVC is meant to be used by the pod, 6431 the PVC has to updated with an owner 6432 reference to the pod once the pod exists. 6433 Normally this should not be necessary, 6434 but it may be useful when manually reconstructing 6435 a broken cluster. \n This field is read-only 6436 and no changes will be made by Kubernetes 6437 to the PVC after it has been created. 6438 \n Required, must not be nil." 6439 properties: 6440 metadata: 6441 description: May contain labels and 6442 annotations that will be copied 6443 into the PVC when creating it. No 6444 other fields are allowed and will 6445 be rejected during validation. 6446 type: object 6447 spec: 6448 description: The specification for 6449 the PersistentVolumeClaim. The entire 6450 content is copied unchanged into 6451 the PVC that gets created from this 6452 template. The same fields as in 6453 a PersistentVolumeClaim are also 6454 valid here. 6455 properties: 6456 accessModes: 6457 description: 'accessModes contains 6458 the desired access modes the 6459 volume should have. More info: 6460 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 6461 items: 6462 type: string 6463 type: array 6464 dataSource: 6465 description: 'dataSource field 6466 can be used to specify either: 6467 * An existing VolumeSnapshot 6468 object (snapshot.storage.k8s.io/VolumeSnapshot) 6469 * An existing PVC (PersistentVolumeClaim) 6470 If the provisioner or an external 6471 controller can support the specified 6472 data source, it will create 6473 a new volume based on the contents 6474 of the specified data source. 6475 When the AnyVolumeDataSource 6476 feature gate is enabled, dataSource 6477 contents will be copied to dataSourceRef, 6478 and dataSourceRef contents will 6479 be copied to dataSource when 6480 dataSourceRef.namespace is not 6481 specified. If the namespace 6482 is specified, then dataSourceRef 6483 will not be copied to dataSource.' 6484 properties: 6485 apiGroup: 6486 description: APIGroup is the 6487 group for the resource being 6488 referenced. If APIGroup 6489 is not specified, the specified 6490 Kind must be in the core 6491 API group. For any other 6492 third-party types, APIGroup 6493 is required. 6494 type: string 6495 kind: 6496 description: Kind is the type 6497 of resource being referenced 6498 type: string 6499 name: 6500 description: Name is the name 6501 of resource being referenced 6502 type: string 6503 required: 6504 - kind 6505 - name 6506 type: object 6507 dataSourceRef: 6508 description: 'dataSourceRef specifies 6509 the object from which to populate 6510 the volume with data, if a non-empty 6511 volume is desired. This may 6512 be any object from a non-empty 6513 API group (non core object) 6514 or a PersistentVolumeClaim object. 6515 When this field is specified, 6516 volume binding will only succeed 6517 if the type of the specified 6518 object matches some installed 6519 volume populator or dynamic 6520 provisioner. This field will 6521 replace the functionality of 6522 the dataSource field and as 6523 such if both fields are non-empty, 6524 they must have the same value. 6525 For backwards compatibility, 6526 when namespace isn''t specified 6527 in dataSourceRef, both fields 6528 (dataSource and dataSourceRef) 6529 will be set to the same value 6530 automatically if one of them 6531 is empty and the other is non-empty. 6532 When namespace is specified 6533 in dataSourceRef, dataSource 6534 isn''t set to the same value 6535 and must be empty. There are 6536 three important differences 6537 between dataSource and dataSourceRef: 6538 * While dataSource only allows 6539 two specific types of objects, 6540 dataSourceRef allows any non-core 6541 object, as well as PersistentVolumeClaim 6542 objects. * While dataSource 6543 ignores disallowed values (dropping 6544 them), dataSourceRef preserves 6545 all values, and generates an 6546 error if a disallowed value 6547 is specified. * While dataSource 6548 only allows local objects, dataSourceRef 6549 allows objects in any namespaces. 6550 (Beta) Using this field requires 6551 the AnyVolumeDataSource feature 6552 gate to be enabled. (Alpha) 6553 Using the namespace field of 6554 dataSourceRef requires the CrossNamespaceVolumeDataSource 6555 feature gate to be enabled.' 6556 properties: 6557 apiGroup: 6558 description: APIGroup is the 6559 group for the resource being 6560 referenced. If APIGroup 6561 is not specified, the specified 6562 Kind must be in the core 6563 API group. For any other 6564 third-party types, APIGroup 6565 is required. 6566 type: string 6567 kind: 6568 description: Kind is the type 6569 of resource being referenced 6570 type: string 6571 name: 6572 description: Name is the name 6573 of resource being referenced 6574 type: string 6575 namespace: 6576 description: Namespace is 6577 the namespace of resource 6578 being referenced Note that 6579 when a namespace is specified, 6580 a gateway.networking.k8s.io/ReferenceGrant 6581 object is required in the 6582 referent namespace to allow 6583 that namespace's owner to 6584 accept the reference. See 6585 the ReferenceGrant documentation 6586 for details. (Alpha) This 6587 field requires the CrossNamespaceVolumeDataSource 6588 feature gate to be enabled. 6589 type: string 6590 required: 6591 - kind 6592 - name 6593 type: object 6594 resources: 6595 description: 'resources represents 6596 the minimum resources the volume 6597 should have. If RecoverVolumeExpansionFailure 6598 feature is enabled users are 6599 allowed to specify resource 6600 requirements that are lower 6601 than previous value but must 6602 still be higher than capacity 6603 recorded in the status field 6604 of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 6605 properties: 6606 claims: 6607 description: "Claims lists 6608 the names of resources, 6609 defined in spec.resourceClaims, 6610 that are used by this container. 6611 \n This is an alpha field 6612 and requires enabling the 6613 DynamicResourceAllocation 6614 feature gate. \n This field 6615 is immutable. It can only 6616 be set for containers." 6617 items: 6618 description: ResourceClaim 6619 references one entry in 6620 PodSpec.ResourceClaims. 6621 properties: 6622 name: 6623 description: Name must 6624 match the name of 6625 one entry in pod.spec.resourceClaims 6626 of the Pod where this 6627 field is used. It 6628 makes that resource 6629 available inside a 6630 container. 6631 type: string 6632 required: 6633 - name 6634 type: object 6635 type: array 6636 x-kubernetes-list-map-keys: 6637 - name 6638 x-kubernetes-list-type: map 6639 limits: 6640 additionalProperties: 6641 anyOf: 6642 - type: integer 6643 - type: string 6644 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6645 x-kubernetes-int-or-string: true 6646 description: 'Limits describes 6647 the maximum amount of compute 6648 resources allowed. More 6649 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6650 type: object 6651 requests: 6652 additionalProperties: 6653 anyOf: 6654 - type: integer 6655 - type: string 6656 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6657 x-kubernetes-int-or-string: true 6658 description: 'Requests describes 6659 the minimum amount of compute 6660 resources required. If Requests 6661 is omitted for a container, 6662 it defaults to Limits if 6663 that is explicitly specified, 6664 otherwise to an implementation-defined 6665 value. Requests cannot exceed 6666 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 6667 type: object 6668 type: object 6669 selector: 6670 description: selector is a label 6671 query over volumes to consider 6672 for binding. 6673 properties: 6674 matchExpressions: 6675 description: matchExpressions 6676 is a list of label selector 6677 requirements. The requirements 6678 are ANDed. 6679 items: 6680 description: A label selector 6681 requirement is a selector 6682 that contains values, 6683 a key, and an operator 6684 that relates the key and 6685 values. 6686 properties: 6687 key: 6688 description: key is 6689 the label key that 6690 the selector applies 6691 to. 6692 type: string 6693 operator: 6694 description: operator 6695 represents a key's 6696 relationship to a 6697 set of values. Valid 6698 operators are In, 6699 NotIn, Exists and 6700 DoesNotExist. 6701 type: string 6702 values: 6703 description: values 6704 is an array of string 6705 values. If the operator 6706 is In or NotIn, the 6707 values array must 6708 be non-empty. If the 6709 operator is Exists 6710 or DoesNotExist, the 6711 values array must 6712 be empty. This array 6713 is replaced during 6714 a strategic merge 6715 patch. 6716 items: 6717 type: string 6718 type: array 6719 required: 6720 - key 6721 - operator 6722 type: object 6723 type: array 6724 matchLabels: 6725 additionalProperties: 6726 type: string 6727 description: matchLabels is 6728 a map of {key,value} pairs. 6729 A single {key,value} in 6730 the matchLabels map is equivalent 6731 to an element of matchExpressions, 6732 whose key field is "key", 6733 the operator is "In", and 6734 the values array contains 6735 only "value". The requirements 6736 are ANDed. 6737 type: object 6738 type: object 6739 storageClassName: 6740 description: 'storageClassName 6741 is the name of the StorageClass 6742 required by the claim. More 6743 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 6744 type: string 6745 volumeMode: 6746 description: volumeMode defines 6747 what type of volume is required 6748 by the claim. Value of Filesystem 6749 is implied when not included 6750 in claim spec. 6751 type: string 6752 volumeName: 6753 description: volumeName is the 6754 binding reference to the PersistentVolume 6755 backing this claim. 6756 type: string 6757 type: object 6758 required: 6759 - spec 6760 type: object 6761 type: object 6762 fc: 6763 description: fc represents a Fibre Channel 6764 resource that is attached to a kubelet's 6765 host machine and then exposed to the pod. 6766 properties: 6767 fsType: 6768 description: 'fsType is the filesystem 6769 type to mount. Must be a filesystem 6770 type supported by the host operating 6771 system. Ex. "ext4", "xfs", "ntfs". Implicitly 6772 inferred to be "ext4" if unspecified. 6773 TODO: how do we prevent errors in the 6774 filesystem from compromising the machine' 6775 type: string 6776 lun: 6777 description: 'lun is Optional: FC target 6778 lun number' 6779 format: int32 6780 type: integer 6781 readOnly: 6782 description: 'readOnly is Optional: Defaults 6783 to false (read/write). ReadOnly here 6784 will force the ReadOnly setting in VolumeMounts.' 6785 type: boolean 6786 targetWWNs: 6787 description: 'targetWWNs is Optional: 6788 FC target worldwide names (WWNs)' 6789 items: 6790 type: string 6791 type: array 6792 wwids: 6793 description: 'wwids Optional: FC volume 6794 world wide identifiers (wwids) Either 6795 wwids or combination of targetWWNs and 6796 lun must be set, but not both simultaneously.' 6797 items: 6798 type: string 6799 type: array 6800 type: object 6801 flexVolume: 6802 description: flexVolume represents a generic 6803 volume resource that is provisioned/attached 6804 using an exec based plugin. 6805 properties: 6806 driver: 6807 description: driver is the name of the 6808 driver to use for this volume. 6809 type: string 6810 fsType: 6811 description: fsType is the filesystem 6812 type to mount. Must be a filesystem 6813 type supported by the host operating 6814 system. Ex. "ext4", "xfs", "ntfs". The 6815 default filesystem depends on FlexVolume 6816 script. 6817 type: string 6818 options: 6819 additionalProperties: 6820 type: string 6821 description: 'options is Optional: this 6822 field holds extra command options if 6823 any.' 6824 type: object 6825 readOnly: 6826 description: 'readOnly is Optional: defaults 6827 to false (read/write). ReadOnly here 6828 will force the ReadOnly setting in VolumeMounts.' 6829 type: boolean 6830 secretRef: 6831 description: 'secretRef is Optional: secretRef 6832 is reference to the secret object containing 6833 sensitive information to pass to the 6834 plugin scripts. This may be empty if 6835 no secret object is specified. If the 6836 secret object contains more than one 6837 secret, all secrets are passed to the 6838 plugin scripts.' 6839 properties: 6840 name: 6841 description: 'Name of the referent. 6842 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6843 TODO: Add other useful fields. apiVersion, 6844 kind, uid?' 6845 type: string 6846 type: object 6847 required: 6848 - driver 6849 type: object 6850 flocker: 6851 description: flocker represents a Flocker 6852 volume attached to a kubelet's host machine. 6853 This depends on the Flocker control service 6854 being running 6855 properties: 6856 datasetName: 6857 description: datasetName is Name of the 6858 dataset stored as metadata -> name on 6859 the dataset for Flocker should be considered 6860 as deprecated 6861 type: string 6862 datasetUUID: 6863 description: datasetUUID is the UUID of 6864 the dataset. This is unique identifier 6865 of a Flocker dataset 6866 type: string 6867 type: object 6868 gcePersistentDisk: 6869 description: 'gcePersistentDisk represents 6870 a GCE Disk resource that is attached to 6871 a kubelet''s host machine and then exposed 6872 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6873 properties: 6874 fsType: 6875 description: 'fsType is filesystem type 6876 of the volume that you want to mount. 6877 Tip: Ensure that the filesystem type 6878 is supported by the host operating system. 6879 Examples: "ext4", "xfs", "ntfs". Implicitly 6880 inferred to be "ext4" if unspecified. 6881 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6882 TODO: how do we prevent errors in the 6883 filesystem from compromising the machine' 6884 type: string 6885 partition: 6886 description: 'partition is the partition 6887 in the volume that you want to mount. 6888 If omitted, the default is to mount 6889 by volume name. Examples: For volume 6890 /dev/sda1, you specify the partition 6891 as "1". Similarly, the volume partition 6892 for /dev/sda is "0" (or you can leave 6893 the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6894 format: int32 6895 type: integer 6896 pdName: 6897 description: 'pdName is unique name of 6898 the PD resource in GCE. Used to identify 6899 the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6900 type: string 6901 readOnly: 6902 description: 'readOnly here will force 6903 the ReadOnly setting in VolumeMounts. 6904 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 6905 type: boolean 6906 required: 6907 - pdName 6908 type: object 6909 gitRepo: 6910 description: 'gitRepo represents a git repository 6911 at a particular revision. DEPRECATED: GitRepo 6912 is deprecated. To provision a container 6913 with a git repo, mount an EmptyDir into 6914 an InitContainer that clones the repo using 6915 git, then mount the EmptyDir into the Pod''s 6916 container.' 6917 properties: 6918 directory: 6919 description: directory is the target directory 6920 name. Must not contain or start with 6921 '..'. If '.' is supplied, the volume 6922 directory will be the git repository. Otherwise, 6923 if specified, the volume will contain 6924 the git repository in the subdirectory 6925 with the given name. 6926 type: string 6927 repository: 6928 description: repository is the URL 6929 type: string 6930 revision: 6931 description: revision is the commit hash 6932 for the specified revision. 6933 type: string 6934 required: 6935 - repository 6936 type: object 6937 glusterfs: 6938 description: 'glusterfs represents a Glusterfs 6939 mount on the host that shares a pod''s lifetime. 6940 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 6941 properties: 6942 endpoints: 6943 description: 'endpoints is the endpoint 6944 name that details Glusterfs topology. 6945 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6946 type: string 6947 path: 6948 description: 'path is the Glusterfs volume 6949 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6950 type: string 6951 readOnly: 6952 description: 'readOnly here will force 6953 the Glusterfs volume to be mounted with 6954 read-only permissions. Defaults to false. 6955 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 6956 type: boolean 6957 required: 6958 - endpoints 6959 - path 6960 type: object 6961 hostPath: 6962 description: 'hostPath represents a pre-existing 6963 file or directory on the host machine that 6964 is directly exposed to the container. This 6965 is generally used for system agents or other 6966 privileged things that are allowed to see 6967 the host machine. Most containers will NOT 6968 need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6969 --- TODO(jonesdl) We need to restrict who 6970 can use host directory mounts and who can/can 6971 not mount host directories as read/write.' 6972 properties: 6973 path: 6974 description: 'path of the directory on 6975 the host. If the path is a symlink, 6976 it will follow the link to the real 6977 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6978 type: string 6979 type: 6980 description: 'type for HostPath Volume 6981 Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 6982 type: string 6983 required: 6984 - path 6985 type: object 6986 iscsi: 6987 description: 'iscsi represents an ISCSI Disk 6988 resource that is attached to a kubelet''s 6989 host machine and then exposed to the pod. 6990 More info: https://examples.k8s.io/volumes/iscsi/README.md' 6991 properties: 6992 chapAuthDiscovery: 6993 description: chapAuthDiscovery defines 6994 whether support iSCSI Discovery CHAP 6995 authentication 6996 type: boolean 6997 chapAuthSession: 6998 description: chapAuthSession defines whether 6999 support iSCSI Session CHAP authentication 7000 type: boolean 7001 fsType: 7002 description: 'fsType is the filesystem 7003 type of the volume that you want to 7004 mount. Tip: Ensure that the filesystem 7005 type is supported by the host operating 7006 system. Examples: "ext4", "xfs", "ntfs". 7007 Implicitly inferred to be "ext4" if 7008 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 7009 TODO: how do we prevent errors in the 7010 filesystem from compromising the machine' 7011 type: string 7012 initiatorName: 7013 description: initiatorName is the custom 7014 iSCSI Initiator Name. If initiatorName 7015 is specified with iscsiInterface simultaneously, 7016 new iSCSI interface <target portal>:<volume 7017 name> will be created for the connection. 7018 type: string 7019 iqn: 7020 description: iqn is the target iSCSI Qualified 7021 Name. 7022 type: string 7023 iscsiInterface: 7024 description: iscsiInterface is the interface 7025 Name that uses an iSCSI transport. Defaults 7026 to 'default' (tcp). 7027 type: string 7028 lun: 7029 description: lun represents iSCSI Target 7030 Lun number. 7031 format: int32 7032 type: integer 7033 portals: 7034 description: portals is the iSCSI Target 7035 Portal List. The portal is either an 7036 IP or ip_addr:port if the port is other 7037 than default (typically TCP ports 860 7038 and 3260). 7039 items: 7040 type: string 7041 type: array 7042 readOnly: 7043 description: readOnly here will force 7044 the ReadOnly setting in VolumeMounts. 7045 Defaults to false. 7046 type: boolean 7047 secretRef: 7048 description: secretRef is the CHAP Secret 7049 for iSCSI target and initiator authentication 7050 properties: 7051 name: 7052 description: 'Name of the referent. 7053 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7054 TODO: Add other useful fields. apiVersion, 7055 kind, uid?' 7056 type: string 7057 type: object 7058 targetPortal: 7059 description: targetPortal is iSCSI Target 7060 Portal. The Portal is either an IP or 7061 ip_addr:port if the port is other than 7062 default (typically TCP ports 860 and 7063 3260). 7064 type: string 7065 required: 7066 - iqn 7067 - lun 7068 - targetPortal 7069 type: object 7070 name: 7071 description: 'name of the volume. Must be 7072 a DNS_LABEL and unique within the pod. More 7073 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 7074 type: string 7075 nfs: 7076 description: 'nfs represents an NFS mount 7077 on the host that shares a pod''s lifetime 7078 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7079 properties: 7080 path: 7081 description: 'path that is exported by 7082 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7083 type: string 7084 readOnly: 7085 description: 'readOnly here will force 7086 the NFS export to be mounted with read-only 7087 permissions. Defaults to false. More 7088 info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7089 type: boolean 7090 server: 7091 description: 'server is the hostname or 7092 IP address of the NFS server. More info: 7093 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 7094 type: string 7095 required: 7096 - path 7097 - server 7098 type: object 7099 persistentVolumeClaim: 7100 description: 'persistentVolumeClaimVolumeSource 7101 represents a reference to a PersistentVolumeClaim 7102 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7103 properties: 7104 claimName: 7105 description: 'claimName is the name of 7106 a PersistentVolumeClaim in the same 7107 namespace as the pod using this volume. 7108 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 7109 type: string 7110 readOnly: 7111 description: readOnly Will force the ReadOnly 7112 setting in VolumeMounts. Default false. 7113 type: boolean 7114 required: 7115 - claimName 7116 type: object 7117 photonPersistentDisk: 7118 description: photonPersistentDisk represents 7119 a PhotonController persistent disk attached 7120 and mounted on kubelets host machine 7121 properties: 7122 fsType: 7123 description: fsType is the filesystem 7124 type to mount. Must be a filesystem 7125 type supported by the host operating 7126 system. Ex. "ext4", "xfs", "ntfs". Implicitly 7127 inferred to be "ext4" if unspecified. 7128 type: string 7129 pdID: 7130 description: pdID is the ID that identifies 7131 Photon Controller persistent disk 7132 type: string 7133 required: 7134 - pdID 7135 type: object 7136 portworxVolume: 7137 description: portworxVolume represents a portworx 7138 volume attached and mounted on kubelets 7139 host machine 7140 properties: 7141 fsType: 7142 description: fSType represents the filesystem 7143 type to mount Must be a filesystem type 7144 supported by the host operating system. 7145 Ex. "ext4", "xfs". Implicitly inferred 7146 to be "ext4" if unspecified. 7147 type: string 7148 readOnly: 7149 description: readOnly defaults to false 7150 (read/write). ReadOnly here will force 7151 the ReadOnly setting in VolumeMounts. 7152 type: boolean 7153 volumeID: 7154 description: volumeID uniquely identifies 7155 a Portworx volume 7156 type: string 7157 required: 7158 - volumeID 7159 type: object 7160 projected: 7161 description: projected items for all in one 7162 resources secrets, configmaps, and downward 7163 API 7164 properties: 7165 defaultMode: 7166 description: defaultMode are the mode 7167 bits used to set permissions on created 7168 files by default. Must be an octal value 7169 between 0000 and 0777 or a decimal value 7170 between 0 and 511. YAML accepts both 7171 octal and decimal values, JSON requires 7172 decimal values for mode bits. Directories 7173 within the path are not affected by 7174 this setting. This might be in conflict 7175 with other options that affect the file 7176 mode, like fsGroup, and the result can 7177 be other mode bits set. 7178 format: int32 7179 type: integer 7180 sources: 7181 description: sources is the list of volume 7182 projections 7183 items: 7184 description: Projection that may be 7185 projected along with other supported 7186 volume types 7187 properties: 7188 configMap: 7189 description: configMap information 7190 about the configMap data to project 7191 properties: 7192 items: 7193 description: items if unspecified, 7194 each key-value pair in the 7195 Data field of the referenced 7196 ConfigMap will be projected 7197 into the volume as a file 7198 whose name is the key and 7199 content is the value. If specified, 7200 the listed keys will be projected 7201 into the specified paths, 7202 and unlisted keys will not 7203 be present. If a key is specified 7204 which is not present in the 7205 ConfigMap, the volume setup 7206 will error unless it is marked 7207 optional. Paths must be relative 7208 and may not contain the '..' 7209 path or start with '..'. 7210 items: 7211 description: Maps a string 7212 key to a path within a volume. 7213 properties: 7214 key: 7215 description: key is the 7216 key to project. 7217 type: string 7218 mode: 7219 description: 'mode is 7220 Optional: mode bits 7221 used to set permissions 7222 on this file. Must be 7223 an octal value between 7224 0000 and 0777 or a decimal 7225 value between 0 and 7226 511. YAML accepts both 7227 octal and decimal values, 7228 JSON requires decimal 7229 values for mode bits. 7230 If not specified, the 7231 volume defaultMode will 7232 be used. This might 7233 be in conflict with 7234 other options that affect 7235 the file mode, like 7236 fsGroup, and the result 7237 can be other mode bits 7238 set.' 7239 format: int32 7240 type: integer 7241 path: 7242 description: path is the 7243 relative path of the 7244 file to map the key 7245 to. May not be an absolute 7246 path. May not contain 7247 the path element '..'. 7248 May not start with the 7249 string '..'. 7250 type: string 7251 required: 7252 - key 7253 - path 7254 type: object 7255 type: array 7256 name: 7257 description: 'Name of the referent. 7258 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7259 TODO: Add other useful fields. 7260 apiVersion, kind, uid?' 7261 type: string 7262 optional: 7263 description: optional specify 7264 whether the ConfigMap or its 7265 keys must be defined 7266 type: boolean 7267 type: object 7268 downwardAPI: 7269 description: downwardAPI information 7270 about the downwardAPI data to 7271 project 7272 properties: 7273 items: 7274 description: Items is a list 7275 of DownwardAPIVolume file 7276 items: 7277 description: DownwardAPIVolumeFile 7278 represents information to 7279 create the file containing 7280 the pod field 7281 properties: 7282 fieldRef: 7283 description: 'Required: 7284 Selects a field of the 7285 pod: only annotations, 7286 labels, name and namespace 7287 are supported.' 7288 properties: 7289 apiVersion: 7290 description: Version 7291 of the schema the 7292 FieldPath is written 7293 in terms of, defaults 7294 to "v1". 7295 type: string 7296 fieldPath: 7297 description: Path 7298 of the field to 7299 select in the specified 7300 API version. 7301 type: string 7302 required: 7303 - fieldPath 7304 type: object 7305 mode: 7306 description: 'Optional: 7307 mode bits used to set 7308 permissions on this 7309 file, must be an octal 7310 value between 0000 and 7311 0777 or a decimal value 7312 between 0 and 511. YAML 7313 accepts both octal and 7314 decimal values, JSON 7315 requires decimal values 7316 for mode bits. If not 7317 specified, the volume 7318 defaultMode will be 7319 used. This might be 7320 in conflict with other 7321 options that affect 7322 the file mode, like 7323 fsGroup, and the result 7324 can be other mode bits 7325 set.' 7326 format: int32 7327 type: integer 7328 path: 7329 description: 'Required: 7330 Path is the relative 7331 path name of the file 7332 to be created. Must 7333 not be absolute or contain 7334 the ''..'' path. Must 7335 be utf-8 encoded. The 7336 first item of the relative 7337 path must not start 7338 with ''..''' 7339 type: string 7340 resourceFieldRef: 7341 description: 'Selects 7342 a resource of the container: 7343 only resources limits 7344 and requests (limits.cpu, 7345 limits.memory, requests.cpu 7346 and requests.memory) 7347 are currently supported.' 7348 properties: 7349 containerName: 7350 description: 'Container 7351 name: required for 7352 volumes, optional 7353 for env vars' 7354 type: string 7355 divisor: 7356 anyOf: 7357 - type: integer 7358 - type: string 7359 description: Specifies 7360 the output format 7361 of the exposed resources, 7362 defaults to "1" 7363 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7364 x-kubernetes-int-or-string: true 7365 resource: 7366 description: 'Required: 7367 resource to select' 7368 type: string 7369 required: 7370 - resource 7371 type: object 7372 required: 7373 - path 7374 type: object 7375 type: array 7376 type: object 7377 secret: 7378 description: secret information 7379 about the secret data to project 7380 properties: 7381 items: 7382 description: items if unspecified, 7383 each key-value pair in the 7384 Data field of the referenced 7385 Secret will be projected into 7386 the volume as a file whose 7387 name is the key and content 7388 is the value. If specified, 7389 the listed keys will be projected 7390 into the specified paths, 7391 and unlisted keys will not 7392 be present. If a key is specified 7393 which is not present in the 7394 Secret, the volume setup will 7395 error unless it is marked 7396 optional. Paths must be relative 7397 and may not contain the '..' 7398 path or start with '..'. 7399 items: 7400 description: Maps a string 7401 key to a path within a volume. 7402 properties: 7403 key: 7404 description: key is the 7405 key to project. 7406 type: string 7407 mode: 7408 description: 'mode is 7409 Optional: mode bits 7410 used to set permissions 7411 on this file. Must be 7412 an octal value between 7413 0000 and 0777 or a decimal 7414 value between 0 and 7415 511. YAML accepts both 7416 octal and decimal values, 7417 JSON requires decimal 7418 values for mode bits. 7419 If not specified, the 7420 volume defaultMode will 7421 be used. This might 7422 be in conflict with 7423 other options that affect 7424 the file mode, like 7425 fsGroup, and the result 7426 can be other mode bits 7427 set.' 7428 format: int32 7429 type: integer 7430 path: 7431 description: path is the 7432 relative path of the 7433 file to map the key 7434 to. May not be an absolute 7435 path. May not contain 7436 the path element '..'. 7437 May not start with the 7438 string '..'. 7439 type: string 7440 required: 7441 - key 7442 - path 7443 type: object 7444 type: array 7445 name: 7446 description: 'Name of the referent. 7447 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7448 TODO: Add other useful fields. 7449 apiVersion, kind, uid?' 7450 type: string 7451 optional: 7452 description: optional field 7453 specify whether the Secret 7454 or its key must be defined 7455 type: boolean 7456 type: object 7457 serviceAccountToken: 7458 description: serviceAccountToken 7459 is information about the serviceAccountToken 7460 data to project 7461 properties: 7462 audience: 7463 description: audience is the 7464 intended audience of the token. 7465 A recipient of a token must 7466 identify itself with an identifier 7467 specified in the audience 7468 of the token, and otherwise 7469 should reject the token. The 7470 audience defaults to the identifier 7471 of the apiserver. 7472 type: string 7473 expirationSeconds: 7474 description: expirationSeconds 7475 is the requested duration 7476 of validity of the service 7477 account token. As the token 7478 approaches expiration, the 7479 kubelet volume plugin will 7480 proactively rotate the service 7481 account token. The kubelet 7482 will start trying to rotate 7483 the token if the token is 7484 older than 80 percent of its 7485 time to live or if the token 7486 is older than 24 hours.Defaults 7487 to 1 hour and must be at least 7488 10 minutes. 7489 format: int64 7490 type: integer 7491 path: 7492 description: path is the path 7493 relative to the mount point 7494 of the file to project the 7495 token into. 7496 type: string 7497 required: 7498 - path 7499 type: object 7500 type: object 7501 type: array 7502 type: object 7503 quobyte: 7504 description: quobyte represents a Quobyte 7505 mount on the host that shares a pod's lifetime 7506 properties: 7507 group: 7508 description: group to map volume access 7509 to Default is no group 7510 type: string 7511 readOnly: 7512 description: readOnly here will force 7513 the Quobyte volume to be mounted with 7514 read-only permissions. Defaults to false. 7515 type: boolean 7516 registry: 7517 description: registry represents a single 7518 or multiple Quobyte Registry services 7519 specified as a string as host:port pair 7520 (multiple entries are separated with 7521 commas) which acts as the central registry 7522 for volumes 7523 type: string 7524 tenant: 7525 description: tenant owning the given Quobyte 7526 volume in the Backend Used with dynamically 7527 provisioned Quobyte volumes, value is 7528 set by the plugin 7529 type: string 7530 user: 7531 description: user to map volume access 7532 to Defaults to serivceaccount user 7533 type: string 7534 volume: 7535 description: volume is a string that references 7536 an already created Quobyte volume by 7537 name. 7538 type: string 7539 required: 7540 - registry 7541 - volume 7542 type: object 7543 rbd: 7544 description: 'rbd represents a Rados Block 7545 Device mount on the host that shares a pod''s 7546 lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 7547 properties: 7548 fsType: 7549 description: 'fsType is the filesystem 7550 type of the volume that you want to 7551 mount. Tip: Ensure that the filesystem 7552 type is supported by the host operating 7553 system. Examples: "ext4", "xfs", "ntfs". 7554 Implicitly inferred to be "ext4" if 7555 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 7556 TODO: how do we prevent errors in the 7557 filesystem from compromising the machine' 7558 type: string 7559 image: 7560 description: 'image is the rados image 7561 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7562 type: string 7563 keyring: 7564 description: 'keyring is the path to key 7565 ring for RBDUser. Default is /etc/ceph/keyring. 7566 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7567 type: string 7568 monitors: 7569 description: 'monitors is a collection 7570 of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7571 items: 7572 type: string 7573 type: array 7574 pool: 7575 description: 'pool is the rados pool name. 7576 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7577 type: string 7578 readOnly: 7579 description: 'readOnly here will force 7580 the ReadOnly setting in VolumeMounts. 7581 Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7582 type: boolean 7583 secretRef: 7584 description: 'secretRef is name of the 7585 authentication secret for RBDUser. If 7586 provided overrides keyring. Default 7587 is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7588 properties: 7589 name: 7590 description: 'Name of the referent. 7591 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7592 TODO: Add other useful fields. apiVersion, 7593 kind, uid?' 7594 type: string 7595 type: object 7596 user: 7597 description: 'user is the rados user name. 7598 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 7599 type: string 7600 required: 7601 - image 7602 - monitors 7603 type: object 7604 scaleIO: 7605 description: scaleIO represents a ScaleIO 7606 persistent volume attached and mounted on 7607 Kubernetes nodes. 7608 properties: 7609 fsType: 7610 description: fsType is the filesystem 7611 type to mount. Must be a filesystem 7612 type supported by the host operating 7613 system. Ex. "ext4", "xfs", "ntfs". Default 7614 is "xfs". 7615 type: string 7616 gateway: 7617 description: gateway is the host address 7618 of the ScaleIO API Gateway. 7619 type: string 7620 protectionDomain: 7621 description: protectionDomain is the name 7622 of the ScaleIO Protection Domain for 7623 the configured storage. 7624 type: string 7625 readOnly: 7626 description: readOnly Defaults to false 7627 (read/write). ReadOnly here will force 7628 the ReadOnly setting in VolumeMounts. 7629 type: boolean 7630 secretRef: 7631 description: secretRef references to the 7632 secret for ScaleIO user and other sensitive 7633 information. If this is not provided, 7634 Login operation will fail. 7635 properties: 7636 name: 7637 description: 'Name of the referent. 7638 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7639 TODO: Add other useful fields. apiVersion, 7640 kind, uid?' 7641 type: string 7642 type: object 7643 sslEnabled: 7644 description: sslEnabled Flag enable/disable 7645 SSL communication with Gateway, default 7646 false 7647 type: boolean 7648 storageMode: 7649 description: storageMode indicates whether 7650 the storage for a volume should be ThickProvisioned 7651 or ThinProvisioned. Default is ThinProvisioned. 7652 type: string 7653 storagePool: 7654 description: storagePool is the ScaleIO 7655 Storage Pool associated with the protection 7656 domain. 7657 type: string 7658 system: 7659 description: system is the name of the 7660 storage system as configured in ScaleIO. 7661 type: string 7662 volumeName: 7663 description: volumeName is the name of 7664 a volume already created in the ScaleIO 7665 system that is associated with this 7666 volume source. 7667 type: string 7668 required: 7669 - gateway 7670 - secretRef 7671 - system 7672 type: object 7673 secret: 7674 description: 'secret represents a secret that 7675 should populate this volume. More info: 7676 https://kubernetes.io/docs/concepts/storage/volumes#secret' 7677 properties: 7678 defaultMode: 7679 description: 'defaultMode is Optional: 7680 mode bits used to set permissions on 7681 created files by default. Must be an 7682 octal value between 0000 and 0777 or 7683 a decimal value between 0 and 511. YAML 7684 accepts both octal and decimal values, 7685 JSON requires decimal values for mode 7686 bits. Defaults to 0644. Directories 7687 within the path are not affected by 7688 this setting. This might be in conflict 7689 with other options that affect the file 7690 mode, like fsGroup, and the result can 7691 be other mode bits set.' 7692 format: int32 7693 type: integer 7694 items: 7695 description: items If unspecified, each 7696 key-value pair in the Data field of 7697 the referenced Secret will be projected 7698 into the volume as a file whose name 7699 is the key and content is the value. 7700 If specified, the listed keys will be 7701 projected into the specified paths, 7702 and unlisted keys will not be present. 7703 If a key is specified which is not present 7704 in the Secret, the volume setup will 7705 error unless it is marked optional. 7706 Paths must be relative and may not contain 7707 the '..' path or start with '..'. 7708 items: 7709 description: Maps a string key to a 7710 path within a volume. 7711 properties: 7712 key: 7713 description: key is the key to project. 7714 type: string 7715 mode: 7716 description: 'mode is Optional: 7717 mode bits used to set permissions 7718 on this file. Must be an octal 7719 value between 0000 and 0777 or 7720 a decimal value between 0 and 7721 511. YAML accepts both octal and 7722 decimal values, JSON requires 7723 decimal values for mode bits. 7724 If not specified, the volume defaultMode 7725 will be used. This might be in 7726 conflict with other options that 7727 affect the file mode, like fsGroup, 7728 and the result can be other mode 7729 bits set.' 7730 format: int32 7731 type: integer 7732 path: 7733 description: path is the relative 7734 path of the file to map the key 7735 to. May not be an absolute path. 7736 May not contain the path element 7737 '..'. May not start with the string 7738 '..'. 7739 type: string 7740 required: 7741 - key 7742 - path 7743 type: object 7744 type: array 7745 optional: 7746 description: optional field specify whether 7747 the Secret or its keys must be defined 7748 type: boolean 7749 secretName: 7750 description: 'secretName is the name of 7751 the secret in the pod''s namespace to 7752 use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 7753 type: string 7754 type: object 7755 storageos: 7756 description: storageOS represents a StorageOS 7757 volume attached and mounted on Kubernetes 7758 nodes. 7759 properties: 7760 fsType: 7761 description: fsType is the filesystem 7762 type to mount. Must be a filesystem 7763 type supported by the host operating 7764 system. Ex. "ext4", "xfs", "ntfs". Implicitly 7765 inferred to be "ext4" if unspecified. 7766 type: string 7767 readOnly: 7768 description: readOnly defaults to false 7769 (read/write). ReadOnly here will force 7770 the ReadOnly setting in VolumeMounts. 7771 type: boolean 7772 secretRef: 7773 description: secretRef specifies the secret 7774 to use for obtaining the StorageOS API 7775 credentials. If not specified, default 7776 values will be attempted. 7777 properties: 7778 name: 7779 description: 'Name of the referent. 7780 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7781 TODO: Add other useful fields. apiVersion, 7782 kind, uid?' 7783 type: string 7784 type: object 7785 volumeName: 7786 description: volumeName is the human-readable 7787 name of the StorageOS volume. Volume 7788 names are only unique within a namespace. 7789 type: string 7790 volumeNamespace: 7791 description: volumeNamespace specifies 7792 the scope of the volume within StorageOS. If 7793 no namespace is specified then the Pod's 7794 namespace will be used. This allows 7795 the Kubernetes name scoping to be mirrored 7796 within StorageOS for tighter integration. 7797 Set VolumeName to any name to override 7798 the default behaviour. Set to "default" 7799 if you are not using namespaces within 7800 StorageOS. Namespaces that do not pre-exist 7801 within StorageOS will be created. 7802 type: string 7803 type: object 7804 vsphereVolume: 7805 description: vsphereVolume represents a vSphere 7806 volume attached and mounted on kubelets 7807 host machine 7808 properties: 7809 fsType: 7810 description: fsType is filesystem type 7811 to mount. Must be a filesystem type 7812 supported by the host operating system. 7813 Ex. "ext4", "xfs", "ntfs". Implicitly 7814 inferred to be "ext4" if unspecified. 7815 type: string 7816 storagePolicyID: 7817 description: storagePolicyID is the storage 7818 Policy Based Management (SPBM) profile 7819 ID associated with the StoragePolicyName. 7820 type: string 7821 storagePolicyName: 7822 description: storagePolicyName is the 7823 storage Policy Based Management (SPBM) 7824 profile name. 7825 type: string 7826 volumePath: 7827 description: volumePath is the path that 7828 identifies vSphere volume vmdk 7829 type: string 7830 required: 7831 - volumePath 7832 type: object 7833 required: 7834 - name 7835 type: object 7836 type: array 7837 x-kubernetes-list-type: atomic 7838 workspaces: 7839 description: Workspaces are the volumes that this 7840 Task requires. 7841 items: 7842 description: WorkspaceDeclaration is a declaration 7843 of a volume that a Task requires. 7844 properties: 7845 description: 7846 description: Description is an optional human 7847 readable description of this volume. 7848 type: string 7849 mountPath: 7850 description: MountPath overrides the directory 7851 that the volume will be made available at. 7852 type: string 7853 name: 7854 description: Name is the name by which you 7855 can bind the volume at runtime. 7856 type: string 7857 optional: 7858 description: Optional marks a Workspace as 7859 not being required in TaskRuns. By default 7860 this field is false and so declared workspaces 7861 are required. 7862 type: boolean 7863 readOnly: 7864 description: ReadOnly dictates whether a mounted 7865 volume is writable. By default this field 7866 is false and so mounted volumes are writable. 7867 type: boolean 7868 required: 7869 - name 7870 type: object 7871 type: array 7872 x-kubernetes-list-type: atomic 7873 type: object 7874 timeout: 7875 description: 'Time after which the TaskRun times out. 7876 Defaults to 1 hour. Specified TaskRun timeout should 7877 be less than 24h. Refer Go''s ParseDuration documentation 7878 for expected format: https://golang.org/pkg/time/#ParseDuration' 7879 type: string 7880 when: 7881 description: WhenExpressions is a list of when expressions 7882 that need to be true for the task to run 7883 items: 7884 description: WhenExpression allows a PipelineTask 7885 to declare expressions to be evaluated before the 7886 Task is run to determine whether the Task should 7887 be executed or skipped 7888 properties: 7889 input: 7890 description: Input is the string for guard checking 7891 which can be a static input or an output from 7892 a parent Task 7893 type: string 7894 operator: 7895 description: Operator that represents an Input's 7896 relationship to the values 7897 type: string 7898 values: 7899 description: Values is an array of strings, which 7900 is compared against the input, for guard checking 7901 It must be non-empty 7902 items: 7903 type: string 7904 type: array 7905 x-kubernetes-list-type: atomic 7906 required: 7907 - input 7908 - operator 7909 - values 7910 type: object 7911 type: array 7912 workspaces: 7913 description: Workspaces maps workspaces from the pipeline 7914 spec to the workspaces declared in the Task. 7915 items: 7916 description: WorkspacePipelineTaskBinding describes 7917 how a workspace passed into the pipeline should 7918 be mapped to a task's declared workspace. 7919 properties: 7920 name: 7921 description: Name is the name of the workspace 7922 as declared by the task 7923 type: string 7924 subPath: 7925 description: SubPath is optionally a directory 7926 on the volume which should be used for this 7927 binding (i.e. the volume will be mounted at 7928 this sub directory). 7929 type: string 7930 workspace: 7931 description: Workspace is the name of the workspace 7932 declared by the pipeline 7933 type: string 7934 required: 7935 - name 7936 type: object 7937 type: array 7938 x-kubernetes-list-type: atomic 7939 type: object 7940 type: array 7941 x-kubernetes-list-type: atomic 7942 params: 7943 description: Params declares a list of input parameters that 7944 must be supplied when this Pipeline is run. 7945 items: 7946 description: ParamSpec defines arbitrary parameters needed 7947 beyond typed inputs (such as resources). Parameter values 7948 are provided by users as inputs on a TaskRun or PipelineRun. 7949 properties: 7950 default: 7951 description: Default is the value a parameter takes 7952 if no input value is supplied. If default is set, 7953 a Task may be executed without a supplied value for 7954 the parameter. 7955 properties: 7956 arrayVal: 7957 items: 7958 type: string 7959 type: array 7960 x-kubernetes-list-type: atomic 7961 objectVal: 7962 additionalProperties: 7963 type: string 7964 type: object 7965 stringVal: 7966 type: string 7967 type: 7968 description: ParamType indicates the type of an 7969 input parameter; Used to distinguish between a 7970 single string and an array of strings. 7971 type: string 7972 required: 7973 - arrayVal 7974 - objectVal 7975 - stringVal 7976 - type 7977 type: object 7978 description: 7979 description: Description is a user-facing description 7980 of the parameter that may be used to populate a UI. 7981 type: string 7982 name: 7983 description: Name declares the name by which a parameter 7984 is referenced. 7985 type: string 7986 properties: 7987 additionalProperties: 7988 description: PropertySpec defines the struct for object 7989 keys 7990 properties: 7991 type: 7992 description: ParamType indicates the type of an 7993 input parameter; Used to distinguish between 7994 a single string and an array of strings. 7995 type: string 7996 type: object 7997 description: Properties is the JSON Schema properties 7998 to support key-value pairs parameter. 7999 type: object 8000 type: 8001 description: Type is the user-specified type of the 8002 parameter. The possible types are currently "string", 8003 "array" and "object", and "string" is the default. 8004 type: string 8005 required: 8006 - name 8007 type: object 8008 type: array 8009 x-kubernetes-list-type: atomic 8010 resources: 8011 description: Resources declares the names and types of the 8012 resources given to the Pipeline's tasks as inputs and outputs. 8013 items: 8014 description: PipelineDeclaredResource is used by a Pipeline 8015 to declare the types of the PipelineResources that it 8016 will required to run and names which can be used to refer 8017 to these PipelineResources in PipelineTaskResourceBindings. 8018 properties: 8019 name: 8020 description: Name is the name that will be used by the 8021 Pipeline to refer to this resource. It does not directly 8022 correspond to the name of any PipelineResources Task 8023 inputs or outputs, and it does not correspond to the 8024 actual names of the PipelineResources that will be 8025 bound in the PipelineRun. 8026 type: string 8027 optional: 8028 description: 'Optional declares the resource as optional. 8029 optional: true - the resource is considered optional 8030 optional: false - the resource is considered required 8031 (default/equivalent of not specifying it)' 8032 type: boolean 8033 type: 8034 description: Type is the type of the PipelineResource. 8035 type: string 8036 required: 8037 - name 8038 - type 8039 type: object 8040 type: array 8041 x-kubernetes-list-type: atomic 8042 results: 8043 description: Results are values that this pipeline can output 8044 once run 8045 items: 8046 description: PipelineResult used to describe the results 8047 of a pipeline 8048 properties: 8049 description: 8050 description: Description is a human-readable description 8051 of the result 8052 type: string 8053 name: 8054 description: Name the given name 8055 type: string 8056 type: 8057 description: Type is the user-specified type of the 8058 result. The possible types are 'string', 'array', 8059 and 'object', with 'string' as the default. 'array' 8060 and 'object' types are alpha features. 8061 type: string 8062 value: 8063 description: Value the expression used to retrieve the 8064 value 8065 properties: 8066 arrayVal: 8067 items: 8068 type: string 8069 type: array 8070 x-kubernetes-list-type: atomic 8071 objectVal: 8072 additionalProperties: 8073 type: string 8074 type: object 8075 stringVal: 8076 type: string 8077 type: 8078 description: ParamType indicates the type of an 8079 input parameter; Used to distinguish between a 8080 single string and an array of strings. 8081 type: string 8082 required: 8083 - arrayVal 8084 - objectVal 8085 - stringVal 8086 - type 8087 type: object 8088 required: 8089 - name 8090 - value 8091 type: object 8092 type: array 8093 x-kubernetes-list-type: atomic 8094 tasks: 8095 description: Tasks declares the graph of Tasks that execute 8096 when this Pipeline is run. 8097 items: 8098 description: PipelineTask defines a task in a Pipeline, 8099 passing inputs from both Params and from the output of 8100 previous tasks. 8101 properties: 8102 matrix: 8103 description: Matrix declares parameters used to fan 8104 out this task. 8105 properties: 8106 params: 8107 description: Params is a list of parameters used 8108 to fan out the pipelineTask Params takes only 8109 `Parameters` of type `"array"` Each array element 8110 is supplied to the `PipelineTask` by substituting 8111 `params` of type `"string"` in the underlying 8112 `Task`. The names of the `params` in the `Matrix` 8113 must match the names of the `params` in the underlying 8114 `Task` that they will be substituting. 8115 items: 8116 description: Param declares an ParamValues to 8117 use for the parameter called name. 8118 properties: 8119 name: 8120 type: string 8121 value: 8122 description: ParamValue is a type that can 8123 hold a single string or string array. Used 8124 in JSON unmarshalling so that a single JSON 8125 field can accept either an individual string 8126 or an array of strings. 8127 properties: 8128 arrayVal: 8129 items: 8130 type: string 8131 type: array 8132 x-kubernetes-list-type: atomic 8133 objectVal: 8134 additionalProperties: 8135 type: string 8136 type: object 8137 stringVal: 8138 type: string 8139 type: 8140 description: ParamType indicates the type 8141 of an input parameter; Used to distinguish 8142 between a single string and an array 8143 of strings. 8144 type: string 8145 required: 8146 - arrayVal 8147 - objectVal 8148 - stringVal 8149 - type 8150 type: object 8151 required: 8152 - name 8153 - value 8154 type: object 8155 type: array 8156 x-kubernetes-list-type: atomic 8157 type: object 8158 name: 8159 description: Name is the name of this task within the 8160 context of a Pipeline. Name is used as a coordinate 8161 with the `from` and `runAfter` fields to establish 8162 the execution order of tasks relative to one another. 8163 type: string 8164 params: 8165 description: Parameters declares parameters passed to 8166 this task. 8167 items: 8168 description: Param declares an ParamValues to use 8169 for the parameter called name. 8170 properties: 8171 name: 8172 type: string 8173 value: 8174 description: ParamValue is a type that can hold 8175 a single string or string array. Used in JSON 8176 unmarshalling so that a single JSON field can 8177 accept either an individual string or an array 8178 of strings. 8179 properties: 8180 arrayVal: 8181 items: 8182 type: string 8183 type: array 8184 x-kubernetes-list-type: atomic 8185 objectVal: 8186 additionalProperties: 8187 type: string 8188 type: object 8189 stringVal: 8190 type: string 8191 type: 8192 description: ParamType indicates the type 8193 of an input parameter; Used to distinguish 8194 between a single string and an array of 8195 strings. 8196 type: string 8197 required: 8198 - arrayVal 8199 - objectVal 8200 - stringVal 8201 - type 8202 type: object 8203 required: 8204 - name 8205 - value 8206 type: object 8207 type: array 8208 x-kubernetes-list-type: atomic 8209 resources: 8210 description: Resources declares the resources given 8211 to this task as inputs and outputs. 8212 properties: 8213 inputs: 8214 description: Inputs holds the mapping from the PipelineResources 8215 declared in DeclaredPipelineResources to the input 8216 PipelineResources required by the Task. 8217 items: 8218 description: PipelineTaskInputResource maps the 8219 name of a declared PipelineResource input dependency 8220 in a Task to the resource in the Pipeline's 8221 DeclaredPipelineResources that should be used. 8222 This input may come from a previous task. 8223 properties: 8224 from: 8225 description: From is the list of PipelineTask 8226 names that the resource has to come from. 8227 (Implies an ordering in the execution graph.) 8228 items: 8229 type: string 8230 type: array 8231 x-kubernetes-list-type: atomic 8232 name: 8233 description: Name is the name of the PipelineResource 8234 as declared by the Task. 8235 type: string 8236 resource: 8237 description: Resource is the name of the DeclaredPipelineResource 8238 to use. 8239 type: string 8240 required: 8241 - name 8242 - resource 8243 type: object 8244 type: array 8245 x-kubernetes-list-type: atomic 8246 outputs: 8247 description: Outputs holds the mapping from the 8248 PipelineResources declared in DeclaredPipelineResources 8249 to the input PipelineResources required by the 8250 Task. 8251 items: 8252 description: PipelineTaskOutputResource maps the 8253 name of a declared PipelineResource output dependency 8254 in a Task to the resource in the Pipeline's 8255 DeclaredPipelineResources that should be used. 8256 properties: 8257 name: 8258 description: Name is the name of the PipelineResource 8259 as declared by the Task. 8260 type: string 8261 resource: 8262 description: Resource is the name of the DeclaredPipelineResource 8263 to use. 8264 type: string 8265 required: 8266 - name 8267 - resource 8268 type: object 8269 type: array 8270 x-kubernetes-list-type: atomic 8271 type: object 8272 retries: 8273 description: 'Retries represents how many times this 8274 task should be retried in case of task failure: ConditionSucceeded 8275 set to False' 8276 type: integer 8277 runAfter: 8278 description: RunAfter is the list of PipelineTask names 8279 that should be executed before this Task executes. 8280 (Used to force a specific ordering in graph execution.) 8281 items: 8282 type: string 8283 type: array 8284 x-kubernetes-list-type: atomic 8285 taskRef: 8286 description: TaskRef is a reference to a task definition. 8287 properties: 8288 apiVersion: 8289 description: API version of the referent 8290 type: string 8291 bundle: 8292 description: 'Bundle url reference to a Tekton Bundle. 8293 Deprecated: Please use ResolverRef with the bundles 8294 resolver instead.' 8295 type: string 8296 kind: 8297 description: TaskKind indicates the kind of the 8298 task, namespaced or cluster scoped. 8299 type: string 8300 name: 8301 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 8302 type: string 8303 params: 8304 description: Params contains the parameters used 8305 to identify the referenced Tekton resource. Example 8306 entries might include "repo" or "path" but the 8307 set of params ultimately depends on the chosen 8308 resolver. 8309 items: 8310 description: Param declares an ParamValues to 8311 use for the parameter called name. 8312 properties: 8313 name: 8314 type: string 8315 value: 8316 description: ParamValue is a type that can 8317 hold a single string or string array. Used 8318 in JSON unmarshalling so that a single JSON 8319 field can accept either an individual string 8320 or an array of strings. 8321 properties: 8322 arrayVal: 8323 items: 8324 type: string 8325 type: array 8326 x-kubernetes-list-type: atomic 8327 objectVal: 8328 additionalProperties: 8329 type: string 8330 type: object 8331 stringVal: 8332 type: string 8333 type: 8334 description: ParamType indicates the type 8335 of an input parameter; Used to distinguish 8336 between a single string and an array 8337 of strings. 8338 type: string 8339 required: 8340 - arrayVal 8341 - objectVal 8342 - stringVal 8343 - type 8344 type: object 8345 required: 8346 - name 8347 - value 8348 type: object 8349 type: array 8350 x-kubernetes-list-type: atomic 8351 resolver: 8352 description: Resolver is the name of the resolver 8353 that should perform resolution of the referenced 8354 Tekton resource, such as "git". 8355 type: string 8356 type: object 8357 taskSpec: 8358 description: TaskSpec is a specification of a task 8359 properties: 8360 apiVersion: 8361 type: string 8362 description: 8363 description: Description is a user-facing description 8364 of the task that may be used to populate a UI. 8365 type: string 8366 kind: 8367 type: string 8368 metadata: 8369 description: PipelineTaskMetadata contains the labels 8370 or annotations for an EmbeddedTask 8371 properties: 8372 annotations: 8373 additionalProperties: 8374 type: string 8375 type: object 8376 labels: 8377 additionalProperties: 8378 type: string 8379 type: object 8380 type: object 8381 params: 8382 description: Params is a list of input parameters 8383 required to run the task. Params must be supplied 8384 as inputs in TaskRuns unless they declare a default 8385 value. 8386 items: 8387 description: ParamSpec defines arbitrary parameters 8388 needed beyond typed inputs (such as resources). 8389 Parameter values are provided by users as inputs 8390 on a TaskRun or PipelineRun. 8391 properties: 8392 default: 8393 description: Default is the value a parameter 8394 takes if no input value is supplied. If 8395 default is set, a Task may be executed without 8396 a supplied value for the parameter. 8397 properties: 8398 arrayVal: 8399 items: 8400 type: string 8401 type: array 8402 x-kubernetes-list-type: atomic 8403 objectVal: 8404 additionalProperties: 8405 type: string 8406 type: object 8407 stringVal: 8408 type: string 8409 type: 8410 description: ParamType indicates the type 8411 of an input parameter; Used to distinguish 8412 between a single string and an array 8413 of strings. 8414 type: string 8415 required: 8416 - arrayVal 8417 - objectVal 8418 - stringVal 8419 - type 8420 type: object 8421 description: 8422 description: Description is a user-facing 8423 description of the parameter that may be 8424 used to populate a UI. 8425 type: string 8426 name: 8427 description: Name declares the name by which 8428 a parameter is referenced. 8429 type: string 8430 properties: 8431 additionalProperties: 8432 description: PropertySpec defines the struct 8433 for object keys 8434 properties: 8435 type: 8436 description: ParamType indicates the 8437 type of an input parameter; Used to 8438 distinguish between a single string 8439 and an array of strings. 8440 type: string 8441 type: object 8442 description: Properties is the JSON Schema 8443 properties to support key-value pairs parameter. 8444 type: object 8445 type: 8446 description: Type is the user-specified type 8447 of the parameter. The possible types are 8448 currently "string", "array" and "object", 8449 and "string" is the default. 8450 type: string 8451 required: 8452 - name 8453 type: object 8454 type: array 8455 x-kubernetes-list-type: atomic 8456 resources: 8457 description: Resources is a list input and output 8458 resource to run the task Resources are represented 8459 in TaskRuns as bindings to instances of PipelineResources. 8460 properties: 8461 inputs: 8462 description: Inputs holds the mapping from the 8463 PipelineResources declared in DeclaredPipelineResources 8464 to the input PipelineResources required by 8465 the Task. 8466 items: 8467 description: TaskResource defines an input 8468 or output Resource declared as a requirement 8469 by a Task. The Name field will be used to 8470 refer to these Resources within the Task 8471 definition, and when provided as an Input, 8472 the Name will be the path to the volume 8473 mounted containing this Resource as an input 8474 (e.g. an input Resource named `workspace` 8475 will be mounted at `/workspace`). 8476 properties: 8477 description: 8478 description: Description is a user-facing 8479 description of the declared resource 8480 that may be used to populate a UI. 8481 type: string 8482 name: 8483 description: Name declares the name by 8484 which a resource is referenced in the 8485 definition. Resources may be referenced 8486 by name in the definition of a Task's 8487 steps. 8488 type: string 8489 optional: 8490 description: 'Optional declares the resource 8491 as optional. By default optional is 8492 set to false which makes a resource 8493 required. optional: true - the resource 8494 is considered optional optional: false 8495 - the resource is considered required 8496 (equivalent of not specifying it)' 8497 type: boolean 8498 targetPath: 8499 description: TargetPath is the path in 8500 workspace directory where the resource 8501 will be copied. 8502 type: string 8503 type: 8504 description: Type is the type of this 8505 resource; 8506 type: string 8507 required: 8508 - name 8509 - type 8510 type: object 8511 type: array 8512 x-kubernetes-list-type: atomic 8513 outputs: 8514 description: Outputs holds the mapping from 8515 the PipelineResources declared in DeclaredPipelineResources 8516 to the input PipelineResources required by 8517 the Task. 8518 items: 8519 description: TaskResource defines an input 8520 or output Resource declared as a requirement 8521 by a Task. The Name field will be used to 8522 refer to these Resources within the Task 8523 definition, and when provided as an Input, 8524 the Name will be the path to the volume 8525 mounted containing this Resource as an input 8526 (e.g. an input Resource named `workspace` 8527 will be mounted at `/workspace`). 8528 properties: 8529 description: 8530 description: Description is a user-facing 8531 description of the declared resource 8532 that may be used to populate a UI. 8533 type: string 8534 name: 8535 description: Name declares the name by 8536 which a resource is referenced in the 8537 definition. Resources may be referenced 8538 by name in the definition of a Task's 8539 steps. 8540 type: string 8541 optional: 8542 description: 'Optional declares the resource 8543 as optional. By default optional is 8544 set to false which makes a resource 8545 required. optional: true - the resource 8546 is considered optional optional: false 8547 - the resource is considered required 8548 (equivalent of not specifying it)' 8549 type: boolean 8550 targetPath: 8551 description: TargetPath is the path in 8552 workspace directory where the resource 8553 will be copied. 8554 type: string 8555 type: 8556 description: Type is the type of this 8557 resource; 8558 type: string 8559 required: 8560 - name 8561 - type 8562 type: object 8563 type: array 8564 x-kubernetes-list-type: atomic 8565 type: object 8566 results: 8567 description: Results are values that this Task can 8568 output 8569 items: 8570 description: TaskResult used to describe the results 8571 of a task 8572 properties: 8573 description: 8574 description: Description is a human-readable 8575 description of the result 8576 type: string 8577 name: 8578 description: Name the given name 8579 type: string 8580 properties: 8581 additionalProperties: 8582 description: PropertySpec defines the struct 8583 for object keys 8584 properties: 8585 type: 8586 description: ParamType indicates the 8587 type of an input parameter; Used to 8588 distinguish between a single string 8589 and an array of strings. 8590 type: string 8591 type: object 8592 description: Properties is the JSON Schema 8593 properties to support key-value pairs results. 8594 type: object 8595 type: 8596 description: Type is the user-specified type 8597 of the result. The possible type is currently 8598 "string" and will support "array" in following 8599 work. 8600 type: string 8601 required: 8602 - name 8603 type: object 8604 type: array 8605 x-kubernetes-list-type: atomic 8606 sidecars: 8607 description: Sidecars are run alongside the Task's 8608 step containers. They begin before the steps start 8609 and end after the steps complete. 8610 items: 8611 description: Sidecar has nearly the same data 8612 structure as Step but does not have the ability 8613 to timeout. 8614 properties: 8615 args: 8616 description: 'Arguments to the entrypoint. 8617 The image''s CMD is used if this is not 8618 provided. Variable references $(VAR_NAME) 8619 are expanded using the container''s environment. 8620 If a variable cannot be resolved, the reference 8621 in the input string will be unchanged. Double 8622 $$ are reduced to a single $, which allows 8623 for escaping the $(VAR_NAME) syntax: i.e. 8624 "$$(VAR_NAME)" will produce the string literal 8625 "$(VAR_NAME)". Escaped references will never 8626 be expanded, regardless of whether the variable 8627 exists or not. Cannot be updated. More info: 8628 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 8629 items: 8630 type: string 8631 type: array 8632 x-kubernetes-list-type: atomic 8633 command: 8634 description: 'Entrypoint array. Not executed 8635 within a shell. The image''s ENTRYPOINT 8636 is used if this is not provided. Variable 8637 references $(VAR_NAME) are expanded using 8638 the Sidecar''s environment. If a variable 8639 cannot be resolved, the reference in the 8640 input string will be unchanged. Double $$ 8641 are reduced to a single $, which allows 8642 for escaping the $(VAR_NAME) syntax: i.e. 8643 "$$(VAR_NAME)" will produce the string literal 8644 "$(VAR_NAME)". Escaped references will never 8645 be expanded, regardless of whether the variable 8646 exists or not. Cannot be updated. More info: 8647 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 8648 items: 8649 type: string 8650 type: array 8651 x-kubernetes-list-type: atomic 8652 env: 8653 description: List of environment variables 8654 to set in the Sidecar. Cannot be updated. 8655 items: 8656 description: EnvVar represents an environment 8657 variable present in a Container. 8658 properties: 8659 name: 8660 description: Name of the environment 8661 variable. Must be a C_IDENTIFIER. 8662 type: string 8663 value: 8664 description: 'Variable references $(VAR_NAME) 8665 are expanded using the previously 8666 defined environment variables in the 8667 container and any service environment 8668 variables. If a variable cannot be 8669 resolved, the reference in the input 8670 string will be unchanged. Double $$ 8671 are reduced to a single $, which allows 8672 for escaping the $(VAR_NAME) syntax: 8673 i.e. "$$(VAR_NAME)" will produce the 8674 string literal "$(VAR_NAME)". Escaped 8675 references will never be expanded, 8676 regardless of whether the variable 8677 exists or not. Defaults to "".' 8678 type: string 8679 valueFrom: 8680 description: Source for the environment 8681 variable's value. Cannot be used if 8682 value is not empty. 8683 properties: 8684 configMapKeyRef: 8685 description: Selects a key of a 8686 ConfigMap. 8687 properties: 8688 key: 8689 description: The key to select. 8690 type: string 8691 name: 8692 description: 'Name of the referent. 8693 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8694 TODO: Add other useful fields. 8695 apiVersion, kind, uid?' 8696 type: string 8697 optional: 8698 description: Specify whether 8699 the ConfigMap or its key must 8700 be defined 8701 type: boolean 8702 required: 8703 - key 8704 type: object 8705 fieldRef: 8706 description: 'Selects a field of 8707 the pod: supports metadata.name, 8708 metadata.namespace, `metadata.labels[''<KEY>'']`, 8709 `metadata.annotations[''<KEY>'']`, 8710 spec.nodeName, spec.serviceAccountName, 8711 status.hostIP, status.podIP, status.podIPs.' 8712 properties: 8713 apiVersion: 8714 description: Version of the 8715 schema the FieldPath is written 8716 in terms of, defaults to "v1". 8717 type: string 8718 fieldPath: 8719 description: Path of the field 8720 to select in the specified 8721 API version. 8722 type: string 8723 required: 8724 - fieldPath 8725 type: object 8726 resourceFieldRef: 8727 description: 'Selects a resource 8728 of the container: only resources 8729 limits and requests (limits.cpu, 8730 limits.memory, limits.ephemeral-storage, 8731 requests.cpu, requests.memory 8732 and requests.ephemeral-storage) 8733 are currently supported.' 8734 properties: 8735 containerName: 8736 description: 'Container name: 8737 required for volumes, optional 8738 for env vars' 8739 type: string 8740 divisor: 8741 anyOf: 8742 - type: integer 8743 - type: string 8744 description: Specifies the output 8745 format of the exposed resources, 8746 defaults to "1" 8747 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 8748 x-kubernetes-int-or-string: true 8749 resource: 8750 description: 'Required: resource 8751 to select' 8752 type: string 8753 required: 8754 - resource 8755 type: object 8756 secretKeyRef: 8757 description: Selects a key of a 8758 secret in the pod's namespace 8759 properties: 8760 key: 8761 description: The key of the 8762 secret to select from. Must 8763 be a valid secret key. 8764 type: string 8765 name: 8766 description: 'Name of the referent. 8767 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8768 TODO: Add other useful fields. 8769 apiVersion, kind, uid?' 8770 type: string 8771 optional: 8772 description: Specify whether 8773 the Secret or its key must 8774 be defined 8775 type: boolean 8776 required: 8777 - key 8778 type: object 8779 type: object 8780 required: 8781 - name 8782 type: object 8783 type: array 8784 x-kubernetes-list-type: atomic 8785 envFrom: 8786 description: List of sources to populate environment 8787 variables in the Sidecar. The keys defined 8788 within a source must be a C_IDENTIFIER. 8789 All invalid keys will be reported as an 8790 event when the Sidecar is starting. When 8791 a key exists in multiple sources, the value 8792 associated with the last source will take 8793 precedence. Values defined by an Env with 8794 a duplicate key will take precedence. Cannot 8795 be updated. 8796 items: 8797 description: EnvFromSource represents the 8798 source of a set of ConfigMaps 8799 properties: 8800 configMapRef: 8801 description: The ConfigMap to select 8802 from 8803 properties: 8804 name: 8805 description: 'Name of the referent. 8806 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8807 TODO: Add other useful fields. 8808 apiVersion, kind, uid?' 8809 type: string 8810 optional: 8811 description: Specify whether the 8812 ConfigMap must be defined 8813 type: boolean 8814 type: object 8815 prefix: 8816 description: An optional identifier 8817 to prepend to each key in the ConfigMap. 8818 Must be a C_IDENTIFIER. 8819 type: string 8820 secretRef: 8821 description: The Secret to select from 8822 properties: 8823 name: 8824 description: 'Name of the referent. 8825 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 8826 TODO: Add other useful fields. 8827 apiVersion, kind, uid?' 8828 type: string 8829 optional: 8830 description: Specify whether the 8831 Secret must be defined 8832 type: boolean 8833 type: object 8834 type: object 8835 type: array 8836 x-kubernetes-list-type: atomic 8837 image: 8838 description: 'Image name to be used by the 8839 Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images' 8840 type: string 8841 imagePullPolicy: 8842 description: 'Image pull policy. One of Always, 8843 Never, IfNotPresent. Defaults to Always 8844 if :latest tag is specified, or IfNotPresent 8845 otherwise. Cannot be updated. More info: 8846 https://kubernetes.io/docs/concepts/containers/images#updating-images' 8847 type: string 8848 lifecycle: 8849 description: Actions that the management system 8850 should take in response to Sidecar lifecycle 8851 events. Cannot be updated. 8852 properties: 8853 postStart: 8854 description: 'PostStart is called immediately 8855 after a container is created. If the 8856 handler fails, the container is terminated 8857 and restarted according to its restart 8858 policy. Other management of the container 8859 blocks until the hook completes. More 8860 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8861 properties: 8862 exec: 8863 description: Exec specifies the action 8864 to take. 8865 properties: 8866 command: 8867 description: Command is the command 8868 line to execute inside the container, 8869 the working directory for the 8870 command is root ('/') in the 8871 container's filesystem. The 8872 command is simply exec'd, it 8873 is not run inside a shell, so 8874 traditional shell instructions 8875 ('|', etc) won't work. To use 8876 a shell, you need to explicitly 8877 call out to that shell. Exit 8878 status of 0 is treated as live/healthy 8879 and non-zero is unhealthy. 8880 items: 8881 type: string 8882 type: array 8883 type: object 8884 httpGet: 8885 description: HTTPGet specifies the 8886 http request to perform. 8887 properties: 8888 host: 8889 description: Host name to connect 8890 to, defaults to the pod IP. 8891 You probably want to set "Host" 8892 in httpHeaders instead. 8893 type: string 8894 httpHeaders: 8895 description: Custom headers to 8896 set in the request. HTTP allows 8897 repeated headers. 8898 items: 8899 description: HTTPHeader describes 8900 a custom header to be used 8901 in HTTP probes 8902 properties: 8903 name: 8904 description: The header 8905 field name. This will 8906 be canonicalized upon 8907 output, so case-variant 8908 names will be understood 8909 as the same header. 8910 type: string 8911 value: 8912 description: The header 8913 field value 8914 type: string 8915 required: 8916 - name 8917 - value 8918 type: object 8919 type: array 8920 path: 8921 description: Path to access on 8922 the HTTP server. 8923 type: string 8924 port: 8925 anyOf: 8926 - type: integer 8927 - type: string 8928 description: Name or number of 8929 the port to access on the container. 8930 Number must be in the range 8931 1 to 65535. Name must be an 8932 IANA_SVC_NAME. 8933 x-kubernetes-int-or-string: true 8934 scheme: 8935 description: Scheme to use for 8936 connecting to the host. Defaults 8937 to HTTP. 8938 type: string 8939 required: 8940 - port 8941 type: object 8942 tcpSocket: 8943 description: Deprecated. TCPSocket 8944 is NOT supported as a LifecycleHandler 8945 and kept for the backward compatibility. 8946 There are no validation of this 8947 field and lifecycle hooks will fail 8948 in runtime when tcp handler is specified. 8949 properties: 8950 host: 8951 description: 'Optional: Host name 8952 to connect to, defaults to the 8953 pod IP.' 8954 type: string 8955 port: 8956 anyOf: 8957 - type: integer 8958 - type: string 8959 description: Number or name of 8960 the port to access on the container. 8961 Number must be in the range 8962 1 to 65535. Name must be an 8963 IANA_SVC_NAME. 8964 x-kubernetes-int-or-string: true 8965 required: 8966 - port 8967 type: object 8968 type: object 8969 preStop: 8970 description: 'PreStop is called immediately 8971 before a container is terminated due 8972 to an API request or management event 8973 such as liveness/startup probe failure, 8974 preemption, resource contention, etc. 8975 The handler is not called if the container 8976 crashes or exits. The Pod''s termination 8977 grace period countdown begins before 8978 the PreStop hook is executed. Regardless 8979 of the outcome of the handler, the container 8980 will eventually terminate within the 8981 Pod''s termination grace period (unless 8982 delayed by finalizers). Other management 8983 of the container blocks until the hook 8984 completes or until the termination grace 8985 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 8986 properties: 8987 exec: 8988 description: Exec specifies the action 8989 to take. 8990 properties: 8991 command: 8992 description: Command is the command 8993 line to execute inside the container, 8994 the working directory for the 8995 command is root ('/') in the 8996 container's filesystem. The 8997 command is simply exec'd, it 8998 is not run inside a shell, so 8999 traditional shell instructions 9000 ('|', etc) won't work. To use 9001 a shell, you need to explicitly 9002 call out to that shell. Exit 9003 status of 0 is treated as live/healthy 9004 and non-zero is unhealthy. 9005 items: 9006 type: string 9007 type: array 9008 type: object 9009 httpGet: 9010 description: HTTPGet specifies the 9011 http request to perform. 9012 properties: 9013 host: 9014 description: Host name to connect 9015 to, defaults to the pod IP. 9016 You probably want to set "Host" 9017 in httpHeaders instead. 9018 type: string 9019 httpHeaders: 9020 description: Custom headers to 9021 set in the request. HTTP allows 9022 repeated headers. 9023 items: 9024 description: HTTPHeader describes 9025 a custom header to be used 9026 in HTTP probes 9027 properties: 9028 name: 9029 description: The header 9030 field name. This will 9031 be canonicalized upon 9032 output, so case-variant 9033 names will be understood 9034 as the same header. 9035 type: string 9036 value: 9037 description: The header 9038 field value 9039 type: string 9040 required: 9041 - name 9042 - value 9043 type: object 9044 type: array 9045 path: 9046 description: Path to access on 9047 the HTTP server. 9048 type: string 9049 port: 9050 anyOf: 9051 - type: integer 9052 - type: string 9053 description: Name or number of 9054 the port to access on the container. 9055 Number must be in the range 9056 1 to 65535. Name must be an 9057 IANA_SVC_NAME. 9058 x-kubernetes-int-or-string: true 9059 scheme: 9060 description: Scheme to use for 9061 connecting to the host. Defaults 9062 to HTTP. 9063 type: string 9064 required: 9065 - port 9066 type: object 9067 tcpSocket: 9068 description: Deprecated. TCPSocket 9069 is NOT supported as a LifecycleHandler 9070 and kept for the backward compatibility. 9071 There are no validation of this 9072 field and lifecycle hooks will fail 9073 in runtime when tcp handler is specified. 9074 properties: 9075 host: 9076 description: 'Optional: Host name 9077 to connect to, defaults to the 9078 pod IP.' 9079 type: string 9080 port: 9081 anyOf: 9082 - type: integer 9083 - type: string 9084 description: Number or name of 9085 the port to access on the container. 9086 Number must be in the range 9087 1 to 65535. Name must be an 9088 IANA_SVC_NAME. 9089 x-kubernetes-int-or-string: true 9090 required: 9091 - port 9092 type: object 9093 type: object 9094 type: object 9095 livenessProbe: 9096 description: 'Periodic probe of Sidecar liveness. 9097 Container will be restarted if the probe 9098 fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9099 properties: 9100 exec: 9101 description: Exec specifies the action 9102 to take. 9103 properties: 9104 command: 9105 description: Command is the command 9106 line to execute inside the container, 9107 the working directory for the command is 9108 root ('/') in the container's filesystem. 9109 The command is simply exec'd, it 9110 is not run inside a shell, so traditional 9111 shell instructions ('|', etc) won't 9112 work. To use a shell, you need to 9113 explicitly call out to that shell. 9114 Exit status of 0 is treated as live/healthy 9115 and non-zero is unhealthy. 9116 items: 9117 type: string 9118 type: array 9119 type: object 9120 failureThreshold: 9121 description: Minimum consecutive failures 9122 for the probe to be considered failed 9123 after having succeeded. Defaults to 9124 3. Minimum value is 1. 9125 format: int32 9126 type: integer 9127 grpc: 9128 description: GRPC specifies an action 9129 involving a GRPC port. 9130 properties: 9131 port: 9132 description: Port number of the gRPC 9133 service. Number must be in the range 9134 1 to 65535. 9135 format: int32 9136 type: integer 9137 service: 9138 description: "Service is the name 9139 of the service to place in the gRPC 9140 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9141 \n If this is not specified, the 9142 default behavior is defined by gRPC." 9143 type: string 9144 required: 9145 - port 9146 type: object 9147 httpGet: 9148 description: HTTPGet specifies the http 9149 request to perform. 9150 properties: 9151 host: 9152 description: Host name to connect 9153 to, defaults to the pod IP. You 9154 probably want to set "Host" in httpHeaders 9155 instead. 9156 type: string 9157 httpHeaders: 9158 description: Custom headers to set 9159 in the request. HTTP allows repeated 9160 headers. 9161 items: 9162 description: HTTPHeader describes 9163 a custom header to be used in 9164 HTTP probes 9165 properties: 9166 name: 9167 description: The header field 9168 name. This will be canonicalized 9169 upon output, so case-variant 9170 names will be understood as 9171 the same header. 9172 type: string 9173 value: 9174 description: The header field 9175 value 9176 type: string 9177 required: 9178 - name 9179 - value 9180 type: object 9181 type: array 9182 path: 9183 description: Path to access on the 9184 HTTP server. 9185 type: string 9186 port: 9187 anyOf: 9188 - type: integer 9189 - type: string 9190 description: Name or number of the 9191 port to access on the container. 9192 Number must be in the range 1 to 9193 65535. Name must be an IANA_SVC_NAME. 9194 x-kubernetes-int-or-string: true 9195 scheme: 9196 description: Scheme to use for connecting 9197 to the host. Defaults to HTTP. 9198 type: string 9199 required: 9200 - port 9201 type: object 9202 initialDelaySeconds: 9203 description: 'Number of seconds after 9204 the container has started before liveness 9205 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9206 format: int32 9207 type: integer 9208 periodSeconds: 9209 description: How often (in seconds) to 9210 perform the probe. Default to 10 seconds. 9211 Minimum value is 1. 9212 format: int32 9213 type: integer 9214 successThreshold: 9215 description: Minimum consecutive successes 9216 for the probe to be considered successful 9217 after having failed. Defaults to 1. 9218 Must be 1 for liveness and startup. 9219 Minimum value is 1. 9220 format: int32 9221 type: integer 9222 tcpSocket: 9223 description: TCPSocket specifies an action 9224 involving a TCP port. 9225 properties: 9226 host: 9227 description: 'Optional: Host name 9228 to connect to, defaults to the pod 9229 IP.' 9230 type: string 9231 port: 9232 anyOf: 9233 - type: integer 9234 - type: string 9235 description: Number or name of the 9236 port to access on the container. 9237 Number must be in the range 1 to 9238 65535. Name must be an IANA_SVC_NAME. 9239 x-kubernetes-int-or-string: true 9240 required: 9241 - port 9242 type: object 9243 terminationGracePeriodSeconds: 9244 description: Optional duration in seconds 9245 the pod needs to terminate gracefully 9246 upon probe failure. The grace period 9247 is the duration in seconds after the 9248 processes running in the pod are sent 9249 a termination signal and the time when 9250 the processes are forcibly halted with 9251 a kill signal. Set this value longer 9252 than the expected cleanup time for your 9253 process. If this value is nil, the pod's 9254 terminationGracePeriodSeconds will be 9255 used. Otherwise, this value overrides 9256 the value provided by the pod spec. 9257 Value must be non-negative integer. 9258 The value zero indicates stop immediately 9259 via the kill signal (no opportunity 9260 to shut down). This is a beta field 9261 and requires enabling ProbeTerminationGracePeriod 9262 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9263 is used if unset. 9264 format: int64 9265 type: integer 9266 timeoutSeconds: 9267 description: 'Number of seconds after 9268 which the probe times out. Defaults 9269 to 1 second. Minimum value is 1. More 9270 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9271 format: int32 9272 type: integer 9273 type: object 9274 name: 9275 description: Name of the Sidecar specified 9276 as a DNS_LABEL. Each Sidecar in a Task must 9277 have a unique name (DNS_LABEL). Cannot be 9278 updated. 9279 type: string 9280 ports: 9281 description: List of ports to expose from 9282 the Sidecar. Exposing a port here gives 9283 the system additional information about 9284 the network connections a container uses, 9285 but is primarily informational. Not specifying 9286 a port here DOES NOT prevent that port from 9287 being exposed. Any port which is listening 9288 on the default "0.0.0.0" address inside 9289 a container will be accessible from the 9290 network. Cannot be updated. 9291 items: 9292 description: ContainerPort represents a 9293 network port in a single container. 9294 properties: 9295 containerPort: 9296 description: Number of port to expose 9297 on the pod's IP address. This must 9298 be a valid port number, 0 < x < 65536. 9299 format: int32 9300 type: integer 9301 hostIP: 9302 description: What host IP to bind the 9303 external port to. 9304 type: string 9305 hostPort: 9306 description: Number of port to expose 9307 on the host. If specified, this must 9308 be a valid port number, 0 < x < 65536. 9309 If HostNetwork is specified, this 9310 must match ContainerPort. Most containers 9311 do not need this. 9312 format: int32 9313 type: integer 9314 name: 9315 description: If specified, this must 9316 be an IANA_SVC_NAME and unique within 9317 the pod. Each named port in a pod 9318 must have a unique name. Name for 9319 the port that can be referred to by 9320 services. 9321 type: string 9322 protocol: 9323 default: TCP 9324 description: Protocol for port. Must 9325 be UDP, TCP, or SCTP. Defaults to 9326 "TCP". 9327 type: string 9328 required: 9329 - containerPort 9330 type: object 9331 type: array 9332 x-kubernetes-list-map-keys: 9333 - containerPort 9334 - protocol 9335 x-kubernetes-list-type: map 9336 readinessProbe: 9337 description: 'Periodic probe of Sidecar service 9338 readiness. Container will be removed from 9339 service endpoints if the probe fails. Cannot 9340 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9341 properties: 9342 exec: 9343 description: Exec specifies the action 9344 to take. 9345 properties: 9346 command: 9347 description: Command is the command 9348 line to execute inside the container, 9349 the working directory for the command is 9350 root ('/') in the container's filesystem. 9351 The command is simply exec'd, it 9352 is not run inside a shell, so traditional 9353 shell instructions ('|', etc) won't 9354 work. To use a shell, you need to 9355 explicitly call out to that shell. 9356 Exit status of 0 is treated as live/healthy 9357 and non-zero is unhealthy. 9358 items: 9359 type: string 9360 type: array 9361 type: object 9362 failureThreshold: 9363 description: Minimum consecutive failures 9364 for the probe to be considered failed 9365 after having succeeded. Defaults to 9366 3. Minimum value is 1. 9367 format: int32 9368 type: integer 9369 grpc: 9370 description: GRPC specifies an action 9371 involving a GRPC port. 9372 properties: 9373 port: 9374 description: Port number of the gRPC 9375 service. Number must be in the range 9376 1 to 65535. 9377 format: int32 9378 type: integer 9379 service: 9380 description: "Service is the name 9381 of the service to place in the gRPC 9382 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9383 \n If this is not specified, the 9384 default behavior is defined by gRPC." 9385 type: string 9386 required: 9387 - port 9388 type: object 9389 httpGet: 9390 description: HTTPGet specifies the http 9391 request to perform. 9392 properties: 9393 host: 9394 description: Host name to connect 9395 to, defaults to the pod IP. You 9396 probably want to set "Host" in httpHeaders 9397 instead. 9398 type: string 9399 httpHeaders: 9400 description: Custom headers to set 9401 in the request. HTTP allows repeated 9402 headers. 9403 items: 9404 description: HTTPHeader describes 9405 a custom header to be used in 9406 HTTP probes 9407 properties: 9408 name: 9409 description: The header field 9410 name. This will be canonicalized 9411 upon output, so case-variant 9412 names will be understood as 9413 the same header. 9414 type: string 9415 value: 9416 description: The header field 9417 value 9418 type: string 9419 required: 9420 - name 9421 - value 9422 type: object 9423 type: array 9424 path: 9425 description: Path to access on the 9426 HTTP server. 9427 type: string 9428 port: 9429 anyOf: 9430 - type: integer 9431 - type: string 9432 description: Name or number of the 9433 port to access on the container. 9434 Number must be in the range 1 to 9435 65535. Name must be an IANA_SVC_NAME. 9436 x-kubernetes-int-or-string: true 9437 scheme: 9438 description: Scheme to use for connecting 9439 to the host. Defaults to HTTP. 9440 type: string 9441 required: 9442 - port 9443 type: object 9444 initialDelaySeconds: 9445 description: 'Number of seconds after 9446 the container has started before liveness 9447 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9448 format: int32 9449 type: integer 9450 periodSeconds: 9451 description: How often (in seconds) to 9452 perform the probe. Default to 10 seconds. 9453 Minimum value is 1. 9454 format: int32 9455 type: integer 9456 successThreshold: 9457 description: Minimum consecutive successes 9458 for the probe to be considered successful 9459 after having failed. Defaults to 1. 9460 Must be 1 for liveness and startup. 9461 Minimum value is 1. 9462 format: int32 9463 type: integer 9464 tcpSocket: 9465 description: TCPSocket specifies an action 9466 involving a TCP port. 9467 properties: 9468 host: 9469 description: 'Optional: Host name 9470 to connect to, defaults to the pod 9471 IP.' 9472 type: string 9473 port: 9474 anyOf: 9475 - type: integer 9476 - type: string 9477 description: Number or name of the 9478 port to access on the container. 9479 Number must be in the range 1 to 9480 65535. Name must be an IANA_SVC_NAME. 9481 x-kubernetes-int-or-string: true 9482 required: 9483 - port 9484 type: object 9485 terminationGracePeriodSeconds: 9486 description: Optional duration in seconds 9487 the pod needs to terminate gracefully 9488 upon probe failure. The grace period 9489 is the duration in seconds after the 9490 processes running in the pod are sent 9491 a termination signal and the time when 9492 the processes are forcibly halted with 9493 a kill signal. Set this value longer 9494 than the expected cleanup time for your 9495 process. If this value is nil, the pod's 9496 terminationGracePeriodSeconds will be 9497 used. Otherwise, this value overrides 9498 the value provided by the pod spec. 9499 Value must be non-negative integer. 9500 The value zero indicates stop immediately 9501 via the kill signal (no opportunity 9502 to shut down). This is a beta field 9503 and requires enabling ProbeTerminationGracePeriod 9504 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9505 is used if unset. 9506 format: int64 9507 type: integer 9508 timeoutSeconds: 9509 description: 'Number of seconds after 9510 which the probe times out. Defaults 9511 to 1 second. Minimum value is 1. More 9512 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9513 format: int32 9514 type: integer 9515 type: object 9516 resources: 9517 description: 'Compute Resources required by 9518 this Sidecar. Cannot be updated. More info: 9519 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9520 properties: 9521 claims: 9522 description: "Claims lists the names of 9523 resources, defined in spec.resourceClaims, 9524 that are used by this container. \n 9525 This is an alpha field and requires 9526 enabling the DynamicResourceAllocation 9527 feature gate. \n This field is immutable. 9528 It can only be set for containers." 9529 items: 9530 description: ResourceClaim references 9531 one entry in PodSpec.ResourceClaims. 9532 properties: 9533 name: 9534 description: Name must match the 9535 name of one entry in pod.spec.resourceClaims 9536 of the Pod where this field is 9537 used. It makes that resource available 9538 inside a container. 9539 type: string 9540 required: 9541 - name 9542 type: object 9543 type: array 9544 x-kubernetes-list-map-keys: 9545 - name 9546 x-kubernetes-list-type: map 9547 limits: 9548 additionalProperties: 9549 anyOf: 9550 - type: integer 9551 - type: string 9552 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9553 x-kubernetes-int-or-string: true 9554 description: 'Limits describes the maximum 9555 amount of compute resources allowed. 9556 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9557 type: object 9558 requests: 9559 additionalProperties: 9560 anyOf: 9561 - type: integer 9562 - type: string 9563 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 9564 x-kubernetes-int-or-string: true 9565 description: 'Requests describes the minimum 9566 amount of compute resources required. 9567 If Requests is omitted for a container, 9568 it defaults to Limits if that is explicitly 9569 specified, otherwise to an implementation-defined 9570 value. Requests cannot exceed Limits. 9571 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 9572 type: object 9573 type: object 9574 script: 9575 description: "Script is the contents of an 9576 executable file to execute. \n If Script 9577 is not empty, the Step cannot have an Command 9578 or Args." 9579 type: string 9580 securityContext: 9581 description: 'SecurityContext defines the 9582 security options the Sidecar should be run 9583 with. If set, the fields of SecurityContext 9584 override the equivalent fields of PodSecurityContext. 9585 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 9586 properties: 9587 allowPrivilegeEscalation: 9588 description: 'AllowPrivilegeEscalation 9589 controls whether a process can gain 9590 more privileges than its parent process. 9591 This bool directly controls if the no_new_privs 9592 flag will be set on the container process. 9593 AllowPrivilegeEscalation is true always 9594 when the container is: 1) run as Privileged 9595 2) has CAP_SYS_ADMIN Note that this 9596 field cannot be set when spec.os.name 9597 is windows.' 9598 type: boolean 9599 capabilities: 9600 description: The capabilities to add/drop 9601 when running containers. Defaults to 9602 the default set of capabilities granted 9603 by the container runtime. Note that 9604 this field cannot be set when spec.os.name 9605 is windows. 9606 properties: 9607 add: 9608 description: Added capabilities 9609 items: 9610 description: Capability represent 9611 POSIX capabilities type 9612 type: string 9613 type: array 9614 drop: 9615 description: Removed capabilities 9616 items: 9617 description: Capability represent 9618 POSIX capabilities type 9619 type: string 9620 type: array 9621 type: object 9622 privileged: 9623 description: Run container in privileged 9624 mode. Processes in privileged containers 9625 are essentially equivalent to root on 9626 the host. Defaults to false. Note that 9627 this field cannot be set when spec.os.name 9628 is windows. 9629 type: boolean 9630 procMount: 9631 description: procMount denotes the type 9632 of proc mount to use for the containers. 9633 The default is DefaultProcMount which 9634 uses the container runtime defaults 9635 for readonly paths and masked paths. 9636 This requires the ProcMountType feature 9637 flag to be enabled. Note that this field 9638 cannot be set when spec.os.name is windows. 9639 type: string 9640 readOnlyRootFilesystem: 9641 description: Whether this container has 9642 a read-only root filesystem. Default 9643 is false. Note that this field cannot 9644 be set when spec.os.name is windows. 9645 type: boolean 9646 runAsGroup: 9647 description: The GID to run the entrypoint 9648 of the container process. Uses runtime 9649 default if unset. May also be set in 9650 PodSecurityContext. If set in both 9651 SecurityContext and PodSecurityContext, 9652 the value specified in SecurityContext 9653 takes precedence. Note that this field 9654 cannot be set when spec.os.name is windows. 9655 format: int64 9656 type: integer 9657 runAsNonRoot: 9658 description: Indicates that the container 9659 must run as a non-root user. If true, 9660 the Kubelet will validate the image 9661 at runtime to ensure that it does not 9662 run as UID 0 (root) and fail to start 9663 the container if it does. If unset or 9664 false, no such validation will be performed. 9665 May also be set in PodSecurityContext. If 9666 set in both SecurityContext and PodSecurityContext, 9667 the value specified in SecurityContext 9668 takes precedence. 9669 type: boolean 9670 runAsUser: 9671 description: The UID to run the entrypoint 9672 of the container process. Defaults to 9673 user specified in image metadata if 9674 unspecified. May also be set in PodSecurityContext. If 9675 set in both SecurityContext and PodSecurityContext, 9676 the value specified in SecurityContext 9677 takes precedence. Note that this field 9678 cannot be set when spec.os.name is windows. 9679 format: int64 9680 type: integer 9681 seLinuxOptions: 9682 description: The SELinux context to be 9683 applied to the container. If unspecified, 9684 the container runtime will allocate 9685 a random SELinux context for each container. May 9686 also be set in PodSecurityContext. If 9687 set in both SecurityContext and PodSecurityContext, 9688 the value specified in SecurityContext 9689 takes precedence. Note that this field 9690 cannot be set when spec.os.name is windows. 9691 properties: 9692 level: 9693 description: Level is SELinux level 9694 label that applies to the container. 9695 type: string 9696 role: 9697 description: Role is a SELinux role 9698 label that applies to the container. 9699 type: string 9700 type: 9701 description: Type is a SELinux type 9702 label that applies to the container. 9703 type: string 9704 user: 9705 description: User is a SELinux user 9706 label that applies to the container. 9707 type: string 9708 type: object 9709 seccompProfile: 9710 description: The seccomp options to use 9711 by this container. If seccomp options 9712 are provided at both the pod & container 9713 level, the container options override 9714 the pod options. Note that this field 9715 cannot be set when spec.os.name is windows. 9716 properties: 9717 localhostProfile: 9718 description: localhostProfile indicates 9719 a profile defined in a file on the 9720 node should be used. The profile 9721 must be preconfigured on the node 9722 to work. Must be a descending path, 9723 relative to the kubelet's configured 9724 seccomp profile location. Must be 9725 set if type is "Localhost". Must 9726 NOT be set for any other type. 9727 type: string 9728 type: 9729 description: "type indicates which 9730 kind of seccomp profile will be 9731 applied. Valid options are: \n Localhost 9732 - a profile defined in a file on 9733 the node should be used. RuntimeDefault 9734 - the container runtime default 9735 profile should be used. Unconfined 9736 - no profile should be applied." 9737 type: string 9738 required: 9739 - type 9740 type: object 9741 windowsOptions: 9742 description: The Windows specific settings 9743 applied to all containers. If unspecified, 9744 the options from the PodSecurityContext 9745 will be used. If set in both SecurityContext 9746 and PodSecurityContext, the value specified 9747 in SecurityContext takes precedence. 9748 Note that this field cannot be set when 9749 spec.os.name is linux. 9750 properties: 9751 gmsaCredentialSpec: 9752 description: GMSACredentialSpec is 9753 where the GMSA admission webhook 9754 (https://github.com/kubernetes-sigs/windows-gmsa) 9755 inlines the contents of the GMSA 9756 credential spec named by the GMSACredentialSpecName 9757 field. 9758 type: string 9759 gmsaCredentialSpecName: 9760 description: GMSACredentialSpecName 9761 is the name of the GMSA credential 9762 spec to use. 9763 type: string 9764 hostProcess: 9765 description: HostProcess determines 9766 if a container should be run as 9767 a 'Host Process' container. All 9768 of a Pod's containers must have 9769 the same effective HostProcess value 9770 (it is not allowed to have a mix 9771 of HostProcess containers and non-HostProcess 9772 containers). In addition, if HostProcess 9773 is true then HostNetwork must also 9774 be set to true. 9775 type: boolean 9776 runAsUserName: 9777 description: The UserName in Windows 9778 to run the entrypoint of the container 9779 process. Defaults to the user specified 9780 in image metadata if unspecified. 9781 May also be set in PodSecurityContext. 9782 If set in both SecurityContext and 9783 PodSecurityContext, the value specified 9784 in SecurityContext takes precedence. 9785 type: string 9786 type: object 9787 type: object 9788 startupProbe: 9789 description: 'StartupProbe indicates that 9790 the Pod the Sidecar is running in has successfully 9791 initialized. If specified, no other probes 9792 are executed until this completes successfully. 9793 If this probe fails, the Pod will be restarted, 9794 just as if the livenessProbe failed. This 9795 can be used to provide different probe parameters 9796 at the beginning of a Pod''s lifecycle, 9797 when it might take a long time to load data 9798 or warm a cache, than during steady-state 9799 operation. This cannot be updated. More 9800 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9801 properties: 9802 exec: 9803 description: Exec specifies the action 9804 to take. 9805 properties: 9806 command: 9807 description: Command is the command 9808 line to execute inside the container, 9809 the working directory for the command is 9810 root ('/') in the container's filesystem. 9811 The command is simply exec'd, it 9812 is not run inside a shell, so traditional 9813 shell instructions ('|', etc) won't 9814 work. To use a shell, you need to 9815 explicitly call out to that shell. 9816 Exit status of 0 is treated as live/healthy 9817 and non-zero is unhealthy. 9818 items: 9819 type: string 9820 type: array 9821 type: object 9822 failureThreshold: 9823 description: Minimum consecutive failures 9824 for the probe to be considered failed 9825 after having succeeded. Defaults to 9826 3. Minimum value is 1. 9827 format: int32 9828 type: integer 9829 grpc: 9830 description: GRPC specifies an action 9831 involving a GRPC port. 9832 properties: 9833 port: 9834 description: Port number of the gRPC 9835 service. Number must be in the range 9836 1 to 65535. 9837 format: int32 9838 type: integer 9839 service: 9840 description: "Service is the name 9841 of the service to place in the gRPC 9842 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 9843 \n If this is not specified, the 9844 default behavior is defined by gRPC." 9845 type: string 9846 required: 9847 - port 9848 type: object 9849 httpGet: 9850 description: HTTPGet specifies the http 9851 request to perform. 9852 properties: 9853 host: 9854 description: Host name to connect 9855 to, defaults to the pod IP. You 9856 probably want to set "Host" in httpHeaders 9857 instead. 9858 type: string 9859 httpHeaders: 9860 description: Custom headers to set 9861 in the request. HTTP allows repeated 9862 headers. 9863 items: 9864 description: HTTPHeader describes 9865 a custom header to be used in 9866 HTTP probes 9867 properties: 9868 name: 9869 description: The header field 9870 name. This will be canonicalized 9871 upon output, so case-variant 9872 names will be understood as 9873 the same header. 9874 type: string 9875 value: 9876 description: The header field 9877 value 9878 type: string 9879 required: 9880 - name 9881 - value 9882 type: object 9883 type: array 9884 path: 9885 description: Path to access on the 9886 HTTP server. 9887 type: string 9888 port: 9889 anyOf: 9890 - type: integer 9891 - type: string 9892 description: Name or number of the 9893 port to access on the container. 9894 Number must be in the range 1 to 9895 65535. Name must be an IANA_SVC_NAME. 9896 x-kubernetes-int-or-string: true 9897 scheme: 9898 description: Scheme to use for connecting 9899 to the host. Defaults to HTTP. 9900 type: string 9901 required: 9902 - port 9903 type: object 9904 initialDelaySeconds: 9905 description: 'Number of seconds after 9906 the container has started before liveness 9907 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9908 format: int32 9909 type: integer 9910 periodSeconds: 9911 description: How often (in seconds) to 9912 perform the probe. Default to 10 seconds. 9913 Minimum value is 1. 9914 format: int32 9915 type: integer 9916 successThreshold: 9917 description: Minimum consecutive successes 9918 for the probe to be considered successful 9919 after having failed. Defaults to 1. 9920 Must be 1 for liveness and startup. 9921 Minimum value is 1. 9922 format: int32 9923 type: integer 9924 tcpSocket: 9925 description: TCPSocket specifies an action 9926 involving a TCP port. 9927 properties: 9928 host: 9929 description: 'Optional: Host name 9930 to connect to, defaults to the pod 9931 IP.' 9932 type: string 9933 port: 9934 anyOf: 9935 - type: integer 9936 - type: string 9937 description: Number or name of the 9938 port to access on the container. 9939 Number must be in the range 1 to 9940 65535. Name must be an IANA_SVC_NAME. 9941 x-kubernetes-int-or-string: true 9942 required: 9943 - port 9944 type: object 9945 terminationGracePeriodSeconds: 9946 description: Optional duration in seconds 9947 the pod needs to terminate gracefully 9948 upon probe failure. The grace period 9949 is the duration in seconds after the 9950 processes running in the pod are sent 9951 a termination signal and the time when 9952 the processes are forcibly halted with 9953 a kill signal. Set this value longer 9954 than the expected cleanup time for your 9955 process. If this value is nil, the pod's 9956 terminationGracePeriodSeconds will be 9957 used. Otherwise, this value overrides 9958 the value provided by the pod spec. 9959 Value must be non-negative integer. 9960 The value zero indicates stop immediately 9961 via the kill signal (no opportunity 9962 to shut down). This is a beta field 9963 and requires enabling ProbeTerminationGracePeriod 9964 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 9965 is used if unset. 9966 format: int64 9967 type: integer 9968 timeoutSeconds: 9969 description: 'Number of seconds after 9970 which the probe times out. Defaults 9971 to 1 second. Minimum value is 1. More 9972 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 9973 format: int32 9974 type: integer 9975 type: object 9976 stdin: 9977 description: Whether this Sidecar should allocate 9978 a buffer for stdin in the container runtime. 9979 If this is not set, reads from stdin in 9980 the Sidecar will always result in EOF. Default 9981 is false. 9982 type: boolean 9983 stdinOnce: 9984 description: Whether the container runtime 9985 should close the stdin channel after it 9986 has been opened by a single attach. When 9987 stdin is true the stdin stream will remain 9988 open across multiple attach sessions. If 9989 stdinOnce is set to true, stdin is opened 9990 on Sidecar start, is empty until the first 9991 client attaches to stdin, and then remains 9992 open and accepts data until the client disconnects, 9993 at which time stdin is closed and remains 9994 closed until the Sidecar is restarted. If 9995 this flag is false, a container processes 9996 that reads from stdin will never receive 9997 an EOF. Default is false 9998 type: boolean 9999 terminationMessagePath: 10000 description: 'Optional: Path at which the 10001 file to which the Sidecar''s termination 10002 message will be written is mounted into 10003 the Sidecar''s filesystem. Message written 10004 is intended to be brief final status, such 10005 as an assertion failure message. Will be 10006 truncated by the node if greater than 4096 10007 bytes. The total message length across all 10008 containers will be limited to 12kb. Defaults 10009 to /dev/termination-log. Cannot be updated.' 10010 type: string 10011 terminationMessagePolicy: 10012 description: Indicate how the termination 10013 message should be populated. File will use 10014 the contents of terminationMessagePath to 10015 populate the Sidecar status message on both 10016 success and failure. FallbackToLogsOnError 10017 will use the last chunk of Sidecar log output 10018 if the termination message file is empty 10019 and the Sidecar exited with an error. The 10020 log output is limited to 2048 bytes or 80 10021 lines, whichever is smaller. Defaults to 10022 File. Cannot be updated. 10023 type: string 10024 tty: 10025 description: Whether this Sidecar should allocate 10026 a TTY for itself, also requires 'stdin' 10027 to be true. Default is false. 10028 type: boolean 10029 volumeDevices: 10030 description: volumeDevices is the list of 10031 block devices to be used by the Sidecar. 10032 items: 10033 description: volumeDevice describes a mapping 10034 of a raw block device within a container. 10035 properties: 10036 devicePath: 10037 description: devicePath is the path 10038 inside of the container that the device 10039 will be mapped to. 10040 type: string 10041 name: 10042 description: name must match the name 10043 of a persistentVolumeClaim in the 10044 pod 10045 type: string 10046 required: 10047 - devicePath 10048 - name 10049 type: object 10050 type: array 10051 x-kubernetes-list-type: atomic 10052 volumeMounts: 10053 description: Volumes to mount into the Sidecar's 10054 filesystem. Cannot be updated. 10055 items: 10056 description: VolumeMount describes a mounting 10057 of a Volume within a container. 10058 properties: 10059 mountPath: 10060 description: Path within the container 10061 at which the volume should be mounted. Must 10062 not contain ':'. 10063 type: string 10064 mountPropagation: 10065 description: mountPropagation determines 10066 how mounts are propagated from the 10067 host to container and the other way 10068 around. When not set, MountPropagationNone 10069 is used. This field is beta in 1.10. 10070 type: string 10071 name: 10072 description: This must match the Name 10073 of a Volume. 10074 type: string 10075 readOnly: 10076 description: Mounted read-only if true, 10077 read-write otherwise (false or unspecified). 10078 Defaults to false. 10079 type: boolean 10080 subPath: 10081 description: Path within the volume 10082 from which the container's volume 10083 should be mounted. Defaults to "" 10084 (volume's root). 10085 type: string 10086 subPathExpr: 10087 description: Expanded path within the 10088 volume from which the container's 10089 volume should be mounted. Behaves 10090 similarly to SubPath but environment 10091 variable references $(VAR_NAME) are 10092 expanded using the container's environment. 10093 Defaults to "" (volume's root). SubPathExpr 10094 and SubPath are mutually exclusive. 10095 type: string 10096 required: 10097 - mountPath 10098 - name 10099 type: object 10100 type: array 10101 x-kubernetes-list-type: atomic 10102 workingDir: 10103 description: Sidecar's working directory. 10104 If not specified, the container runtime's 10105 default will be used, which might be configured 10106 in the container image. Cannot be updated. 10107 type: string 10108 workspaces: 10109 description: "This is an alpha field. You 10110 must set the \"enable-api-fields\" feature 10111 flag to \"alpha\" for this field to be supported. 10112 \n Workspaces is a list of workspaces from 10113 the Task that this Sidecar wants exclusive 10114 access to. Adding a workspace to this list 10115 means that any other Step or Sidecar that 10116 does not also request this Workspace will 10117 not have access to it." 10118 items: 10119 description: WorkspaceUsage is used by a 10120 Step or Sidecar to declare that it wants 10121 isolated access to a Workspace defined 10122 in a Task. 10123 properties: 10124 mountPath: 10125 description: MountPath is the path that 10126 the workspace should be mounted to 10127 inside the Step or Sidecar, overriding 10128 any MountPath specified in the Task's 10129 WorkspaceDeclaration. 10130 type: string 10131 name: 10132 description: Name is the name of the 10133 workspace this Step or Sidecar wants 10134 access to. 10135 type: string 10136 required: 10137 - mountPath 10138 - name 10139 type: object 10140 type: array 10141 x-kubernetes-list-type: atomic 10142 required: 10143 - name 10144 type: object 10145 type: array 10146 x-kubernetes-list-type: atomic 10147 spec: 10148 description: Spec is a specification of a custom 10149 task 10150 type: object 10151 stepTemplate: 10152 description: StepTemplate can be used as the basis 10153 for all step containers within the Task, so that 10154 the steps inherit settings on the base container. 10155 properties: 10156 args: 10157 description: 'Arguments to the entrypoint. The 10158 image''s CMD is used if this is not provided. 10159 Variable references $(VAR_NAME) are expanded 10160 using the Step''s environment. If a variable 10161 cannot be resolved, the reference in the input 10162 string will be unchanged. Double $$ are reduced 10163 to a single $, which allows for escaping the 10164 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 10165 produce the string literal "$(VAR_NAME)". 10166 Escaped references will never be expanded, 10167 regardless of whether the variable exists 10168 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10169 items: 10170 type: string 10171 type: array 10172 x-kubernetes-list-type: atomic 10173 command: 10174 description: 'Entrypoint array. Not executed 10175 within a shell. The docker image''s ENTRYPOINT 10176 is used if this is not provided. Variable 10177 references $(VAR_NAME) are expanded using 10178 the Step''s environment. If a variable cannot 10179 be resolved, the reference in the input string 10180 will be unchanged. Double $$ are reduced to 10181 a single $, which allows for escaping the 10182 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 10183 produce the string literal "$(VAR_NAME)". 10184 Escaped references will never be expanded, 10185 regardless of whether the variable exists 10186 or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 10187 items: 10188 type: string 10189 type: array 10190 x-kubernetes-list-type: atomic 10191 env: 10192 description: List of environment variables to 10193 set in the container. Cannot be updated. 10194 items: 10195 description: EnvVar represents an environment 10196 variable present in a Container. 10197 properties: 10198 name: 10199 description: Name of the environment variable. 10200 Must be a C_IDENTIFIER. 10201 type: string 10202 value: 10203 description: 'Variable references $(VAR_NAME) 10204 are expanded using the previously defined 10205 environment variables in the container 10206 and any service environment variables. 10207 If a variable cannot be resolved, the 10208 reference in the input string will be 10209 unchanged. Double $$ are reduced to 10210 a single $, which allows for escaping 10211 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 10212 will produce the string literal "$(VAR_NAME)". 10213 Escaped references will never be expanded, 10214 regardless of whether the variable exists 10215 or not. Defaults to "".' 10216 type: string 10217 valueFrom: 10218 description: Source for the environment 10219 variable's value. Cannot be used if 10220 value is not empty. 10221 properties: 10222 configMapKeyRef: 10223 description: Selects a key of a ConfigMap. 10224 properties: 10225 key: 10226 description: The key to select. 10227 type: string 10228 name: 10229 description: 'Name of the referent. 10230 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10231 TODO: Add other useful fields. 10232 apiVersion, kind, uid?' 10233 type: string 10234 optional: 10235 description: Specify whether the 10236 ConfigMap or its key must be 10237 defined 10238 type: boolean 10239 required: 10240 - key 10241 type: object 10242 fieldRef: 10243 description: 'Selects a field of the 10244 pod: supports metadata.name, metadata.namespace, 10245 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 10246 spec.nodeName, spec.serviceAccountName, 10247 status.hostIP, status.podIP, status.podIPs.' 10248 properties: 10249 apiVersion: 10250 description: Version of the schema 10251 the FieldPath is written in 10252 terms of, defaults to "v1". 10253 type: string 10254 fieldPath: 10255 description: Path of the field 10256 to select in the specified API 10257 version. 10258 type: string 10259 required: 10260 - fieldPath 10261 type: object 10262 resourceFieldRef: 10263 description: 'Selects a resource of 10264 the container: only resources limits 10265 and requests (limits.cpu, limits.memory, 10266 limits.ephemeral-storage, requests.cpu, 10267 requests.memory and requests.ephemeral-storage) 10268 are currently supported.' 10269 properties: 10270 containerName: 10271 description: 'Container name: 10272 required for volumes, optional 10273 for env vars' 10274 type: string 10275 divisor: 10276 anyOf: 10277 - type: integer 10278 - type: string 10279 description: Specifies the output 10280 format of the exposed resources, 10281 defaults to "1" 10282 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 10283 x-kubernetes-int-or-string: true 10284 resource: 10285 description: 'Required: resource 10286 to select' 10287 type: string 10288 required: 10289 - resource 10290 type: object 10291 secretKeyRef: 10292 description: Selects a key of a secret 10293 in the pod's namespace 10294 properties: 10295 key: 10296 description: The key of the secret 10297 to select from. Must be a valid 10298 secret key. 10299 type: string 10300 name: 10301 description: 'Name of the referent. 10302 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10303 TODO: Add other useful fields. 10304 apiVersion, kind, uid?' 10305 type: string 10306 optional: 10307 description: Specify whether the 10308 Secret or its key must be defined 10309 type: boolean 10310 required: 10311 - key 10312 type: object 10313 type: object 10314 required: 10315 - name 10316 type: object 10317 type: array 10318 x-kubernetes-list-type: atomic 10319 envFrom: 10320 description: List of sources to populate environment 10321 variables in the Step. The keys defined within 10322 a source must be a C_IDENTIFIER. All invalid 10323 keys will be reported as an event when the 10324 container is starting. When a key exists in 10325 multiple sources, the value associated with 10326 the last source will take precedence. Values 10327 defined by an Env with a duplicate key will 10328 take precedence. Cannot be updated. 10329 items: 10330 description: EnvFromSource represents the 10331 source of a set of ConfigMaps 10332 properties: 10333 configMapRef: 10334 description: The ConfigMap to select from 10335 properties: 10336 name: 10337 description: 'Name of the referent. 10338 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10339 TODO: Add other useful fields. apiVersion, 10340 kind, uid?' 10341 type: string 10342 optional: 10343 description: Specify whether the ConfigMap 10344 must be defined 10345 type: boolean 10346 type: object 10347 prefix: 10348 description: An optional identifier to 10349 prepend to each key in the ConfigMap. 10350 Must be a C_IDENTIFIER. 10351 type: string 10352 secretRef: 10353 description: The Secret to select from 10354 properties: 10355 name: 10356 description: 'Name of the referent. 10357 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 10358 TODO: Add other useful fields. apiVersion, 10359 kind, uid?' 10360 type: string 10361 optional: 10362 description: Specify whether the Secret 10363 must be defined 10364 type: boolean 10365 type: object 10366 type: object 10367 type: array 10368 x-kubernetes-list-type: atomic 10369 image: 10370 description: 'Default image name to use for 10371 each Step. More info: https://kubernetes.io/docs/concepts/containers/images 10372 This field is optional to allow higher level 10373 config management to default or override container 10374 images in workload controllers like Deployments 10375 and StatefulSets.' 10376 type: string 10377 imagePullPolicy: 10378 description: 'Image pull policy. One of Always, 10379 Never, IfNotPresent. Defaults to Always if 10380 :latest tag is specified, or IfNotPresent 10381 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 10382 type: string 10383 lifecycle: 10384 description: Deprecated. This field will be 10385 removed in a future release. Actions that 10386 the management system should take in response 10387 to container lifecycle events. Cannot be updated. 10388 properties: 10389 postStart: 10390 description: 'PostStart is called immediately 10391 after a container is created. If the handler 10392 fails, the container is terminated and 10393 restarted according to its restart policy. 10394 Other management of the container blocks 10395 until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10396 properties: 10397 exec: 10398 description: Exec specifies the action 10399 to take. 10400 properties: 10401 command: 10402 description: Command is the command 10403 line to execute inside the container, 10404 the working directory for the 10405 command is root ('/') in the 10406 container's filesystem. The command 10407 is simply exec'd, it is not run 10408 inside a shell, so traditional 10409 shell instructions ('|', etc) 10410 won't work. To use a shell, you 10411 need to explicitly call out to 10412 that shell. Exit status of 0 is 10413 treated as live/healthy and non-zero 10414 is unhealthy. 10415 items: 10416 type: string 10417 type: array 10418 type: object 10419 httpGet: 10420 description: HTTPGet specifies the http 10421 request to perform. 10422 properties: 10423 host: 10424 description: Host name to connect 10425 to, defaults to the pod IP. You 10426 probably want to set "Host" in 10427 httpHeaders instead. 10428 type: string 10429 httpHeaders: 10430 description: Custom headers to set 10431 in the request. HTTP allows repeated 10432 headers. 10433 items: 10434 description: HTTPHeader describes 10435 a custom header to be used in 10436 HTTP probes 10437 properties: 10438 name: 10439 description: The header field 10440 name. This will be canonicalized 10441 upon output, so case-variant 10442 names will be understood 10443 as the same header. 10444 type: string 10445 value: 10446 description: The header field 10447 value 10448 type: string 10449 required: 10450 - name 10451 - value 10452 type: object 10453 type: array 10454 path: 10455 description: Path to access on the 10456 HTTP server. 10457 type: string 10458 port: 10459 anyOf: 10460 - type: integer 10461 - type: string 10462 description: Name or number of the 10463 port to access on the container. 10464 Number must be in the range 1 10465 to 65535. Name must be an IANA_SVC_NAME. 10466 x-kubernetes-int-or-string: true 10467 scheme: 10468 description: Scheme to use for connecting 10469 to the host. Defaults to HTTP. 10470 type: string 10471 required: 10472 - port 10473 type: object 10474 tcpSocket: 10475 description: Deprecated. TCPSocket is 10476 NOT supported as a LifecycleHandler 10477 and kept for the backward compatibility. 10478 There are no validation of this field 10479 and lifecycle hooks will fail in runtime 10480 when tcp handler is specified. 10481 properties: 10482 host: 10483 description: 'Optional: Host name 10484 to connect to, defaults to the 10485 pod IP.' 10486 type: string 10487 port: 10488 anyOf: 10489 - type: integer 10490 - type: string 10491 description: Number or name of the 10492 port to access on the container. 10493 Number must be in the range 1 10494 to 65535. Name must be an IANA_SVC_NAME. 10495 x-kubernetes-int-or-string: true 10496 required: 10497 - port 10498 type: object 10499 type: object 10500 preStop: 10501 description: 'PreStop is called immediately 10502 before a container is terminated due to 10503 an API request or management event such 10504 as liveness/startup probe failure, preemption, 10505 resource contention, etc. The handler 10506 is not called if the container crashes 10507 or exits. The Pod''s termination grace 10508 period countdown begins before the PreStop 10509 hook is executed. Regardless of the outcome 10510 of the handler, the container will eventually 10511 terminate within the Pod''s termination 10512 grace period (unless delayed by finalizers). 10513 Other management of the container blocks 10514 until the hook completes or until the 10515 termination grace period is reached. More 10516 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 10517 properties: 10518 exec: 10519 description: Exec specifies the action 10520 to take. 10521 properties: 10522 command: 10523 description: Command is the command 10524 line to execute inside the container, 10525 the working directory for the 10526 command is root ('/') in the 10527 container's filesystem. The command 10528 is simply exec'd, it is not run 10529 inside a shell, so traditional 10530 shell instructions ('|', etc) 10531 won't work. To use a shell, you 10532 need to explicitly call out to 10533 that shell. Exit status of 0 is 10534 treated as live/healthy and non-zero 10535 is unhealthy. 10536 items: 10537 type: string 10538 type: array 10539 type: object 10540 httpGet: 10541 description: HTTPGet specifies the http 10542 request to perform. 10543 properties: 10544 host: 10545 description: Host name to connect 10546 to, defaults to the pod IP. You 10547 probably want to set "Host" in 10548 httpHeaders instead. 10549 type: string 10550 httpHeaders: 10551 description: Custom headers to set 10552 in the request. HTTP allows repeated 10553 headers. 10554 items: 10555 description: HTTPHeader describes 10556 a custom header to be used in 10557 HTTP probes 10558 properties: 10559 name: 10560 description: The header field 10561 name. This will be canonicalized 10562 upon output, so case-variant 10563 names will be understood 10564 as the same header. 10565 type: string 10566 value: 10567 description: The header field 10568 value 10569 type: string 10570 required: 10571 - name 10572 - value 10573 type: object 10574 type: array 10575 path: 10576 description: Path to access on the 10577 HTTP server. 10578 type: string 10579 port: 10580 anyOf: 10581 - type: integer 10582 - type: string 10583 description: Name or number of the 10584 port to access on the container. 10585 Number must be in the range 1 10586 to 65535. Name must be an IANA_SVC_NAME. 10587 x-kubernetes-int-or-string: true 10588 scheme: 10589 description: Scheme to use for connecting 10590 to the host. Defaults to HTTP. 10591 type: string 10592 required: 10593 - port 10594 type: object 10595 tcpSocket: 10596 description: Deprecated. TCPSocket is 10597 NOT supported as a LifecycleHandler 10598 and kept for the backward compatibility. 10599 There are no validation of this field 10600 and lifecycle hooks will fail in runtime 10601 when tcp handler is specified. 10602 properties: 10603 host: 10604 description: 'Optional: Host name 10605 to connect to, defaults to the 10606 pod IP.' 10607 type: string 10608 port: 10609 anyOf: 10610 - type: integer 10611 - type: string 10612 description: Number or name of the 10613 port to access on the container. 10614 Number must be in the range 1 10615 to 65535. Name must be an IANA_SVC_NAME. 10616 x-kubernetes-int-or-string: true 10617 required: 10618 - port 10619 type: object 10620 type: object 10621 type: object 10622 livenessProbe: 10623 description: 'Deprecated. This field will be 10624 removed in a future release. Periodic probe 10625 of container liveness. Container will be restarted 10626 if the probe fails. Cannot be updated. More 10627 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10628 properties: 10629 exec: 10630 description: Exec specifies the action to 10631 take. 10632 properties: 10633 command: 10634 description: Command is the command 10635 line to execute inside the container, 10636 the working directory for the command is 10637 root ('/') in the container's filesystem. 10638 The command is simply exec'd, it is 10639 not run inside a shell, so traditional 10640 shell instructions ('|', etc) won't 10641 work. To use a shell, you need to 10642 explicitly call out to that shell. 10643 Exit status of 0 is treated as live/healthy 10644 and non-zero is unhealthy. 10645 items: 10646 type: string 10647 type: array 10648 type: object 10649 failureThreshold: 10650 description: Minimum consecutive failures 10651 for the probe to be considered failed 10652 after having succeeded. Defaults to 3. 10653 Minimum value is 1. 10654 format: int32 10655 type: integer 10656 grpc: 10657 description: GRPC specifies an action involving 10658 a GRPC port. 10659 properties: 10660 port: 10661 description: Port number of the gRPC 10662 service. Number must be in the range 10663 1 to 65535. 10664 format: int32 10665 type: integer 10666 service: 10667 description: "Service is the name of 10668 the service to place in the gRPC HealthCheckRequest 10669 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10670 \n If this is not specified, the default 10671 behavior is defined by gRPC." 10672 type: string 10673 required: 10674 - port 10675 type: object 10676 httpGet: 10677 description: HTTPGet specifies the http 10678 request to perform. 10679 properties: 10680 host: 10681 description: Host name to connect to, 10682 defaults to the pod IP. You probably 10683 want to set "Host" in httpHeaders 10684 instead. 10685 type: string 10686 httpHeaders: 10687 description: Custom headers to set in 10688 the request. HTTP allows repeated 10689 headers. 10690 items: 10691 description: HTTPHeader describes 10692 a custom header to be used in HTTP 10693 probes 10694 properties: 10695 name: 10696 description: The header field 10697 name. This will be canonicalized 10698 upon output, so case-variant 10699 names will be understood as 10700 the same header. 10701 type: string 10702 value: 10703 description: The header field 10704 value 10705 type: string 10706 required: 10707 - name 10708 - value 10709 type: object 10710 type: array 10711 path: 10712 description: Path to access on the HTTP 10713 server. 10714 type: string 10715 port: 10716 anyOf: 10717 - type: integer 10718 - type: string 10719 description: Name or number of the port 10720 to access on the container. Number 10721 must be in the range 1 to 65535. Name 10722 must be an IANA_SVC_NAME. 10723 x-kubernetes-int-or-string: true 10724 scheme: 10725 description: Scheme to use for connecting 10726 to the host. Defaults to HTTP. 10727 type: string 10728 required: 10729 - port 10730 type: object 10731 initialDelaySeconds: 10732 description: 'Number of seconds after the 10733 container has started before liveness 10734 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10735 format: int32 10736 type: integer 10737 periodSeconds: 10738 description: How often (in seconds) to perform 10739 the probe. Default to 10 seconds. Minimum 10740 value is 1. 10741 format: int32 10742 type: integer 10743 successThreshold: 10744 description: Minimum consecutive successes 10745 for the probe to be considered successful 10746 after having failed. Defaults to 1. Must 10747 be 1 for liveness and startup. Minimum 10748 value is 1. 10749 format: int32 10750 type: integer 10751 tcpSocket: 10752 description: TCPSocket specifies an action 10753 involving a TCP port. 10754 properties: 10755 host: 10756 description: 'Optional: Host name to 10757 connect to, defaults to the pod IP.' 10758 type: string 10759 port: 10760 anyOf: 10761 - type: integer 10762 - type: string 10763 description: Number or name of the port 10764 to access on the container. Number 10765 must be in the range 1 to 65535. Name 10766 must be an IANA_SVC_NAME. 10767 x-kubernetes-int-or-string: true 10768 required: 10769 - port 10770 type: object 10771 terminationGracePeriodSeconds: 10772 description: Optional duration in seconds 10773 the pod needs to terminate gracefully 10774 upon probe failure. The grace period is 10775 the duration in seconds after the processes 10776 running in the pod are sent a termination 10777 signal and the time when the processes 10778 are forcibly halted with a kill signal. 10779 Set this value longer than the expected 10780 cleanup time for your process. If this 10781 value is nil, the pod's terminationGracePeriodSeconds 10782 will be used. Otherwise, this value overrides 10783 the value provided by the pod spec. Value 10784 must be non-negative integer. The value 10785 zero indicates stop immediately via the 10786 kill signal (no opportunity to shut down). 10787 This is a beta field and requires enabling 10788 ProbeTerminationGracePeriod feature gate. 10789 Minimum value is 1. spec.terminationGracePeriodSeconds 10790 is used if unset. 10791 format: int64 10792 type: integer 10793 timeoutSeconds: 10794 description: 'Number of seconds after which 10795 the probe times out. Defaults to 1 second. 10796 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10797 format: int32 10798 type: integer 10799 type: object 10800 name: 10801 description: Deprecated. This field will be 10802 removed in a future release. Default name 10803 for each Step specified as a DNS_LABEL. Each 10804 Step in a Task must have a unique name. Cannot 10805 be updated. 10806 type: string 10807 ports: 10808 description: Deprecated. This field will be 10809 removed in a future release. List of ports 10810 to expose from the Step's container. Exposing 10811 a port here gives the system additional information 10812 about the network connections a container 10813 uses, but is primarily informational. Not 10814 specifying a port here DOES NOT prevent that 10815 port from being exposed. Any port which is 10816 listening on the default "0.0.0.0" address 10817 inside a container will be accessible from 10818 the network. Cannot be updated. 10819 items: 10820 description: ContainerPort represents a network 10821 port in a single container. 10822 properties: 10823 containerPort: 10824 description: Number of port to expose 10825 on the pod's IP address. This must be 10826 a valid port number, 0 < x < 65536. 10827 format: int32 10828 type: integer 10829 hostIP: 10830 description: What host IP to bind the 10831 external port to. 10832 type: string 10833 hostPort: 10834 description: Number of port to expose 10835 on the host. If specified, this must 10836 be a valid port number, 0 < x < 65536. 10837 If HostNetwork is specified, this must 10838 match ContainerPort. Most containers 10839 do not need this. 10840 format: int32 10841 type: integer 10842 name: 10843 description: If specified, this must be 10844 an IANA_SVC_NAME and unique within the 10845 pod. Each named port in a pod must have 10846 a unique name. Name for the port that 10847 can be referred to by services. 10848 type: string 10849 protocol: 10850 default: TCP 10851 description: Protocol for port. Must be 10852 UDP, TCP, or SCTP. Defaults to "TCP". 10853 type: string 10854 required: 10855 - containerPort 10856 type: object 10857 type: array 10858 x-kubernetes-list-map-keys: 10859 - containerPort 10860 - protocol 10861 x-kubernetes-list-type: map 10862 readinessProbe: 10863 description: 'Deprecated. This field will be 10864 removed in a future release. Periodic probe 10865 of container service readiness. Container 10866 will be removed from service endpoints if 10867 the probe fails. Cannot be updated. More info: 10868 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10869 properties: 10870 exec: 10871 description: Exec specifies the action to 10872 take. 10873 properties: 10874 command: 10875 description: Command is the command 10876 line to execute inside the container, 10877 the working directory for the command is 10878 root ('/') in the container's filesystem. 10879 The command is simply exec'd, it is 10880 not run inside a shell, so traditional 10881 shell instructions ('|', etc) won't 10882 work. To use a shell, you need to 10883 explicitly call out to that shell. 10884 Exit status of 0 is treated as live/healthy 10885 and non-zero is unhealthy. 10886 items: 10887 type: string 10888 type: array 10889 type: object 10890 failureThreshold: 10891 description: Minimum consecutive failures 10892 for the probe to be considered failed 10893 after having succeeded. Defaults to 3. 10894 Minimum value is 1. 10895 format: int32 10896 type: integer 10897 grpc: 10898 description: GRPC specifies an action involving 10899 a GRPC port. 10900 properties: 10901 port: 10902 description: Port number of the gRPC 10903 service. Number must be in the range 10904 1 to 65535. 10905 format: int32 10906 type: integer 10907 service: 10908 description: "Service is the name of 10909 the service to place in the gRPC HealthCheckRequest 10910 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 10911 \n If this is not specified, the default 10912 behavior is defined by gRPC." 10913 type: string 10914 required: 10915 - port 10916 type: object 10917 httpGet: 10918 description: HTTPGet specifies the http 10919 request to perform. 10920 properties: 10921 host: 10922 description: Host name to connect to, 10923 defaults to the pod IP. You probably 10924 want to set "Host" in httpHeaders 10925 instead. 10926 type: string 10927 httpHeaders: 10928 description: Custom headers to set in 10929 the request. HTTP allows repeated 10930 headers. 10931 items: 10932 description: HTTPHeader describes 10933 a custom header to be used in HTTP 10934 probes 10935 properties: 10936 name: 10937 description: The header field 10938 name. This will be canonicalized 10939 upon output, so case-variant 10940 names will be understood as 10941 the same header. 10942 type: string 10943 value: 10944 description: The header field 10945 value 10946 type: string 10947 required: 10948 - name 10949 - value 10950 type: object 10951 type: array 10952 path: 10953 description: Path to access on the HTTP 10954 server. 10955 type: string 10956 port: 10957 anyOf: 10958 - type: integer 10959 - type: string 10960 description: Name or number of the port 10961 to access on the container. Number 10962 must be in the range 1 to 65535. Name 10963 must be an IANA_SVC_NAME. 10964 x-kubernetes-int-or-string: true 10965 scheme: 10966 description: Scheme to use for connecting 10967 to the host. Defaults to HTTP. 10968 type: string 10969 required: 10970 - port 10971 type: object 10972 initialDelaySeconds: 10973 description: 'Number of seconds after the 10974 container has started before liveness 10975 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 10976 format: int32 10977 type: integer 10978 periodSeconds: 10979 description: How often (in seconds) to perform 10980 the probe. Default to 10 seconds. Minimum 10981 value is 1. 10982 format: int32 10983 type: integer 10984 successThreshold: 10985 description: Minimum consecutive successes 10986 for the probe to be considered successful 10987 after having failed. Defaults to 1. Must 10988 be 1 for liveness and startup. Minimum 10989 value is 1. 10990 format: int32 10991 type: integer 10992 tcpSocket: 10993 description: TCPSocket specifies an action 10994 involving a TCP port. 10995 properties: 10996 host: 10997 description: 'Optional: Host name to 10998 connect to, defaults to the pod IP.' 10999 type: string 11000 port: 11001 anyOf: 11002 - type: integer 11003 - type: string 11004 description: Number or name of the port 11005 to access on the container. Number 11006 must be in the range 1 to 65535. Name 11007 must be an IANA_SVC_NAME. 11008 x-kubernetes-int-or-string: true 11009 required: 11010 - port 11011 type: object 11012 terminationGracePeriodSeconds: 11013 description: Optional duration in seconds 11014 the pod needs to terminate gracefully 11015 upon probe failure. The grace period is 11016 the duration in seconds after the processes 11017 running in the pod are sent a termination 11018 signal and the time when the processes 11019 are forcibly halted with a kill signal. 11020 Set this value longer than the expected 11021 cleanup time for your process. If this 11022 value is nil, the pod's terminationGracePeriodSeconds 11023 will be used. Otherwise, this value overrides 11024 the value provided by the pod spec. Value 11025 must be non-negative integer. The value 11026 zero indicates stop immediately via the 11027 kill signal (no opportunity to shut down). 11028 This is a beta field and requires enabling 11029 ProbeTerminationGracePeriod feature gate. 11030 Minimum value is 1. spec.terminationGracePeriodSeconds 11031 is used if unset. 11032 format: int64 11033 type: integer 11034 timeoutSeconds: 11035 description: 'Number of seconds after which 11036 the probe times out. Defaults to 1 second. 11037 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11038 format: int32 11039 type: integer 11040 type: object 11041 resources: 11042 description: 'Compute Resources required by 11043 this Step. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11044 properties: 11045 claims: 11046 description: "Claims lists the names of 11047 resources, defined in spec.resourceClaims, 11048 that are used by this container. \n This 11049 is an alpha field and requires enabling 11050 the DynamicResourceAllocation feature 11051 gate. \n This field is immutable. It can 11052 only be set for containers." 11053 items: 11054 description: ResourceClaim references 11055 one entry in PodSpec.ResourceClaims. 11056 properties: 11057 name: 11058 description: Name must match the name 11059 of one entry in pod.spec.resourceClaims 11060 of the Pod where this field is used. 11061 It makes that resource available 11062 inside a container. 11063 type: string 11064 required: 11065 - name 11066 type: object 11067 type: array 11068 x-kubernetes-list-map-keys: 11069 - name 11070 x-kubernetes-list-type: map 11071 limits: 11072 additionalProperties: 11073 anyOf: 11074 - type: integer 11075 - type: string 11076 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11077 x-kubernetes-int-or-string: true 11078 description: 'Limits describes the maximum 11079 amount of compute resources allowed. More 11080 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11081 type: object 11082 requests: 11083 additionalProperties: 11084 anyOf: 11085 - type: integer 11086 - type: string 11087 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11088 x-kubernetes-int-or-string: true 11089 description: 'Requests describes the minimum 11090 amount of compute resources required. 11091 If Requests is omitted for a container, 11092 it defaults to Limits if that is explicitly 11093 specified, otherwise to an implementation-defined 11094 value. Requests cannot exceed Limits. 11095 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 11096 type: object 11097 type: object 11098 securityContext: 11099 description: 'SecurityContext defines the security 11100 options the Step should be run with. If set, 11101 the fields of SecurityContext override the 11102 equivalent fields of PodSecurityContext. More 11103 info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 11104 properties: 11105 allowPrivilegeEscalation: 11106 description: 'AllowPrivilegeEscalation controls 11107 whether a process can gain more privileges 11108 than its parent process. This bool directly 11109 controls if the no_new_privs flag will 11110 be set on the container process. AllowPrivilegeEscalation 11111 is true always when the container is: 11112 1) run as Privileged 2) has CAP_SYS_ADMIN 11113 Note that this field cannot be set when 11114 spec.os.name is windows.' 11115 type: boolean 11116 capabilities: 11117 description: The capabilities to add/drop 11118 when running containers. Defaults to the 11119 default set of capabilities granted by 11120 the container runtime. Note that this 11121 field cannot be set when spec.os.name 11122 is windows. 11123 properties: 11124 add: 11125 description: Added capabilities 11126 items: 11127 description: Capability represent 11128 POSIX capabilities type 11129 type: string 11130 type: array 11131 drop: 11132 description: Removed capabilities 11133 items: 11134 description: Capability represent 11135 POSIX capabilities type 11136 type: string 11137 type: array 11138 type: object 11139 privileged: 11140 description: Run container in privileged 11141 mode. Processes in privileged containers 11142 are essentially equivalent to root on 11143 the host. Defaults to false. Note that 11144 this field cannot be set when spec.os.name 11145 is windows. 11146 type: boolean 11147 procMount: 11148 description: procMount denotes the type 11149 of proc mount to use for the containers. 11150 The default is DefaultProcMount which 11151 uses the container runtime defaults for 11152 readonly paths and masked paths. This 11153 requires the ProcMountType feature flag 11154 to be enabled. Note that this field cannot 11155 be set when spec.os.name is windows. 11156 type: string 11157 readOnlyRootFilesystem: 11158 description: Whether this container has 11159 a read-only root filesystem. Default is 11160 false. Note that this field cannot be 11161 set when spec.os.name is windows. 11162 type: boolean 11163 runAsGroup: 11164 description: The GID to run the entrypoint 11165 of the container process. Uses runtime 11166 default if unset. May also be set in PodSecurityContext. If 11167 set in both SecurityContext and PodSecurityContext, 11168 the value specified in SecurityContext 11169 takes precedence. Note that this field 11170 cannot be set when spec.os.name is windows. 11171 format: int64 11172 type: integer 11173 runAsNonRoot: 11174 description: Indicates that the container 11175 must run as a non-root user. If true, 11176 the Kubelet will validate the image at 11177 runtime to ensure that it does not run 11178 as UID 0 (root) and fail to start the 11179 container if it does. If unset or false, 11180 no such validation will be performed. 11181 May also be set in PodSecurityContext. If 11182 set in both SecurityContext and PodSecurityContext, 11183 the value specified in SecurityContext 11184 takes precedence. 11185 type: boolean 11186 runAsUser: 11187 description: The UID to run the entrypoint 11188 of the container process. Defaults to 11189 user specified in image metadata if unspecified. 11190 May also be set in PodSecurityContext. If 11191 set in both SecurityContext and PodSecurityContext, 11192 the value specified in SecurityContext 11193 takes precedence. Note that this field 11194 cannot be set when spec.os.name is windows. 11195 format: int64 11196 type: integer 11197 seLinuxOptions: 11198 description: The SELinux context to be applied 11199 to the container. If unspecified, the 11200 container runtime will allocate a random 11201 SELinux context for each container. May 11202 also be set in PodSecurityContext. If 11203 set in both SecurityContext and PodSecurityContext, 11204 the value specified in SecurityContext 11205 takes precedence. Note that this field 11206 cannot be set when spec.os.name is windows. 11207 properties: 11208 level: 11209 description: Level is SELinux level 11210 label that applies to the container. 11211 type: string 11212 role: 11213 description: Role is a SELinux role 11214 label that applies to the container. 11215 type: string 11216 type: 11217 description: Type is a SELinux type 11218 label that applies to the container. 11219 type: string 11220 user: 11221 description: User is a SELinux user 11222 label that applies to the container. 11223 type: string 11224 type: object 11225 seccompProfile: 11226 description: The seccomp options to use 11227 by this container. If seccomp options 11228 are provided at both the pod & container 11229 level, the container options override 11230 the pod options. Note that this field 11231 cannot be set when spec.os.name is windows. 11232 properties: 11233 localhostProfile: 11234 description: localhostProfile indicates 11235 a profile defined in a file on the 11236 node should be used. The profile must 11237 be preconfigured on the node to work. 11238 Must be a descending path, relative 11239 to the kubelet's configured seccomp 11240 profile location. Must be set if type 11241 is "Localhost". Must NOT be set for 11242 any other type. 11243 type: string 11244 type: 11245 description: "type indicates which kind 11246 of seccomp profile will be applied. 11247 Valid options are: \n Localhost - 11248 a profile defined in a file on the 11249 node should be used. RuntimeDefault 11250 - the container runtime default profile 11251 should be used. Unconfined - no profile 11252 should be applied." 11253 type: string 11254 required: 11255 - type 11256 type: object 11257 windowsOptions: 11258 description: The Windows specific settings 11259 applied to all containers. If unspecified, 11260 the options from the PodSecurityContext 11261 will be used. If set in both SecurityContext 11262 and PodSecurityContext, the value specified 11263 in SecurityContext takes precedence. Note 11264 that this field cannot be set when spec.os.name 11265 is linux. 11266 properties: 11267 gmsaCredentialSpec: 11268 description: GMSACredentialSpec is where 11269 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 11270 inlines the contents of the GMSA credential 11271 spec named by the GMSACredentialSpecName 11272 field. 11273 type: string 11274 gmsaCredentialSpecName: 11275 description: GMSACredentialSpecName 11276 is the name of the GMSA credential 11277 spec to use. 11278 type: string 11279 hostProcess: 11280 description: HostProcess determines 11281 if a container should be run as a 11282 'Host Process' container. All of a 11283 Pod's containers must have the same 11284 effective HostProcess value (it is 11285 not allowed to have a mix of HostProcess 11286 containers and non-HostProcess containers). 11287 In addition, if HostProcess is true 11288 then HostNetwork must also be set 11289 to true. 11290 type: boolean 11291 runAsUserName: 11292 description: The UserName in Windows 11293 to run the entrypoint of the container 11294 process. Defaults to the user specified 11295 in image metadata if unspecified. 11296 May also be set in PodSecurityContext. 11297 If set in both SecurityContext and 11298 PodSecurityContext, the value specified 11299 in SecurityContext takes precedence. 11300 type: string 11301 type: object 11302 type: object 11303 startupProbe: 11304 description: 'Deprecated. This field will be 11305 removed in a future release. DeprecatedStartupProbe 11306 indicates that the Pod has successfully initialized. 11307 If specified, no other probes are executed 11308 until this completes successfully. If this 11309 probe fails, the Pod will be restarted, just 11310 as if the livenessProbe failed. This can be 11311 used to provide different probe parameters 11312 at the beginning of a Pod''s lifecycle, when 11313 it might take a long time to load data or 11314 warm a cache, than during steady-state operation. 11315 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11316 properties: 11317 exec: 11318 description: Exec specifies the action to 11319 take. 11320 properties: 11321 command: 11322 description: Command is the command 11323 line to execute inside the container, 11324 the working directory for the command is 11325 root ('/') in the container's filesystem. 11326 The command is simply exec'd, it is 11327 not run inside a shell, so traditional 11328 shell instructions ('|', etc) won't 11329 work. To use a shell, you need to 11330 explicitly call out to that shell. 11331 Exit status of 0 is treated as live/healthy 11332 and non-zero is unhealthy. 11333 items: 11334 type: string 11335 type: array 11336 type: object 11337 failureThreshold: 11338 description: Minimum consecutive failures 11339 for the probe to be considered failed 11340 after having succeeded. Defaults to 3. 11341 Minimum value is 1. 11342 format: int32 11343 type: integer 11344 grpc: 11345 description: GRPC specifies an action involving 11346 a GRPC port. 11347 properties: 11348 port: 11349 description: Port number of the gRPC 11350 service. Number must be in the range 11351 1 to 65535. 11352 format: int32 11353 type: integer 11354 service: 11355 description: "Service is the name of 11356 the service to place in the gRPC HealthCheckRequest 11357 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 11358 \n If this is not specified, the default 11359 behavior is defined by gRPC." 11360 type: string 11361 required: 11362 - port 11363 type: object 11364 httpGet: 11365 description: HTTPGet specifies the http 11366 request to perform. 11367 properties: 11368 host: 11369 description: Host name to connect to, 11370 defaults to the pod IP. You probably 11371 want to set "Host" in httpHeaders 11372 instead. 11373 type: string 11374 httpHeaders: 11375 description: Custom headers to set in 11376 the request. HTTP allows repeated 11377 headers. 11378 items: 11379 description: HTTPHeader describes 11380 a custom header to be used in HTTP 11381 probes 11382 properties: 11383 name: 11384 description: The header field 11385 name. This will be canonicalized 11386 upon output, so case-variant 11387 names will be understood as 11388 the same header. 11389 type: string 11390 value: 11391 description: The header field 11392 value 11393 type: string 11394 required: 11395 - name 11396 - value 11397 type: object 11398 type: array 11399 path: 11400 description: Path to access on the HTTP 11401 server. 11402 type: string 11403 port: 11404 anyOf: 11405 - type: integer 11406 - type: string 11407 description: Name or number of the port 11408 to access on the container. Number 11409 must be in the range 1 to 65535. Name 11410 must be an IANA_SVC_NAME. 11411 x-kubernetes-int-or-string: true 11412 scheme: 11413 description: Scheme to use for connecting 11414 to the host. Defaults to HTTP. 11415 type: string 11416 required: 11417 - port 11418 type: object 11419 initialDelaySeconds: 11420 description: 'Number of seconds after the 11421 container has started before liveness 11422 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11423 format: int32 11424 type: integer 11425 periodSeconds: 11426 description: How often (in seconds) to perform 11427 the probe. Default to 10 seconds. Minimum 11428 value is 1. 11429 format: int32 11430 type: integer 11431 successThreshold: 11432 description: Minimum consecutive successes 11433 for the probe to be considered successful 11434 after having failed. Defaults to 1. Must 11435 be 1 for liveness and startup. Minimum 11436 value is 1. 11437 format: int32 11438 type: integer 11439 tcpSocket: 11440 description: TCPSocket specifies an action 11441 involving a TCP port. 11442 properties: 11443 host: 11444 description: 'Optional: Host name to 11445 connect to, defaults to the pod IP.' 11446 type: string 11447 port: 11448 anyOf: 11449 - type: integer 11450 - type: string 11451 description: Number or name of the port 11452 to access on the container. Number 11453 must be in the range 1 to 65535. Name 11454 must be an IANA_SVC_NAME. 11455 x-kubernetes-int-or-string: true 11456 required: 11457 - port 11458 type: object 11459 terminationGracePeriodSeconds: 11460 description: Optional duration in seconds 11461 the pod needs to terminate gracefully 11462 upon probe failure. The grace period is 11463 the duration in seconds after the processes 11464 running in the pod are sent a termination 11465 signal and the time when the processes 11466 are forcibly halted with a kill signal. 11467 Set this value longer than the expected 11468 cleanup time for your process. If this 11469 value is nil, the pod's terminationGracePeriodSeconds 11470 will be used. Otherwise, this value overrides 11471 the value provided by the pod spec. Value 11472 must be non-negative integer. The value 11473 zero indicates stop immediately via the 11474 kill signal (no opportunity to shut down). 11475 This is a beta field and requires enabling 11476 ProbeTerminationGracePeriod feature gate. 11477 Minimum value is 1. spec.terminationGracePeriodSeconds 11478 is used if unset. 11479 format: int64 11480 type: integer 11481 timeoutSeconds: 11482 description: 'Number of seconds after which 11483 the probe times out. Defaults to 1 second. 11484 Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 11485 format: int32 11486 type: integer 11487 type: object 11488 stdin: 11489 description: Deprecated. This field will be 11490 removed in a future release. Whether this 11491 Step should allocate a buffer for stdin in 11492 the container runtime. If this is not set, 11493 reads from stdin in the Step will always result 11494 in EOF. Default is false. 11495 type: boolean 11496 stdinOnce: 11497 description: Deprecated. This field will be 11498 removed in a future release. Whether the container 11499 runtime should close the stdin channel after 11500 it has been opened by a single attach. When 11501 stdin is true the stdin stream will remain 11502 open across multiple attach sessions. If stdinOnce 11503 is set to true, stdin is opened on container 11504 start, is empty until the first client attaches 11505 to stdin, and then remains open and accepts 11506 data until the client disconnects, at which 11507 time stdin is closed and remains closed until 11508 the container is restarted. If this flag is 11509 false, a container processes that reads from 11510 stdin will never receive an EOF. Default is 11511 false 11512 type: boolean 11513 terminationMessagePath: 11514 description: Deprecated. This field will be 11515 removed in a future release and cannot be 11516 meaningfully used. 11517 type: string 11518 terminationMessagePolicy: 11519 description: Deprecated. This field will be 11520 removed in a future release and cannot be 11521 meaningfully used. 11522 type: string 11523 tty: 11524 description: Deprecated. This field will be 11525 removed in a future release. Whether this 11526 Step should allocate a DeprecatedTTY for itself, 11527 also requires 'stdin' to be true. Default 11528 is false. 11529 type: boolean 11530 volumeDevices: 11531 description: volumeDevices is the list of block 11532 devices to be used by the Step. 11533 items: 11534 description: volumeDevice describes a mapping 11535 of a raw block device within a container. 11536 properties: 11537 devicePath: 11538 description: devicePath is the path inside 11539 of the container that the device will 11540 be mapped to. 11541 type: string 11542 name: 11543 description: name must match the name 11544 of a persistentVolumeClaim in the pod 11545 type: string 11546 required: 11547 - devicePath 11548 - name 11549 type: object 11550 type: array 11551 x-kubernetes-list-type: atomic 11552 volumeMounts: 11553 description: Volumes to mount into the Step's 11554 filesystem. Cannot be updated. 11555 items: 11556 description: VolumeMount describes a mounting 11557 of a Volume within a container. 11558 properties: 11559 mountPath: 11560 description: Path within the container 11561 at which the volume should be mounted. Must 11562 not contain ':'. 11563 type: string 11564 mountPropagation: 11565 description: mountPropagation determines 11566 how mounts are propagated from the host 11567 to container and the other way around. 11568 When not set, MountPropagationNone is 11569 used. This field is beta in 1.10. 11570 type: string 11571 name: 11572 description: This must match the Name 11573 of a Volume. 11574 type: string 11575 readOnly: 11576 description: Mounted read-only if true, 11577 read-write otherwise (false or unspecified). 11578 Defaults to false. 11579 type: boolean 11580 subPath: 11581 description: Path within the volume from 11582 which the container's volume should 11583 be mounted. Defaults to "" (volume's 11584 root). 11585 type: string 11586 subPathExpr: 11587 description: Expanded path within the 11588 volume from which the container's volume 11589 should be mounted. Behaves similarly 11590 to SubPath but environment variable 11591 references $(VAR_NAME) are expanded 11592 using the container's environment. Defaults 11593 to "" (volume's root). SubPathExpr and 11594 SubPath are mutually exclusive. 11595 type: string 11596 required: 11597 - mountPath 11598 - name 11599 type: object 11600 type: array 11601 x-kubernetes-list-type: atomic 11602 workingDir: 11603 description: Step's working directory. If not 11604 specified, the container runtime's default 11605 will be used, which might be configured in 11606 the container image. Cannot be updated. 11607 type: string 11608 required: 11609 - name 11610 type: object 11611 steps: 11612 description: Steps are the steps of the build; each 11613 step is run sequentially with the source mounted 11614 into /workspace. 11615 items: 11616 description: Step runs a subcomponent of a Task 11617 properties: 11618 args: 11619 description: 'Arguments to the entrypoint. 11620 The image''s CMD is used if this is not 11621 provided. Variable references $(VAR_NAME) 11622 are expanded using the container''s environment. 11623 If a variable cannot be resolved, the reference 11624 in the input string will be unchanged. Double 11625 $$ are reduced to a single $, which allows 11626 for escaping the $(VAR_NAME) syntax: i.e. 11627 "$$(VAR_NAME)" will produce the string literal 11628 "$(VAR_NAME)". Escaped references will never 11629 be expanded, regardless of whether the variable 11630 exists or not. Cannot be updated. More info: 11631 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 11632 items: 11633 type: string 11634 type: array 11635 x-kubernetes-list-type: atomic 11636 command: 11637 description: 'Entrypoint array. Not executed 11638 within a shell. The image''s ENTRYPOINT 11639 is used if this is not provided. Variable 11640 references $(VAR_NAME) are expanded using 11641 the container''s environment. If a variable 11642 cannot be resolved, the reference in the 11643 input string will be unchanged. Double $$ 11644 are reduced to a single $, which allows 11645 for escaping the $(VAR_NAME) syntax: i.e. 11646 "$$(VAR_NAME)" will produce the string literal 11647 "$(VAR_NAME)". Escaped references will never 11648 be expanded, regardless of whether the variable 11649 exists or not. Cannot be updated. More info: 11650 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 11651 items: 11652 type: string 11653 type: array 11654 x-kubernetes-list-type: atomic 11655 env: 11656 description: List of environment variables 11657 to set in the container. Cannot be updated. 11658 items: 11659 description: EnvVar represents an environment 11660 variable present in a Container. 11661 properties: 11662 name: 11663 description: Name of the environment 11664 variable. Must be a C_IDENTIFIER. 11665 type: string 11666 value: 11667 description: 'Variable references $(VAR_NAME) 11668 are expanded using the previously 11669 defined environment variables in the 11670 container and any service environment 11671 variables. If a variable cannot be 11672 resolved, the reference in the input 11673 string will be unchanged. Double $$ 11674 are reduced to a single $, which allows 11675 for escaping the $(VAR_NAME) syntax: 11676 i.e. "$$(VAR_NAME)" will produce the 11677 string literal "$(VAR_NAME)". Escaped 11678 references will never be expanded, 11679 regardless of whether the variable 11680 exists or not. Defaults to "".' 11681 type: string 11682 valueFrom: 11683 description: Source for the environment 11684 variable's value. Cannot be used if 11685 value is not empty. 11686 properties: 11687 configMapKeyRef: 11688 description: Selects a key of a 11689 ConfigMap. 11690 properties: 11691 key: 11692 description: The key to select. 11693 type: string 11694 name: 11695 description: 'Name of the referent. 11696 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11697 TODO: Add other useful fields. 11698 apiVersion, kind, uid?' 11699 type: string 11700 optional: 11701 description: Specify whether 11702 the ConfigMap or its key must 11703 be defined 11704 type: boolean 11705 required: 11706 - key 11707 type: object 11708 fieldRef: 11709 description: 'Selects a field of 11710 the pod: supports metadata.name, 11711 metadata.namespace, `metadata.labels[''<KEY>'']`, 11712 `metadata.annotations[''<KEY>'']`, 11713 spec.nodeName, spec.serviceAccountName, 11714 status.hostIP, status.podIP, status.podIPs.' 11715 properties: 11716 apiVersion: 11717 description: Version of the 11718 schema the FieldPath is written 11719 in terms of, defaults to "v1". 11720 type: string 11721 fieldPath: 11722 description: Path of the field 11723 to select in the specified 11724 API version. 11725 type: string 11726 required: 11727 - fieldPath 11728 type: object 11729 resourceFieldRef: 11730 description: 'Selects a resource 11731 of the container: only resources 11732 limits and requests (limits.cpu, 11733 limits.memory, limits.ephemeral-storage, 11734 requests.cpu, requests.memory 11735 and requests.ephemeral-storage) 11736 are currently supported.' 11737 properties: 11738 containerName: 11739 description: 'Container name: 11740 required for volumes, optional 11741 for env vars' 11742 type: string 11743 divisor: 11744 anyOf: 11745 - type: integer 11746 - type: string 11747 description: Specifies the output 11748 format of the exposed resources, 11749 defaults to "1" 11750 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 11751 x-kubernetes-int-or-string: true 11752 resource: 11753 description: 'Required: resource 11754 to select' 11755 type: string 11756 required: 11757 - resource 11758 type: object 11759 secretKeyRef: 11760 description: Selects a key of a 11761 secret in the pod's namespace 11762 properties: 11763 key: 11764 description: The key of the 11765 secret to select from. Must 11766 be a valid secret key. 11767 type: string 11768 name: 11769 description: 'Name of the referent. 11770 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11771 TODO: Add other useful fields. 11772 apiVersion, kind, uid?' 11773 type: string 11774 optional: 11775 description: Specify whether 11776 the Secret or its key must 11777 be defined 11778 type: boolean 11779 required: 11780 - key 11781 type: object 11782 type: object 11783 required: 11784 - name 11785 type: object 11786 type: array 11787 x-kubernetes-list-type: atomic 11788 envFrom: 11789 description: List of sources to populate environment 11790 variables in the container. The keys defined 11791 within a source must be a C_IDENTIFIER. 11792 All invalid keys will be reported as an 11793 event when the container is starting. When 11794 a key exists in multiple sources, the value 11795 associated with the last source will take 11796 precedence. Values defined by an Env with 11797 a duplicate key will take precedence. Cannot 11798 be updated. 11799 items: 11800 description: EnvFromSource represents the 11801 source of a set of ConfigMaps 11802 properties: 11803 configMapRef: 11804 description: The ConfigMap to select 11805 from 11806 properties: 11807 name: 11808 description: 'Name of the referent. 11809 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11810 TODO: Add other useful fields. 11811 apiVersion, kind, uid?' 11812 type: string 11813 optional: 11814 description: Specify whether the 11815 ConfigMap must be defined 11816 type: boolean 11817 type: object 11818 prefix: 11819 description: An optional identifier 11820 to prepend to each key in the ConfigMap. 11821 Must be a C_IDENTIFIER. 11822 type: string 11823 secretRef: 11824 description: The Secret to select from 11825 properties: 11826 name: 11827 description: 'Name of the referent. 11828 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 11829 TODO: Add other useful fields. 11830 apiVersion, kind, uid?' 11831 type: string 11832 optional: 11833 description: Specify whether the 11834 Secret must be defined 11835 type: boolean 11836 type: object 11837 type: object 11838 type: array 11839 x-kubernetes-list-type: atomic 11840 image: 11841 description: 'Image reference name to run 11842 for this Step. More info: https://kubernetes.io/docs/concepts/containers/images' 11843 type: string 11844 imagePullPolicy: 11845 description: 'Image pull policy. One of Always, 11846 Never, IfNotPresent. Defaults to Always 11847 if :latest tag is specified, or IfNotPresent 11848 otherwise. Cannot be updated. More info: 11849 https://kubernetes.io/docs/concepts/containers/images#updating-images' 11850 type: string 11851 lifecycle: 11852 description: Deprecated. This field will be 11853 removed in a future release. Actions that 11854 the management system should take in response 11855 to container lifecycle events. Cannot be 11856 updated. 11857 properties: 11858 postStart: 11859 description: 'PostStart is called immediately 11860 after a container is created. If the 11861 handler fails, the container is terminated 11862 and restarted according to its restart 11863 policy. Other management of the container 11864 blocks until the hook completes. More 11865 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 11866 properties: 11867 exec: 11868 description: Exec specifies the action 11869 to take. 11870 properties: 11871 command: 11872 description: Command is the command 11873 line to execute inside the container, 11874 the working directory for the 11875 command is root ('/') in the 11876 container's filesystem. The 11877 command is simply exec'd, it 11878 is not run inside a shell, so 11879 traditional shell instructions 11880 ('|', etc) won't work. To use 11881 a shell, you need to explicitly 11882 call out to that shell. Exit 11883 status of 0 is treated as live/healthy 11884 and non-zero is unhealthy. 11885 items: 11886 type: string 11887 type: array 11888 type: object 11889 httpGet: 11890 description: HTTPGet specifies the 11891 http request to perform. 11892 properties: 11893 host: 11894 description: Host name to connect 11895 to, defaults to the pod IP. 11896 You probably want to set "Host" 11897 in httpHeaders instead. 11898 type: string 11899 httpHeaders: 11900 description: Custom headers to 11901 set in the request. HTTP allows 11902 repeated headers. 11903 items: 11904 description: HTTPHeader describes 11905 a custom header to be used 11906 in HTTP probes 11907 properties: 11908 name: 11909 description: The header 11910 field name. This will 11911 be canonicalized upon 11912 output, so case-variant 11913 names will be understood 11914 as the same header. 11915 type: string 11916 value: 11917 description: The header 11918 field value 11919 type: string 11920 required: 11921 - name 11922 - value 11923 type: object 11924 type: array 11925 path: 11926 description: Path to access on 11927 the HTTP server. 11928 type: string 11929 port: 11930 anyOf: 11931 - type: integer 11932 - type: string 11933 description: Name or number of 11934 the port to access on the container. 11935 Number must be in the range 11936 1 to 65535. Name must be an 11937 IANA_SVC_NAME. 11938 x-kubernetes-int-or-string: true 11939 scheme: 11940 description: Scheme to use for 11941 connecting to the host. Defaults 11942 to HTTP. 11943 type: string 11944 required: 11945 - port 11946 type: object 11947 tcpSocket: 11948 description: Deprecated. TCPSocket 11949 is NOT supported as a LifecycleHandler 11950 and kept for the backward compatibility. 11951 There are no validation of this 11952 field and lifecycle hooks will fail 11953 in runtime when tcp handler is specified. 11954 properties: 11955 host: 11956 description: 'Optional: Host name 11957 to connect to, defaults to the 11958 pod IP.' 11959 type: string 11960 port: 11961 anyOf: 11962 - type: integer 11963 - type: string 11964 description: Number or name of 11965 the port to access on the container. 11966 Number must be in the range 11967 1 to 65535. Name must be an 11968 IANA_SVC_NAME. 11969 x-kubernetes-int-or-string: true 11970 required: 11971 - port 11972 type: object 11973 type: object 11974 preStop: 11975 description: 'PreStop is called immediately 11976 before a container is terminated due 11977 to an API request or management event 11978 such as liveness/startup probe failure, 11979 preemption, resource contention, etc. 11980 The handler is not called if the container 11981 crashes or exits. The Pod''s termination 11982 grace period countdown begins before 11983 the PreStop hook is executed. Regardless 11984 of the outcome of the handler, the container 11985 will eventually terminate within the 11986 Pod''s termination grace period (unless 11987 delayed by finalizers). Other management 11988 of the container blocks until the hook 11989 completes or until the termination grace 11990 period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 11991 properties: 11992 exec: 11993 description: Exec specifies the action 11994 to take. 11995 properties: 11996 command: 11997 description: Command is the command 11998 line to execute inside the container, 11999 the working directory for the 12000 command is root ('/') in the 12001 container's filesystem. The 12002 command is simply exec'd, it 12003 is not run inside a shell, so 12004 traditional shell instructions 12005 ('|', etc) won't work. To use 12006 a shell, you need to explicitly 12007 call out to that shell. Exit 12008 status of 0 is treated as live/healthy 12009 and non-zero is unhealthy. 12010 items: 12011 type: string 12012 type: array 12013 type: object 12014 httpGet: 12015 description: HTTPGet specifies the 12016 http request to perform. 12017 properties: 12018 host: 12019 description: Host name to connect 12020 to, defaults to the pod IP. 12021 You probably want to set "Host" 12022 in httpHeaders instead. 12023 type: string 12024 httpHeaders: 12025 description: Custom headers to 12026 set in the request. HTTP allows 12027 repeated headers. 12028 items: 12029 description: HTTPHeader describes 12030 a custom header to be used 12031 in HTTP probes 12032 properties: 12033 name: 12034 description: The header 12035 field name. This will 12036 be canonicalized upon 12037 output, so case-variant 12038 names will be understood 12039 as the same header. 12040 type: string 12041 value: 12042 description: The header 12043 field value 12044 type: string 12045 required: 12046 - name 12047 - value 12048 type: object 12049 type: array 12050 path: 12051 description: Path to access on 12052 the HTTP server. 12053 type: string 12054 port: 12055 anyOf: 12056 - type: integer 12057 - type: string 12058 description: Name or number of 12059 the port to access on the container. 12060 Number must be in the range 12061 1 to 65535. Name must be an 12062 IANA_SVC_NAME. 12063 x-kubernetes-int-or-string: true 12064 scheme: 12065 description: Scheme to use for 12066 connecting to the host. Defaults 12067 to HTTP. 12068 type: string 12069 required: 12070 - port 12071 type: object 12072 tcpSocket: 12073 description: Deprecated. TCPSocket 12074 is NOT supported as a LifecycleHandler 12075 and kept for the backward compatibility. 12076 There are no validation of this 12077 field and lifecycle hooks will fail 12078 in runtime when tcp handler is specified. 12079 properties: 12080 host: 12081 description: 'Optional: Host name 12082 to connect to, defaults to the 12083 pod IP.' 12084 type: string 12085 port: 12086 anyOf: 12087 - type: integer 12088 - type: string 12089 description: Number or name of 12090 the port to access on the container. 12091 Number must be in the range 12092 1 to 65535. Name must be an 12093 IANA_SVC_NAME. 12094 x-kubernetes-int-or-string: true 12095 required: 12096 - port 12097 type: object 12098 type: object 12099 type: object 12100 livenessProbe: 12101 description: 'Deprecated. This field will 12102 be removed in a future release. Periodic 12103 probe of container liveness. Step will be 12104 restarted if the probe fails. Cannot be 12105 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12106 properties: 12107 exec: 12108 description: Exec specifies the action 12109 to take. 12110 properties: 12111 command: 12112 description: Command is the command 12113 line to execute inside the container, 12114 the working directory for the command is 12115 root ('/') in the container's filesystem. 12116 The command is simply exec'd, it 12117 is not run inside a shell, so traditional 12118 shell instructions ('|', etc) won't 12119 work. To use a shell, you need to 12120 explicitly call out to that shell. 12121 Exit status of 0 is treated as live/healthy 12122 and non-zero is unhealthy. 12123 items: 12124 type: string 12125 type: array 12126 type: object 12127 failureThreshold: 12128 description: Minimum consecutive failures 12129 for the probe to be considered failed 12130 after having succeeded. Defaults to 12131 3. Minimum value is 1. 12132 format: int32 12133 type: integer 12134 grpc: 12135 description: GRPC specifies an action 12136 involving a GRPC port. 12137 properties: 12138 port: 12139 description: Port number of the gRPC 12140 service. Number must be in the range 12141 1 to 65535. 12142 format: int32 12143 type: integer 12144 service: 12145 description: "Service is the name 12146 of the service to place in the gRPC 12147 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 12148 \n If this is not specified, the 12149 default behavior is defined by gRPC." 12150 type: string 12151 required: 12152 - port 12153 type: object 12154 httpGet: 12155 description: HTTPGet specifies the http 12156 request to perform. 12157 properties: 12158 host: 12159 description: Host name to connect 12160 to, defaults to the pod IP. You 12161 probably want to set "Host" in httpHeaders 12162 instead. 12163 type: string 12164 httpHeaders: 12165 description: Custom headers to set 12166 in the request. HTTP allows repeated 12167 headers. 12168 items: 12169 description: HTTPHeader describes 12170 a custom header to be used in 12171 HTTP probes 12172 properties: 12173 name: 12174 description: The header field 12175 name. This will be canonicalized 12176 upon output, so case-variant 12177 names will be understood as 12178 the same header. 12179 type: string 12180 value: 12181 description: The header field 12182 value 12183 type: string 12184 required: 12185 - name 12186 - value 12187 type: object 12188 type: array 12189 path: 12190 description: Path to access on the 12191 HTTP server. 12192 type: string 12193 port: 12194 anyOf: 12195 - type: integer 12196 - type: string 12197 description: Name or number of the 12198 port to access on the container. 12199 Number must be in the range 1 to 12200 65535. Name must be an IANA_SVC_NAME. 12201 x-kubernetes-int-or-string: true 12202 scheme: 12203 description: Scheme to use for connecting 12204 to the host. Defaults to HTTP. 12205 type: string 12206 required: 12207 - port 12208 type: object 12209 initialDelaySeconds: 12210 description: 'Number of seconds after 12211 the container has started before liveness 12212 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12213 format: int32 12214 type: integer 12215 periodSeconds: 12216 description: How often (in seconds) to 12217 perform the probe. Default to 10 seconds. 12218 Minimum value is 1. 12219 format: int32 12220 type: integer 12221 successThreshold: 12222 description: Minimum consecutive successes 12223 for the probe to be considered successful 12224 after having failed. Defaults to 1. 12225 Must be 1 for liveness and startup. 12226 Minimum value is 1. 12227 format: int32 12228 type: integer 12229 tcpSocket: 12230 description: TCPSocket specifies an action 12231 involving a TCP port. 12232 properties: 12233 host: 12234 description: 'Optional: Host name 12235 to connect to, defaults to the pod 12236 IP.' 12237 type: string 12238 port: 12239 anyOf: 12240 - type: integer 12241 - type: string 12242 description: Number or name of the 12243 port to access on the container. 12244 Number must be in the range 1 to 12245 65535. Name must be an IANA_SVC_NAME. 12246 x-kubernetes-int-or-string: true 12247 required: 12248 - port 12249 type: object 12250 terminationGracePeriodSeconds: 12251 description: Optional duration in seconds 12252 the pod needs to terminate gracefully 12253 upon probe failure. The grace period 12254 is the duration in seconds after the 12255 processes running in the pod are sent 12256 a termination signal and the time when 12257 the processes are forcibly halted with 12258 a kill signal. Set this value longer 12259 than the expected cleanup time for your 12260 process. If this value is nil, the pod's 12261 terminationGracePeriodSeconds will be 12262 used. Otherwise, this value overrides 12263 the value provided by the pod spec. 12264 Value must be non-negative integer. 12265 The value zero indicates stop immediately 12266 via the kill signal (no opportunity 12267 to shut down). This is a beta field 12268 and requires enabling ProbeTerminationGracePeriod 12269 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 12270 is used if unset. 12271 format: int64 12272 type: integer 12273 timeoutSeconds: 12274 description: 'Number of seconds after 12275 which the probe times out. Defaults 12276 to 1 second. Minimum value is 1. More 12277 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12278 format: int32 12279 type: integer 12280 type: object 12281 name: 12282 description: Name of the Step specified as 12283 a DNS_LABEL. Each Step in a Task must have 12284 a unique name. 12285 type: string 12286 onError: 12287 description: OnError defines the exiting behavior 12288 of a container on error can be set to [ 12289 continue | stopAndFail ] 12290 type: string 12291 ports: 12292 description: Deprecated. This field will be 12293 removed in a future release. List of ports 12294 to expose from the Step's container. Exposing 12295 a port here gives the system additional 12296 information about the network connections 12297 a container uses, but is primarily informational. 12298 Not specifying a port here DOES NOT prevent 12299 that port from being exposed. Any port which 12300 is listening on the default "0.0.0.0" address 12301 inside a container will be accessible from 12302 the network. Cannot be updated. 12303 items: 12304 description: ContainerPort represents a 12305 network port in a single container. 12306 properties: 12307 containerPort: 12308 description: Number of port to expose 12309 on the pod's IP address. This must 12310 be a valid port number, 0 < x < 65536. 12311 format: int32 12312 type: integer 12313 hostIP: 12314 description: What host IP to bind the 12315 external port to. 12316 type: string 12317 hostPort: 12318 description: Number of port to expose 12319 on the host. If specified, this must 12320 be a valid port number, 0 < x < 65536. 12321 If HostNetwork is specified, this 12322 must match ContainerPort. Most containers 12323 do not need this. 12324 format: int32 12325 type: integer 12326 name: 12327 description: If specified, this must 12328 be an IANA_SVC_NAME and unique within 12329 the pod. Each named port in a pod 12330 must have a unique name. Name for 12331 the port that can be referred to by 12332 services. 12333 type: string 12334 protocol: 12335 default: TCP 12336 description: Protocol for port. Must 12337 be UDP, TCP, or SCTP. Defaults to 12338 "TCP". 12339 type: string 12340 required: 12341 - containerPort 12342 type: object 12343 type: array 12344 x-kubernetes-list-map-keys: 12345 - containerPort 12346 - protocol 12347 x-kubernetes-list-type: map 12348 readinessProbe: 12349 description: 'Deprecated. This field will 12350 be removed in a future release. Periodic 12351 probe of container service readiness. Step 12352 will be removed from service endpoints if 12353 the probe fails. Cannot be updated. More 12354 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12355 properties: 12356 exec: 12357 description: Exec specifies the action 12358 to take. 12359 properties: 12360 command: 12361 description: Command is the command 12362 line to execute inside the container, 12363 the working directory for the command is 12364 root ('/') in the container's filesystem. 12365 The command is simply exec'd, it 12366 is not run inside a shell, so traditional 12367 shell instructions ('|', etc) won't 12368 work. To use a shell, you need to 12369 explicitly call out to that shell. 12370 Exit status of 0 is treated as live/healthy 12371 and non-zero is unhealthy. 12372 items: 12373 type: string 12374 type: array 12375 type: object 12376 failureThreshold: 12377 description: Minimum consecutive failures 12378 for the probe to be considered failed 12379 after having succeeded. Defaults to 12380 3. Minimum value is 1. 12381 format: int32 12382 type: integer 12383 grpc: 12384 description: GRPC specifies an action 12385 involving a GRPC port. 12386 properties: 12387 port: 12388 description: Port number of the gRPC 12389 service. Number must be in the range 12390 1 to 65535. 12391 format: int32 12392 type: integer 12393 service: 12394 description: "Service is the name 12395 of the service to place in the gRPC 12396 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 12397 \n If this is not specified, the 12398 default behavior is defined by gRPC." 12399 type: string 12400 required: 12401 - port 12402 type: object 12403 httpGet: 12404 description: HTTPGet specifies the http 12405 request to perform. 12406 properties: 12407 host: 12408 description: Host name to connect 12409 to, defaults to the pod IP. You 12410 probably want to set "Host" in httpHeaders 12411 instead. 12412 type: string 12413 httpHeaders: 12414 description: Custom headers to set 12415 in the request. HTTP allows repeated 12416 headers. 12417 items: 12418 description: HTTPHeader describes 12419 a custom header to be used in 12420 HTTP probes 12421 properties: 12422 name: 12423 description: The header field 12424 name. This will be canonicalized 12425 upon output, so case-variant 12426 names will be understood as 12427 the same header. 12428 type: string 12429 value: 12430 description: The header field 12431 value 12432 type: string 12433 required: 12434 - name 12435 - value 12436 type: object 12437 type: array 12438 path: 12439 description: Path to access on the 12440 HTTP server. 12441 type: string 12442 port: 12443 anyOf: 12444 - type: integer 12445 - type: string 12446 description: Name or number of the 12447 port to access on the container. 12448 Number must be in the range 1 to 12449 65535. Name must be an IANA_SVC_NAME. 12450 x-kubernetes-int-or-string: true 12451 scheme: 12452 description: Scheme to use for connecting 12453 to the host. Defaults to HTTP. 12454 type: string 12455 required: 12456 - port 12457 type: object 12458 initialDelaySeconds: 12459 description: 'Number of seconds after 12460 the container has started before liveness 12461 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12462 format: int32 12463 type: integer 12464 periodSeconds: 12465 description: How often (in seconds) to 12466 perform the probe. Default to 10 seconds. 12467 Minimum value is 1. 12468 format: int32 12469 type: integer 12470 successThreshold: 12471 description: Minimum consecutive successes 12472 for the probe to be considered successful 12473 after having failed. Defaults to 1. 12474 Must be 1 for liveness and startup. 12475 Minimum value is 1. 12476 format: int32 12477 type: integer 12478 tcpSocket: 12479 description: TCPSocket specifies an action 12480 involving a TCP port. 12481 properties: 12482 host: 12483 description: 'Optional: Host name 12484 to connect to, defaults to the pod 12485 IP.' 12486 type: string 12487 port: 12488 anyOf: 12489 - type: integer 12490 - type: string 12491 description: Number or name of the 12492 port to access on the container. 12493 Number must be in the range 1 to 12494 65535. Name must be an IANA_SVC_NAME. 12495 x-kubernetes-int-or-string: true 12496 required: 12497 - port 12498 type: object 12499 terminationGracePeriodSeconds: 12500 description: Optional duration in seconds 12501 the pod needs to terminate gracefully 12502 upon probe failure. The grace period 12503 is the duration in seconds after the 12504 processes running in the pod are sent 12505 a termination signal and the time when 12506 the processes are forcibly halted with 12507 a kill signal. Set this value longer 12508 than the expected cleanup time for your 12509 process. If this value is nil, the pod's 12510 terminationGracePeriodSeconds will be 12511 used. Otherwise, this value overrides 12512 the value provided by the pod spec. 12513 Value must be non-negative integer. 12514 The value zero indicates stop immediately 12515 via the kill signal (no opportunity 12516 to shut down). This is a beta field 12517 and requires enabling ProbeTerminationGracePeriod 12518 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 12519 is used if unset. 12520 format: int64 12521 type: integer 12522 timeoutSeconds: 12523 description: 'Number of seconds after 12524 which the probe times out. Defaults 12525 to 1 second. Minimum value is 1. More 12526 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12527 format: int32 12528 type: integer 12529 type: object 12530 resources: 12531 description: 'Compute Resources required by 12532 this Step. Cannot be updated. More info: 12533 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12534 properties: 12535 claims: 12536 description: "Claims lists the names of 12537 resources, defined in spec.resourceClaims, 12538 that are used by this container. \n 12539 This is an alpha field and requires 12540 enabling the DynamicResourceAllocation 12541 feature gate. \n This field is immutable. 12542 It can only be set for containers." 12543 items: 12544 description: ResourceClaim references 12545 one entry in PodSpec.ResourceClaims. 12546 properties: 12547 name: 12548 description: Name must match the 12549 name of one entry in pod.spec.resourceClaims 12550 of the Pod where this field is 12551 used. It makes that resource available 12552 inside a container. 12553 type: string 12554 required: 12555 - name 12556 type: object 12557 type: array 12558 x-kubernetes-list-map-keys: 12559 - name 12560 x-kubernetes-list-type: map 12561 limits: 12562 additionalProperties: 12563 anyOf: 12564 - type: integer 12565 - type: string 12566 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12567 x-kubernetes-int-or-string: true 12568 description: 'Limits describes the maximum 12569 amount of compute resources allowed. 12570 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12571 type: object 12572 requests: 12573 additionalProperties: 12574 anyOf: 12575 - type: integer 12576 - type: string 12577 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 12578 x-kubernetes-int-or-string: true 12579 description: 'Requests describes the minimum 12580 amount of compute resources required. 12581 If Requests is omitted for a container, 12582 it defaults to Limits if that is explicitly 12583 specified, otherwise to an implementation-defined 12584 value. Requests cannot exceed Limits. 12585 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 12586 type: object 12587 type: object 12588 script: 12589 description: "Script is the contents of an 12590 executable file to execute. \n If Script 12591 is not empty, the Step cannot have an Command 12592 and the Args will be passed to the Script." 12593 type: string 12594 securityContext: 12595 description: 'SecurityContext defines the 12596 security options the Step should be run 12597 with. If set, the fields of SecurityContext 12598 override the equivalent fields of PodSecurityContext. 12599 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 12600 properties: 12601 allowPrivilegeEscalation: 12602 description: 'AllowPrivilegeEscalation 12603 controls whether a process can gain 12604 more privileges than its parent process. 12605 This bool directly controls if the no_new_privs 12606 flag will be set on the container process. 12607 AllowPrivilegeEscalation is true always 12608 when the container is: 1) run as Privileged 12609 2) has CAP_SYS_ADMIN Note that this 12610 field cannot be set when spec.os.name 12611 is windows.' 12612 type: boolean 12613 capabilities: 12614 description: The capabilities to add/drop 12615 when running containers. Defaults to 12616 the default set of capabilities granted 12617 by the container runtime. Note that 12618 this field cannot be set when spec.os.name 12619 is windows. 12620 properties: 12621 add: 12622 description: Added capabilities 12623 items: 12624 description: Capability represent 12625 POSIX capabilities type 12626 type: string 12627 type: array 12628 drop: 12629 description: Removed capabilities 12630 items: 12631 description: Capability represent 12632 POSIX capabilities type 12633 type: string 12634 type: array 12635 type: object 12636 privileged: 12637 description: Run container in privileged 12638 mode. Processes in privileged containers 12639 are essentially equivalent to root on 12640 the host. Defaults to false. Note that 12641 this field cannot be set when spec.os.name 12642 is windows. 12643 type: boolean 12644 procMount: 12645 description: procMount denotes the type 12646 of proc mount to use for the containers. 12647 The default is DefaultProcMount which 12648 uses the container runtime defaults 12649 for readonly paths and masked paths. 12650 This requires the ProcMountType feature 12651 flag to be enabled. Note that this field 12652 cannot be set when spec.os.name is windows. 12653 type: string 12654 readOnlyRootFilesystem: 12655 description: Whether this container has 12656 a read-only root filesystem. Default 12657 is false. Note that this field cannot 12658 be set when spec.os.name is windows. 12659 type: boolean 12660 runAsGroup: 12661 description: The GID to run the entrypoint 12662 of the container process. Uses runtime 12663 default if unset. May also be set in 12664 PodSecurityContext. If set in both 12665 SecurityContext and PodSecurityContext, 12666 the value specified in SecurityContext 12667 takes precedence. Note that this field 12668 cannot be set when spec.os.name is windows. 12669 format: int64 12670 type: integer 12671 runAsNonRoot: 12672 description: Indicates that the container 12673 must run as a non-root user. If true, 12674 the Kubelet will validate the image 12675 at runtime to ensure that it does not 12676 run as UID 0 (root) and fail to start 12677 the container if it does. If unset or 12678 false, no such validation will be performed. 12679 May also be set in PodSecurityContext. If 12680 set in both SecurityContext and PodSecurityContext, 12681 the value specified in SecurityContext 12682 takes precedence. 12683 type: boolean 12684 runAsUser: 12685 description: The UID to run the entrypoint 12686 of the container process. Defaults to 12687 user specified in image metadata if 12688 unspecified. May also be set in PodSecurityContext. If 12689 set in both SecurityContext and PodSecurityContext, 12690 the value specified in SecurityContext 12691 takes precedence. Note that this field 12692 cannot be set when spec.os.name is windows. 12693 format: int64 12694 type: integer 12695 seLinuxOptions: 12696 description: The SELinux context to be 12697 applied to the container. If unspecified, 12698 the container runtime will allocate 12699 a random SELinux context for each container. May 12700 also be set in PodSecurityContext. If 12701 set in both SecurityContext and PodSecurityContext, 12702 the value specified in SecurityContext 12703 takes precedence. Note that this field 12704 cannot be set when spec.os.name is windows. 12705 properties: 12706 level: 12707 description: Level is SELinux level 12708 label that applies to the container. 12709 type: string 12710 role: 12711 description: Role is a SELinux role 12712 label that applies to the container. 12713 type: string 12714 type: 12715 description: Type is a SELinux type 12716 label that applies to the container. 12717 type: string 12718 user: 12719 description: User is a SELinux user 12720 label that applies to the container. 12721 type: string 12722 type: object 12723 seccompProfile: 12724 description: The seccomp options to use 12725 by this container. If seccomp options 12726 are provided at both the pod & container 12727 level, the container options override 12728 the pod options. Note that this field 12729 cannot be set when spec.os.name is windows. 12730 properties: 12731 localhostProfile: 12732 description: localhostProfile indicates 12733 a profile defined in a file on the 12734 node should be used. The profile 12735 must be preconfigured on the node 12736 to work. Must be a descending path, 12737 relative to the kubelet's configured 12738 seccomp profile location. Must be 12739 set if type is "Localhost". Must 12740 NOT be set for any other type. 12741 type: string 12742 type: 12743 description: "type indicates which 12744 kind of seccomp profile will be 12745 applied. Valid options are: \n Localhost 12746 - a profile defined in a file on 12747 the node should be used. RuntimeDefault 12748 - the container runtime default 12749 profile should be used. Unconfined 12750 - no profile should be applied." 12751 type: string 12752 required: 12753 - type 12754 type: object 12755 windowsOptions: 12756 description: The Windows specific settings 12757 applied to all containers. If unspecified, 12758 the options from the PodSecurityContext 12759 will be used. If set in both SecurityContext 12760 and PodSecurityContext, the value specified 12761 in SecurityContext takes precedence. 12762 Note that this field cannot be set when 12763 spec.os.name is linux. 12764 properties: 12765 gmsaCredentialSpec: 12766 description: GMSACredentialSpec is 12767 where the GMSA admission webhook 12768 (https://github.com/kubernetes-sigs/windows-gmsa) 12769 inlines the contents of the GMSA 12770 credential spec named by the GMSACredentialSpecName 12771 field. 12772 type: string 12773 gmsaCredentialSpecName: 12774 description: GMSACredentialSpecName 12775 is the name of the GMSA credential 12776 spec to use. 12777 type: string 12778 hostProcess: 12779 description: HostProcess determines 12780 if a container should be run as 12781 a 'Host Process' container. All 12782 of a Pod's containers must have 12783 the same effective HostProcess value 12784 (it is not allowed to have a mix 12785 of HostProcess containers and non-HostProcess 12786 containers). In addition, if HostProcess 12787 is true then HostNetwork must also 12788 be set to true. 12789 type: boolean 12790 runAsUserName: 12791 description: The UserName in Windows 12792 to run the entrypoint of the container 12793 process. Defaults to the user specified 12794 in image metadata if unspecified. 12795 May also be set in PodSecurityContext. 12796 If set in both SecurityContext and 12797 PodSecurityContext, the value specified 12798 in SecurityContext takes precedence. 12799 type: string 12800 type: object 12801 type: object 12802 startupProbe: 12803 description: 'Deprecated. This field will 12804 be removed in a future release. DeprecatedStartupProbe 12805 indicates that the Pod this Step runs in 12806 has successfully initialized. If specified, 12807 no other probes are executed until this 12808 completes successfully. If this probe fails, 12809 the Pod will be restarted, just as if the 12810 livenessProbe failed. This can be used to 12811 provide different probe parameters at the 12812 beginning of a Pod''s lifecycle, when it 12813 might take a long time to load data or warm 12814 a cache, than during steady-state operation. 12815 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12816 properties: 12817 exec: 12818 description: Exec specifies the action 12819 to take. 12820 properties: 12821 command: 12822 description: Command is the command 12823 line to execute inside the container, 12824 the working directory for the command is 12825 root ('/') in the container's filesystem. 12826 The command is simply exec'd, it 12827 is not run inside a shell, so traditional 12828 shell instructions ('|', etc) won't 12829 work. To use a shell, you need to 12830 explicitly call out to that shell. 12831 Exit status of 0 is treated as live/healthy 12832 and non-zero is unhealthy. 12833 items: 12834 type: string 12835 type: array 12836 type: object 12837 failureThreshold: 12838 description: Minimum consecutive failures 12839 for the probe to be considered failed 12840 after having succeeded. Defaults to 12841 3. Minimum value is 1. 12842 format: int32 12843 type: integer 12844 grpc: 12845 description: GRPC specifies an action 12846 involving a GRPC port. 12847 properties: 12848 port: 12849 description: Port number of the gRPC 12850 service. Number must be in the range 12851 1 to 65535. 12852 format: int32 12853 type: integer 12854 service: 12855 description: "Service is the name 12856 of the service to place in the gRPC 12857 HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 12858 \n If this is not specified, the 12859 default behavior is defined by gRPC." 12860 type: string 12861 required: 12862 - port 12863 type: object 12864 httpGet: 12865 description: HTTPGet specifies the http 12866 request to perform. 12867 properties: 12868 host: 12869 description: Host name to connect 12870 to, defaults to the pod IP. You 12871 probably want to set "Host" in httpHeaders 12872 instead. 12873 type: string 12874 httpHeaders: 12875 description: Custom headers to set 12876 in the request. HTTP allows repeated 12877 headers. 12878 items: 12879 description: HTTPHeader describes 12880 a custom header to be used in 12881 HTTP probes 12882 properties: 12883 name: 12884 description: The header field 12885 name. This will be canonicalized 12886 upon output, so case-variant 12887 names will be understood as 12888 the same header. 12889 type: string 12890 value: 12891 description: The header field 12892 value 12893 type: string 12894 required: 12895 - name 12896 - value 12897 type: object 12898 type: array 12899 path: 12900 description: Path to access on the 12901 HTTP server. 12902 type: string 12903 port: 12904 anyOf: 12905 - type: integer 12906 - type: string 12907 description: Name or number of the 12908 port to access on the container. 12909 Number must be in the range 1 to 12910 65535. Name must be an IANA_SVC_NAME. 12911 x-kubernetes-int-or-string: true 12912 scheme: 12913 description: Scheme to use for connecting 12914 to the host. Defaults to HTTP. 12915 type: string 12916 required: 12917 - port 12918 type: object 12919 initialDelaySeconds: 12920 description: 'Number of seconds after 12921 the container has started before liveness 12922 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12923 format: int32 12924 type: integer 12925 periodSeconds: 12926 description: How often (in seconds) to 12927 perform the probe. Default to 10 seconds. 12928 Minimum value is 1. 12929 format: int32 12930 type: integer 12931 successThreshold: 12932 description: Minimum consecutive successes 12933 for the probe to be considered successful 12934 after having failed. Defaults to 1. 12935 Must be 1 for liveness and startup. 12936 Minimum value is 1. 12937 format: int32 12938 type: integer 12939 tcpSocket: 12940 description: TCPSocket specifies an action 12941 involving a TCP port. 12942 properties: 12943 host: 12944 description: 'Optional: Host name 12945 to connect to, defaults to the pod 12946 IP.' 12947 type: string 12948 port: 12949 anyOf: 12950 - type: integer 12951 - type: string 12952 description: Number or name of the 12953 port to access on the container. 12954 Number must be in the range 1 to 12955 65535. Name must be an IANA_SVC_NAME. 12956 x-kubernetes-int-or-string: true 12957 required: 12958 - port 12959 type: object 12960 terminationGracePeriodSeconds: 12961 description: Optional duration in seconds 12962 the pod needs to terminate gracefully 12963 upon probe failure. The grace period 12964 is the duration in seconds after the 12965 processes running in the pod are sent 12966 a termination signal and the time when 12967 the processes are forcibly halted with 12968 a kill signal. Set this value longer 12969 than the expected cleanup time for your 12970 process. If this value is nil, the pod's 12971 terminationGracePeriodSeconds will be 12972 used. Otherwise, this value overrides 12973 the value provided by the pod spec. 12974 Value must be non-negative integer. 12975 The value zero indicates stop immediately 12976 via the kill signal (no opportunity 12977 to shut down). This is a beta field 12978 and requires enabling ProbeTerminationGracePeriod 12979 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 12980 is used if unset. 12981 format: int64 12982 type: integer 12983 timeoutSeconds: 12984 description: 'Number of seconds after 12985 which the probe times out. Defaults 12986 to 1 second. Minimum value is 1. More 12987 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 12988 format: int32 12989 type: integer 12990 type: object 12991 stderrConfig: 12992 description: Stores configuration for the 12993 stderr stream of the step. 12994 properties: 12995 path: 12996 description: Path to duplicate stdout 12997 stream to on container's local filesystem. 12998 type: string 12999 type: object 13000 stdin: 13001 description: Deprecated. This field will be 13002 removed in a future release. Whether this 13003 container should allocate a buffer for stdin 13004 in the container runtime. If this is not 13005 set, reads from stdin in the container will 13006 always result in EOF. Default is false. 13007 type: boolean 13008 stdinOnce: 13009 description: Deprecated. This field will be 13010 removed in a future release. Whether the 13011 container runtime should close the stdin 13012 channel after it has been opened by a single 13013 attach. When stdin is true the stdin stream 13014 will remain open across multiple attach 13015 sessions. If stdinOnce is set to true, stdin 13016 is opened on container start, is empty until 13017 the first client attaches to stdin, and 13018 then remains open and accepts data until 13019 the client disconnects, at which time stdin 13020 is closed and remains closed until the container 13021 is restarted. If this flag is false, a container 13022 processes that reads from stdin will never 13023 receive an EOF. Default is false 13024 type: boolean 13025 stdoutConfig: 13026 description: Stores configuration for the 13027 stdout stream of the step. 13028 properties: 13029 path: 13030 description: Path to duplicate stdout 13031 stream to on container's local filesystem. 13032 type: string 13033 type: object 13034 terminationMessagePath: 13035 description: Deprecated. This field will be 13036 removed in a future release and can't be 13037 meaningfully used. 13038 type: string 13039 terminationMessagePolicy: 13040 description: Deprecated. This field will be 13041 removed in a future release and can't be 13042 meaningfully used. 13043 type: string 13044 timeout: 13045 description: 'Timeout is the time after which 13046 the step times out. Defaults to never. Refer 13047 to Go''s ParseDuration documentation for 13048 expected format: https://golang.org/pkg/time/#ParseDuration' 13049 type: string 13050 tty: 13051 description: Deprecated. This field will be 13052 removed in a future release. Whether this 13053 container should allocate a DeprecatedTTY 13054 for itself, also requires 'stdin' to be 13055 true. Default is false. 13056 type: boolean 13057 volumeDevices: 13058 description: volumeDevices is the list of 13059 block devices to be used by the Step. 13060 items: 13061 description: volumeDevice describes a mapping 13062 of a raw block device within a container. 13063 properties: 13064 devicePath: 13065 description: devicePath is the path 13066 inside of the container that the device 13067 will be mapped to. 13068 type: string 13069 name: 13070 description: name must match the name 13071 of a persistentVolumeClaim in the 13072 pod 13073 type: string 13074 required: 13075 - devicePath 13076 - name 13077 type: object 13078 type: array 13079 x-kubernetes-list-type: atomic 13080 volumeMounts: 13081 description: Volumes to mount into the Step's 13082 filesystem. Cannot be updated. 13083 items: 13084 description: VolumeMount describes a mounting 13085 of a Volume within a container. 13086 properties: 13087 mountPath: 13088 description: Path within the container 13089 at which the volume should be mounted. Must 13090 not contain ':'. 13091 type: string 13092 mountPropagation: 13093 description: mountPropagation determines 13094 how mounts are propagated from the 13095 host to container and the other way 13096 around. When not set, MountPropagationNone 13097 is used. This field is beta in 1.10. 13098 type: string 13099 name: 13100 description: This must match the Name 13101 of a Volume. 13102 type: string 13103 readOnly: 13104 description: Mounted read-only if true, 13105 read-write otherwise (false or unspecified). 13106 Defaults to false. 13107 type: boolean 13108 subPath: 13109 description: Path within the volume 13110 from which the container's volume 13111 should be mounted. Defaults to "" 13112 (volume's root). 13113 type: string 13114 subPathExpr: 13115 description: Expanded path within the 13116 volume from which the container's 13117 volume should be mounted. Behaves 13118 similarly to SubPath but environment 13119 variable references $(VAR_NAME) are 13120 expanded using the container's environment. 13121 Defaults to "" (volume's root). SubPathExpr 13122 and SubPath are mutually exclusive. 13123 type: string 13124 required: 13125 - mountPath 13126 - name 13127 type: object 13128 type: array 13129 x-kubernetes-list-type: atomic 13130 workingDir: 13131 description: Step's working directory. If 13132 not specified, the container runtime's default 13133 will be used, which might be configured 13134 in the container image. Cannot be updated. 13135 type: string 13136 workspaces: 13137 description: "This is an alpha field. You 13138 must set the \"enable-api-fields\" feature 13139 flag to \"alpha\" for this field to be supported. 13140 \n Workspaces is a list of workspaces from 13141 the Task that this Step wants exclusive 13142 access to. Adding a workspace to this list 13143 means that any other Step or Sidecar that 13144 does not also request this Workspace will 13145 not have access to it." 13146 items: 13147 description: WorkspaceUsage is used by a 13148 Step or Sidecar to declare that it wants 13149 isolated access to a Workspace defined 13150 in a Task. 13151 properties: 13152 mountPath: 13153 description: MountPath is the path that 13154 the workspace should be mounted to 13155 inside the Step or Sidecar, overriding 13156 any MountPath specified in the Task's 13157 WorkspaceDeclaration. 13158 type: string 13159 name: 13160 description: Name is the name of the 13161 workspace this Step or Sidecar wants 13162 access to. 13163 type: string 13164 required: 13165 - mountPath 13166 - name 13167 type: object 13168 type: array 13169 x-kubernetes-list-type: atomic 13170 required: 13171 - name 13172 type: object 13173 type: array 13174 x-kubernetes-list-type: atomic 13175 volumes: 13176 description: Volumes is a collection of volumes 13177 that are available to mount into the steps of 13178 the build. 13179 items: 13180 description: Volume represents a named volume 13181 in a pod that may be accessed by any container 13182 in the pod. 13183 properties: 13184 awsElasticBlockStore: 13185 description: 'awsElasticBlockStore represents 13186 an AWS Disk resource that is attached to 13187 a kubelet''s host machine and then exposed 13188 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 13189 properties: 13190 fsType: 13191 description: 'fsType is the filesystem 13192 type of the volume that you want to 13193 mount. Tip: Ensure that the filesystem 13194 type is supported by the host operating 13195 system. Examples: "ext4", "xfs", "ntfs". 13196 Implicitly inferred to be "ext4" if 13197 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 13198 TODO: how do we prevent errors in the 13199 filesystem from compromising the machine' 13200 type: string 13201 partition: 13202 description: 'partition is the partition 13203 in the volume that you want to mount. 13204 If omitted, the default is to mount 13205 by volume name. Examples: For volume 13206 /dev/sda1, you specify the partition 13207 as "1". Similarly, the volume partition 13208 for /dev/sda is "0" (or you can leave 13209 the property empty).' 13210 format: int32 13211 type: integer 13212 readOnly: 13213 description: 'readOnly value true will 13214 force the readOnly setting in VolumeMounts. 13215 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 13216 type: boolean 13217 volumeID: 13218 description: 'volumeID is unique ID of 13219 the persistent disk resource in AWS 13220 (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 13221 type: string 13222 required: 13223 - volumeID 13224 type: object 13225 azureDisk: 13226 description: azureDisk represents an Azure 13227 Data Disk mount on the host and bind mount 13228 to the pod. 13229 properties: 13230 cachingMode: 13231 description: 'cachingMode is the Host 13232 Caching mode: None, Read Only, Read 13233 Write.' 13234 type: string 13235 diskName: 13236 description: diskName is the Name of the 13237 data disk in the blob storage 13238 type: string 13239 diskURI: 13240 description: diskURI is the URI of data 13241 disk in the blob storage 13242 type: string 13243 fsType: 13244 description: fsType is Filesystem type 13245 to mount. Must be a filesystem type 13246 supported by the host operating system. 13247 Ex. "ext4", "xfs", "ntfs". Implicitly 13248 inferred to be "ext4" if unspecified. 13249 type: string 13250 kind: 13251 description: 'kind expected values are 13252 Shared: multiple blob disks per storage 13253 account Dedicated: single blob disk 13254 per storage account Managed: azure 13255 managed data disk (only in managed availability 13256 set). defaults to shared' 13257 type: string 13258 readOnly: 13259 description: readOnly Defaults to false 13260 (read/write). ReadOnly here will force 13261 the ReadOnly setting in VolumeMounts. 13262 type: boolean 13263 required: 13264 - diskName 13265 - diskURI 13266 type: object 13267 azureFile: 13268 description: azureFile represents an Azure 13269 File Service mount on the host and bind 13270 mount to the pod. 13271 properties: 13272 readOnly: 13273 description: readOnly defaults to false 13274 (read/write). ReadOnly here will force 13275 the ReadOnly setting in VolumeMounts. 13276 type: boolean 13277 secretName: 13278 description: secretName is the name of 13279 secret that contains Azure Storage Account 13280 Name and Key 13281 type: string 13282 shareName: 13283 description: shareName is the azure share 13284 Name 13285 type: string 13286 required: 13287 - secretName 13288 - shareName 13289 type: object 13290 cephfs: 13291 description: cephFS represents a Ceph FS mount 13292 on the host that shares a pod's lifetime 13293 properties: 13294 monitors: 13295 description: 'monitors is Required: Monitors 13296 is a collection of Ceph monitors More 13297 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 13298 items: 13299 type: string 13300 type: array 13301 path: 13302 description: 'path is Optional: Used as 13303 the mounted root, rather than the full 13304 Ceph tree, default is /' 13305 type: string 13306 readOnly: 13307 description: 'readOnly is Optional: Defaults 13308 to false (read/write). ReadOnly here 13309 will force the ReadOnly setting in VolumeMounts. 13310 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 13311 type: boolean 13312 secretFile: 13313 description: 'secretFile is Optional: 13314 SecretFile is the path to key ring for 13315 User, default is /etc/ceph/user.secret 13316 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 13317 type: string 13318 secretRef: 13319 description: 'secretRef is Optional: SecretRef 13320 is reference to the authentication secret 13321 for User, default is empty. More info: 13322 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 13323 properties: 13324 name: 13325 description: 'Name of the referent. 13326 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13327 TODO: Add other useful fields. apiVersion, 13328 kind, uid?' 13329 type: string 13330 type: object 13331 user: 13332 description: 'user is optional: User is 13333 the rados user name, default is admin 13334 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 13335 type: string 13336 required: 13337 - monitors 13338 type: object 13339 cinder: 13340 description: 'cinder represents a cinder volume 13341 attached and mounted on kubelets host machine. 13342 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 13343 properties: 13344 fsType: 13345 description: 'fsType is the filesystem 13346 type to mount. Must be a filesystem 13347 type supported by the host operating 13348 system. Examples: "ext4", "xfs", "ntfs". 13349 Implicitly inferred to be "ext4" if 13350 unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 13351 type: string 13352 readOnly: 13353 description: 'readOnly defaults to false 13354 (read/write). ReadOnly here will force 13355 the ReadOnly setting in VolumeMounts. 13356 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 13357 type: boolean 13358 secretRef: 13359 description: 'secretRef is optional: points 13360 to a secret object containing parameters 13361 used to connect to OpenStack.' 13362 properties: 13363 name: 13364 description: 'Name of the referent. 13365 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13366 TODO: Add other useful fields. apiVersion, 13367 kind, uid?' 13368 type: string 13369 type: object 13370 volumeID: 13371 description: 'volumeID used to identify 13372 the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 13373 type: string 13374 required: 13375 - volumeID 13376 type: object 13377 configMap: 13378 description: configMap represents a configMap 13379 that should populate this volume 13380 properties: 13381 defaultMode: 13382 description: 'defaultMode is optional: 13383 mode bits used to set permissions on 13384 created files by default. Must be an 13385 octal value between 0000 and 0777 or 13386 a decimal value between 0 and 511. YAML 13387 accepts both octal and decimal values, 13388 JSON requires decimal values for mode 13389 bits. Defaults to 0644. Directories 13390 within the path are not affected by 13391 this setting. This might be in conflict 13392 with other options that affect the file 13393 mode, like fsGroup, and the result can 13394 be other mode bits set.' 13395 format: int32 13396 type: integer 13397 items: 13398 description: items if unspecified, each 13399 key-value pair in the Data field of 13400 the referenced ConfigMap will be projected 13401 into the volume as a file whose name 13402 is the key and content is the value. 13403 If specified, the listed keys will be 13404 projected into the specified paths, 13405 and unlisted keys will not be present. 13406 If a key is specified which is not present 13407 in the ConfigMap, the volume setup will 13408 error unless it is marked optional. 13409 Paths must be relative and may not contain 13410 the '..' path or start with '..'. 13411 items: 13412 description: Maps a string key to a 13413 path within a volume. 13414 properties: 13415 key: 13416 description: key is the key to project. 13417 type: string 13418 mode: 13419 description: 'mode is Optional: 13420 mode bits used to set permissions 13421 on this file. Must be an octal 13422 value between 0000 and 0777 or 13423 a decimal value between 0 and 13424 511. YAML accepts both octal and 13425 decimal values, JSON requires 13426 decimal values for mode bits. 13427 If not specified, the volume defaultMode 13428 will be used. This might be in 13429 conflict with other options that 13430 affect the file mode, like fsGroup, 13431 and the result can be other mode 13432 bits set.' 13433 format: int32 13434 type: integer 13435 path: 13436 description: path is the relative 13437 path of the file to map the key 13438 to. May not be an absolute path. 13439 May not contain the path element 13440 '..'. May not start with the string 13441 '..'. 13442 type: string 13443 required: 13444 - key 13445 - path 13446 type: object 13447 type: array 13448 name: 13449 description: 'Name of the referent. More 13450 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13451 TODO: Add other useful fields. apiVersion, 13452 kind, uid?' 13453 type: string 13454 optional: 13455 description: optional specify whether 13456 the ConfigMap or its keys must be defined 13457 type: boolean 13458 type: object 13459 csi: 13460 description: csi (Container Storage Interface) 13461 represents ephemeral storage that is handled 13462 by certain external CSI drivers (Beta feature). 13463 properties: 13464 driver: 13465 description: driver is the name of the 13466 CSI driver that handles this volume. 13467 Consult with your admin for the correct 13468 name as registered in the cluster. 13469 type: string 13470 fsType: 13471 description: fsType to mount. Ex. "ext4", 13472 "xfs", "ntfs". If not provided, the 13473 empty value is passed to the associated 13474 CSI driver which will determine the 13475 default filesystem to apply. 13476 type: string 13477 nodePublishSecretRef: 13478 description: nodePublishSecretRef is a 13479 reference to the secret object containing 13480 sensitive information to pass to the 13481 CSI driver to complete the CSI NodePublishVolume 13482 and NodeUnpublishVolume calls. This 13483 field is optional, and may be empty 13484 if no secret is required. If the secret 13485 object contains more than one secret, 13486 all secret references are passed. 13487 properties: 13488 name: 13489 description: 'Name of the referent. 13490 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 13491 TODO: Add other useful fields. apiVersion, 13492 kind, uid?' 13493 type: string 13494 type: object 13495 readOnly: 13496 description: readOnly specifies a read-only 13497 configuration for the volume. Defaults 13498 to false (read/write). 13499 type: boolean 13500 volumeAttributes: 13501 additionalProperties: 13502 type: string 13503 description: volumeAttributes stores driver-specific 13504 properties that are passed to the CSI 13505 driver. Consult your driver's documentation 13506 for supported values. 13507 type: object 13508 required: 13509 - driver 13510 type: object 13511 downwardAPI: 13512 description: downwardAPI represents downward 13513 API about the pod that should populate this 13514 volume 13515 properties: 13516 defaultMode: 13517 description: 'Optional: mode bits to use 13518 on created files by default. Must be 13519 a Optional: mode bits used to set permissions 13520 on created files by default. Must be 13521 an octal value between 0000 and 0777 13522 or a decimal value between 0 and 511. 13523 YAML accepts both octal and decimal 13524 values, JSON requires decimal values 13525 for mode bits. Defaults to 0644. Directories 13526 within the path are not affected by 13527 this setting. This might be in conflict 13528 with other options that affect the file 13529 mode, like fsGroup, and the result can 13530 be other mode bits set.' 13531 format: int32 13532 type: integer 13533 items: 13534 description: Items is a list of downward 13535 API volume file 13536 items: 13537 description: DownwardAPIVolumeFile represents 13538 information to create the file containing 13539 the pod field 13540 properties: 13541 fieldRef: 13542 description: 'Required: Selects 13543 a field of the pod: only annotations, 13544 labels, name and namespace are 13545 supported.' 13546 properties: 13547 apiVersion: 13548 description: Version of the 13549 schema the FieldPath is written 13550 in terms of, defaults to "v1". 13551 type: string 13552 fieldPath: 13553 description: Path of the field 13554 to select in the specified 13555 API version. 13556 type: string 13557 required: 13558 - fieldPath 13559 type: object 13560 mode: 13561 description: 'Optional: mode bits 13562 used to set permissions on this 13563 file, must be an octal value between 13564 0000 and 0777 or a decimal value 13565 between 0 and 511. YAML accepts 13566 both octal and decimal values, 13567 JSON requires decimal values for 13568 mode bits. If not specified, the 13569 volume defaultMode will be used. 13570 This might be in conflict with 13571 other options that affect the 13572 file mode, like fsGroup, and the 13573 result can be other mode bits 13574 set.' 13575 format: int32 13576 type: integer 13577 path: 13578 description: 'Required: Path is the 13579 relative path name of the file 13580 to be created. Must not be absolute 13581 or contain the ''..'' path. Must 13582 be utf-8 encoded. The first item 13583 of the relative path must not 13584 start with ''..''' 13585 type: string 13586 resourceFieldRef: 13587 description: 'Selects a resource 13588 of the container: only resources 13589 limits and requests (limits.cpu, 13590 limits.memory, requests.cpu and 13591 requests.memory) are currently 13592 supported.' 13593 properties: 13594 containerName: 13595 description: 'Container name: 13596 required for volumes, optional 13597 for env vars' 13598 type: string 13599 divisor: 13600 anyOf: 13601 - type: integer 13602 - type: string 13603 description: Specifies the output 13604 format of the exposed resources, 13605 defaults to "1" 13606 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13607 x-kubernetes-int-or-string: true 13608 resource: 13609 description: 'Required: resource 13610 to select' 13611 type: string 13612 required: 13613 - resource 13614 type: object 13615 required: 13616 - path 13617 type: object 13618 type: array 13619 type: object 13620 emptyDir: 13621 description: 'emptyDir represents a temporary 13622 directory that shares a pod''s lifetime. 13623 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 13624 properties: 13625 medium: 13626 description: 'medium represents what type 13627 of storage medium should back this directory. 13628 The default is "" which means to use 13629 the node''s default medium. Must be 13630 an empty string (default) or Memory. 13631 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 13632 type: string 13633 sizeLimit: 13634 anyOf: 13635 - type: integer 13636 - type: string 13637 description: 'sizeLimit is the total amount 13638 of local storage required for this EmptyDir 13639 volume. The size limit is also applicable 13640 for memory medium. The maximum usage 13641 on memory medium EmptyDir would be the 13642 minimum value between the SizeLimit 13643 specified here and the sum of memory 13644 limits of all containers in a pod. The 13645 default is nil which means that the 13646 limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 13647 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13648 x-kubernetes-int-or-string: true 13649 type: object 13650 ephemeral: 13651 description: "ephemeral represents a volume 13652 that is handled by a cluster storage driver. 13653 The volume's lifecycle is tied to the pod 13654 that defines it - it will be created before 13655 the pod starts, and deleted when the pod 13656 is removed. \n Use this if: a) the volume 13657 is only needed while the pod runs, b) features 13658 of normal volumes like restoring from snapshot 13659 or capacity tracking are needed, c) the 13660 storage driver is specified through a storage 13661 class, and d) the storage driver supports 13662 dynamic volume provisioning through a 13663 PersistentVolumeClaim (see EphemeralVolumeSource 13664 for more information on the connection 13665 between this volume type and PersistentVolumeClaim). 13666 \n Use PersistentVolumeClaim or one of the 13667 vendor-specific APIs for volumes that persist 13668 for longer than the lifecycle of an individual 13669 pod. \n Use CSI for light-weight local ephemeral 13670 volumes if the CSI driver is meant to be 13671 used that way - see the documentation of 13672 the driver for more information. \n A pod 13673 can use both types of ephemeral volumes 13674 and persistent volumes at the same time." 13675 properties: 13676 volumeClaimTemplate: 13677 description: "Will be used to create a 13678 stand-alone PVC to provision the volume. 13679 The pod in which this EphemeralVolumeSource 13680 is embedded will be the owner of the 13681 PVC, i.e. the PVC will be deleted together 13682 with the pod. The name of the PVC will 13683 be `<pod name>-<volume name>` where 13684 `<volume name>` is the name from the 13685 `PodSpec.Volumes` array entry. Pod validation 13686 will reject the pod if the concatenated 13687 name is not valid for a PVC (for example, 13688 too long). \n An existing PVC with that 13689 name that is not owned by the pod will 13690 *not* be used for the pod to avoid using 13691 an unrelated volume by mistake. Starting 13692 the pod is then blocked until the unrelated 13693 PVC is removed. If such a pre-created 13694 PVC is meant to be used by the pod, 13695 the PVC has to updated with an owner 13696 reference to the pod once the pod exists. 13697 Normally this should not be necessary, 13698 but it may be useful when manually reconstructing 13699 a broken cluster. \n This field is read-only 13700 and no changes will be made by Kubernetes 13701 to the PVC after it has been created. 13702 \n Required, must not be nil." 13703 properties: 13704 metadata: 13705 description: May contain labels and 13706 annotations that will be copied 13707 into the PVC when creating it. No 13708 other fields are allowed and will 13709 be rejected during validation. 13710 type: object 13711 spec: 13712 description: The specification for 13713 the PersistentVolumeClaim. The entire 13714 content is copied unchanged into 13715 the PVC that gets created from this 13716 template. The same fields as in 13717 a PersistentVolumeClaim are also 13718 valid here. 13719 properties: 13720 accessModes: 13721 description: 'accessModes contains 13722 the desired access modes the 13723 volume should have. More info: 13724 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 13725 items: 13726 type: string 13727 type: array 13728 dataSource: 13729 description: 'dataSource field 13730 can be used to specify either: 13731 * An existing VolumeSnapshot 13732 object (snapshot.storage.k8s.io/VolumeSnapshot) 13733 * An existing PVC (PersistentVolumeClaim) 13734 If the provisioner or an external 13735 controller can support the specified 13736 data source, it will create 13737 a new volume based on the contents 13738 of the specified data source. 13739 When the AnyVolumeDataSource 13740 feature gate is enabled, dataSource 13741 contents will be copied to dataSourceRef, 13742 and dataSourceRef contents will 13743 be copied to dataSource when 13744 dataSourceRef.namespace is not 13745 specified. If the namespace 13746 is specified, then dataSourceRef 13747 will not be copied to dataSource.' 13748 properties: 13749 apiGroup: 13750 description: APIGroup is the 13751 group for the resource being 13752 referenced. If APIGroup 13753 is not specified, the specified 13754 Kind must be in the core 13755 API group. For any other 13756 third-party types, APIGroup 13757 is required. 13758 type: string 13759 kind: 13760 description: Kind is the type 13761 of resource being referenced 13762 type: string 13763 name: 13764 description: Name is the name 13765 of resource being referenced 13766 type: string 13767 required: 13768 - kind 13769 - name 13770 type: object 13771 dataSourceRef: 13772 description: 'dataSourceRef specifies 13773 the object from which to populate 13774 the volume with data, if a non-empty 13775 volume is desired. This may 13776 be any object from a non-empty 13777 API group (non core object) 13778 or a PersistentVolumeClaim object. 13779 When this field is specified, 13780 volume binding will only succeed 13781 if the type of the specified 13782 object matches some installed 13783 volume populator or dynamic 13784 provisioner. This field will 13785 replace the functionality of 13786 the dataSource field and as 13787 such if both fields are non-empty, 13788 they must have the same value. 13789 For backwards compatibility, 13790 when namespace isn''t specified 13791 in dataSourceRef, both fields 13792 (dataSource and dataSourceRef) 13793 will be set to the same value 13794 automatically if one of them 13795 is empty and the other is non-empty. 13796 When namespace is specified 13797 in dataSourceRef, dataSource 13798 isn''t set to the same value 13799 and must be empty. There are 13800 three important differences 13801 between dataSource and dataSourceRef: 13802 * While dataSource only allows 13803 two specific types of objects, 13804 dataSourceRef allows any non-core 13805 object, as well as PersistentVolumeClaim 13806 objects. * While dataSource 13807 ignores disallowed values (dropping 13808 them), dataSourceRef preserves 13809 all values, and generates an 13810 error if a disallowed value 13811 is specified. * While dataSource 13812 only allows local objects, dataSourceRef 13813 allows objects in any namespaces. 13814 (Beta) Using this field requires 13815 the AnyVolumeDataSource feature 13816 gate to be enabled. (Alpha) 13817 Using the namespace field of 13818 dataSourceRef requires the CrossNamespaceVolumeDataSource 13819 feature gate to be enabled.' 13820 properties: 13821 apiGroup: 13822 description: APIGroup is the 13823 group for the resource being 13824 referenced. If APIGroup 13825 is not specified, the specified 13826 Kind must be in the core 13827 API group. For any other 13828 third-party types, APIGroup 13829 is required. 13830 type: string 13831 kind: 13832 description: Kind is the type 13833 of resource being referenced 13834 type: string 13835 name: 13836 description: Name is the name 13837 of resource being referenced 13838 type: string 13839 namespace: 13840 description: Namespace is 13841 the namespace of resource 13842 being referenced Note that 13843 when a namespace is specified, 13844 a gateway.networking.k8s.io/ReferenceGrant 13845 object is required in the 13846 referent namespace to allow 13847 that namespace's owner to 13848 accept the reference. See 13849 the ReferenceGrant documentation 13850 for details. (Alpha) This 13851 field requires the CrossNamespaceVolumeDataSource 13852 feature gate to be enabled. 13853 type: string 13854 required: 13855 - kind 13856 - name 13857 type: object 13858 resources: 13859 description: 'resources represents 13860 the minimum resources the volume 13861 should have. If RecoverVolumeExpansionFailure 13862 feature is enabled users are 13863 allowed to specify resource 13864 requirements that are lower 13865 than previous value but must 13866 still be higher than capacity 13867 recorded in the status field 13868 of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 13869 properties: 13870 claims: 13871 description: "Claims lists 13872 the names of resources, 13873 defined in spec.resourceClaims, 13874 that are used by this container. 13875 \n This is an alpha field 13876 and requires enabling the 13877 DynamicResourceAllocation 13878 feature gate. \n This field 13879 is immutable. It can only 13880 be set for containers." 13881 items: 13882 description: ResourceClaim 13883 references one entry in 13884 PodSpec.ResourceClaims. 13885 properties: 13886 name: 13887 description: Name must 13888 match the name of 13889 one entry in pod.spec.resourceClaims 13890 of the Pod where this 13891 field is used. It 13892 makes that resource 13893 available inside a 13894 container. 13895 type: string 13896 required: 13897 - name 13898 type: object 13899 type: array 13900 x-kubernetes-list-map-keys: 13901 - name 13902 x-kubernetes-list-type: map 13903 limits: 13904 additionalProperties: 13905 anyOf: 13906 - type: integer 13907 - type: string 13908 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13909 x-kubernetes-int-or-string: true 13910 description: 'Limits describes 13911 the maximum amount of compute 13912 resources allowed. More 13913 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13914 type: object 13915 requests: 13916 additionalProperties: 13917 anyOf: 13918 - type: integer 13919 - type: string 13920 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 13921 x-kubernetes-int-or-string: true 13922 description: 'Requests describes 13923 the minimum amount of compute 13924 resources required. If Requests 13925 is omitted for a container, 13926 it defaults to Limits if 13927 that is explicitly specified, 13928 otherwise to an implementation-defined 13929 value. Requests cannot exceed 13930 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 13931 type: object 13932 type: object 13933 selector: 13934 description: selector is a label 13935 query over volumes to consider 13936 for binding. 13937 properties: 13938 matchExpressions: 13939 description: matchExpressions 13940 is a list of label selector 13941 requirements. The requirements 13942 are ANDed. 13943 items: 13944 description: A label selector 13945 requirement is a selector 13946 that contains values, 13947 a key, and an operator 13948 that relates the key and 13949 values. 13950 properties: 13951 key: 13952 description: key is 13953 the label key that 13954 the selector applies 13955 to. 13956 type: string 13957 operator: 13958 description: operator 13959 represents a key's 13960 relationship to a 13961 set of values. Valid 13962 operators are In, 13963 NotIn, Exists and 13964 DoesNotExist. 13965 type: string 13966 values: 13967 description: values 13968 is an array of string 13969 values. If the operator 13970 is In or NotIn, the 13971 values array must 13972 be non-empty. If the 13973 operator is Exists 13974 or DoesNotExist, the 13975 values array must 13976 be empty. This array 13977 is replaced during 13978 a strategic merge 13979 patch. 13980 items: 13981 type: string 13982 type: array 13983 required: 13984 - key 13985 - operator 13986 type: object 13987 type: array 13988 matchLabels: 13989 additionalProperties: 13990 type: string 13991 description: matchLabels is 13992 a map of {key,value} pairs. 13993 A single {key,value} in 13994 the matchLabels map is equivalent 13995 to an element of matchExpressions, 13996 whose key field is "key", 13997 the operator is "In", and 13998 the values array contains 13999 only "value". The requirements 14000 are ANDed. 14001 type: object 14002 type: object 14003 storageClassName: 14004 description: 'storageClassName 14005 is the name of the StorageClass 14006 required by the claim. More 14007 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 14008 type: string 14009 volumeMode: 14010 description: volumeMode defines 14011 what type of volume is required 14012 by the claim. Value of Filesystem 14013 is implied when not included 14014 in claim spec. 14015 type: string 14016 volumeName: 14017 description: volumeName is the 14018 binding reference to the PersistentVolume 14019 backing this claim. 14020 type: string 14021 type: object 14022 required: 14023 - spec 14024 type: object 14025 type: object 14026 fc: 14027 description: fc represents a Fibre Channel 14028 resource that is attached to a kubelet's 14029 host machine and then exposed to the pod. 14030 properties: 14031 fsType: 14032 description: 'fsType is the filesystem 14033 type to mount. Must be a filesystem 14034 type supported by the host operating 14035 system. Ex. "ext4", "xfs", "ntfs". Implicitly 14036 inferred to be "ext4" if unspecified. 14037 TODO: how do we prevent errors in the 14038 filesystem from compromising the machine' 14039 type: string 14040 lun: 14041 description: 'lun is Optional: FC target 14042 lun number' 14043 format: int32 14044 type: integer 14045 readOnly: 14046 description: 'readOnly is Optional: Defaults 14047 to false (read/write). ReadOnly here 14048 will force the ReadOnly setting in VolumeMounts.' 14049 type: boolean 14050 targetWWNs: 14051 description: 'targetWWNs is Optional: 14052 FC target worldwide names (WWNs)' 14053 items: 14054 type: string 14055 type: array 14056 wwids: 14057 description: 'wwids Optional: FC volume 14058 world wide identifiers (wwids) Either 14059 wwids or combination of targetWWNs and 14060 lun must be set, but not both simultaneously.' 14061 items: 14062 type: string 14063 type: array 14064 type: object 14065 flexVolume: 14066 description: flexVolume represents a generic 14067 volume resource that is provisioned/attached 14068 using an exec based plugin. 14069 properties: 14070 driver: 14071 description: driver is the name of the 14072 driver to use for this volume. 14073 type: string 14074 fsType: 14075 description: fsType is the filesystem 14076 type to mount. Must be a filesystem 14077 type supported by the host operating 14078 system. Ex. "ext4", "xfs", "ntfs". The 14079 default filesystem depends on FlexVolume 14080 script. 14081 type: string 14082 options: 14083 additionalProperties: 14084 type: string 14085 description: 'options is Optional: this 14086 field holds extra command options if 14087 any.' 14088 type: object 14089 readOnly: 14090 description: 'readOnly is Optional: defaults 14091 to false (read/write). ReadOnly here 14092 will force the ReadOnly setting in VolumeMounts.' 14093 type: boolean 14094 secretRef: 14095 description: 'secretRef is Optional: secretRef 14096 is reference to the secret object containing 14097 sensitive information to pass to the 14098 plugin scripts. This may be empty if 14099 no secret object is specified. If the 14100 secret object contains more than one 14101 secret, all secrets are passed to the 14102 plugin scripts.' 14103 properties: 14104 name: 14105 description: 'Name of the referent. 14106 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14107 TODO: Add other useful fields. apiVersion, 14108 kind, uid?' 14109 type: string 14110 type: object 14111 required: 14112 - driver 14113 type: object 14114 flocker: 14115 description: flocker represents a Flocker 14116 volume attached to a kubelet's host machine. 14117 This depends on the Flocker control service 14118 being running 14119 properties: 14120 datasetName: 14121 description: datasetName is Name of the 14122 dataset stored as metadata -> name on 14123 the dataset for Flocker should be considered 14124 as deprecated 14125 type: string 14126 datasetUUID: 14127 description: datasetUUID is the UUID of 14128 the dataset. This is unique identifier 14129 of a Flocker dataset 14130 type: string 14131 type: object 14132 gcePersistentDisk: 14133 description: 'gcePersistentDisk represents 14134 a GCE Disk resource that is attached to 14135 a kubelet''s host machine and then exposed 14136 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 14137 properties: 14138 fsType: 14139 description: 'fsType is filesystem type 14140 of the volume that you want to mount. 14141 Tip: Ensure that the filesystem type 14142 is supported by the host operating system. 14143 Examples: "ext4", "xfs", "ntfs". Implicitly 14144 inferred to be "ext4" if unspecified. 14145 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 14146 TODO: how do we prevent errors in the 14147 filesystem from compromising the machine' 14148 type: string 14149 partition: 14150 description: 'partition is the partition 14151 in the volume that you want to mount. 14152 If omitted, the default is to mount 14153 by volume name. Examples: For volume 14154 /dev/sda1, you specify the partition 14155 as "1". Similarly, the volume partition 14156 for /dev/sda is "0" (or you can leave 14157 the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 14158 format: int32 14159 type: integer 14160 pdName: 14161 description: 'pdName is unique name of 14162 the PD resource in GCE. Used to identify 14163 the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 14164 type: string 14165 readOnly: 14166 description: 'readOnly here will force 14167 the ReadOnly setting in VolumeMounts. 14168 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 14169 type: boolean 14170 required: 14171 - pdName 14172 type: object 14173 gitRepo: 14174 description: 'gitRepo represents a git repository 14175 at a particular revision. DEPRECATED: GitRepo 14176 is deprecated. To provision a container 14177 with a git repo, mount an EmptyDir into 14178 an InitContainer that clones the repo using 14179 git, then mount the EmptyDir into the Pod''s 14180 container.' 14181 properties: 14182 directory: 14183 description: directory is the target directory 14184 name. Must not contain or start with 14185 '..'. If '.' is supplied, the volume 14186 directory will be the git repository. Otherwise, 14187 if specified, the volume will contain 14188 the git repository in the subdirectory 14189 with the given name. 14190 type: string 14191 repository: 14192 description: repository is the URL 14193 type: string 14194 revision: 14195 description: revision is the commit hash 14196 for the specified revision. 14197 type: string 14198 required: 14199 - repository 14200 type: object 14201 glusterfs: 14202 description: 'glusterfs represents a Glusterfs 14203 mount on the host that shares a pod''s lifetime. 14204 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 14205 properties: 14206 endpoints: 14207 description: 'endpoints is the endpoint 14208 name that details Glusterfs topology. 14209 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 14210 type: string 14211 path: 14212 description: 'path is the Glusterfs volume 14213 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 14214 type: string 14215 readOnly: 14216 description: 'readOnly here will force 14217 the Glusterfs volume to be mounted with 14218 read-only permissions. Defaults to false. 14219 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 14220 type: boolean 14221 required: 14222 - endpoints 14223 - path 14224 type: object 14225 hostPath: 14226 description: 'hostPath represents a pre-existing 14227 file or directory on the host machine that 14228 is directly exposed to the container. This 14229 is generally used for system agents or other 14230 privileged things that are allowed to see 14231 the host machine. Most containers will NOT 14232 need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 14233 --- TODO(jonesdl) We need to restrict who 14234 can use host directory mounts and who can/can 14235 not mount host directories as read/write.' 14236 properties: 14237 path: 14238 description: 'path of the directory on 14239 the host. If the path is a symlink, 14240 it will follow the link to the real 14241 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 14242 type: string 14243 type: 14244 description: 'type for HostPath Volume 14245 Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 14246 type: string 14247 required: 14248 - path 14249 type: object 14250 iscsi: 14251 description: 'iscsi represents an ISCSI Disk 14252 resource that is attached to a kubelet''s 14253 host machine and then exposed to the pod. 14254 More info: https://examples.k8s.io/volumes/iscsi/README.md' 14255 properties: 14256 chapAuthDiscovery: 14257 description: chapAuthDiscovery defines 14258 whether support iSCSI Discovery CHAP 14259 authentication 14260 type: boolean 14261 chapAuthSession: 14262 description: chapAuthSession defines whether 14263 support iSCSI Session CHAP authentication 14264 type: boolean 14265 fsType: 14266 description: 'fsType is the filesystem 14267 type of the volume that you want to 14268 mount. Tip: Ensure that the filesystem 14269 type is supported by the host operating 14270 system. Examples: "ext4", "xfs", "ntfs". 14271 Implicitly inferred to be "ext4" if 14272 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 14273 TODO: how do we prevent errors in the 14274 filesystem from compromising the machine' 14275 type: string 14276 initiatorName: 14277 description: initiatorName is the custom 14278 iSCSI Initiator Name. If initiatorName 14279 is specified with iscsiInterface simultaneously, 14280 new iSCSI interface <target portal>:<volume 14281 name> will be created for the connection. 14282 type: string 14283 iqn: 14284 description: iqn is the target iSCSI Qualified 14285 Name. 14286 type: string 14287 iscsiInterface: 14288 description: iscsiInterface is the interface 14289 Name that uses an iSCSI transport. Defaults 14290 to 'default' (tcp). 14291 type: string 14292 lun: 14293 description: lun represents iSCSI Target 14294 Lun number. 14295 format: int32 14296 type: integer 14297 portals: 14298 description: portals is the iSCSI Target 14299 Portal List. The portal is either an 14300 IP or ip_addr:port if the port is other 14301 than default (typically TCP ports 860 14302 and 3260). 14303 items: 14304 type: string 14305 type: array 14306 readOnly: 14307 description: readOnly here will force 14308 the ReadOnly setting in VolumeMounts. 14309 Defaults to false. 14310 type: boolean 14311 secretRef: 14312 description: secretRef is the CHAP Secret 14313 for iSCSI target and initiator authentication 14314 properties: 14315 name: 14316 description: 'Name of the referent. 14317 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14318 TODO: Add other useful fields. apiVersion, 14319 kind, uid?' 14320 type: string 14321 type: object 14322 targetPortal: 14323 description: targetPortal is iSCSI Target 14324 Portal. The Portal is either an IP or 14325 ip_addr:port if the port is other than 14326 default (typically TCP ports 860 and 14327 3260). 14328 type: string 14329 required: 14330 - iqn 14331 - lun 14332 - targetPortal 14333 type: object 14334 name: 14335 description: 'name of the volume. Must be 14336 a DNS_LABEL and unique within the pod. More 14337 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 14338 type: string 14339 nfs: 14340 description: 'nfs represents an NFS mount 14341 on the host that shares a pod''s lifetime 14342 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 14343 properties: 14344 path: 14345 description: 'path that is exported by 14346 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 14347 type: string 14348 readOnly: 14349 description: 'readOnly here will force 14350 the NFS export to be mounted with read-only 14351 permissions. Defaults to false. More 14352 info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 14353 type: boolean 14354 server: 14355 description: 'server is the hostname or 14356 IP address of the NFS server. More info: 14357 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 14358 type: string 14359 required: 14360 - path 14361 - server 14362 type: object 14363 persistentVolumeClaim: 14364 description: 'persistentVolumeClaimVolumeSource 14365 represents a reference to a PersistentVolumeClaim 14366 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 14367 properties: 14368 claimName: 14369 description: 'claimName is the name of 14370 a PersistentVolumeClaim in the same 14371 namespace as the pod using this volume. 14372 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 14373 type: string 14374 readOnly: 14375 description: readOnly Will force the ReadOnly 14376 setting in VolumeMounts. Default false. 14377 type: boolean 14378 required: 14379 - claimName 14380 type: object 14381 photonPersistentDisk: 14382 description: photonPersistentDisk represents 14383 a PhotonController persistent disk attached 14384 and mounted on kubelets host machine 14385 properties: 14386 fsType: 14387 description: fsType is the filesystem 14388 type to mount. Must be a filesystem 14389 type supported by the host operating 14390 system. Ex. "ext4", "xfs", "ntfs". Implicitly 14391 inferred to be "ext4" if unspecified. 14392 type: string 14393 pdID: 14394 description: pdID is the ID that identifies 14395 Photon Controller persistent disk 14396 type: string 14397 required: 14398 - pdID 14399 type: object 14400 portworxVolume: 14401 description: portworxVolume represents a portworx 14402 volume attached and mounted on kubelets 14403 host machine 14404 properties: 14405 fsType: 14406 description: fSType represents the filesystem 14407 type to mount Must be a filesystem type 14408 supported by the host operating system. 14409 Ex. "ext4", "xfs". Implicitly inferred 14410 to be "ext4" if unspecified. 14411 type: string 14412 readOnly: 14413 description: readOnly defaults to false 14414 (read/write). ReadOnly here will force 14415 the ReadOnly setting in VolumeMounts. 14416 type: boolean 14417 volumeID: 14418 description: volumeID uniquely identifies 14419 a Portworx volume 14420 type: string 14421 required: 14422 - volumeID 14423 type: object 14424 projected: 14425 description: projected items for all in one 14426 resources secrets, configmaps, and downward 14427 API 14428 properties: 14429 defaultMode: 14430 description: defaultMode are the mode 14431 bits used to set permissions on created 14432 files by default. Must be an octal value 14433 between 0000 and 0777 or a decimal value 14434 between 0 and 511. YAML accepts both 14435 octal and decimal values, JSON requires 14436 decimal values for mode bits. Directories 14437 within the path are not affected by 14438 this setting. This might be in conflict 14439 with other options that affect the file 14440 mode, like fsGroup, and the result can 14441 be other mode bits set. 14442 format: int32 14443 type: integer 14444 sources: 14445 description: sources is the list of volume 14446 projections 14447 items: 14448 description: Projection that may be 14449 projected along with other supported 14450 volume types 14451 properties: 14452 configMap: 14453 description: configMap information 14454 about the configMap data to project 14455 properties: 14456 items: 14457 description: items if unspecified, 14458 each key-value pair in the 14459 Data field of the referenced 14460 ConfigMap will be projected 14461 into the volume as a file 14462 whose name is the key and 14463 content is the value. If specified, 14464 the listed keys will be projected 14465 into the specified paths, 14466 and unlisted keys will not 14467 be present. If a key is specified 14468 which is not present in the 14469 ConfigMap, the volume setup 14470 will error unless it is marked 14471 optional. Paths must be relative 14472 and may not contain the '..' 14473 path or start with '..'. 14474 items: 14475 description: Maps a string 14476 key to a path within a volume. 14477 properties: 14478 key: 14479 description: key is the 14480 key to project. 14481 type: string 14482 mode: 14483 description: 'mode is 14484 Optional: mode bits 14485 used to set permissions 14486 on this file. Must be 14487 an octal value between 14488 0000 and 0777 or a decimal 14489 value between 0 and 14490 511. YAML accepts both 14491 octal and decimal values, 14492 JSON requires decimal 14493 values for mode bits. 14494 If not specified, the 14495 volume defaultMode will 14496 be used. This might 14497 be in conflict with 14498 other options that affect 14499 the file mode, like 14500 fsGroup, and the result 14501 can be other mode bits 14502 set.' 14503 format: int32 14504 type: integer 14505 path: 14506 description: path is the 14507 relative path of the 14508 file to map the key 14509 to. May not be an absolute 14510 path. May not contain 14511 the path element '..'. 14512 May not start with the 14513 string '..'. 14514 type: string 14515 required: 14516 - key 14517 - path 14518 type: object 14519 type: array 14520 name: 14521 description: 'Name of the referent. 14522 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14523 TODO: Add other useful fields. 14524 apiVersion, kind, uid?' 14525 type: string 14526 optional: 14527 description: optional specify 14528 whether the ConfigMap or its 14529 keys must be defined 14530 type: boolean 14531 type: object 14532 downwardAPI: 14533 description: downwardAPI information 14534 about the downwardAPI data to 14535 project 14536 properties: 14537 items: 14538 description: Items is a list 14539 of DownwardAPIVolume file 14540 items: 14541 description: DownwardAPIVolumeFile 14542 represents information to 14543 create the file containing 14544 the pod field 14545 properties: 14546 fieldRef: 14547 description: 'Required: 14548 Selects a field of the 14549 pod: only annotations, 14550 labels, name and namespace 14551 are supported.' 14552 properties: 14553 apiVersion: 14554 description: Version 14555 of the schema the 14556 FieldPath is written 14557 in terms of, defaults 14558 to "v1". 14559 type: string 14560 fieldPath: 14561 description: Path 14562 of the field to 14563 select in the specified 14564 API version. 14565 type: string 14566 required: 14567 - fieldPath 14568 type: object 14569 mode: 14570 description: 'Optional: 14571 mode bits used to set 14572 permissions on this 14573 file, must be an octal 14574 value between 0000 and 14575 0777 or a decimal value 14576 between 0 and 511. YAML 14577 accepts both octal and 14578 decimal values, JSON 14579 requires decimal values 14580 for mode bits. If not 14581 specified, the volume 14582 defaultMode will be 14583 used. This might be 14584 in conflict with other 14585 options that affect 14586 the file mode, like 14587 fsGroup, and the result 14588 can be other mode bits 14589 set.' 14590 format: int32 14591 type: integer 14592 path: 14593 description: 'Required: 14594 Path is the relative 14595 path name of the file 14596 to be created. Must 14597 not be absolute or contain 14598 the ''..'' path. Must 14599 be utf-8 encoded. The 14600 first item of the relative 14601 path must not start 14602 with ''..''' 14603 type: string 14604 resourceFieldRef: 14605 description: 'Selects 14606 a resource of the container: 14607 only resources limits 14608 and requests (limits.cpu, 14609 limits.memory, requests.cpu 14610 and requests.memory) 14611 are currently supported.' 14612 properties: 14613 containerName: 14614 description: 'Container 14615 name: required for 14616 volumes, optional 14617 for env vars' 14618 type: string 14619 divisor: 14620 anyOf: 14621 - type: integer 14622 - type: string 14623 description: Specifies 14624 the output format 14625 of the exposed resources, 14626 defaults to "1" 14627 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 14628 x-kubernetes-int-or-string: true 14629 resource: 14630 description: 'Required: 14631 resource to select' 14632 type: string 14633 required: 14634 - resource 14635 type: object 14636 required: 14637 - path 14638 type: object 14639 type: array 14640 type: object 14641 secret: 14642 description: secret information 14643 about the secret data to project 14644 properties: 14645 items: 14646 description: items if unspecified, 14647 each key-value pair in the 14648 Data field of the referenced 14649 Secret will be projected into 14650 the volume as a file whose 14651 name is the key and content 14652 is the value. If specified, 14653 the listed keys will be projected 14654 into the specified paths, 14655 and unlisted keys will not 14656 be present. If a key is specified 14657 which is not present in the 14658 Secret, the volume setup will 14659 error unless it is marked 14660 optional. Paths must be relative 14661 and may not contain the '..' 14662 path or start with '..'. 14663 items: 14664 description: Maps a string 14665 key to a path within a volume. 14666 properties: 14667 key: 14668 description: key is the 14669 key to project. 14670 type: string 14671 mode: 14672 description: 'mode is 14673 Optional: mode bits 14674 used to set permissions 14675 on this file. Must be 14676 an octal value between 14677 0000 and 0777 or a decimal 14678 value between 0 and 14679 511. YAML accepts both 14680 octal and decimal values, 14681 JSON requires decimal 14682 values for mode bits. 14683 If not specified, the 14684 volume defaultMode will 14685 be used. This might 14686 be in conflict with 14687 other options that affect 14688 the file mode, like 14689 fsGroup, and the result 14690 can be other mode bits 14691 set.' 14692 format: int32 14693 type: integer 14694 path: 14695 description: path is the 14696 relative path of the 14697 file to map the key 14698 to. May not be an absolute 14699 path. May not contain 14700 the path element '..'. 14701 May not start with the 14702 string '..'. 14703 type: string 14704 required: 14705 - key 14706 - path 14707 type: object 14708 type: array 14709 name: 14710 description: 'Name of the referent. 14711 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14712 TODO: Add other useful fields. 14713 apiVersion, kind, uid?' 14714 type: string 14715 optional: 14716 description: optional field 14717 specify whether the Secret 14718 or its key must be defined 14719 type: boolean 14720 type: object 14721 serviceAccountToken: 14722 description: serviceAccountToken 14723 is information about the serviceAccountToken 14724 data to project 14725 properties: 14726 audience: 14727 description: audience is the 14728 intended audience of the token. 14729 A recipient of a token must 14730 identify itself with an identifier 14731 specified in the audience 14732 of the token, and otherwise 14733 should reject the token. The 14734 audience defaults to the identifier 14735 of the apiserver. 14736 type: string 14737 expirationSeconds: 14738 description: expirationSeconds 14739 is the requested duration 14740 of validity of the service 14741 account token. As the token 14742 approaches expiration, the 14743 kubelet volume plugin will 14744 proactively rotate the service 14745 account token. The kubelet 14746 will start trying to rotate 14747 the token if the token is 14748 older than 80 percent of its 14749 time to live or if the token 14750 is older than 24 hours.Defaults 14751 to 1 hour and must be at least 14752 10 minutes. 14753 format: int64 14754 type: integer 14755 path: 14756 description: path is the path 14757 relative to the mount point 14758 of the file to project the 14759 token into. 14760 type: string 14761 required: 14762 - path 14763 type: object 14764 type: object 14765 type: array 14766 type: object 14767 quobyte: 14768 description: quobyte represents a Quobyte 14769 mount on the host that shares a pod's lifetime 14770 properties: 14771 group: 14772 description: group to map volume access 14773 to Default is no group 14774 type: string 14775 readOnly: 14776 description: readOnly here will force 14777 the Quobyte volume to be mounted with 14778 read-only permissions. Defaults to false. 14779 type: boolean 14780 registry: 14781 description: registry represents a single 14782 or multiple Quobyte Registry services 14783 specified as a string as host:port pair 14784 (multiple entries are separated with 14785 commas) which acts as the central registry 14786 for volumes 14787 type: string 14788 tenant: 14789 description: tenant owning the given Quobyte 14790 volume in the Backend Used with dynamically 14791 provisioned Quobyte volumes, value is 14792 set by the plugin 14793 type: string 14794 user: 14795 description: user to map volume access 14796 to Defaults to serivceaccount user 14797 type: string 14798 volume: 14799 description: volume is a string that references 14800 an already created Quobyte volume by 14801 name. 14802 type: string 14803 required: 14804 - registry 14805 - volume 14806 type: object 14807 rbd: 14808 description: 'rbd represents a Rados Block 14809 Device mount on the host that shares a pod''s 14810 lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 14811 properties: 14812 fsType: 14813 description: 'fsType is the filesystem 14814 type of the volume that you want to 14815 mount. Tip: Ensure that the filesystem 14816 type is supported by the host operating 14817 system. Examples: "ext4", "xfs", "ntfs". 14818 Implicitly inferred to be "ext4" if 14819 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 14820 TODO: how do we prevent errors in the 14821 filesystem from compromising the machine' 14822 type: string 14823 image: 14824 description: 'image is the rados image 14825 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14826 type: string 14827 keyring: 14828 description: 'keyring is the path to key 14829 ring for RBDUser. Default is /etc/ceph/keyring. 14830 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14831 type: string 14832 monitors: 14833 description: 'monitors is a collection 14834 of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14835 items: 14836 type: string 14837 type: array 14838 pool: 14839 description: 'pool is the rados pool name. 14840 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14841 type: string 14842 readOnly: 14843 description: 'readOnly here will force 14844 the ReadOnly setting in VolumeMounts. 14845 Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14846 type: boolean 14847 secretRef: 14848 description: 'secretRef is name of the 14849 authentication secret for RBDUser. If 14850 provided overrides keyring. Default 14851 is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14852 properties: 14853 name: 14854 description: 'Name of the referent. 14855 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14856 TODO: Add other useful fields. apiVersion, 14857 kind, uid?' 14858 type: string 14859 type: object 14860 user: 14861 description: 'user is the rados user name. 14862 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 14863 type: string 14864 required: 14865 - image 14866 - monitors 14867 type: object 14868 scaleIO: 14869 description: scaleIO represents a ScaleIO 14870 persistent volume attached and mounted on 14871 Kubernetes nodes. 14872 properties: 14873 fsType: 14874 description: fsType is the filesystem 14875 type to mount. Must be a filesystem 14876 type supported by the host operating 14877 system. Ex. "ext4", "xfs", "ntfs". Default 14878 is "xfs". 14879 type: string 14880 gateway: 14881 description: gateway is the host address 14882 of the ScaleIO API Gateway. 14883 type: string 14884 protectionDomain: 14885 description: protectionDomain is the name 14886 of the ScaleIO Protection Domain for 14887 the configured storage. 14888 type: string 14889 readOnly: 14890 description: readOnly Defaults to false 14891 (read/write). ReadOnly here will force 14892 the ReadOnly setting in VolumeMounts. 14893 type: boolean 14894 secretRef: 14895 description: secretRef references to the 14896 secret for ScaleIO user and other sensitive 14897 information. If this is not provided, 14898 Login operation will fail. 14899 properties: 14900 name: 14901 description: 'Name of the referent. 14902 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 14903 TODO: Add other useful fields. apiVersion, 14904 kind, uid?' 14905 type: string 14906 type: object 14907 sslEnabled: 14908 description: sslEnabled Flag enable/disable 14909 SSL communication with Gateway, default 14910 false 14911 type: boolean 14912 storageMode: 14913 description: storageMode indicates whether 14914 the storage for a volume should be ThickProvisioned 14915 or ThinProvisioned. Default is ThinProvisioned. 14916 type: string 14917 storagePool: 14918 description: storagePool is the ScaleIO 14919 Storage Pool associated with the protection 14920 domain. 14921 type: string 14922 system: 14923 description: system is the name of the 14924 storage system as configured in ScaleIO. 14925 type: string 14926 volumeName: 14927 description: volumeName is the name of 14928 a volume already created in the ScaleIO 14929 system that is associated with this 14930 volume source. 14931 type: string 14932 required: 14933 - gateway 14934 - secretRef 14935 - system 14936 type: object 14937 secret: 14938 description: 'secret represents a secret that 14939 should populate this volume. More info: 14940 https://kubernetes.io/docs/concepts/storage/volumes#secret' 14941 properties: 14942 defaultMode: 14943 description: 'defaultMode is Optional: 14944 mode bits used to set permissions on 14945 created files by default. Must be an 14946 octal value between 0000 and 0777 or 14947 a decimal value between 0 and 511. YAML 14948 accepts both octal and decimal values, 14949 JSON requires decimal values for mode 14950 bits. Defaults to 0644. Directories 14951 within the path are not affected by 14952 this setting. This might be in conflict 14953 with other options that affect the file 14954 mode, like fsGroup, and the result can 14955 be other mode bits set.' 14956 format: int32 14957 type: integer 14958 items: 14959 description: items If unspecified, each 14960 key-value pair in the Data field of 14961 the referenced Secret will be projected 14962 into the volume as a file whose name 14963 is the key and content is the value. 14964 If specified, the listed keys will be 14965 projected into the specified paths, 14966 and unlisted keys will not be present. 14967 If a key is specified which is not present 14968 in the Secret, the volume setup will 14969 error unless it is marked optional. 14970 Paths must be relative and may not contain 14971 the '..' path or start with '..'. 14972 items: 14973 description: Maps a string key to a 14974 path within a volume. 14975 properties: 14976 key: 14977 description: key is the key to project. 14978 type: string 14979 mode: 14980 description: 'mode is Optional: 14981 mode bits used to set permissions 14982 on this file. Must be an octal 14983 value between 0000 and 0777 or 14984 a decimal value between 0 and 14985 511. YAML accepts both octal and 14986 decimal values, JSON requires 14987 decimal values for mode bits. 14988 If not specified, the volume defaultMode 14989 will be used. This might be in 14990 conflict with other options that 14991 affect the file mode, like fsGroup, 14992 and the result can be other mode 14993 bits set.' 14994 format: int32 14995 type: integer 14996 path: 14997 description: path is the relative 14998 path of the file to map the key 14999 to. May not be an absolute path. 15000 May not contain the path element 15001 '..'. May not start with the string 15002 '..'. 15003 type: string 15004 required: 15005 - key 15006 - path 15007 type: object 15008 type: array 15009 optional: 15010 description: optional field specify whether 15011 the Secret or its keys must be defined 15012 type: boolean 15013 secretName: 15014 description: 'secretName is the name of 15015 the secret in the pod''s namespace to 15016 use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 15017 type: string 15018 type: object 15019 storageos: 15020 description: storageOS represents a StorageOS 15021 volume attached and mounted on Kubernetes 15022 nodes. 15023 properties: 15024 fsType: 15025 description: fsType is the filesystem 15026 type to mount. Must be a filesystem 15027 type supported by the host operating 15028 system. Ex. "ext4", "xfs", "ntfs". Implicitly 15029 inferred to be "ext4" if unspecified. 15030 type: string 15031 readOnly: 15032 description: readOnly defaults to false 15033 (read/write). ReadOnly here will force 15034 the ReadOnly setting in VolumeMounts. 15035 type: boolean 15036 secretRef: 15037 description: secretRef specifies the secret 15038 to use for obtaining the StorageOS API 15039 credentials. If not specified, default 15040 values will be attempted. 15041 properties: 15042 name: 15043 description: 'Name of the referent. 15044 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 15045 TODO: Add other useful fields. apiVersion, 15046 kind, uid?' 15047 type: string 15048 type: object 15049 volumeName: 15050 description: volumeName is the human-readable 15051 name of the StorageOS volume. Volume 15052 names are only unique within a namespace. 15053 type: string 15054 volumeNamespace: 15055 description: volumeNamespace specifies 15056 the scope of the volume within StorageOS. If 15057 no namespace is specified then the Pod's 15058 namespace will be used. This allows 15059 the Kubernetes name scoping to be mirrored 15060 within StorageOS for tighter integration. 15061 Set VolumeName to any name to override 15062 the default behaviour. Set to "default" 15063 if you are not using namespaces within 15064 StorageOS. Namespaces that do not pre-exist 15065 within StorageOS will be created. 15066 type: string 15067 type: object 15068 vsphereVolume: 15069 description: vsphereVolume represents a vSphere 15070 volume attached and mounted on kubelets 15071 host machine 15072 properties: 15073 fsType: 15074 description: fsType is filesystem type 15075 to mount. Must be a filesystem type 15076 supported by the host operating system. 15077 Ex. "ext4", "xfs", "ntfs". Implicitly 15078 inferred to be "ext4" if unspecified. 15079 type: string 15080 storagePolicyID: 15081 description: storagePolicyID is the storage 15082 Policy Based Management (SPBM) profile 15083 ID associated with the StoragePolicyName. 15084 type: string 15085 storagePolicyName: 15086 description: storagePolicyName is the 15087 storage Policy Based Management (SPBM) 15088 profile name. 15089 type: string 15090 volumePath: 15091 description: volumePath is the path that 15092 identifies vSphere volume vmdk 15093 type: string 15094 required: 15095 - volumePath 15096 type: object 15097 required: 15098 - name 15099 type: object 15100 type: array 15101 x-kubernetes-list-type: atomic 15102 workspaces: 15103 description: Workspaces are the volumes that this 15104 Task requires. 15105 items: 15106 description: WorkspaceDeclaration is a declaration 15107 of a volume that a Task requires. 15108 properties: 15109 description: 15110 description: Description is an optional human 15111 readable description of this volume. 15112 type: string 15113 mountPath: 15114 description: MountPath overrides the directory 15115 that the volume will be made available at. 15116 type: string 15117 name: 15118 description: Name is the name by which you 15119 can bind the volume at runtime. 15120 type: string 15121 optional: 15122 description: Optional marks a Workspace as 15123 not being required in TaskRuns. By default 15124 this field is false and so declared workspaces 15125 are required. 15126 type: boolean 15127 readOnly: 15128 description: ReadOnly dictates whether a mounted 15129 volume is writable. By default this field 15130 is false and so mounted volumes are writable. 15131 type: boolean 15132 required: 15133 - name 15134 type: object 15135 type: array 15136 x-kubernetes-list-type: atomic 15137 type: object 15138 timeout: 15139 description: 'Time after which the TaskRun times out. 15140 Defaults to 1 hour. Specified TaskRun timeout should 15141 be less than 24h. Refer Go''s ParseDuration documentation 15142 for expected format: https://golang.org/pkg/time/#ParseDuration' 15143 type: string 15144 when: 15145 description: WhenExpressions is a list of when expressions 15146 that need to be true for the task to run 15147 items: 15148 description: WhenExpression allows a PipelineTask 15149 to declare expressions to be evaluated before the 15150 Task is run to determine whether the Task should 15151 be executed or skipped 15152 properties: 15153 input: 15154 description: Input is the string for guard checking 15155 which can be a static input or an output from 15156 a parent Task 15157 type: string 15158 operator: 15159 description: Operator that represents an Input's 15160 relationship to the values 15161 type: string 15162 values: 15163 description: Values is an array of strings, which 15164 is compared against the input, for guard checking 15165 It must be non-empty 15166 items: 15167 type: string 15168 type: array 15169 x-kubernetes-list-type: atomic 15170 required: 15171 - input 15172 - operator 15173 - values 15174 type: object 15175 type: array 15176 workspaces: 15177 description: Workspaces maps workspaces from the pipeline 15178 spec to the workspaces declared in the Task. 15179 items: 15180 description: WorkspacePipelineTaskBinding describes 15181 how a workspace passed into the pipeline should 15182 be mapped to a task's declared workspace. 15183 properties: 15184 name: 15185 description: Name is the name of the workspace 15186 as declared by the task 15187 type: string 15188 subPath: 15189 description: SubPath is optionally a directory 15190 on the volume which should be used for this 15191 binding (i.e. the volume will be mounted at 15192 this sub directory). 15193 type: string 15194 workspace: 15195 description: Workspace is the name of the workspace 15196 declared by the pipeline 15197 type: string 15198 required: 15199 - name 15200 type: object 15201 type: array 15202 x-kubernetes-list-type: atomic 15203 type: object 15204 type: array 15205 x-kubernetes-list-type: atomic 15206 workspaces: 15207 description: Workspaces declares a set of named workspaces 15208 that are expected to be provided by a PipelineRun. 15209 items: 15210 description: PipelineWorkspaceDeclaration creates a named 15211 slot in a Pipeline that a PipelineRun is expected to populate 15212 with a workspace binding. 15213 properties: 15214 description: 15215 description: Description is a human readable string 15216 describing how the workspace will be used in the Pipeline. 15217 It can be useful to include a bit of detail about 15218 which tasks are intended to have access to the data 15219 on the workspace. 15220 type: string 15221 name: 15222 description: Name is the name of a workspace to be provided 15223 by a PipelineRun. 15224 type: string 15225 optional: 15226 description: Optional marks a Workspace as not being 15227 required in PipelineRuns. By default this field is 15228 false and so declared workspaces are required. 15229 type: boolean 15230 required: 15231 - name 15232 type: object 15233 type: array 15234 x-kubernetes-list-type: atomic 15235 type: object 15236 podTemplate: 15237 description: PodTemplate holds pod specific configuration 15238 properties: 15239 affinity: 15240 description: If specified, the pod's scheduling constraints 15241 properties: 15242 nodeAffinity: 15243 description: Describes node affinity scheduling rules 15244 for the pod. 15245 properties: 15246 preferredDuringSchedulingIgnoredDuringExecution: 15247 description: The scheduler will prefer to schedule 15248 pods to nodes that satisfy the affinity expressions 15249 specified by this field, but it may choose a node 15250 that violates one or more of the expressions. The 15251 node that is most preferred is the one with the 15252 greatest sum of weights, i.e. for each node that 15253 meets all of the scheduling requirements (resource 15254 request, requiredDuringScheduling affinity expressions, 15255 etc.), compute a sum by iterating through the elements 15256 of this field and adding "weight" to the sum if 15257 the node matches the corresponding matchExpressions; 15258 the node(s) with the highest sum are the most preferred. 15259 items: 15260 description: An empty preferred scheduling term 15261 matches all objects with implicit weight 0 (i.e. 15262 it's a no-op). A null preferred scheduling term 15263 matches no objects (i.e. is also a no-op). 15264 properties: 15265 preference: 15266 description: A node selector term, associated 15267 with the corresponding weight. 15268 properties: 15269 matchExpressions: 15270 description: A list of node selector requirements 15271 by node's labels. 15272 items: 15273 description: A node selector requirement 15274 is a selector that contains values, 15275 a key, and an operator that relates 15276 the key and values. 15277 properties: 15278 key: 15279 description: The label key that the 15280 selector applies to. 15281 type: string 15282 operator: 15283 description: Represents a key's relationship 15284 to a set of values. Valid operators 15285 are In, NotIn, Exists, DoesNotExist. 15286 Gt, and Lt. 15287 type: string 15288 values: 15289 description: An array of string values. 15290 If the operator is In or NotIn, 15291 the values array must be non-empty. 15292 If the operator is Exists or DoesNotExist, 15293 the values array must be empty. 15294 If the operator is Gt or Lt, the 15295 values array must have a single 15296 element, which will be interpreted 15297 as an integer. This array is replaced 15298 during a strategic merge patch. 15299 items: 15300 type: string 15301 type: array 15302 required: 15303 - key 15304 - operator 15305 type: object 15306 type: array 15307 matchFields: 15308 description: A list of node selector requirements 15309 by node's fields. 15310 items: 15311 description: A node selector requirement 15312 is a selector that contains values, 15313 a key, and an operator that relates 15314 the key and values. 15315 properties: 15316 key: 15317 description: The label key that the 15318 selector applies to. 15319 type: string 15320 operator: 15321 description: Represents a key's relationship 15322 to a set of values. Valid operators 15323 are In, NotIn, Exists, DoesNotExist. 15324 Gt, and Lt. 15325 type: string 15326 values: 15327 description: An array of string values. 15328 If the operator is In or NotIn, 15329 the values array must be non-empty. 15330 If the operator is Exists or DoesNotExist, 15331 the values array must be empty. 15332 If the operator is Gt or Lt, the 15333 values array must have a single 15334 element, which will be interpreted 15335 as an integer. This array is replaced 15336 during a strategic merge patch. 15337 items: 15338 type: string 15339 type: array 15340 required: 15341 - key 15342 - operator 15343 type: object 15344 type: array 15345 type: object 15346 weight: 15347 description: Weight associated with matching 15348 the corresponding nodeSelectorTerm, in the 15349 range 1-100. 15350 format: int32 15351 type: integer 15352 required: 15353 - preference 15354 - weight 15355 type: object 15356 type: array 15357 requiredDuringSchedulingIgnoredDuringExecution: 15358 description: If the affinity requirements specified 15359 by this field are not met at scheduling time, the 15360 pod will not be scheduled onto the node. If the 15361 affinity requirements specified by this field cease 15362 to be met at some point during pod execution (e.g. 15363 due to an update), the system may or may not try 15364 to eventually evict the pod from its node. 15365 properties: 15366 nodeSelectorTerms: 15367 description: Required. A list of node selector 15368 terms. The terms are ORed. 15369 items: 15370 description: A null or empty node selector term 15371 matches no objects. The requirements of them 15372 are ANDed. The TopologySelectorTerm type implements 15373 a subset of the NodeSelectorTerm. 15374 properties: 15375 matchExpressions: 15376 description: A list of node selector requirements 15377 by node's labels. 15378 items: 15379 description: A node selector requirement 15380 is a selector that contains values, 15381 a key, and an operator that relates 15382 the key and values. 15383 properties: 15384 key: 15385 description: The label key that the 15386 selector applies to. 15387 type: string 15388 operator: 15389 description: Represents a key's relationship 15390 to a set of values. Valid operators 15391 are In, NotIn, Exists, DoesNotExist. 15392 Gt, and Lt. 15393 type: string 15394 values: 15395 description: An array of string values. 15396 If the operator is In or NotIn, 15397 the values array must be non-empty. 15398 If the operator is Exists or DoesNotExist, 15399 the values array must be empty. 15400 If the operator is Gt or Lt, the 15401 values array must have a single 15402 element, which will be interpreted 15403 as an integer. This array is replaced 15404 during a strategic merge patch. 15405 items: 15406 type: string 15407 type: array 15408 required: 15409 - key 15410 - operator 15411 type: object 15412 type: array 15413 matchFields: 15414 description: A list of node selector requirements 15415 by node's fields. 15416 items: 15417 description: A node selector requirement 15418 is a selector that contains values, 15419 a key, and an operator that relates 15420 the key and values. 15421 properties: 15422 key: 15423 description: The label key that the 15424 selector applies to. 15425 type: string 15426 operator: 15427 description: Represents a key's relationship 15428 to a set of values. Valid operators 15429 are In, NotIn, Exists, DoesNotExist. 15430 Gt, and Lt. 15431 type: string 15432 values: 15433 description: An array of string values. 15434 If the operator is In or NotIn, 15435 the values array must be non-empty. 15436 If the operator is Exists or DoesNotExist, 15437 the values array must be empty. 15438 If the operator is Gt or Lt, the 15439 values array must have a single 15440 element, which will be interpreted 15441 as an integer. This array is replaced 15442 during a strategic merge patch. 15443 items: 15444 type: string 15445 type: array 15446 required: 15447 - key 15448 - operator 15449 type: object 15450 type: array 15451 type: object 15452 type: array 15453 required: 15454 - nodeSelectorTerms 15455 type: object 15456 type: object 15457 podAffinity: 15458 description: Describes pod affinity scheduling rules (e.g. 15459 co-locate this pod in the same node, zone, etc. as some 15460 other pod(s)). 15461 properties: 15462 preferredDuringSchedulingIgnoredDuringExecution: 15463 description: The scheduler will prefer to schedule 15464 pods to nodes that satisfy the affinity expressions 15465 specified by this field, but it may choose a node 15466 that violates one or more of the expressions. The 15467 node that is most preferred is the one with the 15468 greatest sum of weights, i.e. for each node that 15469 meets all of the scheduling requirements (resource 15470 request, requiredDuringScheduling affinity expressions, 15471 etc.), compute a sum by iterating through the elements 15472 of this field and adding "weight" to the sum if 15473 the node has pods which matches the corresponding 15474 podAffinityTerm; the node(s) with the highest sum 15475 are the most preferred. 15476 items: 15477 description: The weights of all of the matched WeightedPodAffinityTerm 15478 fields are added per-node to find the most preferred 15479 node(s) 15480 properties: 15481 podAffinityTerm: 15482 description: Required. A pod affinity term, 15483 associated with the corresponding weight. 15484 properties: 15485 labelSelector: 15486 description: A label query over a set of 15487 resources, in this case pods. 15488 properties: 15489 matchExpressions: 15490 description: matchExpressions is a list 15491 of label selector requirements. The 15492 requirements are ANDed. 15493 items: 15494 description: A label selector requirement 15495 is a selector that contains values, 15496 a key, and an operator that relates 15497 the key and values. 15498 properties: 15499 key: 15500 description: key is the label 15501 key that the selector applies 15502 to. 15503 type: string 15504 operator: 15505 description: operator represents 15506 a key's relationship to a set 15507 of values. Valid operators are 15508 In, NotIn, Exists and DoesNotExist. 15509 type: string 15510 values: 15511 description: values is an array 15512 of string values. If the operator 15513 is In or NotIn, the values array 15514 must be non-empty. If the operator 15515 is Exists or DoesNotExist, the 15516 values array must be empty. 15517 This array is replaced during 15518 a strategic merge patch. 15519 items: 15520 type: string 15521 type: array 15522 required: 15523 - key 15524 - operator 15525 type: object 15526 type: array 15527 matchLabels: 15528 additionalProperties: 15529 type: string 15530 description: matchLabels is a map of 15531 {key,value} pairs. A single {key,value} 15532 in the matchLabels map is equivalent 15533 to an element of matchExpressions, 15534 whose key field is "key", the operator 15535 is "In", and the values array contains 15536 only "value". The requirements are 15537 ANDed. 15538 type: object 15539 type: object 15540 namespaceSelector: 15541 description: A label query over the set 15542 of namespaces that the term applies to. 15543 The term is applied to the union of the 15544 namespaces selected by this field and 15545 the ones listed in the namespaces field. 15546 null selector and null or empty namespaces 15547 list means "this pod's namespace". An 15548 empty selector ({}) matches all namespaces. 15549 properties: 15550 matchExpressions: 15551 description: matchExpressions is a list 15552 of label selector requirements. The 15553 requirements are ANDed. 15554 items: 15555 description: A label selector requirement 15556 is a selector that contains values, 15557 a key, and an operator that relates 15558 the key and values. 15559 properties: 15560 key: 15561 description: key is the label 15562 key that the selector applies 15563 to. 15564 type: string 15565 operator: 15566 description: operator represents 15567 a key's relationship to a set 15568 of values. Valid operators are 15569 In, NotIn, Exists and DoesNotExist. 15570 type: string 15571 values: 15572 description: values is an array 15573 of string values. If the operator 15574 is In or NotIn, the values array 15575 must be non-empty. If the operator 15576 is Exists or DoesNotExist, the 15577 values array must be empty. 15578 This array is replaced during 15579 a strategic merge patch. 15580 items: 15581 type: string 15582 type: array 15583 required: 15584 - key 15585 - operator 15586 type: object 15587 type: array 15588 matchLabels: 15589 additionalProperties: 15590 type: string 15591 description: matchLabels is a map of 15592 {key,value} pairs. A single {key,value} 15593 in the matchLabels map is equivalent 15594 to an element of matchExpressions, 15595 whose key field is "key", the operator 15596 is "In", and the values array contains 15597 only "value". The requirements are 15598 ANDed. 15599 type: object 15600 type: object 15601 namespaces: 15602 description: namespaces specifies a static 15603 list of namespace names that the term 15604 applies to. The term is applied to the 15605 union of the namespaces listed in this 15606 field and the ones selected by namespaceSelector. 15607 null or empty namespaces list and null 15608 namespaceSelector means "this pod's namespace". 15609 items: 15610 type: string 15611 type: array 15612 topologyKey: 15613 description: This pod should be co-located 15614 (affinity) or not co-located (anti-affinity) 15615 with the pods matching the labelSelector 15616 in the specified namespaces, where co-located 15617 is defined as running on a node whose 15618 value of the label with key topologyKey 15619 matches that of any node on which any 15620 of the selected pods is running. Empty 15621 topologyKey is not allowed. 15622 type: string 15623 required: 15624 - topologyKey 15625 type: object 15626 weight: 15627 description: weight associated with matching 15628 the corresponding podAffinityTerm, in the 15629 range 1-100. 15630 format: int32 15631 type: integer 15632 required: 15633 - podAffinityTerm 15634 - weight 15635 type: object 15636 type: array 15637 requiredDuringSchedulingIgnoredDuringExecution: 15638 description: If the affinity requirements specified 15639 by this field are not met at scheduling time, the 15640 pod will not be scheduled onto the node. If the 15641 affinity requirements specified by this field cease 15642 to be met at some point during pod execution (e.g. 15643 due to a pod label update), the system may or may 15644 not try to eventually evict the pod from its node. 15645 When there are multiple elements, the lists of nodes 15646 corresponding to each podAffinityTerm are intersected, 15647 i.e. all terms must be satisfied. 15648 items: 15649 description: Defines a set of pods (namely those 15650 matching the labelSelector relative to the given 15651 namespace(s)) that this pod should be co-located 15652 (affinity) or not co-located (anti-affinity) with, 15653 where co-located is defined as running on a node 15654 whose value of the label with key <topologyKey> 15655 matches that of any node on which a pod of the 15656 set of pods is running 15657 properties: 15658 labelSelector: 15659 description: A label query over a set of resources, 15660 in this case pods. 15661 properties: 15662 matchExpressions: 15663 description: matchExpressions is a list 15664 of label selector requirements. The requirements 15665 are ANDed. 15666 items: 15667 description: A label selector requirement 15668 is a selector that contains values, 15669 a key, and an operator that relates 15670 the key and values. 15671 properties: 15672 key: 15673 description: key is the label key 15674 that the selector applies to. 15675 type: string 15676 operator: 15677 description: operator represents a 15678 key's relationship to a set of values. 15679 Valid operators are In, NotIn, Exists 15680 and DoesNotExist. 15681 type: string 15682 values: 15683 description: values is an array of 15684 string values. If the operator is 15685 In or NotIn, the values array must 15686 be non-empty. If the operator is 15687 Exists or DoesNotExist, the values 15688 array must be empty. This array 15689 is replaced during a strategic merge 15690 patch. 15691 items: 15692 type: string 15693 type: array 15694 required: 15695 - key 15696 - operator 15697 type: object 15698 type: array 15699 matchLabels: 15700 additionalProperties: 15701 type: string 15702 description: matchLabels is a map of {key,value} 15703 pairs. A single {key,value} in the matchLabels 15704 map is equivalent to an element of matchExpressions, 15705 whose key field is "key", the operator 15706 is "In", and the values array contains 15707 only "value". The requirements are ANDed. 15708 type: object 15709 type: object 15710 namespaceSelector: 15711 description: A label query over the set of namespaces 15712 that the term applies to. The term is applied 15713 to the union of the namespaces selected by 15714 this field and the ones listed in the namespaces 15715 field. null selector and null or empty namespaces 15716 list means "this pod's namespace". An empty 15717 selector ({}) matches all namespaces. 15718 properties: 15719 matchExpressions: 15720 description: matchExpressions is a list 15721 of label selector requirements. The requirements 15722 are ANDed. 15723 items: 15724 description: A label selector requirement 15725 is a selector that contains values, 15726 a key, and an operator that relates 15727 the key and values. 15728 properties: 15729 key: 15730 description: key is the label key 15731 that the selector applies to. 15732 type: string 15733 operator: 15734 description: operator represents a 15735 key's relationship to a set of values. 15736 Valid operators are In, NotIn, Exists 15737 and DoesNotExist. 15738 type: string 15739 values: 15740 description: values is an array of 15741 string values. If the operator is 15742 In or NotIn, the values array must 15743 be non-empty. If the operator is 15744 Exists or DoesNotExist, the values 15745 array must be empty. This array 15746 is replaced during a strategic merge 15747 patch. 15748 items: 15749 type: string 15750 type: array 15751 required: 15752 - key 15753 - operator 15754 type: object 15755 type: array 15756 matchLabels: 15757 additionalProperties: 15758 type: string 15759 description: matchLabels is a map of {key,value} 15760 pairs. A single {key,value} in the matchLabels 15761 map is equivalent to an element of matchExpressions, 15762 whose key field is "key", the operator 15763 is "In", and the values array contains 15764 only "value". The requirements are ANDed. 15765 type: object 15766 type: object 15767 namespaces: 15768 description: namespaces specifies a static list 15769 of namespace names that the term applies to. 15770 The term is applied to the union of the namespaces 15771 listed in this field and the ones selected 15772 by namespaceSelector. null or empty namespaces 15773 list and null namespaceSelector means "this 15774 pod's namespace". 15775 items: 15776 type: string 15777 type: array 15778 topologyKey: 15779 description: This pod should be co-located (affinity) 15780 or not co-located (anti-affinity) with the 15781 pods matching the labelSelector in the specified 15782 namespaces, where co-located is defined as 15783 running on a node whose value of the label 15784 with key topologyKey matches that of any node 15785 on which any of the selected pods is running. 15786 Empty topologyKey is not allowed. 15787 type: string 15788 required: 15789 - topologyKey 15790 type: object 15791 type: array 15792 type: object 15793 podAntiAffinity: 15794 description: Describes pod anti-affinity scheduling rules 15795 (e.g. avoid putting this pod in the same node, zone, 15796 etc. as some other pod(s)). 15797 properties: 15798 preferredDuringSchedulingIgnoredDuringExecution: 15799 description: The scheduler will prefer to schedule 15800 pods to nodes that satisfy the anti-affinity expressions 15801 specified by this field, but it may choose a node 15802 that violates one or more of the expressions. The 15803 node that is most preferred is the one with the 15804 greatest sum of weights, i.e. for each node that 15805 meets all of the scheduling requirements (resource 15806 request, requiredDuringScheduling anti-affinity 15807 expressions, etc.), compute a sum by iterating through 15808 the elements of this field and adding "weight" to 15809 the sum if the node has pods which matches the corresponding 15810 podAffinityTerm; the node(s) with the highest sum 15811 are the most preferred. 15812 items: 15813 description: The weights of all of the matched WeightedPodAffinityTerm 15814 fields are added per-node to find the most preferred 15815 node(s) 15816 properties: 15817 podAffinityTerm: 15818 description: Required. A pod affinity term, 15819 associated with the corresponding weight. 15820 properties: 15821 labelSelector: 15822 description: A label query over a set of 15823 resources, in this case pods. 15824 properties: 15825 matchExpressions: 15826 description: matchExpressions is a list 15827 of label selector requirements. The 15828 requirements are ANDed. 15829 items: 15830 description: A label selector requirement 15831 is a selector that contains values, 15832 a key, and an operator that relates 15833 the key and values. 15834 properties: 15835 key: 15836 description: key is the label 15837 key that the selector applies 15838 to. 15839 type: string 15840 operator: 15841 description: operator represents 15842 a key's relationship to a set 15843 of values. Valid operators are 15844 In, NotIn, Exists and DoesNotExist. 15845 type: string 15846 values: 15847 description: values is an array 15848 of string values. If the operator 15849 is In or NotIn, the values array 15850 must be non-empty. If the operator 15851 is Exists or DoesNotExist, the 15852 values array must be empty. 15853 This array is replaced during 15854 a strategic merge patch. 15855 items: 15856 type: string 15857 type: array 15858 required: 15859 - key 15860 - operator 15861 type: object 15862 type: array 15863 matchLabels: 15864 additionalProperties: 15865 type: string 15866 description: matchLabels is a map of 15867 {key,value} pairs. A single {key,value} 15868 in the matchLabels map is equivalent 15869 to an element of matchExpressions, 15870 whose key field is "key", the operator 15871 is "In", and the values array contains 15872 only "value". The requirements are 15873 ANDed. 15874 type: object 15875 type: object 15876 namespaceSelector: 15877 description: A label query over the set 15878 of namespaces that the term applies to. 15879 The term is applied to the union of the 15880 namespaces selected by this field and 15881 the ones listed in the namespaces field. 15882 null selector and null or empty namespaces 15883 list means "this pod's namespace". An 15884 empty selector ({}) matches all namespaces. 15885 properties: 15886 matchExpressions: 15887 description: matchExpressions is a list 15888 of label selector requirements. The 15889 requirements are ANDed. 15890 items: 15891 description: A label selector requirement 15892 is a selector that contains values, 15893 a key, and an operator that relates 15894 the key and values. 15895 properties: 15896 key: 15897 description: key is the label 15898 key that the selector applies 15899 to. 15900 type: string 15901 operator: 15902 description: operator represents 15903 a key's relationship to a set 15904 of values. Valid operators are 15905 In, NotIn, Exists and DoesNotExist. 15906 type: string 15907 values: 15908 description: values is an array 15909 of string values. If the operator 15910 is In or NotIn, the values array 15911 must be non-empty. If the operator 15912 is Exists or DoesNotExist, the 15913 values array must be empty. 15914 This array is replaced during 15915 a strategic merge patch. 15916 items: 15917 type: string 15918 type: array 15919 required: 15920 - key 15921 - operator 15922 type: object 15923 type: array 15924 matchLabels: 15925 additionalProperties: 15926 type: string 15927 description: matchLabels is a map of 15928 {key,value} pairs. A single {key,value} 15929 in the matchLabels map is equivalent 15930 to an element of matchExpressions, 15931 whose key field is "key", the operator 15932 is "In", and the values array contains 15933 only "value". The requirements are 15934 ANDed. 15935 type: object 15936 type: object 15937 namespaces: 15938 description: namespaces specifies a static 15939 list of namespace names that the term 15940 applies to. The term is applied to the 15941 union of the namespaces listed in this 15942 field and the ones selected by namespaceSelector. 15943 null or empty namespaces list and null 15944 namespaceSelector means "this pod's namespace". 15945 items: 15946 type: string 15947 type: array 15948 topologyKey: 15949 description: This pod should be co-located 15950 (affinity) or not co-located (anti-affinity) 15951 with the pods matching the labelSelector 15952 in the specified namespaces, where co-located 15953 is defined as running on a node whose 15954 value of the label with key topologyKey 15955 matches that of any node on which any 15956 of the selected pods is running. Empty 15957 topologyKey is not allowed. 15958 type: string 15959 required: 15960 - topologyKey 15961 type: object 15962 weight: 15963 description: weight associated with matching 15964 the corresponding podAffinityTerm, in the 15965 range 1-100. 15966 format: int32 15967 type: integer 15968 required: 15969 - podAffinityTerm 15970 - weight 15971 type: object 15972 type: array 15973 requiredDuringSchedulingIgnoredDuringExecution: 15974 description: If the anti-affinity requirements specified 15975 by this field are not met at scheduling time, the 15976 pod will not be scheduled onto the node. If the 15977 anti-affinity requirements specified by this field 15978 cease to be met at some point during pod execution 15979 (e.g. due to a pod label update), the system may 15980 or may not try to eventually evict the pod from 15981 its node. When there are multiple elements, the 15982 lists of nodes corresponding to each podAffinityTerm 15983 are intersected, i.e. all terms must be satisfied. 15984 items: 15985 description: Defines a set of pods (namely those 15986 matching the labelSelector relative to the given 15987 namespace(s)) that this pod should be co-located 15988 (affinity) or not co-located (anti-affinity) with, 15989 where co-located is defined as running on a node 15990 whose value of the label with key <topologyKey> 15991 matches that of any node on which a pod of the 15992 set of pods is running 15993 properties: 15994 labelSelector: 15995 description: A label query over a set of resources, 15996 in this case pods. 15997 properties: 15998 matchExpressions: 15999 description: matchExpressions is a list 16000 of label selector requirements. The requirements 16001 are ANDed. 16002 items: 16003 description: A label selector requirement 16004 is a selector that contains values, 16005 a key, and an operator that relates 16006 the key and values. 16007 properties: 16008 key: 16009 description: key is the label key 16010 that the selector applies to. 16011 type: string 16012 operator: 16013 description: operator represents a 16014 key's relationship to a set of values. 16015 Valid operators are In, NotIn, Exists 16016 and DoesNotExist. 16017 type: string 16018 values: 16019 description: values is an array of 16020 string values. If the operator is 16021 In or NotIn, the values array must 16022 be non-empty. If the operator is 16023 Exists or DoesNotExist, the values 16024 array must be empty. This array 16025 is replaced during a strategic merge 16026 patch. 16027 items: 16028 type: string 16029 type: array 16030 required: 16031 - key 16032 - operator 16033 type: object 16034 type: array 16035 matchLabels: 16036 additionalProperties: 16037 type: string 16038 description: matchLabels is a map of {key,value} 16039 pairs. A single {key,value} in the matchLabels 16040 map is equivalent to an element of matchExpressions, 16041 whose key field is "key", the operator 16042 is "In", and the values array contains 16043 only "value". The requirements are ANDed. 16044 type: object 16045 type: object 16046 namespaceSelector: 16047 description: A label query over the set of namespaces 16048 that the term applies to. The term is applied 16049 to the union of the namespaces selected by 16050 this field and the ones listed in the namespaces 16051 field. null selector and null or empty namespaces 16052 list means "this pod's namespace". An empty 16053 selector ({}) matches all namespaces. 16054 properties: 16055 matchExpressions: 16056 description: matchExpressions is a list 16057 of label selector requirements. The requirements 16058 are ANDed. 16059 items: 16060 description: A label selector requirement 16061 is a selector that contains values, 16062 a key, and an operator that relates 16063 the key and values. 16064 properties: 16065 key: 16066 description: key is the label key 16067 that the selector applies to. 16068 type: string 16069 operator: 16070 description: operator represents a 16071 key's relationship to a set of values. 16072 Valid operators are In, NotIn, Exists 16073 and DoesNotExist. 16074 type: string 16075 values: 16076 description: values is an array of 16077 string values. If the operator is 16078 In or NotIn, the values array must 16079 be non-empty. If the operator is 16080 Exists or DoesNotExist, the values 16081 array must be empty. This array 16082 is replaced during a strategic merge 16083 patch. 16084 items: 16085 type: string 16086 type: array 16087 required: 16088 - key 16089 - operator 16090 type: object 16091 type: array 16092 matchLabels: 16093 additionalProperties: 16094 type: string 16095 description: matchLabels is a map of {key,value} 16096 pairs. A single {key,value} in the matchLabels 16097 map is equivalent to an element of matchExpressions, 16098 whose key field is "key", the operator 16099 is "In", and the values array contains 16100 only "value". The requirements are ANDed. 16101 type: object 16102 type: object 16103 namespaces: 16104 description: namespaces specifies a static list 16105 of namespace names that the term applies to. 16106 The term is applied to the union of the namespaces 16107 listed in this field and the ones selected 16108 by namespaceSelector. null or empty namespaces 16109 list and null namespaceSelector means "this 16110 pod's namespace". 16111 items: 16112 type: string 16113 type: array 16114 topologyKey: 16115 description: This pod should be co-located (affinity) 16116 or not co-located (anti-affinity) with the 16117 pods matching the labelSelector in the specified 16118 namespaces, where co-located is defined as 16119 running on a node whose value of the label 16120 with key topologyKey matches that of any node 16121 on which any of the selected pods is running. 16122 Empty topologyKey is not allowed. 16123 type: string 16124 required: 16125 - topologyKey 16126 type: object 16127 type: array 16128 type: object 16129 type: object 16130 automountServiceAccountToken: 16131 description: AutomountServiceAccountToken indicates whether 16132 pods running as this service account should have an API 16133 token automatically mounted. 16134 type: boolean 16135 dnsConfig: 16136 description: Specifies the DNS parameters of a pod. Parameters 16137 specified here will be merged to the generated DNS configuration 16138 based on DNSPolicy. 16139 properties: 16140 nameservers: 16141 description: A list of DNS name server IP addresses. This 16142 will be appended to the base nameservers generated from 16143 DNSPolicy. Duplicated nameservers will be removed. 16144 items: 16145 type: string 16146 type: array 16147 options: 16148 description: A list of DNS resolver options. This will 16149 be merged with the base options generated from DNSPolicy. 16150 Duplicated entries will be removed. Resolution options 16151 given in Options will override those that appear in 16152 the base DNSPolicy. 16153 items: 16154 description: PodDNSConfigOption defines DNS resolver 16155 options of a pod. 16156 properties: 16157 name: 16158 description: Required. 16159 type: string 16160 value: 16161 type: string 16162 type: object 16163 type: array 16164 searches: 16165 description: A list of DNS search domains for host-name 16166 lookup. This will be appended to the base search paths 16167 generated from DNSPolicy. Duplicated search paths will 16168 be removed. 16169 items: 16170 type: string 16171 type: array 16172 type: object 16173 dnsPolicy: 16174 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 16175 Valid values are 'ClusterFirst', 'Default' or 'None'. DNS 16176 parameters given in DNSConfig will be merged with the policy 16177 selected with DNSPolicy. 16178 type: string 16179 enableServiceLinks: 16180 description: 'EnableServiceLinks indicates whether information 16181 about services should be injected into pod''s environment 16182 variables, matching the syntax of Docker links. Optional: 16183 Defaults to true.' 16184 type: boolean 16185 env: 16186 description: List of environment variables that can be provided 16187 to the containers belonging to the pod. 16188 items: 16189 description: EnvVar represents an environment variable present 16190 in a Container. 16191 properties: 16192 name: 16193 description: Name of the environment variable. Must 16194 be a C_IDENTIFIER. 16195 type: string 16196 value: 16197 description: 'Variable references $(VAR_NAME) are expanded 16198 using the previously defined environment variables 16199 in the container and any service environment variables. 16200 If a variable cannot be resolved, the reference in 16201 the input string will be unchanged. Double $$ are 16202 reduced to a single $, which allows for escaping the 16203 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 16204 the string literal "$(VAR_NAME)". Escaped references 16205 will never be expanded, regardless of whether the 16206 variable exists or not. Defaults to "".' 16207 type: string 16208 valueFrom: 16209 description: Source for the environment variable's value. 16210 Cannot be used if value is not empty. 16211 properties: 16212 configMapKeyRef: 16213 description: Selects a key of a ConfigMap. 16214 properties: 16215 key: 16216 description: The key to select. 16217 type: string 16218 name: 16219 description: 'Name of the referent. More info: 16220 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 16221 TODO: Add other useful fields. apiVersion, 16222 kind, uid?' 16223 type: string 16224 optional: 16225 description: Specify whether the ConfigMap or 16226 its key must be defined 16227 type: boolean 16228 required: 16229 - key 16230 type: object 16231 fieldRef: 16232 description: 'Selects a field of the pod: supports 16233 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 16234 `metadata.annotations[''<KEY>'']`, spec.nodeName, 16235 spec.serviceAccountName, status.hostIP, status.podIP, 16236 status.podIPs.' 16237 properties: 16238 apiVersion: 16239 description: Version of the schema the FieldPath 16240 is written in terms of, defaults to "v1". 16241 type: string 16242 fieldPath: 16243 description: Path of the field to select in 16244 the specified API version. 16245 type: string 16246 required: 16247 - fieldPath 16248 type: object 16249 resourceFieldRef: 16250 description: 'Selects a resource of the container: 16251 only resources limits and requests (limits.cpu, 16252 limits.memory, limits.ephemeral-storage, requests.cpu, 16253 requests.memory and requests.ephemeral-storage) 16254 are currently supported.' 16255 properties: 16256 containerName: 16257 description: 'Container name: required for volumes, 16258 optional for env vars' 16259 type: string 16260 divisor: 16261 anyOf: 16262 - type: integer 16263 - type: string 16264 description: Specifies the output format of 16265 the exposed resources, defaults to "1" 16266 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 16267 x-kubernetes-int-or-string: true 16268 resource: 16269 description: 'Required: resource to select' 16270 type: string 16271 required: 16272 - resource 16273 type: object 16274 secretKeyRef: 16275 description: Selects a key of a secret in the pod's 16276 namespace 16277 properties: 16278 key: 16279 description: The key of the secret to select 16280 from. Must be a valid secret key. 16281 type: string 16282 name: 16283 description: 'Name of the referent. More info: 16284 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 16285 TODO: Add other useful fields. apiVersion, 16286 kind, uid?' 16287 type: string 16288 optional: 16289 description: Specify whether the Secret or its 16290 key must be defined 16291 type: boolean 16292 required: 16293 - key 16294 type: object 16295 type: object 16296 required: 16297 - name 16298 type: object 16299 type: array 16300 x-kubernetes-list-type: atomic 16301 hostAliases: 16302 description: HostAliases is an optional list of hosts and 16303 IPs that will be injected into the pod's hosts file if specified. 16304 This is only valid for non-hostNetwork pods. 16305 items: 16306 description: HostAlias holds the mapping between IP and 16307 hostnames that will be injected as an entry in the pod's 16308 hosts file. 16309 properties: 16310 hostnames: 16311 description: Hostnames for the above IP address. 16312 items: 16313 type: string 16314 type: array 16315 ip: 16316 description: IP address of the host file entry. 16317 type: string 16318 type: object 16319 type: array 16320 x-kubernetes-list-type: atomic 16321 hostNetwork: 16322 description: HostNetwork specifies whether the pod may use 16323 the node network namespace 16324 type: boolean 16325 imagePullSecrets: 16326 description: ImagePullSecrets gives the name of the secret 16327 used by the pod to pull the image if specified 16328 items: 16329 description: LocalObjectReference contains enough information 16330 to let you locate the referenced object inside the same 16331 namespace. 16332 properties: 16333 name: 16334 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 16335 TODO: Add other useful fields. apiVersion, kind, uid?' 16336 type: string 16337 type: object 16338 type: array 16339 x-kubernetes-list-type: atomic 16340 nodeSelector: 16341 additionalProperties: 16342 type: string 16343 description: 'NodeSelector is a selector which must be true 16344 for the pod to fit on a node. Selector which must match 16345 a node''s labels for the pod to be scheduled on that node. 16346 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 16347 type: object 16348 priorityClassName: 16349 description: If specified, indicates the pod's priority. "system-node-critical" 16350 and "system-cluster-critical" are two special keywords which 16351 indicate the highest priorities with the former being the 16352 highest priority. Any other name must be defined by creating 16353 a PriorityClass object with that name. If not specified, 16354 the pod priority will be default or zero if there is no 16355 default. 16356 type: string 16357 runtimeClassName: 16358 description: 'RuntimeClassName refers to a RuntimeClass object 16359 in the node.k8s.io group, which should be used to run this 16360 pod. If no RuntimeClass resource matches the named class, 16361 the pod will not be run. If unset or empty, the "legacy" 16362 RuntimeClass will be used, which is an implicit class with 16363 an empty definition that uses the default runtime handler. 16364 More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 16365 This is a beta feature as of Kubernetes v1.14.' 16366 type: string 16367 schedulerName: 16368 description: SchedulerName specifies the scheduler to be used 16369 to dispatch the Pod 16370 type: string 16371 securityContext: 16372 description: 'SecurityContext holds pod-level security attributes 16373 and common container settings. Optional: Defaults to empty. See 16374 type description for default values of each field.' 16375 properties: 16376 fsGroup: 16377 description: "A special supplemental group that applies 16378 to all containers in a pod. Some volume types allow 16379 the Kubelet to change the ownership of that volume to 16380 be owned by the pod: \n 1. The owning GID will be the 16381 FSGroup 2. The setgid bit is set (new files created 16382 in the volume will be owned by FSGroup) 3. The permission 16383 bits are OR'd with rw-rw---- \n If unset, the Kubelet 16384 will not modify the ownership and permissions of any 16385 volume. Note that this field cannot be set when spec.os.name 16386 is windows." 16387 format: int64 16388 type: integer 16389 fsGroupChangePolicy: 16390 description: 'fsGroupChangePolicy defines behavior of 16391 changing ownership and permission of the volume before 16392 being exposed inside Pod. This field will only apply 16393 to volume types which support fsGroup based ownership(and 16394 permissions). It will have no effect on ephemeral volume 16395 types such as: secret, configmaps and emptydir. Valid 16396 values are "OnRootMismatch" and "Always". If not specified, 16397 "Always" is used. Note that this field cannot be set 16398 when spec.os.name is windows.' 16399 type: string 16400 runAsGroup: 16401 description: The GID to run the entrypoint of the container 16402 process. Uses runtime default if unset. May also be 16403 set in SecurityContext. If set in both SecurityContext 16404 and PodSecurityContext, the value specified in SecurityContext 16405 takes precedence for that container. Note that this 16406 field cannot be set when spec.os.name is windows. 16407 format: int64 16408 type: integer 16409 runAsNonRoot: 16410 description: Indicates that the container must run as 16411 a non-root user. If true, the Kubelet will validate 16412 the image at runtime to ensure that it does not run 16413 as UID 0 (root) and fail to start the container if it 16414 does. If unset or false, no such validation will be 16415 performed. May also be set in SecurityContext. If set 16416 in both SecurityContext and PodSecurityContext, the 16417 value specified in SecurityContext takes precedence. 16418 type: boolean 16419 runAsUser: 16420 description: The UID to run the entrypoint of the container 16421 process. Defaults to user specified in image metadata 16422 if unspecified. May also be set in SecurityContext. If 16423 set in both SecurityContext and PodSecurityContext, 16424 the value specified in SecurityContext takes precedence 16425 for that container. Note that this field cannot be set 16426 when spec.os.name is windows. 16427 format: int64 16428 type: integer 16429 seLinuxOptions: 16430 description: The SELinux context to be applied to all 16431 containers. If unspecified, the container runtime will 16432 allocate a random SELinux context for each container. May 16433 also be set in SecurityContext. If set in both SecurityContext 16434 and PodSecurityContext, the value specified in SecurityContext 16435 takes precedence for that container. Note that this 16436 field cannot be set when spec.os.name is windows. 16437 properties: 16438 level: 16439 description: Level is SELinux level label that applies 16440 to the container. 16441 type: string 16442 role: 16443 description: Role is a SELinux role label that applies 16444 to the container. 16445 type: string 16446 type: 16447 description: Type is a SELinux type label that applies 16448 to the container. 16449 type: string 16450 user: 16451 description: User is a SELinux user label that applies 16452 to the container. 16453 type: string 16454 type: object 16455 seccompProfile: 16456 description: The seccomp options to use by the containers 16457 in this pod. Note that this field cannot be set when 16458 spec.os.name is windows. 16459 properties: 16460 localhostProfile: 16461 description: localhostProfile indicates a profile 16462 defined in a file on the node should be used. The 16463 profile must be preconfigured on the node to work. 16464 Must be a descending path, relative to the kubelet's 16465 configured seccomp profile location. Must be set 16466 if type is "Localhost". Must NOT be set for any 16467 other type. 16468 type: string 16469 type: 16470 description: "type indicates which kind of seccomp 16471 profile will be applied. Valid options are: \n Localhost 16472 - a profile defined in a file on the node should 16473 be used. RuntimeDefault - the container runtime 16474 default profile should be used. Unconfined - no 16475 profile should be applied." 16476 type: string 16477 required: 16478 - type 16479 type: object 16480 supplementalGroups: 16481 description: A list of groups applied to the first process 16482 run in each container, in addition to the container's 16483 primary GID, the fsGroup (if specified), and group memberships 16484 defined in the container image for the uid of the container 16485 process. If unspecified, no additional groups are added 16486 to any container. Note that group memberships defined 16487 in the container image for the uid of the container 16488 process are still effective, even if they are not included 16489 in this list. Note that this field cannot be set when 16490 spec.os.name is windows. 16491 items: 16492 format: int64 16493 type: integer 16494 type: array 16495 sysctls: 16496 description: Sysctls hold a list of namespaced sysctls 16497 used for the pod. Pods with unsupported sysctls (by 16498 the container runtime) might fail to launch. Note that 16499 this field cannot be set when spec.os.name is windows. 16500 items: 16501 description: Sysctl defines a kernel parameter to be 16502 set 16503 properties: 16504 name: 16505 description: Name of a property to set 16506 type: string 16507 value: 16508 description: Value of a property to set 16509 type: string 16510 required: 16511 - name 16512 - value 16513 type: object 16514 type: array 16515 windowsOptions: 16516 description: The Windows specific settings applied to 16517 all containers. If unspecified, the options within a 16518 container's SecurityContext will be used. If set in 16519 both SecurityContext and PodSecurityContext, the value 16520 specified in SecurityContext takes precedence. Note 16521 that this field cannot be set when spec.os.name is linux. 16522 properties: 16523 gmsaCredentialSpec: 16524 description: GMSACredentialSpec is where the GMSA 16525 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 16526 inlines the contents of the GMSA credential spec 16527 named by the GMSACredentialSpecName field. 16528 type: string 16529 gmsaCredentialSpecName: 16530 description: GMSACredentialSpecName is the name of 16531 the GMSA credential spec to use. 16532 type: string 16533 hostProcess: 16534 description: HostProcess determines if a container 16535 should be run as a 'Host Process' container. All 16536 of a Pod's containers must have the same effective 16537 HostProcess value (it is not allowed to have a mix 16538 of HostProcess containers and non-HostProcess containers). 16539 In addition, if HostProcess is true then HostNetwork 16540 must also be set to true. 16541 type: boolean 16542 runAsUserName: 16543 description: The UserName in Windows to run the entrypoint 16544 of the container process. Defaults to the user specified 16545 in image metadata if unspecified. May also be set 16546 in PodSecurityContext. If set in both SecurityContext 16547 and PodSecurityContext, the value specified in SecurityContext 16548 takes precedence. 16549 type: string 16550 type: object 16551 type: object 16552 tolerations: 16553 description: If specified, the pod's tolerations. 16554 items: 16555 description: The pod this Toleration is attached to tolerates 16556 any taint that matches the triple <key,value,effect> using 16557 the matching operator <operator>. 16558 properties: 16559 effect: 16560 description: Effect indicates the taint effect to match. 16561 Empty means match all taint effects. When specified, 16562 allowed values are NoSchedule, PreferNoSchedule and 16563 NoExecute. 16564 type: string 16565 key: 16566 description: Key is the taint key that the toleration 16567 applies to. Empty means match all taint keys. If the 16568 key is empty, operator must be Exists; this combination 16569 means to match all values and all keys. 16570 type: string 16571 operator: 16572 description: Operator represents a key's relationship 16573 to the value. Valid operators are Exists and Equal. 16574 Defaults to Equal. Exists is equivalent to wildcard 16575 for value, so that a pod can tolerate all taints of 16576 a particular category. 16577 type: string 16578 tolerationSeconds: 16579 description: TolerationSeconds represents the period 16580 of time the toleration (which must be of effect NoExecute, 16581 otherwise this field is ignored) tolerates the taint. 16582 By default, it is not set, which means tolerate the 16583 taint forever (do not evict). Zero and negative values 16584 will be treated as 0 (evict immediately) by the system. 16585 format: int64 16586 type: integer 16587 value: 16588 description: Value is the taint value the toleration 16589 matches to. If the operator is Exists, the value should 16590 be empty, otherwise just a regular string. 16591 type: string 16592 type: object 16593 type: array 16594 x-kubernetes-list-type: atomic 16595 topologySpreadConstraints: 16596 description: TopologySpreadConstraints controls how Pods are 16597 spread across your cluster among failure-domains such as 16598 regions, zones, nodes, and other user-defined topology domains. 16599 items: 16600 description: TopologySpreadConstraint specifies how to spread 16601 matching pods among the given topology. 16602 properties: 16603 labelSelector: 16604 description: LabelSelector is used to find matching 16605 pods. Pods that match this label selector are counted 16606 to determine the number of pods in their corresponding 16607 topology domain. 16608 properties: 16609 matchExpressions: 16610 description: matchExpressions is a list of label 16611 selector requirements. The requirements are ANDed. 16612 items: 16613 description: A label selector requirement is a 16614 selector that contains values, a key, and an 16615 operator that relates the key and values. 16616 properties: 16617 key: 16618 description: key is the label key that the 16619 selector applies to. 16620 type: string 16621 operator: 16622 description: operator represents a key's relationship 16623 to a set of values. Valid operators are 16624 In, NotIn, Exists and DoesNotExist. 16625 type: string 16626 values: 16627 description: values is an array of string 16628 values. If the operator is In or NotIn, 16629 the values array must be non-empty. If the 16630 operator is Exists or DoesNotExist, the 16631 values array must be empty. This array is 16632 replaced during a strategic merge patch. 16633 items: 16634 type: string 16635 type: array 16636 required: 16637 - key 16638 - operator 16639 type: object 16640 type: array 16641 matchLabels: 16642 additionalProperties: 16643 type: string 16644 description: matchLabels is a map of {key,value} 16645 pairs. A single {key,value} in the matchLabels 16646 map is equivalent to an element of matchExpressions, 16647 whose key field is "key", the operator is "In", 16648 and the values array contains only "value". The 16649 requirements are ANDed. 16650 type: object 16651 type: object 16652 matchLabelKeys: 16653 description: "MatchLabelKeys is a set of pod label keys 16654 to select the pods over which spreading will be calculated. 16655 The keys are used to lookup values from the incoming 16656 pod labels, those key-value labels are ANDed with 16657 labelSelector to select the group of existing pods 16658 over which spreading will be calculated for the incoming 16659 pod. The same key is forbidden to exist in both MatchLabelKeys 16660 and LabelSelector. MatchLabelKeys cannot be set when 16661 LabelSelector isn't set. Keys that don't exist in 16662 the incoming pod labels will be ignored. A null or 16663 empty list means only match against labelSelector. 16664 \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread 16665 feature gate to be enabled (enabled by default)." 16666 items: 16667 type: string 16668 type: array 16669 x-kubernetes-list-type: atomic 16670 maxSkew: 16671 description: 'MaxSkew describes the degree to which 16672 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 16673 it is the maximum permitted difference between the 16674 number of matching pods in the target topology and 16675 the global minimum. The global minimum is the minimum 16676 number of matching pods in an eligible domain or zero 16677 if the number of eligible domains is less than MinDomains. 16678 For example, in a 3-zone cluster, MaxSkew is set to 16679 1, and pods with the same labelSelector spread as 16680 2/2/1: In this case, the global minimum is 1. | zone1 16681 | zone2 | zone3 | | P P | P P | P | - if MaxSkew 16682 is 1, incoming pod can only be scheduled to zone3 16683 to become 2/2/2; scheduling it onto zone1(zone2) would 16684 make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). 16685 - if MaxSkew is 2, incoming pod can be scheduled onto 16686 any zone. When `whenUnsatisfiable=ScheduleAnyway`, 16687 it is used to give higher precedence to topologies 16688 that satisfy it. It''s a required field. Default value 16689 is 1 and 0 is not allowed.' 16690 format: int32 16691 type: integer 16692 minDomains: 16693 description: "MinDomains indicates a minimum number 16694 of eligible domains. When the number of eligible domains 16695 with matching topology keys is less than minDomains, 16696 Pod Topology Spread treats \"global minimum\" as 0, 16697 and then the calculation of Skew is performed. And 16698 when the number of eligible domains with matching 16699 topology keys equals or greater than minDomains, this 16700 value has no effect on scheduling. As a result, when 16701 the number of eligible domains is less than minDomains, 16702 scheduler won't schedule more than maxSkew Pods to 16703 those domains. If value is nil, the constraint behaves 16704 as if MinDomains is equal to 1. Valid values are integers 16705 greater than 0. When value is not nil, WhenUnsatisfiable 16706 must be DoNotSchedule. \n For example, in a 3-zone 16707 cluster, MaxSkew is set to 2, MinDomains is set to 16708 5 and pods with the same labelSelector spread as 2/2/2: 16709 | zone1 | zone2 | zone3 | | P P | P P | P P | 16710 The number of domains is less than 5(MinDomains), 16711 so \"global minimum\" is treated as 0. In this situation, 16712 new pod with the same labelSelector cannot be scheduled, 16713 because computed skew will be 3(3 - 0) if new Pod 16714 is scheduled to any of the three zones, it will violate 16715 MaxSkew. \n This is a beta field and requires the 16716 MinDomainsInPodTopologySpread feature gate to be enabled 16717 (enabled by default)." 16718 format: int32 16719 type: integer 16720 nodeAffinityPolicy: 16721 description: "NodeAffinityPolicy indicates how we will 16722 treat Pod's nodeAffinity/nodeSelector when calculating 16723 pod topology spread skew. Options are: - Honor: only 16724 nodes matching nodeAffinity/nodeSelector are included 16725 in the calculations. - Ignore: nodeAffinity/nodeSelector 16726 are ignored. All nodes are included in the calculations. 16727 \n If this value is nil, the behavior is equivalent 16728 to the Honor policy. This is a beta-level feature 16729 default enabled by the NodeInclusionPolicyInPodTopologySpread 16730 feature flag." 16731 type: string 16732 nodeTaintsPolicy: 16733 description: "NodeTaintsPolicy indicates how we will 16734 treat node taints when calculating pod topology spread 16735 skew. Options are: - Honor: nodes without taints, 16736 along with tainted nodes for which the incoming pod 16737 has a toleration, are included. - Ignore: node taints 16738 are ignored. All nodes are included. \n If this value 16739 is nil, the behavior is equivalent to the Ignore policy. 16740 This is a beta-level feature default enabled by the 16741 NodeInclusionPolicyInPodTopologySpread feature flag." 16742 type: string 16743 topologyKey: 16744 description: TopologyKey is the key of node labels. 16745 Nodes that have a label with this key and identical 16746 values are considered to be in the same topology. 16747 We consider each <key, value> as a "bucket", and try 16748 to put balanced number of pods into each bucket. We 16749 define a domain as a particular instance of a topology. 16750 Also, we define an eligible domain as a domain whose 16751 nodes meet the requirements of nodeAffinityPolicy 16752 and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", 16753 each Node is a domain of that topology. And, if TopologyKey 16754 is "topology.kubernetes.io/zone", each zone is a domain 16755 of that topology. It's a required field. 16756 type: string 16757 whenUnsatisfiable: 16758 description: 'WhenUnsatisfiable indicates how to deal 16759 with a pod if it doesn''t satisfy the spread constraint. 16760 - DoNotSchedule (default) tells the scheduler not 16761 to schedule it. - ScheduleAnyway tells the scheduler 16762 to schedule the pod in any location, but giving 16763 higher precedence to topologies that would help reduce 16764 the skew. A constraint is considered "Unsatisfiable" 16765 for an incoming pod if and only if every possible 16766 node assignment for that pod would violate "MaxSkew" 16767 on some topology. For example, in a 3-zone cluster, 16768 MaxSkew is set to 1, and pods with the same labelSelector 16769 spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P 16770 | P | P | If WhenUnsatisfiable is set to DoNotSchedule, 16771 incoming pod can only be scheduled to zone2(zone3) 16772 to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) 16773 satisfies MaxSkew(1). In other words, the cluster 16774 can still be imbalanced, but scheduler won''t make 16775 it *more* imbalanced. It''s a required field.' 16776 type: string 16777 required: 16778 - maxSkew 16779 - topologyKey 16780 - whenUnsatisfiable 16781 type: object 16782 type: array 16783 x-kubernetes-list-type: atomic 16784 volumes: 16785 description: 'List of volumes that can be mounted by containers 16786 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 16787 items: 16788 description: Volume represents a named volume in a pod that 16789 may be accessed by any container in the pod. 16790 properties: 16791 awsElasticBlockStore: 16792 description: 'awsElasticBlockStore represents an AWS 16793 Disk resource that is attached to a kubelet''s host 16794 machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 16795 properties: 16796 fsType: 16797 description: 'fsType is the filesystem type of the 16798 volume that you want to mount. Tip: Ensure that 16799 the filesystem type is supported by the host operating 16800 system. Examples: "ext4", "xfs", "ntfs". Implicitly 16801 inferred to be "ext4" if unspecified. More info: 16802 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 16803 TODO: how do we prevent errors in the filesystem 16804 from compromising the machine' 16805 type: string 16806 partition: 16807 description: 'partition is the partition in the 16808 volume that you want to mount. If omitted, the 16809 default is to mount by volume name. Examples: 16810 For volume /dev/sda1, you specify the partition 16811 as "1". Similarly, the volume partition for /dev/sda 16812 is "0" (or you can leave the property empty).' 16813 format: int32 16814 type: integer 16815 readOnly: 16816 description: 'readOnly value true will force the 16817 readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 16818 type: boolean 16819 volumeID: 16820 description: 'volumeID is unique ID of the persistent 16821 disk resource in AWS (Amazon EBS volume). More 16822 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 16823 type: string 16824 required: 16825 - volumeID 16826 type: object 16827 azureDisk: 16828 description: azureDisk represents an Azure Data Disk 16829 mount on the host and bind mount to the pod. 16830 properties: 16831 cachingMode: 16832 description: 'cachingMode is the Host Caching mode: 16833 None, Read Only, Read Write.' 16834 type: string 16835 diskName: 16836 description: diskName is the Name of the data disk 16837 in the blob storage 16838 type: string 16839 diskURI: 16840 description: diskURI is the URI of data disk in 16841 the blob storage 16842 type: string 16843 fsType: 16844 description: fsType is Filesystem type to mount. 16845 Must be a filesystem type supported by the host 16846 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 16847 inferred to be "ext4" if unspecified. 16848 type: string 16849 kind: 16850 description: 'kind expected values are Shared: multiple 16851 blob disks per storage account Dedicated: single 16852 blob disk per storage account Managed: azure 16853 managed data disk (only in managed availability 16854 set). defaults to shared' 16855 type: string 16856 readOnly: 16857 description: readOnly Defaults to false (read/write). 16858 ReadOnly here will force the ReadOnly setting 16859 in VolumeMounts. 16860 type: boolean 16861 required: 16862 - diskName 16863 - diskURI 16864 type: object 16865 azureFile: 16866 description: azureFile represents an Azure File Service 16867 mount on the host and bind mount to the pod. 16868 properties: 16869 readOnly: 16870 description: readOnly defaults to false (read/write). 16871 ReadOnly here will force the ReadOnly setting 16872 in VolumeMounts. 16873 type: boolean 16874 secretName: 16875 description: secretName is the name of secret that 16876 contains Azure Storage Account Name and Key 16877 type: string 16878 shareName: 16879 description: shareName is the azure share Name 16880 type: string 16881 required: 16882 - secretName 16883 - shareName 16884 type: object 16885 cephfs: 16886 description: cephFS represents a Ceph FS mount on the 16887 host that shares a pod's lifetime 16888 properties: 16889 monitors: 16890 description: 'monitors is Required: Monitors is 16891 a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 16892 items: 16893 type: string 16894 type: array 16895 path: 16896 description: 'path is Optional: Used as the mounted 16897 root, rather than the full Ceph tree, default 16898 is /' 16899 type: string 16900 readOnly: 16901 description: 'readOnly is Optional: Defaults to 16902 false (read/write). ReadOnly here will force the 16903 ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 16904 type: boolean 16905 secretFile: 16906 description: 'secretFile is Optional: SecretFile 16907 is the path to key ring for User, default is /etc/ceph/user.secret 16908 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 16909 type: string 16910 secretRef: 16911 description: 'secretRef is Optional: SecretRef is 16912 reference to the authentication secret for User, 16913 default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 16914 properties: 16915 name: 16916 description: 'Name of the referent. More info: 16917 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 16918 TODO: Add other useful fields. apiVersion, 16919 kind, uid?' 16920 type: string 16921 type: object 16922 user: 16923 description: 'user is optional: User is the rados 16924 user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 16925 type: string 16926 required: 16927 - monitors 16928 type: object 16929 cinder: 16930 description: 'cinder represents a cinder volume attached 16931 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 16932 properties: 16933 fsType: 16934 description: 'fsType is the filesystem type to mount. 16935 Must be a filesystem type supported by the host 16936 operating system. Examples: "ext4", "xfs", "ntfs". 16937 Implicitly inferred to be "ext4" if unspecified. 16938 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 16939 type: string 16940 readOnly: 16941 description: 'readOnly defaults to false (read/write). 16942 ReadOnly here will force the ReadOnly setting 16943 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 16944 type: boolean 16945 secretRef: 16946 description: 'secretRef is optional: points to a 16947 secret object containing parameters used to connect 16948 to OpenStack.' 16949 properties: 16950 name: 16951 description: 'Name of the referent. More info: 16952 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 16953 TODO: Add other useful fields. apiVersion, 16954 kind, uid?' 16955 type: string 16956 type: object 16957 volumeID: 16958 description: 'volumeID used to identify the volume 16959 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 16960 type: string 16961 required: 16962 - volumeID 16963 type: object 16964 configMap: 16965 description: configMap represents a configMap that should 16966 populate this volume 16967 properties: 16968 defaultMode: 16969 description: 'defaultMode is optional: mode bits 16970 used to set permissions on created files by default. 16971 Must be an octal value between 0000 and 0777 or 16972 a decimal value between 0 and 511. YAML accepts 16973 both octal and decimal values, JSON requires decimal 16974 values for mode bits. Defaults to 0644. Directories 16975 within the path are not affected by this setting. 16976 This might be in conflict with other options that 16977 affect the file mode, like fsGroup, and the result 16978 can be other mode bits set.' 16979 format: int32 16980 type: integer 16981 items: 16982 description: items if unspecified, each key-value 16983 pair in the Data field of the referenced ConfigMap 16984 will be projected into the volume as a file whose 16985 name is the key and content is the value. If specified, 16986 the listed keys will be projected into the specified 16987 paths, and unlisted keys will not be present. 16988 If a key is specified which is not present in 16989 the ConfigMap, the volume setup will error unless 16990 it is marked optional. Paths must be relative 16991 and may not contain the '..' path or start with 16992 '..'. 16993 items: 16994 description: Maps a string key to a path within 16995 a volume. 16996 properties: 16997 key: 16998 description: key is the key to project. 16999 type: string 17000 mode: 17001 description: 'mode is Optional: mode bits 17002 used to set permissions on this file. Must 17003 be an octal value between 0000 and 0777 17004 or a decimal value between 0 and 511. YAML 17005 accepts both octal and decimal values, JSON 17006 requires decimal values for mode bits. If 17007 not specified, the volume defaultMode will 17008 be used. This might be in conflict with 17009 other options that affect the file mode, 17010 like fsGroup, and the result can be other 17011 mode bits set.' 17012 format: int32 17013 type: integer 17014 path: 17015 description: path is the relative path of 17016 the file to map the key to. May not be an 17017 absolute path. May not contain the path 17018 element '..'. May not start with the string 17019 '..'. 17020 type: string 17021 required: 17022 - key 17023 - path 17024 type: object 17025 type: array 17026 name: 17027 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 17028 TODO: Add other useful fields. apiVersion, kind, 17029 uid?' 17030 type: string 17031 optional: 17032 description: optional specify whether the ConfigMap 17033 or its keys must be defined 17034 type: boolean 17035 type: object 17036 csi: 17037 description: csi (Container Storage Interface) represents 17038 ephemeral storage that is handled by certain external 17039 CSI drivers (Beta feature). 17040 properties: 17041 driver: 17042 description: driver is the name of the CSI driver 17043 that handles this volume. Consult with your admin 17044 for the correct name as registered in the cluster. 17045 type: string 17046 fsType: 17047 description: fsType to mount. Ex. "ext4", "xfs", 17048 "ntfs". If not provided, the empty value is passed 17049 to the associated CSI driver which will determine 17050 the default filesystem to apply. 17051 type: string 17052 nodePublishSecretRef: 17053 description: nodePublishSecretRef is a reference 17054 to the secret object containing sensitive information 17055 to pass to the CSI driver to complete the CSI 17056 NodePublishVolume and NodeUnpublishVolume calls. 17057 This field is optional, and may be empty if no 17058 secret is required. If the secret object contains 17059 more than one secret, all secret references are 17060 passed. 17061 properties: 17062 name: 17063 description: 'Name of the referent. More info: 17064 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 17065 TODO: Add other useful fields. apiVersion, 17066 kind, uid?' 17067 type: string 17068 type: object 17069 readOnly: 17070 description: readOnly specifies a read-only configuration 17071 for the volume. Defaults to false (read/write). 17072 type: boolean 17073 volumeAttributes: 17074 additionalProperties: 17075 type: string 17076 description: volumeAttributes stores driver-specific 17077 properties that are passed to the CSI driver. 17078 Consult your driver's documentation for supported 17079 values. 17080 type: object 17081 required: 17082 - driver 17083 type: object 17084 downwardAPI: 17085 description: downwardAPI represents downward API about 17086 the pod that should populate this volume 17087 properties: 17088 defaultMode: 17089 description: 'Optional: mode bits to use on created 17090 files by default. Must be a Optional: mode bits 17091 used to set permissions on created files by default. 17092 Must be an octal value between 0000 and 0777 or 17093 a decimal value between 0 and 511. YAML accepts 17094 both octal and decimal values, JSON requires decimal 17095 values for mode bits. Defaults to 0644. Directories 17096 within the path are not affected by this setting. 17097 This might be in conflict with other options that 17098 affect the file mode, like fsGroup, and the result 17099 can be other mode bits set.' 17100 format: int32 17101 type: integer 17102 items: 17103 description: Items is a list of downward API volume 17104 file 17105 items: 17106 description: DownwardAPIVolumeFile represents 17107 information to create the file containing the 17108 pod field 17109 properties: 17110 fieldRef: 17111 description: 'Required: Selects a field of 17112 the pod: only annotations, labels, name 17113 and namespace are supported.' 17114 properties: 17115 apiVersion: 17116 description: Version of the schema the 17117 FieldPath is written in terms of, defaults 17118 to "v1". 17119 type: string 17120 fieldPath: 17121 description: Path of the field to select 17122 in the specified API version. 17123 type: string 17124 required: 17125 - fieldPath 17126 type: object 17127 mode: 17128 description: 'Optional: mode bits used to 17129 set permissions on this file, must be an 17130 octal value between 0000 and 0777 or a decimal 17131 value between 0 and 511. YAML accepts both 17132 octal and decimal values, JSON requires 17133 decimal values for mode bits. If not specified, 17134 the volume defaultMode will be used. This 17135 might be in conflict with other options 17136 that affect the file mode, like fsGroup, 17137 and the result can be other mode bits set.' 17138 format: int32 17139 type: integer 17140 path: 17141 description: 'Required: Path is the relative 17142 path name of the file to be created. Must 17143 not be absolute or contain the ''..'' path. 17144 Must be utf-8 encoded. The first item of 17145 the relative path must not start with ''..''' 17146 type: string 17147 resourceFieldRef: 17148 description: 'Selects a resource of the container: 17149 only resources limits and requests (limits.cpu, 17150 limits.memory, requests.cpu and requests.memory) 17151 are currently supported.' 17152 properties: 17153 containerName: 17154 description: 'Container name: required 17155 for volumes, optional for env vars' 17156 type: string 17157 divisor: 17158 anyOf: 17159 - type: integer 17160 - type: string 17161 description: Specifies the output format 17162 of the exposed resources, defaults to 17163 "1" 17164 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 17165 x-kubernetes-int-or-string: true 17166 resource: 17167 description: 'Required: resource to select' 17168 type: string 17169 required: 17170 - resource 17171 type: object 17172 required: 17173 - path 17174 type: object 17175 type: array 17176 type: object 17177 emptyDir: 17178 description: 'emptyDir represents a temporary directory 17179 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 17180 properties: 17181 medium: 17182 description: 'medium represents what type of storage 17183 medium should back this directory. The default 17184 is "" which means to use the node''s default medium. 17185 Must be an empty string (default) or Memory. More 17186 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 17187 type: string 17188 sizeLimit: 17189 anyOf: 17190 - type: integer 17191 - type: string 17192 description: 'sizeLimit is the total amount of local 17193 storage required for this EmptyDir volume. The 17194 size limit is also applicable for memory medium. 17195 The maximum usage on memory medium EmptyDir would 17196 be the minimum value between the SizeLimit specified 17197 here and the sum of memory limits of all containers 17198 in a pod. The default is nil which means that 17199 the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 17200 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 17201 x-kubernetes-int-or-string: true 17202 type: object 17203 ephemeral: 17204 description: "ephemeral represents a volume that is 17205 handled by a cluster storage driver. The volume's 17206 lifecycle is tied to the pod that defines it - it 17207 will be created before the pod starts, and deleted 17208 when the pod is removed. \n Use this if: a) the volume 17209 is only needed while the pod runs, b) features of 17210 normal volumes like restoring from snapshot or capacity 17211 \ tracking are needed, c) the storage driver is 17212 specified through a storage class, and d) the storage 17213 driver supports dynamic volume provisioning through 17214 \ a PersistentVolumeClaim (see EphemeralVolumeSource 17215 for more information on the connection between 17216 this volume type and PersistentVolumeClaim). \n 17217 Use PersistentVolumeClaim or one of the vendor-specific 17218 APIs for volumes that persist for longer than the 17219 lifecycle of an individual pod. \n Use CSI for light-weight 17220 local ephemeral volumes if the CSI driver is meant 17221 to be used that way - see the documentation of the 17222 driver for more information. \n A pod can use both 17223 types of ephemeral volumes and persistent volumes 17224 at the same time." 17225 properties: 17226 volumeClaimTemplate: 17227 description: "Will be used to create a stand-alone 17228 PVC to provision the volume. The pod in which 17229 this EphemeralVolumeSource is embedded will be 17230 the owner of the PVC, i.e. the PVC will be deleted 17231 together with the pod. The name of the PVC will 17232 be `<pod name>-<volume name>` where `<volume name>` 17233 is the name from the `PodSpec.Volumes` array entry. 17234 Pod validation will reject the pod if the concatenated 17235 name is not valid for a PVC (for example, too 17236 long). \n An existing PVC with that name that 17237 is not owned by the pod will *not* be used for 17238 the pod to avoid using an unrelated volume by 17239 mistake. Starting the pod is then blocked until 17240 the unrelated PVC is removed. If such a pre-created 17241 PVC is meant to be used by the pod, the PVC has 17242 to updated with an owner reference to the pod 17243 once the pod exists. Normally this should not 17244 be necessary, but it may be useful when manually 17245 reconstructing a broken cluster. \n This field 17246 is read-only and no changes will be made by Kubernetes 17247 to the PVC after it has been created. \n Required, 17248 must not be nil." 17249 properties: 17250 metadata: 17251 description: May contain labels and annotations 17252 that will be copied into the PVC when creating 17253 it. No other fields are allowed and will be 17254 rejected during validation. 17255 type: object 17256 spec: 17257 description: The specification for the PersistentVolumeClaim. 17258 The entire content is copied unchanged into 17259 the PVC that gets created from this template. 17260 The same fields as in a PersistentVolumeClaim 17261 are also valid here. 17262 properties: 17263 accessModes: 17264 description: 'accessModes contains the desired 17265 access modes the volume should have. More 17266 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 17267 items: 17268 type: string 17269 type: array 17270 dataSource: 17271 description: 'dataSource field can be used 17272 to specify either: * An existing VolumeSnapshot 17273 object (snapshot.storage.k8s.io/VolumeSnapshot) 17274 * An existing PVC (PersistentVolumeClaim) 17275 If the provisioner or an external controller 17276 can support the specified data source, 17277 it will create a new volume based on the 17278 contents of the specified data source. 17279 When the AnyVolumeDataSource feature gate 17280 is enabled, dataSource contents will be 17281 copied to dataSourceRef, and dataSourceRef 17282 contents will be copied to dataSource 17283 when dataSourceRef.namespace is not specified. 17284 If the namespace is specified, then dataSourceRef 17285 will not be copied to dataSource.' 17286 properties: 17287 apiGroup: 17288 description: APIGroup is the group for 17289 the resource being referenced. If 17290 APIGroup is not specified, the specified 17291 Kind must be in the core API group. 17292 For any other third-party types, APIGroup 17293 is required. 17294 type: string 17295 kind: 17296 description: Kind is the type of resource 17297 being referenced 17298 type: string 17299 name: 17300 description: Name is the name of resource 17301 being referenced 17302 type: string 17303 required: 17304 - kind 17305 - name 17306 type: object 17307 dataSourceRef: 17308 description: 'dataSourceRef specifies the 17309 object from which to populate the volume 17310 with data, if a non-empty volume is desired. 17311 This may be any object from a non-empty 17312 API group (non core object) or a PersistentVolumeClaim 17313 object. When this field is specified, 17314 volume binding will only succeed if the 17315 type of the specified object matches some 17316 installed volume populator or dynamic 17317 provisioner. This field will replace the 17318 functionality of the dataSource field 17319 and as such if both fields are non-empty, 17320 they must have the same value. For backwards 17321 compatibility, when namespace isn''t specified 17322 in dataSourceRef, both fields (dataSource 17323 and dataSourceRef) will be set to the 17324 same value automatically if one of them 17325 is empty and the other is non-empty. When 17326 namespace is specified in dataSourceRef, 17327 dataSource isn''t set to the same value 17328 and must be empty. There are three important 17329 differences between dataSource and dataSourceRef: 17330 * While dataSource only allows two specific 17331 types of objects, dataSourceRef allows 17332 any non-core object, as well as PersistentVolumeClaim 17333 objects. * While dataSource ignores disallowed 17334 values (dropping them), dataSourceRef preserves 17335 all values, and generates an error if 17336 a disallowed value is specified. * While 17337 dataSource only allows local objects, 17338 dataSourceRef allows objects in any 17339 namespaces. (Beta) Using this field requires 17340 the AnyVolumeDataSource feature gate to 17341 be enabled. (Alpha) Using the namespace 17342 field of dataSourceRef requires the CrossNamespaceVolumeDataSource 17343 feature gate to be enabled.' 17344 properties: 17345 apiGroup: 17346 description: APIGroup is the group for 17347 the resource being referenced. If 17348 APIGroup is not specified, the specified 17349 Kind must be in the core API group. 17350 For any other third-party types, APIGroup 17351 is required. 17352 type: string 17353 kind: 17354 description: Kind is the type of resource 17355 being referenced 17356 type: string 17357 name: 17358 description: Name is the name of resource 17359 being referenced 17360 type: string 17361 namespace: 17362 description: Namespace is the namespace 17363 of resource being referenced Note 17364 that when a namespace is specified, 17365 a gateway.networking.k8s.io/ReferenceGrant 17366 object is required in the referent 17367 namespace to allow that namespace's 17368 owner to accept the reference. See 17369 the ReferenceGrant documentation for 17370 details. (Alpha) This field requires 17371 the CrossNamespaceVolumeDataSource 17372 feature gate to be enabled. 17373 type: string 17374 required: 17375 - kind 17376 - name 17377 type: object 17378 resources: 17379 description: 'resources represents the minimum 17380 resources the volume should have. If RecoverVolumeExpansionFailure 17381 feature is enabled users are allowed to 17382 specify resource requirements that are 17383 lower than previous value but must still 17384 be higher than capacity recorded in the 17385 status field of the claim. More info: 17386 https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 17387 properties: 17388 claims: 17389 description: "Claims lists the names 17390 of resources, defined in spec.resourceClaims, 17391 that are used by this container. \n 17392 This is an alpha field and requires 17393 enabling the DynamicResourceAllocation 17394 feature gate. \n This field is immutable. 17395 It can only be set for containers." 17396 items: 17397 description: ResourceClaim references 17398 one entry in PodSpec.ResourceClaims. 17399 properties: 17400 name: 17401 description: Name must match the 17402 name of one entry in pod.spec.resourceClaims 17403 of the Pod where this field 17404 is used. It makes that resource 17405 available inside a container. 17406 type: string 17407 required: 17408 - name 17409 type: object 17410 type: array 17411 x-kubernetes-list-map-keys: 17412 - name 17413 x-kubernetes-list-type: map 17414 limits: 17415 additionalProperties: 17416 anyOf: 17417 - type: integer 17418 - type: string 17419 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 17420 x-kubernetes-int-or-string: true 17421 description: 'Limits describes the maximum 17422 amount of compute resources allowed. 17423 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 17424 type: object 17425 requests: 17426 additionalProperties: 17427 anyOf: 17428 - type: integer 17429 - type: string 17430 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 17431 x-kubernetes-int-or-string: true 17432 description: 'Requests describes the 17433 minimum amount of compute resources 17434 required. If Requests is omitted for 17435 a container, it defaults to Limits 17436 if that is explicitly specified, otherwise 17437 to an implementation-defined value. 17438 Requests cannot exceed Limits. More 17439 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 17440 type: object 17441 type: object 17442 selector: 17443 description: selector is a label query over 17444 volumes to consider for binding. 17445 properties: 17446 matchExpressions: 17447 description: matchExpressions is a list 17448 of label selector requirements. The 17449 requirements are ANDed. 17450 items: 17451 description: A label selector requirement 17452 is a selector that contains values, 17453 a key, and an operator that relates 17454 the key and values. 17455 properties: 17456 key: 17457 description: key is the label 17458 key that the selector applies 17459 to. 17460 type: string 17461 operator: 17462 description: operator represents 17463 a key's relationship to a set 17464 of values. Valid operators are 17465 In, NotIn, Exists and DoesNotExist. 17466 type: string 17467 values: 17468 description: values is an array 17469 of string values. If the operator 17470 is In or NotIn, the values array 17471 must be non-empty. If the operator 17472 is Exists or DoesNotExist, the 17473 values array must be empty. 17474 This array is replaced during 17475 a strategic merge patch. 17476 items: 17477 type: string 17478 type: array 17479 required: 17480 - key 17481 - operator 17482 type: object 17483 type: array 17484 matchLabels: 17485 additionalProperties: 17486 type: string 17487 description: matchLabels is a map of 17488 {key,value} pairs. A single {key,value} 17489 in the matchLabels map is equivalent 17490 to an element of matchExpressions, 17491 whose key field is "key", the operator 17492 is "In", and the values array contains 17493 only "value". The requirements are 17494 ANDed. 17495 type: object 17496 type: object 17497 storageClassName: 17498 description: 'storageClassName is the name 17499 of the StorageClass required by the claim. 17500 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 17501 type: string 17502 volumeMode: 17503 description: volumeMode defines what type 17504 of volume is required by the claim. Value 17505 of Filesystem is implied when not included 17506 in claim spec. 17507 type: string 17508 volumeName: 17509 description: volumeName is the binding reference 17510 to the PersistentVolume backing this claim. 17511 type: string 17512 type: object 17513 required: 17514 - spec 17515 type: object 17516 type: object 17517 fc: 17518 description: fc represents a Fibre Channel resource 17519 that is attached to a kubelet's host machine and then 17520 exposed to the pod. 17521 properties: 17522 fsType: 17523 description: 'fsType is the filesystem type to mount. 17524 Must be a filesystem type supported by the host 17525 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 17526 inferred to be "ext4" if unspecified. TODO: how 17527 do we prevent errors in the filesystem from compromising 17528 the machine' 17529 type: string 17530 lun: 17531 description: 'lun is Optional: FC target lun number' 17532 format: int32 17533 type: integer 17534 readOnly: 17535 description: 'readOnly is Optional: Defaults to 17536 false (read/write). ReadOnly here will force the 17537 ReadOnly setting in VolumeMounts.' 17538 type: boolean 17539 targetWWNs: 17540 description: 'targetWWNs is Optional: FC target 17541 worldwide names (WWNs)' 17542 items: 17543 type: string 17544 type: array 17545 wwids: 17546 description: 'wwids Optional: FC volume world wide 17547 identifiers (wwids) Either wwids or combination 17548 of targetWWNs and lun must be set, but not both 17549 simultaneously.' 17550 items: 17551 type: string 17552 type: array 17553 type: object 17554 flexVolume: 17555 description: flexVolume represents a generic volume 17556 resource that is provisioned/attached using an exec 17557 based plugin. 17558 properties: 17559 driver: 17560 description: driver is the name of the driver to 17561 use for this volume. 17562 type: string 17563 fsType: 17564 description: fsType is the filesystem type to mount. 17565 Must be a filesystem type supported by the host 17566 operating system. Ex. "ext4", "xfs", "ntfs". The 17567 default filesystem depends on FlexVolume script. 17568 type: string 17569 options: 17570 additionalProperties: 17571 type: string 17572 description: 'options is Optional: this field holds 17573 extra command options if any.' 17574 type: object 17575 readOnly: 17576 description: 'readOnly is Optional: defaults to 17577 false (read/write). ReadOnly here will force the 17578 ReadOnly setting in VolumeMounts.' 17579 type: boolean 17580 secretRef: 17581 description: 'secretRef is Optional: secretRef is 17582 reference to the secret object containing sensitive 17583 information to pass to the plugin scripts. This 17584 may be empty if no secret object is specified. 17585 If the secret object contains more than one secret, 17586 all secrets are passed to the plugin scripts.' 17587 properties: 17588 name: 17589 description: 'Name of the referent. More info: 17590 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 17591 TODO: Add other useful fields. apiVersion, 17592 kind, uid?' 17593 type: string 17594 type: object 17595 required: 17596 - driver 17597 type: object 17598 flocker: 17599 description: flocker represents a Flocker volume attached 17600 to a kubelet's host machine. This depends on the Flocker 17601 control service being running 17602 properties: 17603 datasetName: 17604 description: datasetName is Name of the dataset 17605 stored as metadata -> name on the dataset for 17606 Flocker should be considered as deprecated 17607 type: string 17608 datasetUUID: 17609 description: datasetUUID is the UUID of the dataset. 17610 This is unique identifier of a Flocker dataset 17611 type: string 17612 type: object 17613 gcePersistentDisk: 17614 description: 'gcePersistentDisk represents a GCE Disk 17615 resource that is attached to a kubelet''s host machine 17616 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 17617 properties: 17618 fsType: 17619 description: 'fsType is filesystem type of the volume 17620 that you want to mount. Tip: Ensure that the filesystem 17621 type is supported by the host operating system. 17622 Examples: "ext4", "xfs", "ntfs". Implicitly inferred 17623 to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 17624 TODO: how do we prevent errors in the filesystem 17625 from compromising the machine' 17626 type: string 17627 partition: 17628 description: 'partition is the partition in the 17629 volume that you want to mount. If omitted, the 17630 default is to mount by volume name. Examples: 17631 For volume /dev/sda1, you specify the partition 17632 as "1". Similarly, the volume partition for /dev/sda 17633 is "0" (or you can leave the property empty). 17634 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 17635 format: int32 17636 type: integer 17637 pdName: 17638 description: 'pdName is unique name of the PD resource 17639 in GCE. Used to identify the disk in GCE. More 17640 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 17641 type: string 17642 readOnly: 17643 description: 'readOnly here will force the ReadOnly 17644 setting in VolumeMounts. Defaults to false. More 17645 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 17646 type: boolean 17647 required: 17648 - pdName 17649 type: object 17650 gitRepo: 17651 description: 'gitRepo represents a git repository at 17652 a particular revision. DEPRECATED: GitRepo is deprecated. 17653 To provision a container with a git repo, mount an 17654 EmptyDir into an InitContainer that clones the repo 17655 using git, then mount the EmptyDir into the Pod''s 17656 container.' 17657 properties: 17658 directory: 17659 description: directory is the target directory name. 17660 Must not contain or start with '..'. If '.' is 17661 supplied, the volume directory will be the git 17662 repository. Otherwise, if specified, the volume 17663 will contain the git repository in the subdirectory 17664 with the given name. 17665 type: string 17666 repository: 17667 description: repository is the URL 17668 type: string 17669 revision: 17670 description: revision is the commit hash for the 17671 specified revision. 17672 type: string 17673 required: 17674 - repository 17675 type: object 17676 glusterfs: 17677 description: 'glusterfs represents a Glusterfs mount 17678 on the host that shares a pod''s lifetime. More info: 17679 https://examples.k8s.io/volumes/glusterfs/README.md' 17680 properties: 17681 endpoints: 17682 description: 'endpoints is the endpoint name that 17683 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 17684 type: string 17685 path: 17686 description: 'path is the Glusterfs volume path. 17687 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 17688 type: string 17689 readOnly: 17690 description: 'readOnly here will force the Glusterfs 17691 volume to be mounted with read-only permissions. 17692 Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 17693 type: boolean 17694 required: 17695 - endpoints 17696 - path 17697 type: object 17698 hostPath: 17699 description: 'hostPath represents a pre-existing file 17700 or directory on the host machine that is directly 17701 exposed to the container. This is generally used for 17702 system agents or other privileged things that are 17703 allowed to see the host machine. Most containers will 17704 NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 17705 --- TODO(jonesdl) We need to restrict who can use 17706 host directory mounts and who can/can not mount host 17707 directories as read/write.' 17708 properties: 17709 path: 17710 description: 'path of the directory on the host. 17711 If the path is a symlink, it will follow the link 17712 to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 17713 type: string 17714 type: 17715 description: 'type for HostPath Volume Defaults 17716 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 17717 type: string 17718 required: 17719 - path 17720 type: object 17721 iscsi: 17722 description: 'iscsi represents an ISCSI Disk resource 17723 that is attached to a kubelet''s host machine and 17724 then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 17725 properties: 17726 chapAuthDiscovery: 17727 description: chapAuthDiscovery defines whether support 17728 iSCSI Discovery CHAP authentication 17729 type: boolean 17730 chapAuthSession: 17731 description: chapAuthSession defines whether support 17732 iSCSI Session CHAP authentication 17733 type: boolean 17734 fsType: 17735 description: 'fsType is the filesystem type of the 17736 volume that you want to mount. Tip: Ensure that 17737 the filesystem type is supported by the host operating 17738 system. Examples: "ext4", "xfs", "ntfs". Implicitly 17739 inferred to be "ext4" if unspecified. More info: 17740 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 17741 TODO: how do we prevent errors in the filesystem 17742 from compromising the machine' 17743 type: string 17744 initiatorName: 17745 description: initiatorName is the custom iSCSI Initiator 17746 Name. If initiatorName is specified with iscsiInterface 17747 simultaneously, new iSCSI interface <target portal>:<volume 17748 name> will be created for the connection. 17749 type: string 17750 iqn: 17751 description: iqn is the target iSCSI Qualified Name. 17752 type: string 17753 iscsiInterface: 17754 description: iscsiInterface is the interface Name 17755 that uses an iSCSI transport. Defaults to 'default' 17756 (tcp). 17757 type: string 17758 lun: 17759 description: lun represents iSCSI Target Lun number. 17760 format: int32 17761 type: integer 17762 portals: 17763 description: portals is the iSCSI Target Portal 17764 List. The portal is either an IP or ip_addr:port 17765 if the port is other than default (typically TCP 17766 ports 860 and 3260). 17767 items: 17768 type: string 17769 type: array 17770 readOnly: 17771 description: readOnly here will force the ReadOnly 17772 setting in VolumeMounts. Defaults to false. 17773 type: boolean 17774 secretRef: 17775 description: secretRef is the CHAP Secret for iSCSI 17776 target and initiator authentication 17777 properties: 17778 name: 17779 description: 'Name of the referent. More info: 17780 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 17781 TODO: Add other useful fields. apiVersion, 17782 kind, uid?' 17783 type: string 17784 type: object 17785 targetPortal: 17786 description: targetPortal is iSCSI Target Portal. 17787 The Portal is either an IP or ip_addr:port if 17788 the port is other than default (typically TCP 17789 ports 860 and 3260). 17790 type: string 17791 required: 17792 - iqn 17793 - lun 17794 - targetPortal 17795 type: object 17796 name: 17797 description: 'name of the volume. Must be a DNS_LABEL 17798 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 17799 type: string 17800 nfs: 17801 description: 'nfs represents an NFS mount on the host 17802 that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 17803 properties: 17804 path: 17805 description: 'path that is exported by the NFS server. 17806 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 17807 type: string 17808 readOnly: 17809 description: 'readOnly here will force the NFS export 17810 to be mounted with read-only permissions. Defaults 17811 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 17812 type: boolean 17813 server: 17814 description: 'server is the hostname or IP address 17815 of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 17816 type: string 17817 required: 17818 - path 17819 - server 17820 type: object 17821 persistentVolumeClaim: 17822 description: 'persistentVolumeClaimVolumeSource represents 17823 a reference to a PersistentVolumeClaim in the same 17824 namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 17825 properties: 17826 claimName: 17827 description: 'claimName is the name of a PersistentVolumeClaim 17828 in the same namespace as the pod using this volume. 17829 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 17830 type: string 17831 readOnly: 17832 description: readOnly Will force the ReadOnly setting 17833 in VolumeMounts. Default false. 17834 type: boolean 17835 required: 17836 - claimName 17837 type: object 17838 photonPersistentDisk: 17839 description: photonPersistentDisk represents a PhotonController 17840 persistent disk attached and mounted on kubelets host 17841 machine 17842 properties: 17843 fsType: 17844 description: fsType is the filesystem type to mount. 17845 Must be a filesystem type supported by the host 17846 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 17847 inferred to be "ext4" if unspecified. 17848 type: string 17849 pdID: 17850 description: pdID is the ID that identifies Photon 17851 Controller persistent disk 17852 type: string 17853 required: 17854 - pdID 17855 type: object 17856 portworxVolume: 17857 description: portworxVolume represents a portworx volume 17858 attached and mounted on kubelets host machine 17859 properties: 17860 fsType: 17861 description: fSType represents the filesystem type 17862 to mount Must be a filesystem type supported by 17863 the host operating system. Ex. "ext4", "xfs". 17864 Implicitly inferred to be "ext4" if unspecified. 17865 type: string 17866 readOnly: 17867 description: readOnly defaults to false (read/write). 17868 ReadOnly here will force the ReadOnly setting 17869 in VolumeMounts. 17870 type: boolean 17871 volumeID: 17872 description: volumeID uniquely identifies a Portworx 17873 volume 17874 type: string 17875 required: 17876 - volumeID 17877 type: object 17878 projected: 17879 description: projected items for all in one resources 17880 secrets, configmaps, and downward API 17881 properties: 17882 defaultMode: 17883 description: defaultMode are the mode bits used 17884 to set permissions on created files by default. 17885 Must be an octal value between 0000 and 0777 or 17886 a decimal value between 0 and 511. YAML accepts 17887 both octal and decimal values, JSON requires decimal 17888 values for mode bits. Directories within the path 17889 are not affected by this setting. This might be 17890 in conflict with other options that affect the 17891 file mode, like fsGroup, and the result can be 17892 other mode bits set. 17893 format: int32 17894 type: integer 17895 sources: 17896 description: sources is the list of volume projections 17897 items: 17898 description: Projection that may be projected 17899 along with other supported volume types 17900 properties: 17901 configMap: 17902 description: configMap information about the 17903 configMap data to project 17904 properties: 17905 items: 17906 description: items if unspecified, each 17907 key-value pair in the Data field of 17908 the referenced ConfigMap will be projected 17909 into the volume as a file whose name 17910 is the key and content is the value. 17911 If specified, the listed keys will be 17912 projected into the specified paths, 17913 and unlisted keys will not be present. 17914 If a key is specified which is not present 17915 in the ConfigMap, the volume setup will 17916 error unless it is marked optional. 17917 Paths must be relative and may not contain 17918 the '..' path or start with '..'. 17919 items: 17920 description: Maps a string key to a 17921 path within a volume. 17922 properties: 17923 key: 17924 description: key is the key to project. 17925 type: string 17926 mode: 17927 description: 'mode is Optional: 17928 mode bits used to set permissions 17929 on this file. Must be an octal 17930 value between 0000 and 0777 or 17931 a decimal value between 0 and 17932 511. YAML accepts both octal and 17933 decimal values, JSON requires 17934 decimal values for mode bits. 17935 If not specified, the volume defaultMode 17936 will be used. This might be in 17937 conflict with other options that 17938 affect the file mode, like fsGroup, 17939 and the result can be other mode 17940 bits set.' 17941 format: int32 17942 type: integer 17943 path: 17944 description: path is the relative 17945 path of the file to map the key 17946 to. May not be an absolute path. 17947 May not contain the path element 17948 '..'. May not start with the string 17949 '..'. 17950 type: string 17951 required: 17952 - key 17953 - path 17954 type: object 17955 type: array 17956 name: 17957 description: 'Name of the referent. More 17958 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 17959 TODO: Add other useful fields. apiVersion, 17960 kind, uid?' 17961 type: string 17962 optional: 17963 description: optional specify whether 17964 the ConfigMap or its keys must be defined 17965 type: boolean 17966 type: object 17967 downwardAPI: 17968 description: downwardAPI information about 17969 the downwardAPI data to project 17970 properties: 17971 items: 17972 description: Items is a list of DownwardAPIVolume 17973 file 17974 items: 17975 description: DownwardAPIVolumeFile represents 17976 information to create the file containing 17977 the pod field 17978 properties: 17979 fieldRef: 17980 description: 'Required: Selects 17981 a field of the pod: only annotations, 17982 labels, name and namespace are 17983 supported.' 17984 properties: 17985 apiVersion: 17986 description: Version of the 17987 schema the FieldPath is written 17988 in terms of, defaults to "v1". 17989 type: string 17990 fieldPath: 17991 description: Path of the field 17992 to select in the specified 17993 API version. 17994 type: string 17995 required: 17996 - fieldPath 17997 type: object 17998 mode: 17999 description: 'Optional: mode bits 18000 used to set permissions on this 18001 file, must be an octal value between 18002 0000 and 0777 or a decimal value 18003 between 0 and 511. YAML accepts 18004 both octal and decimal values, 18005 JSON requires decimal values for 18006 mode bits. If not specified, the 18007 volume defaultMode will be used. 18008 This might be in conflict with 18009 other options that affect the 18010 file mode, like fsGroup, and the 18011 result can be other mode bits 18012 set.' 18013 format: int32 18014 type: integer 18015 path: 18016 description: 'Required: Path is the 18017 relative path name of the file 18018 to be created. Must not be absolute 18019 or contain the ''..'' path. Must 18020 be utf-8 encoded. The first item 18021 of the relative path must not 18022 start with ''..''' 18023 type: string 18024 resourceFieldRef: 18025 description: 'Selects a resource 18026 of the container: only resources 18027 limits and requests (limits.cpu, 18028 limits.memory, requests.cpu and 18029 requests.memory) are currently 18030 supported.' 18031 properties: 18032 containerName: 18033 description: 'Container name: 18034 required for volumes, optional 18035 for env vars' 18036 type: string 18037 divisor: 18038 anyOf: 18039 - type: integer 18040 - type: string 18041 description: Specifies the output 18042 format of the exposed resources, 18043 defaults to "1" 18044 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18045 x-kubernetes-int-or-string: true 18046 resource: 18047 description: 'Required: resource 18048 to select' 18049 type: string 18050 required: 18051 - resource 18052 type: object 18053 required: 18054 - path 18055 type: object 18056 type: array 18057 type: object 18058 secret: 18059 description: secret information about the 18060 secret data to project 18061 properties: 18062 items: 18063 description: items if unspecified, each 18064 key-value pair in the Data field of 18065 the referenced Secret will be projected 18066 into the volume as a file whose name 18067 is the key and content is the value. 18068 If specified, the listed keys will be 18069 projected into the specified paths, 18070 and unlisted keys will not be present. 18071 If a key is specified which is not present 18072 in the Secret, the volume setup will 18073 error unless it is marked optional. 18074 Paths must be relative and may not contain 18075 the '..' path or start with '..'. 18076 items: 18077 description: Maps a string key to a 18078 path within a volume. 18079 properties: 18080 key: 18081 description: key is the key to project. 18082 type: string 18083 mode: 18084 description: 'mode is Optional: 18085 mode bits used to set permissions 18086 on this file. Must be an octal 18087 value between 0000 and 0777 or 18088 a decimal value between 0 and 18089 511. YAML accepts both octal and 18090 decimal values, JSON requires 18091 decimal values for mode bits. 18092 If not specified, the volume defaultMode 18093 will be used. This might be in 18094 conflict with other options that 18095 affect the file mode, like fsGroup, 18096 and the result can be other mode 18097 bits set.' 18098 format: int32 18099 type: integer 18100 path: 18101 description: path is the relative 18102 path of the file to map the key 18103 to. May not be an absolute path. 18104 May not contain the path element 18105 '..'. May not start with the string 18106 '..'. 18107 type: string 18108 required: 18109 - key 18110 - path 18111 type: object 18112 type: array 18113 name: 18114 description: 'Name of the referent. More 18115 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 18116 TODO: Add other useful fields. apiVersion, 18117 kind, uid?' 18118 type: string 18119 optional: 18120 description: optional field specify whether 18121 the Secret or its key must be defined 18122 type: boolean 18123 type: object 18124 serviceAccountToken: 18125 description: serviceAccountToken is information 18126 about the serviceAccountToken data to project 18127 properties: 18128 audience: 18129 description: audience is the intended 18130 audience of the token. A recipient of 18131 a token must identify itself with an 18132 identifier specified in the audience 18133 of the token, and otherwise should reject 18134 the token. The audience defaults to 18135 the identifier of the apiserver. 18136 type: string 18137 expirationSeconds: 18138 description: expirationSeconds is the 18139 requested duration of validity of the 18140 service account token. As the token 18141 approaches expiration, the kubelet volume 18142 plugin will proactively rotate the service 18143 account token. The kubelet will start 18144 trying to rotate the token if the token 18145 is older than 80 percent of its time 18146 to live or if the token is older than 18147 24 hours.Defaults to 1 hour and must 18148 be at least 10 minutes. 18149 format: int64 18150 type: integer 18151 path: 18152 description: path is the path relative 18153 to the mount point of the file to project 18154 the token into. 18155 type: string 18156 required: 18157 - path 18158 type: object 18159 type: object 18160 type: array 18161 type: object 18162 quobyte: 18163 description: quobyte represents a Quobyte mount on the 18164 host that shares a pod's lifetime 18165 properties: 18166 group: 18167 description: group to map volume access to Default 18168 is no group 18169 type: string 18170 readOnly: 18171 description: readOnly here will force the Quobyte 18172 volume to be mounted with read-only permissions. 18173 Defaults to false. 18174 type: boolean 18175 registry: 18176 description: registry represents a single or multiple 18177 Quobyte Registry services specified as a string 18178 as host:port pair (multiple entries are separated 18179 with commas) which acts as the central registry 18180 for volumes 18181 type: string 18182 tenant: 18183 description: tenant owning the given Quobyte volume 18184 in the Backend Used with dynamically provisioned 18185 Quobyte volumes, value is set by the plugin 18186 type: string 18187 user: 18188 description: user to map volume access to Defaults 18189 to serivceaccount user 18190 type: string 18191 volume: 18192 description: volume is a string that references 18193 an already created Quobyte volume by name. 18194 type: string 18195 required: 18196 - registry 18197 - volume 18198 type: object 18199 rbd: 18200 description: 'rbd represents a Rados Block Device mount 18201 on the host that shares a pod''s lifetime. More info: 18202 https://examples.k8s.io/volumes/rbd/README.md' 18203 properties: 18204 fsType: 18205 description: 'fsType is the filesystem type of the 18206 volume that you want to mount. Tip: Ensure that 18207 the filesystem type is supported by the host operating 18208 system. Examples: "ext4", "xfs", "ntfs". Implicitly 18209 inferred to be "ext4" if unspecified. More info: 18210 https://kubernetes.io/docs/concepts/storage/volumes#rbd 18211 TODO: how do we prevent errors in the filesystem 18212 from compromising the machine' 18213 type: string 18214 image: 18215 description: 'image is the rados image name. More 18216 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18217 type: string 18218 keyring: 18219 description: 'keyring is the path to key ring for 18220 RBDUser. Default is /etc/ceph/keyring. More info: 18221 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18222 type: string 18223 monitors: 18224 description: 'monitors is a collection of Ceph monitors. 18225 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18226 items: 18227 type: string 18228 type: array 18229 pool: 18230 description: 'pool is the rados pool name. Default 18231 is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18232 type: string 18233 readOnly: 18234 description: 'readOnly here will force the ReadOnly 18235 setting in VolumeMounts. Defaults to false. More 18236 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18237 type: boolean 18238 secretRef: 18239 description: 'secretRef is name of the authentication 18240 secret for RBDUser. If provided overrides keyring. 18241 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18242 properties: 18243 name: 18244 description: 'Name of the referent. More info: 18245 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 18246 TODO: Add other useful fields. apiVersion, 18247 kind, uid?' 18248 type: string 18249 type: object 18250 user: 18251 description: 'user is the rados user name. Default 18252 is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 18253 type: string 18254 required: 18255 - image 18256 - monitors 18257 type: object 18258 scaleIO: 18259 description: scaleIO represents a ScaleIO persistent 18260 volume attached and mounted on Kubernetes nodes. 18261 properties: 18262 fsType: 18263 description: fsType is the filesystem type to mount. 18264 Must be a filesystem type supported by the host 18265 operating system. Ex. "ext4", "xfs", "ntfs". Default 18266 is "xfs". 18267 type: string 18268 gateway: 18269 description: gateway is the host address of the 18270 ScaleIO API Gateway. 18271 type: string 18272 protectionDomain: 18273 description: protectionDomain is the name of the 18274 ScaleIO Protection Domain for the configured storage. 18275 type: string 18276 readOnly: 18277 description: readOnly Defaults to false (read/write). 18278 ReadOnly here will force the ReadOnly setting 18279 in VolumeMounts. 18280 type: boolean 18281 secretRef: 18282 description: secretRef references to the secret 18283 for ScaleIO user and other sensitive information. 18284 If this is not provided, Login operation will 18285 fail. 18286 properties: 18287 name: 18288 description: 'Name of the referent. More info: 18289 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 18290 TODO: Add other useful fields. apiVersion, 18291 kind, uid?' 18292 type: string 18293 type: object 18294 sslEnabled: 18295 description: sslEnabled Flag enable/disable SSL 18296 communication with Gateway, default false 18297 type: boolean 18298 storageMode: 18299 description: storageMode indicates whether the storage 18300 for a volume should be ThickProvisioned or ThinProvisioned. 18301 Default is ThinProvisioned. 18302 type: string 18303 storagePool: 18304 description: storagePool is the ScaleIO Storage 18305 Pool associated with the protection domain. 18306 type: string 18307 system: 18308 description: system is the name of the storage system 18309 as configured in ScaleIO. 18310 type: string 18311 volumeName: 18312 description: volumeName is the name of a volume 18313 already created in the ScaleIO system that is 18314 associated with this volume source. 18315 type: string 18316 required: 18317 - gateway 18318 - secretRef 18319 - system 18320 type: object 18321 secret: 18322 description: 'secret represents a secret that should 18323 populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 18324 properties: 18325 defaultMode: 18326 description: 'defaultMode is Optional: mode bits 18327 used to set permissions on created files by default. 18328 Must be an octal value between 0000 and 0777 or 18329 a decimal value between 0 and 511. YAML accepts 18330 both octal and decimal values, JSON requires decimal 18331 values for mode bits. Defaults to 0644. Directories 18332 within the path are not affected by this setting. 18333 This might be in conflict with other options that 18334 affect the file mode, like fsGroup, and the result 18335 can be other mode bits set.' 18336 format: int32 18337 type: integer 18338 items: 18339 description: items If unspecified, each key-value 18340 pair in the Data field of the referenced Secret 18341 will be projected into the volume as a file whose 18342 name is the key and content is the value. If specified, 18343 the listed keys will be projected into the specified 18344 paths, and unlisted keys will not be present. 18345 If a key is specified which is not present in 18346 the Secret, the volume setup will error unless 18347 it is marked optional. Paths must be relative 18348 and may not contain the '..' path or start with 18349 '..'. 18350 items: 18351 description: Maps a string key to a path within 18352 a volume. 18353 properties: 18354 key: 18355 description: key is the key to project. 18356 type: string 18357 mode: 18358 description: 'mode is Optional: mode bits 18359 used to set permissions on this file. Must 18360 be an octal value between 0000 and 0777 18361 or a decimal value between 0 and 511. YAML 18362 accepts both octal and decimal values, JSON 18363 requires decimal values for mode bits. If 18364 not specified, the volume defaultMode will 18365 be used. This might be in conflict with 18366 other options that affect the file mode, 18367 like fsGroup, and the result can be other 18368 mode bits set.' 18369 format: int32 18370 type: integer 18371 path: 18372 description: path is the relative path of 18373 the file to map the key to. May not be an 18374 absolute path. May not contain the path 18375 element '..'. May not start with the string 18376 '..'. 18377 type: string 18378 required: 18379 - key 18380 - path 18381 type: object 18382 type: array 18383 optional: 18384 description: optional field specify whether the 18385 Secret or its keys must be defined 18386 type: boolean 18387 secretName: 18388 description: 'secretName is the name of the secret 18389 in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 18390 type: string 18391 type: object 18392 storageos: 18393 description: storageOS represents a StorageOS volume 18394 attached and mounted on Kubernetes nodes. 18395 properties: 18396 fsType: 18397 description: fsType is the filesystem type to mount. 18398 Must be a filesystem type supported by the host 18399 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 18400 inferred to be "ext4" if unspecified. 18401 type: string 18402 readOnly: 18403 description: readOnly defaults to false (read/write). 18404 ReadOnly here will force the ReadOnly setting 18405 in VolumeMounts. 18406 type: boolean 18407 secretRef: 18408 description: secretRef specifies the secret to use 18409 for obtaining the StorageOS API credentials. If 18410 not specified, default values will be attempted. 18411 properties: 18412 name: 18413 description: 'Name of the referent. More info: 18414 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 18415 TODO: Add other useful fields. apiVersion, 18416 kind, uid?' 18417 type: string 18418 type: object 18419 volumeName: 18420 description: volumeName is the human-readable name 18421 of the StorageOS volume. Volume names are only 18422 unique within a namespace. 18423 type: string 18424 volumeNamespace: 18425 description: volumeNamespace specifies the scope 18426 of the volume within StorageOS. If no namespace 18427 is specified then the Pod's namespace will be 18428 used. This allows the Kubernetes name scoping 18429 to be mirrored within StorageOS for tighter integration. 18430 Set VolumeName to any name to override the default 18431 behaviour. Set to "default" if you are not using 18432 namespaces within StorageOS. Namespaces that do 18433 not pre-exist within StorageOS will be created. 18434 type: string 18435 type: object 18436 vsphereVolume: 18437 description: vsphereVolume represents a vSphere volume 18438 attached and mounted on kubelets host machine 18439 properties: 18440 fsType: 18441 description: fsType is filesystem type to mount. 18442 Must be a filesystem type supported by the host 18443 operating system. Ex. "ext4", "xfs", "ntfs". Implicitly 18444 inferred to be "ext4" if unspecified. 18445 type: string 18446 storagePolicyID: 18447 description: storagePolicyID is the storage Policy 18448 Based Management (SPBM) profile ID associated 18449 with the StoragePolicyName. 18450 type: string 18451 storagePolicyName: 18452 description: storagePolicyName is the storage Policy 18453 Based Management (SPBM) profile name. 18454 type: string 18455 volumePath: 18456 description: volumePath is the path that identifies 18457 vSphere volume vmdk 18458 type: string 18459 required: 18460 - volumePath 18461 type: object 18462 required: 18463 - name 18464 type: object 18465 type: array 18466 x-kubernetes-list-type: atomic 18467 type: object 18468 resources: 18469 description: Resources is a list of bindings specifying which 18470 actual instances of PipelineResources to use for the resources 18471 the Pipeline has declared it needs. 18472 items: 18473 description: PipelineResourceBinding connects a reference to 18474 an instance of a PipelineResource with a PipelineResource 18475 dependency that the Pipeline has declared 18476 properties: 18477 name: 18478 description: Name is the name of the PipelineResource in 18479 the Pipeline's declaration 18480 type: string 18481 resourceRef: 18482 description: ResourceRef is a reference to the instance 18483 of the actual PipelineResource that should be used 18484 properties: 18485 apiVersion: 18486 description: API version of the referent 18487 type: string 18488 name: 18489 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 18490 type: string 18491 type: object 18492 resourceSpec: 18493 description: ResourceSpec is specification of a resource 18494 that should be created and consumed by the task 18495 properties: 18496 description: 18497 description: Description is a user-facing description 18498 of the resource that may be used to populate a UI. 18499 type: string 18500 params: 18501 items: 18502 description: ResourceParam declares a string value 18503 to use for the parameter called Name, and is used 18504 in the specific context of PipelineResources. 18505 properties: 18506 name: 18507 type: string 18508 value: 18509 type: string 18510 required: 18511 - name 18512 - value 18513 type: object 18514 type: array 18515 x-kubernetes-list-type: atomic 18516 secrets: 18517 description: Secrets to fetch to populate some of resource 18518 fields 18519 items: 18520 description: SecretParam indicates which secret can 18521 be used to populate a field of the resource 18522 properties: 18523 fieldName: 18524 type: string 18525 secretKey: 18526 type: string 18527 secretName: 18528 type: string 18529 required: 18530 - fieldName 18531 - secretKey 18532 - secretName 18533 type: object 18534 type: array 18535 x-kubernetes-list-type: atomic 18536 type: 18537 type: string 18538 required: 18539 - params 18540 - type 18541 type: object 18542 type: object 18543 type: array 18544 x-kubernetes-list-type: atomic 18545 serviceAccountName: 18546 type: string 18547 status: 18548 description: Used for cancelling a pipelinerun (and maybe more 18549 later on) 18550 type: string 18551 taskRunSpecs: 18552 description: TaskRunSpecs holds a set of runtime specs 18553 items: 18554 description: PipelineTaskRunSpec can be used to configure specific 18555 specs for a concrete Task 18556 properties: 18557 computeResources: 18558 description: Compute resources to use for this TaskRun 18559 properties: 18560 claims: 18561 description: "Claims lists the names of resources, defined 18562 in spec.resourceClaims, that are used by this container. 18563 \n This is an alpha field and requires enabling the 18564 DynamicResourceAllocation feature gate. \n This field 18565 is immutable. It can only be set for containers." 18566 items: 18567 description: ResourceClaim references one entry in 18568 PodSpec.ResourceClaims. 18569 properties: 18570 name: 18571 description: Name must match the name of one entry 18572 in pod.spec.resourceClaims of the Pod where 18573 this field is used. It makes that resource available 18574 inside a container. 18575 type: string 18576 required: 18577 - name 18578 type: object 18579 type: array 18580 x-kubernetes-list-map-keys: 18581 - name 18582 x-kubernetes-list-type: map 18583 limits: 18584 additionalProperties: 18585 anyOf: 18586 - type: integer 18587 - type: string 18588 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18589 x-kubernetes-int-or-string: true 18590 description: 'Limits describes the maximum amount of 18591 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18592 type: object 18593 requests: 18594 additionalProperties: 18595 anyOf: 18596 - type: integer 18597 - type: string 18598 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18599 x-kubernetes-int-or-string: true 18600 description: 'Requests describes the minimum amount 18601 of compute resources required. If Requests is omitted 18602 for a container, it defaults to Limits if that is 18603 explicitly specified, otherwise to an implementation-defined 18604 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18605 type: object 18606 type: object 18607 metadata: 18608 description: PipelineTaskMetadata contains the labels or 18609 annotations for an EmbeddedTask 18610 properties: 18611 annotations: 18612 additionalProperties: 18613 type: string 18614 type: object 18615 labels: 18616 additionalProperties: 18617 type: string 18618 type: object 18619 type: object 18620 pipelineTaskName: 18621 type: string 18622 sidecarOverrides: 18623 items: 18624 description: TaskRunSidecarOverride is used to override 18625 the values of a Sidecar in the corresponding Task. 18626 properties: 18627 name: 18628 description: The name of the Sidecar to override. 18629 type: string 18630 resources: 18631 description: The resource requirements to apply to 18632 the Sidecar. 18633 properties: 18634 claims: 18635 description: "Claims lists the names of resources, 18636 defined in spec.resourceClaims, that are used 18637 by this container. \n This is an alpha field 18638 and requires enabling the DynamicResourceAllocation 18639 feature gate. \n This field is immutable. It 18640 can only be set for containers." 18641 items: 18642 description: ResourceClaim references one entry 18643 in PodSpec.ResourceClaims. 18644 properties: 18645 name: 18646 description: Name must match the name of 18647 one entry in pod.spec.resourceClaims of 18648 the Pod where this field is used. It makes 18649 that resource available inside a container. 18650 type: string 18651 required: 18652 - name 18653 type: object 18654 type: array 18655 x-kubernetes-list-map-keys: 18656 - name 18657 x-kubernetes-list-type: map 18658 limits: 18659 additionalProperties: 18660 anyOf: 18661 - type: integer 18662 - type: string 18663 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18664 x-kubernetes-int-or-string: true 18665 description: 'Limits describes the maximum amount 18666 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18667 type: object 18668 requests: 18669 additionalProperties: 18670 anyOf: 18671 - type: integer 18672 - type: string 18673 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18674 x-kubernetes-int-or-string: true 18675 description: 'Requests describes the minimum amount 18676 of compute resources required. If Requests is 18677 omitted for a container, it defaults to Limits 18678 if that is explicitly specified, otherwise to 18679 an implementation-defined value. Requests cannot 18680 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18681 type: object 18682 type: object 18683 required: 18684 - name 18685 - resources 18686 type: object 18687 type: array 18688 x-kubernetes-list-type: atomic 18689 stepOverrides: 18690 items: 18691 description: TaskRunStepOverride is used to override the 18692 values of a Step in the corresponding Task. 18693 properties: 18694 name: 18695 description: The name of the Step to override. 18696 type: string 18697 resources: 18698 description: The resource requirements to apply to 18699 the Step. 18700 properties: 18701 claims: 18702 description: "Claims lists the names of resources, 18703 defined in spec.resourceClaims, that are used 18704 by this container. \n This is an alpha field 18705 and requires enabling the DynamicResourceAllocation 18706 feature gate. \n This field is immutable. It 18707 can only be set for containers." 18708 items: 18709 description: ResourceClaim references one entry 18710 in PodSpec.ResourceClaims. 18711 properties: 18712 name: 18713 description: Name must match the name of 18714 one entry in pod.spec.resourceClaims of 18715 the Pod where this field is used. It makes 18716 that resource available inside a container. 18717 type: string 18718 required: 18719 - name 18720 type: object 18721 type: array 18722 x-kubernetes-list-map-keys: 18723 - name 18724 x-kubernetes-list-type: map 18725 limits: 18726 additionalProperties: 18727 anyOf: 18728 - type: integer 18729 - type: string 18730 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18731 x-kubernetes-int-or-string: true 18732 description: 'Limits describes the maximum amount 18733 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18734 type: object 18735 requests: 18736 additionalProperties: 18737 anyOf: 18738 - type: integer 18739 - type: string 18740 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 18741 x-kubernetes-int-or-string: true 18742 description: 'Requests describes the minimum amount 18743 of compute resources required. If Requests is 18744 omitted for a container, it defaults to Limits 18745 if that is explicitly specified, otherwise to 18746 an implementation-defined value. Requests cannot 18747 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 18748 type: object 18749 type: object 18750 required: 18751 - name 18752 - resources 18753 type: object 18754 type: array 18755 x-kubernetes-list-type: atomic 18756 taskPodTemplate: 18757 description: Template holds pod specific configuration 18758 properties: 18759 affinity: 18760 description: If specified, the pod's scheduling constraints 18761 properties: 18762 nodeAffinity: 18763 description: Describes node affinity scheduling 18764 rules for the pod. 18765 properties: 18766 preferredDuringSchedulingIgnoredDuringExecution: 18767 description: The scheduler will prefer to schedule 18768 pods to nodes that satisfy the affinity expressions 18769 specified by this field, but it may choose 18770 a node that violates one or more of the expressions. 18771 The node that is most preferred is the one 18772 with the greatest sum of weights, i.e. for 18773 each node that meets all of the scheduling 18774 requirements (resource request, requiredDuringScheduling 18775 affinity expressions, etc.), compute a sum 18776 by iterating through the elements of this 18777 field and adding "weight" to the sum if the 18778 node matches the corresponding matchExpressions; 18779 the node(s) with the highest sum are the most 18780 preferred. 18781 items: 18782 description: An empty preferred scheduling 18783 term matches all objects with implicit weight 18784 0 (i.e. it's a no-op). A null preferred 18785 scheduling term matches no objects (i.e. 18786 is also a no-op). 18787 properties: 18788 preference: 18789 description: A node selector term, associated 18790 with the corresponding weight. 18791 properties: 18792 matchExpressions: 18793 description: A list of node selector 18794 requirements by node's labels. 18795 items: 18796 description: A node selector requirement 18797 is a selector that contains values, 18798 a key, and an operator that relates 18799 the key and values. 18800 properties: 18801 key: 18802 description: The label key that 18803 the selector applies to. 18804 type: string 18805 operator: 18806 description: Represents a key's 18807 relationship to a set of values. 18808 Valid operators are In, NotIn, 18809 Exists, DoesNotExist. Gt, 18810 and Lt. 18811 type: string 18812 values: 18813 description: An array of string 18814 values. If the operator is 18815 In or NotIn, the values array 18816 must be non-empty. If the 18817 operator is Exists or DoesNotExist, 18818 the values array must be empty. 18819 If the operator is Gt or Lt, 18820 the values array must have 18821 a single element, which will 18822 be interpreted as an integer. 18823 This array is replaced during 18824 a strategic merge patch. 18825 items: 18826 type: string 18827 type: array 18828 required: 18829 - key 18830 - operator 18831 type: object 18832 type: array 18833 matchFields: 18834 description: A list of node selector 18835 requirements by node's fields. 18836 items: 18837 description: A node selector requirement 18838 is a selector that contains values, 18839 a key, and an operator that relates 18840 the key and values. 18841 properties: 18842 key: 18843 description: The label key that 18844 the selector applies to. 18845 type: string 18846 operator: 18847 description: Represents a key's 18848 relationship to a set of values. 18849 Valid operators are In, NotIn, 18850 Exists, DoesNotExist. Gt, 18851 and Lt. 18852 type: string 18853 values: 18854 description: An array of string 18855 values. If the operator is 18856 In or NotIn, the values array 18857 must be non-empty. If the 18858 operator is Exists or DoesNotExist, 18859 the values array must be empty. 18860 If the operator is Gt or Lt, 18861 the values array must have 18862 a single element, which will 18863 be interpreted as an integer. 18864 This array is replaced during 18865 a strategic merge patch. 18866 items: 18867 type: string 18868 type: array 18869 required: 18870 - key 18871 - operator 18872 type: object 18873 type: array 18874 type: object 18875 weight: 18876 description: Weight associated with matching 18877 the corresponding nodeSelectorTerm, 18878 in the range 1-100. 18879 format: int32 18880 type: integer 18881 required: 18882 - preference 18883 - weight 18884 type: object 18885 type: array 18886 requiredDuringSchedulingIgnoredDuringExecution: 18887 description: If the affinity requirements specified 18888 by this field are not met at scheduling time, 18889 the pod will not be scheduled onto the node. 18890 If the affinity requirements specified by 18891 this field cease to be met at some point during 18892 pod execution (e.g. due to an update), the 18893 system may or may not try to eventually evict 18894 the pod from its node. 18895 properties: 18896 nodeSelectorTerms: 18897 description: Required. A list of node selector 18898 terms. The terms are ORed. 18899 items: 18900 description: A null or empty node selector 18901 term matches no objects. The requirements 18902 of them are ANDed. The TopologySelectorTerm 18903 type implements a subset of the NodeSelectorTerm. 18904 properties: 18905 matchExpressions: 18906 description: A list of node selector 18907 requirements by node's labels. 18908 items: 18909 description: A node selector requirement 18910 is a selector that contains values, 18911 a key, and an operator that relates 18912 the key and values. 18913 properties: 18914 key: 18915 description: The label key that 18916 the selector applies to. 18917 type: string 18918 operator: 18919 description: Represents a key's 18920 relationship to a set of values. 18921 Valid operators are In, NotIn, 18922 Exists, DoesNotExist. Gt, 18923 and Lt. 18924 type: string 18925 values: 18926 description: An array of string 18927 values. If the operator is 18928 In or NotIn, the values array 18929 must be non-empty. If the 18930 operator is Exists or DoesNotExist, 18931 the values array must be empty. 18932 If the operator is Gt or Lt, 18933 the values array must have 18934 a single element, which will 18935 be interpreted as an integer. 18936 This array is replaced during 18937 a strategic merge patch. 18938 items: 18939 type: string 18940 type: array 18941 required: 18942 - key 18943 - operator 18944 type: object 18945 type: array 18946 matchFields: 18947 description: A list of node selector 18948 requirements by node's fields. 18949 items: 18950 description: A node selector requirement 18951 is a selector that contains values, 18952 a key, and an operator that relates 18953 the key and values. 18954 properties: 18955 key: 18956 description: The label key that 18957 the selector applies to. 18958 type: string 18959 operator: 18960 description: Represents a key's 18961 relationship to a set of values. 18962 Valid operators are In, NotIn, 18963 Exists, DoesNotExist. Gt, 18964 and Lt. 18965 type: string 18966 values: 18967 description: An array of string 18968 values. If the operator is 18969 In or NotIn, the values array 18970 must be non-empty. If the 18971 operator is Exists or DoesNotExist, 18972 the values array must be empty. 18973 If the operator is Gt or Lt, 18974 the values array must have 18975 a single element, which will 18976 be interpreted as an integer. 18977 This array is replaced during 18978 a strategic merge patch. 18979 items: 18980 type: string 18981 type: array 18982 required: 18983 - key 18984 - operator 18985 type: object 18986 type: array 18987 type: object 18988 type: array 18989 required: 18990 - nodeSelectorTerms 18991 type: object 18992 type: object 18993 podAffinity: 18994 description: Describes pod affinity scheduling rules 18995 (e.g. co-locate this pod in the same node, zone, 18996 etc. as some other pod(s)). 18997 properties: 18998 preferredDuringSchedulingIgnoredDuringExecution: 18999 description: The scheduler will prefer to schedule 19000 pods to nodes that satisfy the affinity expressions 19001 specified by this field, but it may choose 19002 a node that violates one or more of the expressions. 19003 The node that is most preferred is the one 19004 with the greatest sum of weights, i.e. for 19005 each node that meets all of the scheduling 19006 requirements (resource request, requiredDuringScheduling 19007 affinity expressions, etc.), compute a sum 19008 by iterating through the elements of this 19009 field and adding "weight" to the sum if the 19010 node has pods which matches the corresponding 19011 podAffinityTerm; the node(s) with the highest 19012 sum are the most preferred. 19013 items: 19014 description: The weights of all of the matched 19015 WeightedPodAffinityTerm fields are added 19016 per-node to find the most preferred node(s) 19017 properties: 19018 podAffinityTerm: 19019 description: Required. A pod affinity 19020 term, associated with the corresponding 19021 weight. 19022 properties: 19023 labelSelector: 19024 description: A label query over a 19025 set of resources, in this case pods. 19026 properties: 19027 matchExpressions: 19028 description: matchExpressions 19029 is a list of label selector 19030 requirements. The requirements 19031 are ANDed. 19032 items: 19033 description: A label selector 19034 requirement is a selector 19035 that contains values, a key, 19036 and an operator that relates 19037 the key and values. 19038 properties: 19039 key: 19040 description: key is the 19041 label key that the selector 19042 applies to. 19043 type: string 19044 operator: 19045 description: operator represents 19046 a key's relationship to 19047 a set of values. Valid 19048 operators are In, NotIn, 19049 Exists and DoesNotExist. 19050 type: string 19051 values: 19052 description: values is an 19053 array of string values. 19054 If the operator is In 19055 or NotIn, the values array 19056 must be non-empty. If 19057 the operator is Exists 19058 or DoesNotExist, the values 19059 array must be empty. This 19060 array is replaced during 19061 a strategic merge patch. 19062 items: 19063 type: string 19064 type: array 19065 required: 19066 - key 19067 - operator 19068 type: object 19069 type: array 19070 matchLabels: 19071 additionalProperties: 19072 type: string 19073 description: matchLabels is a 19074 map of {key,value} pairs. A 19075 single {key,value} in the matchLabels 19076 map is equivalent to an element 19077 of matchExpressions, whose key 19078 field is "key", the operator 19079 is "In", and the values array 19080 contains only "value". The requirements 19081 are ANDed. 19082 type: object 19083 type: object 19084 namespaceSelector: 19085 description: A label query over the 19086 set of namespaces that the term 19087 applies to. The term is applied 19088 to the union of the namespaces selected 19089 by this field and the ones listed 19090 in the namespaces field. null selector 19091 and null or empty namespaces list 19092 means "this pod's namespace". An 19093 empty selector ({}) matches all 19094 namespaces. 19095 properties: 19096 matchExpressions: 19097 description: matchExpressions 19098 is a list of label selector 19099 requirements. The requirements 19100 are ANDed. 19101 items: 19102 description: A label selector 19103 requirement is a selector 19104 that contains values, a key, 19105 and an operator that relates 19106 the key and values. 19107 properties: 19108 key: 19109 description: key is the 19110 label key that the selector 19111 applies to. 19112 type: string 19113 operator: 19114 description: operator represents 19115 a key's relationship to 19116 a set of values. Valid 19117 operators are In, NotIn, 19118 Exists and DoesNotExist. 19119 type: string 19120 values: 19121 description: values is an 19122 array of string values. 19123 If the operator is In 19124 or NotIn, the values array 19125 must be non-empty. If 19126 the operator is Exists 19127 or DoesNotExist, the values 19128 array must be empty. This 19129 array is replaced during 19130 a strategic merge patch. 19131 items: 19132 type: string 19133 type: array 19134 required: 19135 - key 19136 - operator 19137 type: object 19138 type: array 19139 matchLabels: 19140 additionalProperties: 19141 type: string 19142 description: matchLabels is a 19143 map of {key,value} pairs. A 19144 single {key,value} in the matchLabels 19145 map is equivalent to an element 19146 of matchExpressions, whose key 19147 field is "key", the operator 19148 is "In", and the values array 19149 contains only "value". The requirements 19150 are ANDed. 19151 type: object 19152 type: object 19153 namespaces: 19154 description: namespaces specifies 19155 a static list of namespace names 19156 that the term applies to. The term 19157 is applied to the union of the namespaces 19158 listed in this field and the ones 19159 selected by namespaceSelector. null 19160 or empty namespaces list and null 19161 namespaceSelector means "this pod's 19162 namespace". 19163 items: 19164 type: string 19165 type: array 19166 topologyKey: 19167 description: This pod should be co-located 19168 (affinity) or not co-located (anti-affinity) 19169 with the pods matching the labelSelector 19170 in the specified namespaces, where 19171 co-located is defined as running 19172 on a node whose value of the label 19173 with key topologyKey matches that 19174 of any node on which any of the 19175 selected pods is running. Empty 19176 topologyKey is not allowed. 19177 type: string 19178 required: 19179 - topologyKey 19180 type: object 19181 weight: 19182 description: weight associated with matching 19183 the corresponding podAffinityTerm, in 19184 the range 1-100. 19185 format: int32 19186 type: integer 19187 required: 19188 - podAffinityTerm 19189 - weight 19190 type: object 19191 type: array 19192 requiredDuringSchedulingIgnoredDuringExecution: 19193 description: If the affinity requirements specified 19194 by this field are not met at scheduling time, 19195 the pod will not be scheduled onto the node. 19196 If the affinity requirements specified by 19197 this field cease to be met at some point during 19198 pod execution (e.g. due to a pod label update), 19199 the system may or may not try to eventually 19200 evict the pod from its node. When there are 19201 multiple elements, the lists of nodes corresponding 19202 to each podAffinityTerm are intersected, i.e. 19203 all terms must be satisfied. 19204 items: 19205 description: Defines a set of pods (namely 19206 those matching the labelSelector relative 19207 to the given namespace(s)) that this pod 19208 should be co-located (affinity) or not co-located 19209 (anti-affinity) with, where co-located is 19210 defined as running on a node whose value 19211 of the label with key <topologyKey> matches 19212 that of any node on which a pod of the set 19213 of pods is running 19214 properties: 19215 labelSelector: 19216 description: A label query over a set 19217 of resources, in this case pods. 19218 properties: 19219 matchExpressions: 19220 description: matchExpressions is a 19221 list of label selector requirements. 19222 The requirements are ANDed. 19223 items: 19224 description: A label selector requirement 19225 is a selector that contains values, 19226 a key, and an operator that relates 19227 the key and values. 19228 properties: 19229 key: 19230 description: key is the label 19231 key that the selector applies 19232 to. 19233 type: string 19234 operator: 19235 description: operator represents 19236 a key's relationship to a 19237 set of values. Valid operators 19238 are In, NotIn, Exists and 19239 DoesNotExist. 19240 type: string 19241 values: 19242 description: values is an array 19243 of string values. If the operator 19244 is In or NotIn, the values 19245 array must be non-empty. If 19246 the operator is Exists or 19247 DoesNotExist, the values array 19248 must be empty. This array 19249 is replaced during a strategic 19250 merge patch. 19251 items: 19252 type: string 19253 type: array 19254 required: 19255 - key 19256 - operator 19257 type: object 19258 type: array 19259 matchLabels: 19260 additionalProperties: 19261 type: string 19262 description: matchLabels is a map 19263 of {key,value} pairs. A single {key,value} 19264 in the matchLabels map is equivalent 19265 to an element of matchExpressions, 19266 whose key field is "key", the operator 19267 is "In", and the values array contains 19268 only "value". The requirements are 19269 ANDed. 19270 type: object 19271 type: object 19272 namespaceSelector: 19273 description: A label query over the set 19274 of namespaces that the term applies 19275 to. The term is applied to the union 19276 of the namespaces selected by this field 19277 and the ones listed in the namespaces 19278 field. null selector and null or empty 19279 namespaces list means "this pod's namespace". 19280 An empty selector ({}) matches all namespaces. 19281 properties: 19282 matchExpressions: 19283 description: matchExpressions is a 19284 list of label selector requirements. 19285 The requirements are ANDed. 19286 items: 19287 description: A label selector requirement 19288 is a selector that contains values, 19289 a key, and an operator that relates 19290 the key and values. 19291 properties: 19292 key: 19293 description: key is the label 19294 key that the selector applies 19295 to. 19296 type: string 19297 operator: 19298 description: operator represents 19299 a key's relationship to a 19300 set of values. Valid operators 19301 are In, NotIn, Exists and 19302 DoesNotExist. 19303 type: string 19304 values: 19305 description: values is an array 19306 of string values. If the operator 19307 is In or NotIn, the values 19308 array must be non-empty. If 19309 the operator is Exists or 19310 DoesNotExist, the values array 19311 must be empty. This array 19312 is replaced during a strategic 19313 merge patch. 19314 items: 19315 type: string 19316 type: array 19317 required: 19318 - key 19319 - operator 19320 type: object 19321 type: array 19322 matchLabels: 19323 additionalProperties: 19324 type: string 19325 description: matchLabels is a map 19326 of {key,value} pairs. A single {key,value} 19327 in the matchLabels map is equivalent 19328 to an element of matchExpressions, 19329 whose key field is "key", the operator 19330 is "In", and the values array contains 19331 only "value". The requirements are 19332 ANDed. 19333 type: object 19334 type: object 19335 namespaces: 19336 description: namespaces specifies a static 19337 list of namespace names that the term 19338 applies to. The term is applied to the 19339 union of the namespaces listed in this 19340 field and the ones selected by namespaceSelector. 19341 null or empty namespaces list and null 19342 namespaceSelector means "this pod's 19343 namespace". 19344 items: 19345 type: string 19346 type: array 19347 topologyKey: 19348 description: This pod should be co-located 19349 (affinity) or not co-located (anti-affinity) 19350 with the pods matching the labelSelector 19351 in the specified namespaces, where co-located 19352 is defined as running on a node whose 19353 value of the label with key topologyKey 19354 matches that of any node on which any 19355 of the selected pods is running. Empty 19356 topologyKey is not allowed. 19357 type: string 19358 required: 19359 - topologyKey 19360 type: object 19361 type: array 19362 type: object 19363 podAntiAffinity: 19364 description: Describes pod anti-affinity scheduling 19365 rules (e.g. avoid putting this pod in the same 19366 node, zone, etc. as some other pod(s)). 19367 properties: 19368 preferredDuringSchedulingIgnoredDuringExecution: 19369 description: The scheduler will prefer to schedule 19370 pods to nodes that satisfy the anti-affinity 19371 expressions specified by this field, but it 19372 may choose a node that violates one or more 19373 of the expressions. The node that is most 19374 preferred is the one with the greatest sum 19375 of weights, i.e. for each node that meets 19376 all of the scheduling requirements (resource 19377 request, requiredDuringScheduling anti-affinity 19378 expressions, etc.), compute a sum by iterating 19379 through the elements of this field and adding 19380 "weight" to the sum if the node has pods which 19381 matches the corresponding podAffinityTerm; 19382 the node(s) with the highest sum are the most 19383 preferred. 19384 items: 19385 description: The weights of all of the matched 19386 WeightedPodAffinityTerm fields are added 19387 per-node to find the most preferred node(s) 19388 properties: 19389 podAffinityTerm: 19390 description: Required. A pod affinity 19391 term, associated with the corresponding 19392 weight. 19393 properties: 19394 labelSelector: 19395 description: A label query over a 19396 set of resources, in this case pods. 19397 properties: 19398 matchExpressions: 19399 description: matchExpressions 19400 is a list of label selector 19401 requirements. The requirements 19402 are ANDed. 19403 items: 19404 description: A label selector 19405 requirement is a selector 19406 that contains values, a key, 19407 and an operator that relates 19408 the key and values. 19409 properties: 19410 key: 19411 description: key is the 19412 label key that the selector 19413 applies to. 19414 type: string 19415 operator: 19416 description: operator represents 19417 a key's relationship to 19418 a set of values. Valid 19419 operators are In, NotIn, 19420 Exists and DoesNotExist. 19421 type: string 19422 values: 19423 description: values is an 19424 array of string values. 19425 If the operator is In 19426 or NotIn, the values array 19427 must be non-empty. If 19428 the operator is Exists 19429 or DoesNotExist, the values 19430 array must be empty. This 19431 array is replaced during 19432 a strategic merge patch. 19433 items: 19434 type: string 19435 type: array 19436 required: 19437 - key 19438 - operator 19439 type: object 19440 type: array 19441 matchLabels: 19442 additionalProperties: 19443 type: string 19444 description: matchLabels is a 19445 map of {key,value} pairs. A 19446 single {key,value} in the matchLabels 19447 map is equivalent to an element 19448 of matchExpressions, whose key 19449 field is "key", the operator 19450 is "In", and the values array 19451 contains only "value". The requirements 19452 are ANDed. 19453 type: object 19454 type: object 19455 namespaceSelector: 19456 description: A label query over the 19457 set of namespaces that the term 19458 applies to. The term is applied 19459 to the union of the namespaces selected 19460 by this field and the ones listed 19461 in the namespaces field. null selector 19462 and null or empty namespaces list 19463 means "this pod's namespace". An 19464 empty selector ({}) matches all 19465 namespaces. 19466 properties: 19467 matchExpressions: 19468 description: matchExpressions 19469 is a list of label selector 19470 requirements. The requirements 19471 are ANDed. 19472 items: 19473 description: A label selector 19474 requirement is a selector 19475 that contains values, a key, 19476 and an operator that relates 19477 the key and values. 19478 properties: 19479 key: 19480 description: key is the 19481 label key that the selector 19482 applies to. 19483 type: string 19484 operator: 19485 description: operator represents 19486 a key's relationship to 19487 a set of values. Valid 19488 operators are In, NotIn, 19489 Exists and DoesNotExist. 19490 type: string 19491 values: 19492 description: values is an 19493 array of string values. 19494 If the operator is In 19495 or NotIn, the values array 19496 must be non-empty. If 19497 the operator is Exists 19498 or DoesNotExist, the values 19499 array must be empty. This 19500 array is replaced during 19501 a strategic merge patch. 19502 items: 19503 type: string 19504 type: array 19505 required: 19506 - key 19507 - operator 19508 type: object 19509 type: array 19510 matchLabels: 19511 additionalProperties: 19512 type: string 19513 description: matchLabels is a 19514 map of {key,value} pairs. A 19515 single {key,value} in the matchLabels 19516 map is equivalent to an element 19517 of matchExpressions, whose key 19518 field is "key", the operator 19519 is "In", and the values array 19520 contains only "value". The requirements 19521 are ANDed. 19522 type: object 19523 type: object 19524 namespaces: 19525 description: namespaces specifies 19526 a static list of namespace names 19527 that the term applies to. The term 19528 is applied to the union of the namespaces 19529 listed in this field and the ones 19530 selected by namespaceSelector. null 19531 or empty namespaces list and null 19532 namespaceSelector means "this pod's 19533 namespace". 19534 items: 19535 type: string 19536 type: array 19537 topologyKey: 19538 description: This pod should be co-located 19539 (affinity) or not co-located (anti-affinity) 19540 with the pods matching the labelSelector 19541 in the specified namespaces, where 19542 co-located is defined as running 19543 on a node whose value of the label 19544 with key topologyKey matches that 19545 of any node on which any of the 19546 selected pods is running. Empty 19547 topologyKey is not allowed. 19548 type: string 19549 required: 19550 - topologyKey 19551 type: object 19552 weight: 19553 description: weight associated with matching 19554 the corresponding podAffinityTerm, in 19555 the range 1-100. 19556 format: int32 19557 type: integer 19558 required: 19559 - podAffinityTerm 19560 - weight 19561 type: object 19562 type: array 19563 requiredDuringSchedulingIgnoredDuringExecution: 19564 description: If the anti-affinity requirements 19565 specified by this field are not met at scheduling 19566 time, the pod will not be scheduled onto the 19567 node. If the anti-affinity requirements specified 19568 by this field cease to be met at some point 19569 during pod execution (e.g. due to a pod label 19570 update), the system may or may not try to 19571 eventually evict the pod from its node. When 19572 there are multiple elements, the lists of 19573 nodes corresponding to each podAffinityTerm 19574 are intersected, i.e. all terms must be satisfied. 19575 items: 19576 description: Defines a set of pods (namely 19577 those matching the labelSelector relative 19578 to the given namespace(s)) that this pod 19579 should be co-located (affinity) or not co-located 19580 (anti-affinity) with, where co-located is 19581 defined as running on a node whose value 19582 of the label with key <topologyKey> matches 19583 that of any node on which a pod of the set 19584 of pods is running 19585 properties: 19586 labelSelector: 19587 description: A label query over a set 19588 of resources, in this case pods. 19589 properties: 19590 matchExpressions: 19591 description: matchExpressions is a 19592 list of label selector requirements. 19593 The requirements are ANDed. 19594 items: 19595 description: A label selector requirement 19596 is a selector that contains values, 19597 a key, and an operator that relates 19598 the key and values. 19599 properties: 19600 key: 19601 description: key is the label 19602 key that the selector applies 19603 to. 19604 type: string 19605 operator: 19606 description: operator represents 19607 a key's relationship to a 19608 set of values. Valid operators 19609 are In, NotIn, Exists and 19610 DoesNotExist. 19611 type: string 19612 values: 19613 description: values is an array 19614 of string values. If the operator 19615 is In or NotIn, the values 19616 array must be non-empty. If 19617 the operator is Exists or 19618 DoesNotExist, the values array 19619 must be empty. This array 19620 is replaced during a strategic 19621 merge patch. 19622 items: 19623 type: string 19624 type: array 19625 required: 19626 - key 19627 - operator 19628 type: object 19629 type: array 19630 matchLabels: 19631 additionalProperties: 19632 type: string 19633 description: matchLabels is a map 19634 of {key,value} pairs. A single {key,value} 19635 in the matchLabels map is equivalent 19636 to an element of matchExpressions, 19637 whose key field is "key", the operator 19638 is "In", and the values array contains 19639 only "value". The requirements are 19640 ANDed. 19641 type: object 19642 type: object 19643 namespaceSelector: 19644 description: A label query over the set 19645 of namespaces that the term applies 19646 to. The term is applied to the union 19647 of the namespaces selected by this field 19648 and the ones listed in the namespaces 19649 field. null selector and null or empty 19650 namespaces list means "this pod's namespace". 19651 An empty selector ({}) matches all namespaces. 19652 properties: 19653 matchExpressions: 19654 description: matchExpressions is a 19655 list of label selector requirements. 19656 The requirements are ANDed. 19657 items: 19658 description: A label selector requirement 19659 is a selector that contains values, 19660 a key, and an operator that relates 19661 the key and values. 19662 properties: 19663 key: 19664 description: key is the label 19665 key that the selector applies 19666 to. 19667 type: string 19668 operator: 19669 description: operator represents 19670 a key's relationship to a 19671 set of values. Valid operators 19672 are In, NotIn, Exists and 19673 DoesNotExist. 19674 type: string 19675 values: 19676 description: values is an array 19677 of string values. If the operator 19678 is In or NotIn, the values 19679 array must be non-empty. If 19680 the operator is Exists or 19681 DoesNotExist, the values array 19682 must be empty. This array 19683 is replaced during a strategic 19684 merge patch. 19685 items: 19686 type: string 19687 type: array 19688 required: 19689 - key 19690 - operator 19691 type: object 19692 type: array 19693 matchLabels: 19694 additionalProperties: 19695 type: string 19696 description: matchLabels is a map 19697 of {key,value} pairs. A single {key,value} 19698 in the matchLabels map is equivalent 19699 to an element of matchExpressions, 19700 whose key field is "key", the operator 19701 is "In", and the values array contains 19702 only "value". The requirements are 19703 ANDed. 19704 type: object 19705 type: object 19706 namespaces: 19707 description: namespaces specifies a static 19708 list of namespace names that the term 19709 applies to. The term is applied to the 19710 union of the namespaces listed in this 19711 field and the ones selected by namespaceSelector. 19712 null or empty namespaces list and null 19713 namespaceSelector means "this pod's 19714 namespace". 19715 items: 19716 type: string 19717 type: array 19718 topologyKey: 19719 description: This pod should be co-located 19720 (affinity) or not co-located (anti-affinity) 19721 with the pods matching the labelSelector 19722 in the specified namespaces, where co-located 19723 is defined as running on a node whose 19724 value of the label with key topologyKey 19725 matches that of any node on which any 19726 of the selected pods is running. Empty 19727 topologyKey is not allowed. 19728 type: string 19729 required: 19730 - topologyKey 19731 type: object 19732 type: array 19733 type: object 19734 type: object 19735 automountServiceAccountToken: 19736 description: AutomountServiceAccountToken indicates 19737 whether pods running as this service account should 19738 have an API token automatically mounted. 19739 type: boolean 19740 dnsConfig: 19741 description: Specifies the DNS parameters of a pod. 19742 Parameters specified here will be merged to the generated 19743 DNS configuration based on DNSPolicy. 19744 properties: 19745 nameservers: 19746 description: A list of DNS name server IP addresses. 19747 This will be appended to the base nameservers 19748 generated from DNSPolicy. Duplicated nameservers 19749 will be removed. 19750 items: 19751 type: string 19752 type: array 19753 options: 19754 description: A list of DNS resolver options. This 19755 will be merged with the base options generated 19756 from DNSPolicy. Duplicated entries will be removed. 19757 Resolution options given in Options will override 19758 those that appear in the base DNSPolicy. 19759 items: 19760 description: PodDNSConfigOption defines DNS resolver 19761 options of a pod. 19762 properties: 19763 name: 19764 description: Required. 19765 type: string 19766 value: 19767 type: string 19768 type: object 19769 type: array 19770 searches: 19771 description: A list of DNS search domains for host-name 19772 lookup. This will be appended to the base search 19773 paths generated from DNSPolicy. Duplicated search 19774 paths will be removed. 19775 items: 19776 type: string 19777 type: array 19778 type: object 19779 dnsPolicy: 19780 description: Set DNS policy for the pod. Defaults to 19781 "ClusterFirst". Valid values are 'ClusterFirst', 'Default' 19782 or 'None'. DNS parameters given in DNSConfig will 19783 be merged with the policy selected with DNSPolicy. 19784 type: string 19785 enableServiceLinks: 19786 description: 'EnableServiceLinks indicates whether information 19787 about services should be injected into pod''s environment 19788 variables, matching the syntax of Docker links. Optional: 19789 Defaults to true.' 19790 type: boolean 19791 env: 19792 description: List of environment variables that can 19793 be provided to the containers belonging to the pod. 19794 items: 19795 description: EnvVar represents an environment variable 19796 present in a Container. 19797 properties: 19798 name: 19799 description: Name of the environment variable. 19800 Must be a C_IDENTIFIER. 19801 type: string 19802 value: 19803 description: 'Variable references $(VAR_NAME) 19804 are expanded using the previously defined environment 19805 variables in the container and any service environment 19806 variables. If a variable cannot be resolved, 19807 the reference in the input string will be unchanged. 19808 Double $$ are reduced to a single $, which allows 19809 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 19810 will produce the string literal "$(VAR_NAME)". 19811 Escaped references will never be expanded, regardless 19812 of whether the variable exists or not. Defaults 19813 to "".' 19814 type: string 19815 valueFrom: 19816 description: Source for the environment variable's 19817 value. Cannot be used if value is not empty. 19818 properties: 19819 configMapKeyRef: 19820 description: Selects a key of a ConfigMap. 19821 properties: 19822 key: 19823 description: The key to select. 19824 type: string 19825 name: 19826 description: 'Name of the referent. More 19827 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 19828 TODO: Add other useful fields. apiVersion, 19829 kind, uid?' 19830 type: string 19831 optional: 19832 description: Specify whether the ConfigMap 19833 or its key must be defined 19834 type: boolean 19835 required: 19836 - key 19837 type: object 19838 fieldRef: 19839 description: 'Selects a field of the pod: 19840 supports metadata.name, metadata.namespace, 19841 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 19842 spec.nodeName, spec.serviceAccountName, 19843 status.hostIP, status.podIP, status.podIPs.' 19844 properties: 19845 apiVersion: 19846 description: Version of the schema the 19847 FieldPath is written in terms of, defaults 19848 to "v1". 19849 type: string 19850 fieldPath: 19851 description: Path of the field to select 19852 in the specified API version. 19853 type: string 19854 required: 19855 - fieldPath 19856 type: object 19857 resourceFieldRef: 19858 description: 'Selects a resource of the container: 19859 only resources limits and requests (limits.cpu, 19860 limits.memory, limits.ephemeral-storage, 19861 requests.cpu, requests.memory and requests.ephemeral-storage) 19862 are currently supported.' 19863 properties: 19864 containerName: 19865 description: 'Container name: required 19866 for volumes, optional for env vars' 19867 type: string 19868 divisor: 19869 anyOf: 19870 - type: integer 19871 - type: string 19872 description: Specifies the output format 19873 of the exposed resources, defaults to 19874 "1" 19875 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 19876 x-kubernetes-int-or-string: true 19877 resource: 19878 description: 'Required: resource to select' 19879 type: string 19880 required: 19881 - resource 19882 type: object 19883 secretKeyRef: 19884 description: Selects a key of a secret in 19885 the pod's namespace 19886 properties: 19887 key: 19888 description: The key of the secret to 19889 select from. Must be a valid secret 19890 key. 19891 type: string 19892 name: 19893 description: 'Name of the referent. More 19894 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 19895 TODO: Add other useful fields. apiVersion, 19896 kind, uid?' 19897 type: string 19898 optional: 19899 description: Specify whether the Secret 19900 or its key must be defined 19901 type: boolean 19902 required: 19903 - key 19904 type: object 19905 type: object 19906 required: 19907 - name 19908 type: object 19909 type: array 19910 x-kubernetes-list-type: atomic 19911 hostAliases: 19912 description: HostAliases is an optional list of hosts 19913 and IPs that will be injected into the pod's hosts 19914 file if specified. This is only valid for non-hostNetwork 19915 pods. 19916 items: 19917 description: HostAlias holds the mapping between IP 19918 and hostnames that will be injected as an entry 19919 in the pod's hosts file. 19920 properties: 19921 hostnames: 19922 description: Hostnames for the above IP address. 19923 items: 19924 type: string 19925 type: array 19926 ip: 19927 description: IP address of the host file entry. 19928 type: string 19929 type: object 19930 type: array 19931 x-kubernetes-list-type: atomic 19932 hostNetwork: 19933 description: HostNetwork specifies whether the pod may 19934 use the node network namespace 19935 type: boolean 19936 imagePullSecrets: 19937 description: ImagePullSecrets gives the name of the 19938 secret used by the pod to pull the image if specified 19939 items: 19940 description: LocalObjectReference contains enough 19941 information to let you locate the referenced object 19942 inside the same namespace. 19943 properties: 19944 name: 19945 description: 'Name of the referent. More info: 19946 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 19947 TODO: Add other useful fields. apiVersion, kind, 19948 uid?' 19949 type: string 19950 type: object 19951 type: array 19952 x-kubernetes-list-type: atomic 19953 nodeSelector: 19954 additionalProperties: 19955 type: string 19956 description: 'NodeSelector is a selector which must 19957 be true for the pod to fit on a node. Selector which 19958 must match a node''s labels for the pod to be scheduled 19959 on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 19960 type: object 19961 priorityClassName: 19962 description: If specified, indicates the pod's priority. 19963 "system-node-critical" and "system-cluster-critical" 19964 are two special keywords which indicate the highest 19965 priorities with the former being the highest priority. 19966 Any other name must be defined by creating a PriorityClass 19967 object with that name. If not specified, the pod priority 19968 will be default or zero if there is no default. 19969 type: string 19970 runtimeClassName: 19971 description: 'RuntimeClassName refers to a RuntimeClass 19972 object in the node.k8s.io group, which should be used 19973 to run this pod. If no RuntimeClass resource matches 19974 the named class, the pod will not be run. If unset 19975 or empty, the "legacy" RuntimeClass will be used, 19976 which is an implicit class with an empty definition 19977 that uses the default runtime handler. More info: 19978 https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 19979 This is a beta feature as of Kubernetes v1.14.' 19980 type: string 19981 schedulerName: 19982 description: SchedulerName specifies the scheduler to 19983 be used to dispatch the Pod 19984 type: string 19985 securityContext: 19986 description: 'SecurityContext holds pod-level security 19987 attributes and common container settings. Optional: 19988 Defaults to empty. See type description for default 19989 values of each field.' 19990 properties: 19991 fsGroup: 19992 description: "A special supplemental group that 19993 applies to all containers in a pod. Some volume 19994 types allow the Kubelet to change the ownership 19995 of that volume to be owned by the pod: \n 1. The 19996 owning GID will be the FSGroup 2. The setgid bit 19997 is set (new files created in the volume will be 19998 owned by FSGroup) 3. The permission bits are OR'd 19999 with rw-rw---- \n If unset, the Kubelet will not 20000 modify the ownership and permissions of any volume. 20001 Note that this field cannot be set when spec.os.name 20002 is windows." 20003 format: int64 20004 type: integer 20005 fsGroupChangePolicy: 20006 description: 'fsGroupChangePolicy defines behavior 20007 of changing ownership and permission of the volume 20008 before being exposed inside Pod. This field will 20009 only apply to volume types which support fsGroup 20010 based ownership(and permissions). It will have 20011 no effect on ephemeral volume types such as: secret, 20012 configmaps and emptydir. Valid values are "OnRootMismatch" 20013 and "Always". If not specified, "Always" is used. 20014 Note that this field cannot be set when spec.os.name 20015 is windows.' 20016 type: string 20017 runAsGroup: 20018 description: The GID to run the entrypoint of the 20019 container process. Uses runtime default if unset. 20020 May also be set in SecurityContext. If set in 20021 both SecurityContext and PodSecurityContext, the 20022 value specified in SecurityContext takes precedence 20023 for that container. Note that this field cannot 20024 be set when spec.os.name is windows. 20025 format: int64 20026 type: integer 20027 runAsNonRoot: 20028 description: Indicates that the container must run 20029 as a non-root user. If true, the Kubelet will 20030 validate the image at runtime to ensure that it 20031 does not run as UID 0 (root) and fail to start 20032 the container if it does. If unset or false, no 20033 such validation will be performed. May also be 20034 set in SecurityContext. If set in both SecurityContext 20035 and PodSecurityContext, the value specified in 20036 SecurityContext takes precedence. 20037 type: boolean 20038 runAsUser: 20039 description: The UID to run the entrypoint of the 20040 container process. Defaults to user specified 20041 in image metadata if unspecified. May also be 20042 set in SecurityContext. If set in both SecurityContext 20043 and PodSecurityContext, the value specified in 20044 SecurityContext takes precedence for that container. 20045 Note that this field cannot be set when spec.os.name 20046 is windows. 20047 format: int64 20048 type: integer 20049 seLinuxOptions: 20050 description: The SELinux context to be applied to 20051 all containers. If unspecified, the container 20052 runtime will allocate a random SELinux context 20053 for each container. May also be set in SecurityContext. If 20054 set in both SecurityContext and PodSecurityContext, 20055 the value specified in SecurityContext takes precedence 20056 for that container. Note that this field cannot 20057 be set when spec.os.name is windows. 20058 properties: 20059 level: 20060 description: Level is SELinux level label that 20061 applies to the container. 20062 type: string 20063 role: 20064 description: Role is a SELinux role label that 20065 applies to the container. 20066 type: string 20067 type: 20068 description: Type is a SELinux type label that 20069 applies to the container. 20070 type: string 20071 user: 20072 description: User is a SELinux user label that 20073 applies to the container. 20074 type: string 20075 type: object 20076 seccompProfile: 20077 description: The seccomp options to use by the containers 20078 in this pod. Note that this field cannot be set 20079 when spec.os.name is windows. 20080 properties: 20081 localhostProfile: 20082 description: localhostProfile indicates a profile 20083 defined in a file on the node should be used. 20084 The profile must be preconfigured on the node 20085 to work. Must be a descending path, relative 20086 to the kubelet's configured seccomp profile 20087 location. Must be set if type is "Localhost". 20088 Must NOT be set for any other type. 20089 type: string 20090 type: 20091 description: "type indicates which kind of seccomp 20092 profile will be applied. Valid options are: 20093 \n Localhost - a profile defined in a file 20094 on the node should be used. RuntimeDefault 20095 - the container runtime default profile should 20096 be used. Unconfined - no profile should be 20097 applied." 20098 type: string 20099 required: 20100 - type 20101 type: object 20102 supplementalGroups: 20103 description: A list of groups applied to the first 20104 process run in each container, in addition to 20105 the container's primary GID, the fsGroup (if specified), 20106 and group memberships defined in the container 20107 image for the uid of the container process. If 20108 unspecified, no additional groups are added to 20109 any container. Note that group memberships defined 20110 in the container image for the uid of the container 20111 process are still effective, even if they are 20112 not included in this list. Note that this field 20113 cannot be set when spec.os.name is windows. 20114 items: 20115 format: int64 20116 type: integer 20117 type: array 20118 sysctls: 20119 description: Sysctls hold a list of namespaced sysctls 20120 used for the pod. Pods with unsupported sysctls 20121 (by the container runtime) might fail to launch. 20122 Note that this field cannot be set when spec.os.name 20123 is windows. 20124 items: 20125 description: Sysctl defines a kernel parameter 20126 to be set 20127 properties: 20128 name: 20129 description: Name of a property to set 20130 type: string 20131 value: 20132 description: Value of a property to set 20133 type: string 20134 required: 20135 - name 20136 - value 20137 type: object 20138 type: array 20139 windowsOptions: 20140 description: The Windows specific settings applied 20141 to all containers. If unspecified, the options 20142 within a container's SecurityContext will be used. 20143 If set in both SecurityContext and PodSecurityContext, 20144 the value specified in SecurityContext takes precedence. 20145 Note that this field cannot be set when spec.os.name 20146 is linux. 20147 properties: 20148 gmsaCredentialSpec: 20149 description: GMSACredentialSpec is where the 20150 GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 20151 inlines the contents of the GMSA credential 20152 spec named by the GMSACredentialSpecName field. 20153 type: string 20154 gmsaCredentialSpecName: 20155 description: GMSACredentialSpecName is the name 20156 of the GMSA credential spec to use. 20157 type: string 20158 hostProcess: 20159 description: HostProcess determines if a container 20160 should be run as a 'Host Process' container. 20161 All of a Pod's containers must have the same 20162 effective HostProcess value (it is not allowed 20163 to have a mix of HostProcess containers and 20164 non-HostProcess containers). In addition, 20165 if HostProcess is true then HostNetwork must 20166 also be set to true. 20167 type: boolean 20168 runAsUserName: 20169 description: The UserName in Windows to run 20170 the entrypoint of the container process. Defaults 20171 to the user specified in image metadata if 20172 unspecified. May also be set in PodSecurityContext. 20173 If set in both SecurityContext and PodSecurityContext, 20174 the value specified in SecurityContext takes 20175 precedence. 20176 type: string 20177 type: object 20178 type: object 20179 tolerations: 20180 description: If specified, the pod's tolerations. 20181 items: 20182 description: The pod this Toleration is attached to 20183 tolerates any taint that matches the triple <key,value,effect> 20184 using the matching operator <operator>. 20185 properties: 20186 effect: 20187 description: Effect indicates the taint effect 20188 to match. Empty means match all taint effects. 20189 When specified, allowed values are NoSchedule, 20190 PreferNoSchedule and NoExecute. 20191 type: string 20192 key: 20193 description: Key is the taint key that the toleration 20194 applies to. Empty means match all taint keys. 20195 If the key is empty, operator must be Exists; 20196 this combination means to match all values and 20197 all keys. 20198 type: string 20199 operator: 20200 description: Operator represents a key's relationship 20201 to the value. Valid operators are Exists and 20202 Equal. Defaults to Equal. Exists is equivalent 20203 to wildcard for value, so that a pod can tolerate 20204 all taints of a particular category. 20205 type: string 20206 tolerationSeconds: 20207 description: TolerationSeconds represents the 20208 period of time the toleration (which must be 20209 of effect NoExecute, otherwise this field is 20210 ignored) tolerates the taint. By default, it 20211 is not set, which means tolerate the taint forever 20212 (do not evict). Zero and negative values will 20213 be treated as 0 (evict immediately) by the system. 20214 format: int64 20215 type: integer 20216 value: 20217 description: Value is the taint value the toleration 20218 matches to. If the operator is Exists, the value 20219 should be empty, otherwise just a regular string. 20220 type: string 20221 type: object 20222 type: array 20223 x-kubernetes-list-type: atomic 20224 topologySpreadConstraints: 20225 description: TopologySpreadConstraints controls how 20226 Pods are spread across your cluster among failure-domains 20227 such as regions, zones, nodes, and other user-defined 20228 topology domains. 20229 items: 20230 description: TopologySpreadConstraint specifies how 20231 to spread matching pods among the given topology. 20232 properties: 20233 labelSelector: 20234 description: LabelSelector is used to find matching 20235 pods. Pods that match this label selector are 20236 counted to determine the number of pods in their 20237 corresponding topology domain. 20238 properties: 20239 matchExpressions: 20240 description: matchExpressions is a list of 20241 label selector requirements. The requirements 20242 are ANDed. 20243 items: 20244 description: A label selector requirement 20245 is a selector that contains values, a 20246 key, and an operator that relates the 20247 key and values. 20248 properties: 20249 key: 20250 description: key is the label key that 20251 the selector applies to. 20252 type: string 20253 operator: 20254 description: operator represents a key's 20255 relationship to a set of values. Valid 20256 operators are In, NotIn, Exists and 20257 DoesNotExist. 20258 type: string 20259 values: 20260 description: values is an array of string 20261 values. If the operator is In or NotIn, 20262 the values array must be non-empty. 20263 If the operator is Exists or DoesNotExist, 20264 the values array must be empty. This 20265 array is replaced during a strategic 20266 merge patch. 20267 items: 20268 type: string 20269 type: array 20270 required: 20271 - key 20272 - operator 20273 type: object 20274 type: array 20275 matchLabels: 20276 additionalProperties: 20277 type: string 20278 description: matchLabels is a map of {key,value} 20279 pairs. A single {key,value} in the matchLabels 20280 map is equivalent to an element of matchExpressions, 20281 whose key field is "key", the operator is 20282 "In", and the values array contains only 20283 "value". The requirements are ANDed. 20284 type: object 20285 type: object 20286 matchLabelKeys: 20287 description: "MatchLabelKeys is a set of pod label 20288 keys to select the pods over which spreading 20289 will be calculated. The keys are used to lookup 20290 values from the incoming pod labels, those key-value 20291 labels are ANDed with labelSelector to select 20292 the group of existing pods over which spreading 20293 will be calculated for the incoming pod. The 20294 same key is forbidden to exist in both MatchLabelKeys 20295 and LabelSelector. MatchLabelKeys cannot be 20296 set when LabelSelector isn't set. Keys that 20297 don't exist in the incoming pod labels will 20298 be ignored. A null or empty list means only 20299 match against labelSelector. \n This is a beta 20300 field and requires the MatchLabelKeysInPodTopologySpread 20301 feature gate to be enabled (enabled by default)." 20302 items: 20303 type: string 20304 type: array 20305 x-kubernetes-list-type: atomic 20306 maxSkew: 20307 description: 'MaxSkew describes the degree to 20308 which pods may be unevenly distributed. When 20309 `whenUnsatisfiable=DoNotSchedule`, it is the 20310 maximum permitted difference between the number 20311 of matching pods in the target topology and 20312 the global minimum. The global minimum is the 20313 minimum number of matching pods in an eligible 20314 domain or zero if the number of eligible domains 20315 is less than MinDomains. For example, in a 3-zone 20316 cluster, MaxSkew is set to 1, and pods with 20317 the same labelSelector spread as 2/2/1: In this 20318 case, the global minimum is 1. | zone1 | zone2 20319 | zone3 | | P P | P P | P | - if MaxSkew 20320 is 1, incoming pod can only be scheduled to 20321 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 20322 would make the ActualSkew(3-1) on zone1(zone2) 20323 violate MaxSkew(1). - if MaxSkew is 2, incoming 20324 pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 20325 it is used to give higher precedence to topologies 20326 that satisfy it. It''s a required field. Default 20327 value is 1 and 0 is not allowed.' 20328 format: int32 20329 type: integer 20330 minDomains: 20331 description: "MinDomains indicates a minimum number 20332 of eligible domains. When the number of eligible 20333 domains with matching topology keys is less 20334 than minDomains, Pod Topology Spread treats 20335 \"global minimum\" as 0, and then the calculation 20336 of Skew is performed. And when the number of 20337 eligible domains with matching topology keys 20338 equals or greater than minDomains, this value 20339 has no effect on scheduling. As a result, when 20340 the number of eligible domains is less than 20341 minDomains, scheduler won't schedule more than 20342 maxSkew Pods to those domains. If value is nil, 20343 the constraint behaves as if MinDomains is equal 20344 to 1. Valid values are integers greater than 20345 0. When value is not nil, WhenUnsatisfiable 20346 must be DoNotSchedule. \n For example, in a 20347 3-zone cluster, MaxSkew is set to 2, MinDomains 20348 is set to 5 and pods with the same labelSelector 20349 spread as 2/2/2: | zone1 | zone2 | zone3 | | 20350 \ P P | P P | P P | The number of domains 20351 is less than 5(MinDomains), so \"global minimum\" 20352 is treated as 0. In this situation, new pod 20353 with the same labelSelector cannot be scheduled, 20354 because computed skew will be 3(3 - 0) if new 20355 Pod is scheduled to any of the three zones, 20356 it will violate MaxSkew. \n This is a beta field 20357 and requires the MinDomainsInPodTopologySpread 20358 feature gate to be enabled (enabled by default)." 20359 format: int32 20360 type: integer 20361 nodeAffinityPolicy: 20362 description: "NodeAffinityPolicy indicates how 20363 we will treat Pod's nodeAffinity/nodeSelector 20364 when calculating pod topology spread skew. Options 20365 are: - Honor: only nodes matching nodeAffinity/nodeSelector 20366 are included in the calculations. - Ignore: 20367 nodeAffinity/nodeSelector are ignored. All nodes 20368 are included in the calculations. \n If this 20369 value is nil, the behavior is equivalent to 20370 the Honor policy. This is a beta-level feature 20371 default enabled by the NodeInclusionPolicyInPodTopologySpread 20372 feature flag." 20373 type: string 20374 nodeTaintsPolicy: 20375 description: "NodeTaintsPolicy indicates how we 20376 will treat node taints when calculating pod 20377 topology spread skew. Options are: - Honor: 20378 nodes without taints, along with tainted nodes 20379 for which the incoming pod has a toleration, 20380 are included. - Ignore: node taints are ignored. 20381 All nodes are included. \n If this value is 20382 nil, the behavior is equivalent to the Ignore 20383 policy. This is a beta-level feature default 20384 enabled by the NodeInclusionPolicyInPodTopologySpread 20385 feature flag." 20386 type: string 20387 topologyKey: 20388 description: TopologyKey is the key of node labels. 20389 Nodes that have a label with this key and identical 20390 values are considered to be in the same topology. 20391 We consider each <key, value> as a "bucket", 20392 and try to put balanced number of pods into 20393 each bucket. We define a domain as a particular 20394 instance of a topology. Also, we define an eligible 20395 domain as a domain whose nodes meet the requirements 20396 of nodeAffinityPolicy and nodeTaintsPolicy. 20397 e.g. If TopologyKey is "kubernetes.io/hostname", 20398 each Node is a domain of that topology. And, 20399 if TopologyKey is "topology.kubernetes.io/zone", 20400 each zone is a domain of that topology. It's 20401 a required field. 20402 type: string 20403 whenUnsatisfiable: 20404 description: 'WhenUnsatisfiable indicates how 20405 to deal with a pod if it doesn''t satisfy the 20406 spread constraint. - DoNotSchedule (default) 20407 tells the scheduler not to schedule it. - ScheduleAnyway 20408 tells the scheduler to schedule the pod in any 20409 location, but giving higher precedence to 20410 topologies that would help reduce the skew. 20411 A constraint is considered "Unsatisfiable" for 20412 an incoming pod if and only if every possible 20413 node assignment for that pod would violate "MaxSkew" 20414 on some topology. For example, in a 3-zone cluster, 20415 MaxSkew is set to 1, and pods with the same 20416 labelSelector spread as 3/1/1: | zone1 | zone2 20417 | zone3 | | P P P | P | P | If WhenUnsatisfiable 20418 is set to DoNotSchedule, incoming pod can only 20419 be scheduled to zone2(zone3) to become 3/2/1(3/1/2) 20420 as ActualSkew(2-1) on zone2(zone3) satisfies 20421 MaxSkew(1). In other words, the cluster can 20422 still be imbalanced, but scheduler won''t make 20423 it *more* imbalanced. It''s a required field.' 20424 type: string 20425 required: 20426 - maxSkew 20427 - topologyKey 20428 - whenUnsatisfiable 20429 type: object 20430 type: array 20431 x-kubernetes-list-type: atomic 20432 volumes: 20433 description: 'List of volumes that can be mounted by 20434 containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 20435 items: 20436 description: Volume represents a named volume in a 20437 pod that may be accessed by any container in the 20438 pod. 20439 properties: 20440 awsElasticBlockStore: 20441 description: 'awsElasticBlockStore represents 20442 an AWS Disk resource that is attached to a kubelet''s 20443 host machine and then exposed to the pod. More 20444 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 20445 properties: 20446 fsType: 20447 description: 'fsType is the filesystem type 20448 of the volume that you want to mount. Tip: 20449 Ensure that the filesystem type is supported 20450 by the host operating system. Examples: 20451 "ext4", "xfs", "ntfs". Implicitly inferred 20452 to be "ext4" if unspecified. More info: 20453 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 20454 TODO: how do we prevent errors in the filesystem 20455 from compromising the machine' 20456 type: string 20457 partition: 20458 description: 'partition is the partition in 20459 the volume that you want to mount. If omitted, 20460 the default is to mount by volume name. 20461 Examples: For volume /dev/sda1, you specify 20462 the partition as "1". Similarly, the volume 20463 partition for /dev/sda is "0" (or you can 20464 leave the property empty).' 20465 format: int32 20466 type: integer 20467 readOnly: 20468 description: 'readOnly value true will force 20469 the readOnly setting in VolumeMounts. More 20470 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 20471 type: boolean 20472 volumeID: 20473 description: 'volumeID is unique ID of the 20474 persistent disk resource in AWS (Amazon 20475 EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 20476 type: string 20477 required: 20478 - volumeID 20479 type: object 20480 azureDisk: 20481 description: azureDisk represents an Azure Data 20482 Disk mount on the host and bind mount to the 20483 pod. 20484 properties: 20485 cachingMode: 20486 description: 'cachingMode is the Host Caching 20487 mode: None, Read Only, Read Write.' 20488 type: string 20489 diskName: 20490 description: diskName is the Name of the data 20491 disk in the blob storage 20492 type: string 20493 diskURI: 20494 description: diskURI is the URI of data disk 20495 in the blob storage 20496 type: string 20497 fsType: 20498 description: fsType is Filesystem type to 20499 mount. Must be a filesystem type supported 20500 by the host operating system. Ex. "ext4", 20501 "xfs", "ntfs". Implicitly inferred to be 20502 "ext4" if unspecified. 20503 type: string 20504 kind: 20505 description: 'kind expected values are Shared: 20506 multiple blob disks per storage account Dedicated: 20507 single blob disk per storage account Managed: 20508 azure managed data disk (only in managed 20509 availability set). defaults to shared' 20510 type: string 20511 readOnly: 20512 description: readOnly Defaults to false (read/write). 20513 ReadOnly here will force the ReadOnly setting 20514 in VolumeMounts. 20515 type: boolean 20516 required: 20517 - diskName 20518 - diskURI 20519 type: object 20520 azureFile: 20521 description: azureFile represents an Azure File 20522 Service mount on the host and bind mount to 20523 the pod. 20524 properties: 20525 readOnly: 20526 description: readOnly defaults to false (read/write). 20527 ReadOnly here will force the ReadOnly setting 20528 in VolumeMounts. 20529 type: boolean 20530 secretName: 20531 description: secretName is the name of secret 20532 that contains Azure Storage Account Name 20533 and Key 20534 type: string 20535 shareName: 20536 description: shareName is the azure share 20537 Name 20538 type: string 20539 required: 20540 - secretName 20541 - shareName 20542 type: object 20543 cephfs: 20544 description: cephFS represents a Ceph FS mount 20545 on the host that shares a pod's lifetime 20546 properties: 20547 monitors: 20548 description: 'monitors is Required: Monitors 20549 is a collection of Ceph monitors More info: 20550 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 20551 items: 20552 type: string 20553 type: array 20554 path: 20555 description: 'path is Optional: Used as the 20556 mounted root, rather than the full Ceph 20557 tree, default is /' 20558 type: string 20559 readOnly: 20560 description: 'readOnly is Optional: Defaults 20561 to false (read/write). ReadOnly here will 20562 force the ReadOnly setting in VolumeMounts. 20563 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 20564 type: boolean 20565 secretFile: 20566 description: 'secretFile is Optional: SecretFile 20567 is the path to key ring for User, default 20568 is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 20569 type: string 20570 secretRef: 20571 description: 'secretRef is Optional: SecretRef 20572 is reference to the authentication secret 20573 for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 20574 properties: 20575 name: 20576 description: 'Name of the referent. More 20577 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 20578 TODO: Add other useful fields. apiVersion, 20579 kind, uid?' 20580 type: string 20581 type: object 20582 user: 20583 description: 'user is optional: User is the 20584 rados user name, default is admin More info: 20585 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 20586 type: string 20587 required: 20588 - monitors 20589 type: object 20590 cinder: 20591 description: 'cinder represents a cinder volume 20592 attached and mounted on kubelets host machine. 20593 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 20594 properties: 20595 fsType: 20596 description: 'fsType is the filesystem type 20597 to mount. Must be a filesystem type supported 20598 by the host operating system. Examples: 20599 "ext4", "xfs", "ntfs". Implicitly inferred 20600 to be "ext4" if unspecified. More info: 20601 https://examples.k8s.io/mysql-cinder-pd/README.md' 20602 type: string 20603 readOnly: 20604 description: 'readOnly defaults to false (read/write). 20605 ReadOnly here will force the ReadOnly setting 20606 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 20607 type: boolean 20608 secretRef: 20609 description: 'secretRef is optional: points 20610 to a secret object containing parameters 20611 used to connect to OpenStack.' 20612 properties: 20613 name: 20614 description: 'Name of the referent. More 20615 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 20616 TODO: Add other useful fields. apiVersion, 20617 kind, uid?' 20618 type: string 20619 type: object 20620 volumeID: 20621 description: 'volumeID used to identify the 20622 volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 20623 type: string 20624 required: 20625 - volumeID 20626 type: object 20627 configMap: 20628 description: configMap represents a configMap 20629 that should populate this volume 20630 properties: 20631 defaultMode: 20632 description: 'defaultMode is optional: mode 20633 bits used to set permissions on created 20634 files by default. Must be an octal value 20635 between 0000 and 0777 or a decimal value 20636 between 0 and 511. YAML accepts both octal 20637 and decimal values, JSON requires decimal 20638 values for mode bits. Defaults to 0644. 20639 Directories within the path are not affected 20640 by this setting. This might be in conflict 20641 with other options that affect the file 20642 mode, like fsGroup, and the result can be 20643 other mode bits set.' 20644 format: int32 20645 type: integer 20646 items: 20647 description: items if unspecified, each key-value 20648 pair in the Data field of the referenced 20649 ConfigMap will be projected into the volume 20650 as a file whose name is the key and content 20651 is the value. If specified, the listed keys 20652 will be projected into the specified paths, 20653 and unlisted keys will not be present. If 20654 a key is specified which is not present 20655 in the ConfigMap, the volume setup will 20656 error unless it is marked optional. Paths 20657 must be relative and may not contain the 20658 '..' path or start with '..'. 20659 items: 20660 description: Maps a string key to a path 20661 within a volume. 20662 properties: 20663 key: 20664 description: key is the key to project. 20665 type: string 20666 mode: 20667 description: 'mode is Optional: mode 20668 bits used to set permissions on this 20669 file. Must be an octal value between 20670 0000 and 0777 or a decimal value between 20671 0 and 511. YAML accepts both octal 20672 and decimal values, JSON requires 20673 decimal values for mode bits. If not 20674 specified, the volume defaultMode 20675 will be used. This might be in conflict 20676 with other options that affect the 20677 file mode, like fsGroup, and the result 20678 can be other mode bits set.' 20679 format: int32 20680 type: integer 20681 path: 20682 description: path is the relative path 20683 of the file to map the key to. May 20684 not be an absolute path. May not contain 20685 the path element '..'. May not start 20686 with the string '..'. 20687 type: string 20688 required: 20689 - key 20690 - path 20691 type: object 20692 type: array 20693 name: 20694 description: 'Name of the referent. More info: 20695 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 20696 TODO: Add other useful fields. apiVersion, 20697 kind, uid?' 20698 type: string 20699 optional: 20700 description: optional specify whether the 20701 ConfigMap or its keys must be defined 20702 type: boolean 20703 type: object 20704 csi: 20705 description: csi (Container Storage Interface) 20706 represents ephemeral storage that is handled 20707 by certain external CSI drivers (Beta feature). 20708 properties: 20709 driver: 20710 description: driver is the name of the CSI 20711 driver that handles this volume. Consult 20712 with your admin for the correct name as 20713 registered in the cluster. 20714 type: string 20715 fsType: 20716 description: fsType to mount. Ex. "ext4", 20717 "xfs", "ntfs". If not provided, the empty 20718 value is passed to the associated CSI driver 20719 which will determine the default filesystem 20720 to apply. 20721 type: string 20722 nodePublishSecretRef: 20723 description: nodePublishSecretRef is a reference 20724 to the secret object containing sensitive 20725 information to pass to the CSI driver to 20726 complete the CSI NodePublishVolume and NodeUnpublishVolume 20727 calls. This field is optional, and may 20728 be empty if no secret is required. If the 20729 secret object contains more than one secret, 20730 all secret references are passed. 20731 properties: 20732 name: 20733 description: 'Name of the referent. More 20734 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 20735 TODO: Add other useful fields. apiVersion, 20736 kind, uid?' 20737 type: string 20738 type: object 20739 readOnly: 20740 description: readOnly specifies a read-only 20741 configuration for the volume. Defaults to 20742 false (read/write). 20743 type: boolean 20744 volumeAttributes: 20745 additionalProperties: 20746 type: string 20747 description: volumeAttributes stores driver-specific 20748 properties that are passed to the CSI driver. 20749 Consult your driver's documentation for 20750 supported values. 20751 type: object 20752 required: 20753 - driver 20754 type: object 20755 downwardAPI: 20756 description: downwardAPI represents downward API 20757 about the pod that should populate this volume 20758 properties: 20759 defaultMode: 20760 description: 'Optional: mode bits to use on 20761 created files by default. Must be a Optional: 20762 mode bits used to set permissions on created 20763 files by default. Must be an octal value 20764 between 0000 and 0777 or a decimal value 20765 between 0 and 511. YAML accepts both octal 20766 and decimal values, JSON requires decimal 20767 values for mode bits. Defaults to 0644. 20768 Directories within the path are not affected 20769 by this setting. This might be in conflict 20770 with other options that affect the file 20771 mode, like fsGroup, and the result can be 20772 other mode bits set.' 20773 format: int32 20774 type: integer 20775 items: 20776 description: Items is a list of downward API 20777 volume file 20778 items: 20779 description: DownwardAPIVolumeFile represents 20780 information to create the file containing 20781 the pod field 20782 properties: 20783 fieldRef: 20784 description: 'Required: Selects a field 20785 of the pod: only annotations, labels, 20786 name and namespace are supported.' 20787 properties: 20788 apiVersion: 20789 description: Version of the schema 20790 the FieldPath is written in terms 20791 of, defaults to "v1". 20792 type: string 20793 fieldPath: 20794 description: Path of the field to 20795 select in the specified API version. 20796 type: string 20797 required: 20798 - fieldPath 20799 type: object 20800 mode: 20801 description: 'Optional: mode bits used 20802 to set permissions on this file, must 20803 be an octal value between 0000 and 20804 0777 or a decimal value between 0 20805 and 511. YAML accepts both octal and 20806 decimal values, JSON requires decimal 20807 values for mode bits. If not specified, 20808 the volume defaultMode will be used. 20809 This might be in conflict with other 20810 options that affect the file mode, 20811 like fsGroup, and the result can be 20812 other mode bits set.' 20813 format: int32 20814 type: integer 20815 path: 20816 description: 'Required: Path is the 20817 relative path name of the file to 20818 be created. Must not be absolute or 20819 contain the ''..'' path. Must be utf-8 20820 encoded. The first item of the relative 20821 path must not start with ''..''' 20822 type: string 20823 resourceFieldRef: 20824 description: 'Selects a resource of 20825 the container: only resources limits 20826 and requests (limits.cpu, limits.memory, 20827 requests.cpu and requests.memory) 20828 are currently supported.' 20829 properties: 20830 containerName: 20831 description: 'Container name: required 20832 for volumes, optional for env 20833 vars' 20834 type: string 20835 divisor: 20836 anyOf: 20837 - type: integer 20838 - type: string 20839 description: Specifies the output 20840 format of the exposed resources, 20841 defaults to "1" 20842 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 20843 x-kubernetes-int-or-string: true 20844 resource: 20845 description: 'Required: resource 20846 to select' 20847 type: string 20848 required: 20849 - resource 20850 type: object 20851 required: 20852 - path 20853 type: object 20854 type: array 20855 type: object 20856 emptyDir: 20857 description: 'emptyDir represents a temporary 20858 directory that shares a pod''s lifetime. More 20859 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 20860 properties: 20861 medium: 20862 description: 'medium represents what type 20863 of storage medium should back this directory. 20864 The default is "" which means to use the 20865 node''s default medium. Must be an empty 20866 string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 20867 type: string 20868 sizeLimit: 20869 anyOf: 20870 - type: integer 20871 - type: string 20872 description: 'sizeLimit is the total amount 20873 of local storage required for this EmptyDir 20874 volume. The size limit is also applicable 20875 for memory medium. The maximum usage on 20876 memory medium EmptyDir would be the minimum 20877 value between the SizeLimit specified here 20878 and the sum of memory limits of all containers 20879 in a pod. The default is nil which means 20880 that the limit is undefined. More info: 20881 https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 20882 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 20883 x-kubernetes-int-or-string: true 20884 type: object 20885 ephemeral: 20886 description: "ephemeral represents a volume that 20887 is handled by a cluster storage driver. The 20888 volume's lifecycle is tied to the pod that defines 20889 it - it will be created before the pod starts, 20890 and deleted when the pod is removed. \n Use 20891 this if: a) the volume is only needed while 20892 the pod runs, b) features of normal volumes 20893 like restoring from snapshot or capacity tracking 20894 are needed, c) the storage driver is specified 20895 through a storage class, and d) the storage 20896 driver supports dynamic volume provisioning 20897 through a PersistentVolumeClaim (see EphemeralVolumeSource 20898 for more information on the connection between 20899 this volume type and PersistentVolumeClaim). 20900 \n Use PersistentVolumeClaim or one of the vendor-specific 20901 APIs for volumes that persist for longer than 20902 the lifecycle of an individual pod. \n Use CSI 20903 for light-weight local ephemeral volumes if 20904 the CSI driver is meant to be used that way 20905 - see the documentation of the driver for more 20906 information. \n A pod can use both types of 20907 ephemeral volumes and persistent volumes at 20908 the same time." 20909 properties: 20910 volumeClaimTemplate: 20911 description: "Will be used to create a stand-alone 20912 PVC to provision the volume. The pod in 20913 which this EphemeralVolumeSource is embedded 20914 will be the owner of the PVC, i.e. the PVC 20915 will be deleted together with the pod. The 20916 name of the PVC will be `<pod name>-<volume 20917 name>` where `<volume name>` is the name 20918 from the `PodSpec.Volumes` array entry. 20919 Pod validation will reject the pod if the 20920 concatenated name is not valid for a PVC 20921 (for example, too long). \n An existing 20922 PVC with that name that is not owned by 20923 the pod will *not* be used for the pod to 20924 avoid using an unrelated volume by mistake. 20925 Starting the pod is then blocked until the 20926 unrelated PVC is removed. If such a pre-created 20927 PVC is meant to be used by the pod, the 20928 PVC has to updated with an owner reference 20929 to the pod once the pod exists. Normally 20930 this should not be necessary, but it may 20931 be useful when manually reconstructing a 20932 broken cluster. \n This field is read-only 20933 and no changes will be made by Kubernetes 20934 to the PVC after it has been created. \n 20935 Required, must not be nil." 20936 properties: 20937 metadata: 20938 description: May contain labels and annotations 20939 that will be copied into the PVC when 20940 creating it. No other fields are allowed 20941 and will be rejected during validation. 20942 type: object 20943 spec: 20944 description: The specification for the 20945 PersistentVolumeClaim. The entire content 20946 is copied unchanged into the PVC that 20947 gets created from this template. The 20948 same fields as in a PersistentVolumeClaim 20949 are also valid here. 20950 properties: 20951 accessModes: 20952 description: 'accessModes contains 20953 the desired access modes the volume 20954 should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 20955 items: 20956 type: string 20957 type: array 20958 dataSource: 20959 description: 'dataSource field can 20960 be used to specify either: * An 20961 existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 20962 * An existing PVC (PersistentVolumeClaim) 20963 If the provisioner or an external 20964 controller can support the specified 20965 data source, it will create a new 20966 volume based on the contents of 20967 the specified data source. When 20968 the AnyVolumeDataSource feature 20969 gate is enabled, dataSource contents 20970 will be copied to dataSourceRef, 20971 and dataSourceRef contents will 20972 be copied to dataSource when dataSourceRef.namespace 20973 is not specified. If the namespace 20974 is specified, then dataSourceRef 20975 will not be copied to dataSource.' 20976 properties: 20977 apiGroup: 20978 description: APIGroup is the group 20979 for the resource being referenced. 20980 If APIGroup is not specified, 20981 the specified Kind must be in 20982 the core API group. For any 20983 other third-party types, APIGroup 20984 is required. 20985 type: string 20986 kind: 20987 description: Kind is the type 20988 of resource being referenced 20989 type: string 20990 name: 20991 description: Name is the name 20992 of resource being referenced 20993 type: string 20994 required: 20995 - kind 20996 - name 20997 type: object 20998 dataSourceRef: 20999 description: 'dataSourceRef specifies 21000 the object from which to populate 21001 the volume with data, if a non-empty 21002 volume is desired. This may be any 21003 object from a non-empty API group 21004 (non core object) or a PersistentVolumeClaim 21005 object. When this field is specified, 21006 volume binding will only succeed 21007 if the type of the specified object 21008 matches some installed volume populator 21009 or dynamic provisioner. This field 21010 will replace the functionality of 21011 the dataSource field and as such 21012 if both fields are non-empty, they 21013 must have the same value. For backwards 21014 compatibility, when namespace isn''t 21015 specified in dataSourceRef, both 21016 fields (dataSource and dataSourceRef) 21017 will be set to the same value automatically 21018 if one of them is empty and the 21019 other is non-empty. When namespace 21020 is specified in dataSourceRef, dataSource 21021 isn''t set to the same value and 21022 must be empty. There are three important 21023 differences between dataSource and 21024 dataSourceRef: * While dataSource 21025 only allows two specific types of 21026 objects, dataSourceRef allows 21027 any non-core object, as well as 21028 PersistentVolumeClaim objects. * 21029 While dataSource ignores disallowed 21030 values (dropping them), dataSourceRef preserves 21031 all values, and generates an error 21032 if a disallowed value is specified. 21033 * While dataSource only allows local 21034 objects, dataSourceRef allows objects in 21035 any namespaces. (Beta) Using this 21036 field requires the AnyVolumeDataSource 21037 feature gate to be enabled. (Alpha) 21038 Using the namespace field of dataSourceRef 21039 requires the CrossNamespaceVolumeDataSource 21040 feature gate to be enabled.' 21041 properties: 21042 apiGroup: 21043 description: APIGroup is the group 21044 for the resource being referenced. 21045 If APIGroup is not specified, 21046 the specified Kind must be in 21047 the core API group. For any 21048 other third-party types, APIGroup 21049 is required. 21050 type: string 21051 kind: 21052 description: Kind is the type 21053 of resource being referenced 21054 type: string 21055 name: 21056 description: Name is the name 21057 of resource being referenced 21058 type: string 21059 namespace: 21060 description: Namespace is the 21061 namespace of resource being 21062 referenced Note that when a 21063 namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 21064 object is required in the referent 21065 namespace to allow that namespace's 21066 owner to accept the reference. 21067 See the ReferenceGrant documentation 21068 for details. (Alpha) This field 21069 requires the CrossNamespaceVolumeDataSource 21070 feature gate to be enabled. 21071 type: string 21072 required: 21073 - kind 21074 - name 21075 type: object 21076 resources: 21077 description: 'resources represents 21078 the minimum resources the volume 21079 should have. If RecoverVolumeExpansionFailure 21080 feature is enabled users are allowed 21081 to specify resource requirements 21082 that are lower than previous value 21083 but must still be higher than capacity 21084 recorded in the status field of 21085 the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 21086 properties: 21087 claims: 21088 description: "Claims lists the 21089 names of resources, defined 21090 in spec.resourceClaims, that 21091 are used by this container. 21092 \n This is an alpha field and 21093 requires enabling the DynamicResourceAllocation 21094 feature gate. \n This field 21095 is immutable. It can only be 21096 set for containers." 21097 items: 21098 description: ResourceClaim references 21099 one entry in PodSpec.ResourceClaims. 21100 properties: 21101 name: 21102 description: Name must match 21103 the name of one entry 21104 in pod.spec.resourceClaims 21105 of the Pod where this 21106 field is used. It makes 21107 that resource available 21108 inside a container. 21109 type: string 21110 required: 21111 - name 21112 type: object 21113 type: array 21114 x-kubernetes-list-map-keys: 21115 - name 21116 x-kubernetes-list-type: map 21117 limits: 21118 additionalProperties: 21119 anyOf: 21120 - type: integer 21121 - type: string 21122 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 21123 x-kubernetes-int-or-string: true 21124 description: 'Limits describes 21125 the maximum amount of compute 21126 resources allowed. More info: 21127 https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 21128 type: object 21129 requests: 21130 additionalProperties: 21131 anyOf: 21132 - type: integer 21133 - type: string 21134 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 21135 x-kubernetes-int-or-string: true 21136 description: 'Requests describes 21137 the minimum amount of compute 21138 resources required. If Requests 21139 is omitted for a container, 21140 it defaults to Limits if that 21141 is explicitly specified, otherwise 21142 to an implementation-defined 21143 value. Requests cannot exceed 21144 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 21145 type: object 21146 type: object 21147 selector: 21148 description: selector is a label query 21149 over volumes to consider for binding. 21150 properties: 21151 matchExpressions: 21152 description: matchExpressions 21153 is a list of label selector 21154 requirements. The requirements 21155 are ANDed. 21156 items: 21157 description: A label selector 21158 requirement is a selector 21159 that contains values, a key, 21160 and an operator that relates 21161 the key and values. 21162 properties: 21163 key: 21164 description: key is the 21165 label key that the selector 21166 applies to. 21167 type: string 21168 operator: 21169 description: operator represents 21170 a key's relationship to 21171 a set of values. Valid 21172 operators are In, NotIn, 21173 Exists and DoesNotExist. 21174 type: string 21175 values: 21176 description: values is an 21177 array of string values. 21178 If the operator is In 21179 or NotIn, the values array 21180 must be non-empty. If 21181 the operator is Exists 21182 or DoesNotExist, the values 21183 array must be empty. This 21184 array is replaced during 21185 a strategic merge patch. 21186 items: 21187 type: string 21188 type: array 21189 required: 21190 - key 21191 - operator 21192 type: object 21193 type: array 21194 matchLabels: 21195 additionalProperties: 21196 type: string 21197 description: matchLabels is a 21198 map of {key,value} pairs. A 21199 single {key,value} in the matchLabels 21200 map is equivalent to an element 21201 of matchExpressions, whose key 21202 field is "key", the operator 21203 is "In", and the values array 21204 contains only "value". The requirements 21205 are ANDed. 21206 type: object 21207 type: object 21208 storageClassName: 21209 description: 'storageClassName is 21210 the name of the StorageClass required 21211 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 21212 type: string 21213 volumeMode: 21214 description: volumeMode defines what 21215 type of volume is required by the 21216 claim. Value of Filesystem is implied 21217 when not included in claim spec. 21218 type: string 21219 volumeName: 21220 description: volumeName is the binding 21221 reference to the PersistentVolume 21222 backing this claim. 21223 type: string 21224 type: object 21225 required: 21226 - spec 21227 type: object 21228 type: object 21229 fc: 21230 description: fc represents a Fibre Channel resource 21231 that is attached to a kubelet's host machine 21232 and then exposed to the pod. 21233 properties: 21234 fsType: 21235 description: 'fsType is the filesystem type 21236 to mount. Must be a filesystem type supported 21237 by the host operating system. Ex. "ext4", 21238 "xfs", "ntfs". Implicitly inferred to be 21239 "ext4" if unspecified. TODO: how do we prevent 21240 errors in the filesystem from compromising 21241 the machine' 21242 type: string 21243 lun: 21244 description: 'lun is Optional: FC target lun 21245 number' 21246 format: int32 21247 type: integer 21248 readOnly: 21249 description: 'readOnly is Optional: Defaults 21250 to false (read/write). ReadOnly here will 21251 force the ReadOnly setting in VolumeMounts.' 21252 type: boolean 21253 targetWWNs: 21254 description: 'targetWWNs is Optional: FC target 21255 worldwide names (WWNs)' 21256 items: 21257 type: string 21258 type: array 21259 wwids: 21260 description: 'wwids Optional: FC volume world 21261 wide identifiers (wwids) Either wwids or 21262 combination of targetWWNs and lun must be 21263 set, but not both simultaneously.' 21264 items: 21265 type: string 21266 type: array 21267 type: object 21268 flexVolume: 21269 description: flexVolume represents a generic volume 21270 resource that is provisioned/attached using 21271 an exec based plugin. 21272 properties: 21273 driver: 21274 description: driver is the name of the driver 21275 to use for this volume. 21276 type: string 21277 fsType: 21278 description: fsType is the filesystem type 21279 to mount. Must be a filesystem type supported 21280 by the host operating system. Ex. "ext4", 21281 "xfs", "ntfs". The default filesystem depends 21282 on FlexVolume script. 21283 type: string 21284 options: 21285 additionalProperties: 21286 type: string 21287 description: 'options is Optional: this field 21288 holds extra command options if any.' 21289 type: object 21290 readOnly: 21291 description: 'readOnly is Optional: defaults 21292 to false (read/write). ReadOnly here will 21293 force the ReadOnly setting in VolumeMounts.' 21294 type: boolean 21295 secretRef: 21296 description: 'secretRef is Optional: secretRef 21297 is reference to the secret object containing 21298 sensitive information to pass to the plugin 21299 scripts. This may be empty if no secret 21300 object is specified. If the secret object 21301 contains more than one secret, all secrets 21302 are passed to the plugin scripts.' 21303 properties: 21304 name: 21305 description: 'Name of the referent. More 21306 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 21307 TODO: Add other useful fields. apiVersion, 21308 kind, uid?' 21309 type: string 21310 type: object 21311 required: 21312 - driver 21313 type: object 21314 flocker: 21315 description: flocker represents a Flocker volume 21316 attached to a kubelet's host machine. This depends 21317 on the Flocker control service being running 21318 properties: 21319 datasetName: 21320 description: datasetName is Name of the dataset 21321 stored as metadata -> name on the dataset 21322 for Flocker should be considered as deprecated 21323 type: string 21324 datasetUUID: 21325 description: datasetUUID is the UUID of the 21326 dataset. This is unique identifier of a 21327 Flocker dataset 21328 type: string 21329 type: object 21330 gcePersistentDisk: 21331 description: 'gcePersistentDisk represents a GCE 21332 Disk resource that is attached to a kubelet''s 21333 host machine and then exposed to the pod. More 21334 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 21335 properties: 21336 fsType: 21337 description: 'fsType is filesystem type of 21338 the volume that you want to mount. Tip: 21339 Ensure that the filesystem type is supported 21340 by the host operating system. Examples: 21341 "ext4", "xfs", "ntfs". Implicitly inferred 21342 to be "ext4" if unspecified. More info: 21343 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 21344 TODO: how do we prevent errors in the filesystem 21345 from compromising the machine' 21346 type: string 21347 partition: 21348 description: 'partition is the partition in 21349 the volume that you want to mount. If omitted, 21350 the default is to mount by volume name. 21351 Examples: For volume /dev/sda1, you specify 21352 the partition as "1". Similarly, the volume 21353 partition for /dev/sda is "0" (or you can 21354 leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 21355 format: int32 21356 type: integer 21357 pdName: 21358 description: 'pdName is unique name of the 21359 PD resource in GCE. Used to identify the 21360 disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 21361 type: string 21362 readOnly: 21363 description: 'readOnly here will force the 21364 ReadOnly setting in VolumeMounts. Defaults 21365 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 21366 type: boolean 21367 required: 21368 - pdName 21369 type: object 21370 gitRepo: 21371 description: 'gitRepo represents a git repository 21372 at a particular revision. DEPRECATED: GitRepo 21373 is deprecated. To provision a container with 21374 a git repo, mount an EmptyDir into an InitContainer 21375 that clones the repo using git, then mount the 21376 EmptyDir into the Pod''s container.' 21377 properties: 21378 directory: 21379 description: directory is the target directory 21380 name. Must not contain or start with '..'. If 21381 '.' is supplied, the volume directory will 21382 be the git repository. Otherwise, if specified, 21383 the volume will contain the git repository 21384 in the subdirectory with the given name. 21385 type: string 21386 repository: 21387 description: repository is the URL 21388 type: string 21389 revision: 21390 description: revision is the commit hash for 21391 the specified revision. 21392 type: string 21393 required: 21394 - repository 21395 type: object 21396 glusterfs: 21397 description: 'glusterfs represents a Glusterfs 21398 mount on the host that shares a pod''s lifetime. 21399 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 21400 properties: 21401 endpoints: 21402 description: 'endpoints is the endpoint name 21403 that details Glusterfs topology. More info: 21404 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 21405 type: string 21406 path: 21407 description: 'path is the Glusterfs volume 21408 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 21409 type: string 21410 readOnly: 21411 description: 'readOnly here will force the 21412 Glusterfs volume to be mounted with read-only 21413 permissions. Defaults to false. More info: 21414 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 21415 type: boolean 21416 required: 21417 - endpoints 21418 - path 21419 type: object 21420 hostPath: 21421 description: 'hostPath represents a pre-existing 21422 file or directory on the host machine that is 21423 directly exposed to the container. This is generally 21424 used for system agents or other privileged things 21425 that are allowed to see the host machine. Most 21426 containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 21427 --- TODO(jonesdl) We need to restrict who can 21428 use host directory mounts and who can/can not 21429 mount host directories as read/write.' 21430 properties: 21431 path: 21432 description: 'path of the directory on the 21433 host. If the path is a symlink, it will 21434 follow the link to the real path. More info: 21435 https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 21436 type: string 21437 type: 21438 description: 'type for HostPath Volume Defaults 21439 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 21440 type: string 21441 required: 21442 - path 21443 type: object 21444 iscsi: 21445 description: 'iscsi represents an ISCSI Disk resource 21446 that is attached to a kubelet''s host machine 21447 and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 21448 properties: 21449 chapAuthDiscovery: 21450 description: chapAuthDiscovery defines whether 21451 support iSCSI Discovery CHAP authentication 21452 type: boolean 21453 chapAuthSession: 21454 description: chapAuthSession defines whether 21455 support iSCSI Session CHAP authentication 21456 type: boolean 21457 fsType: 21458 description: 'fsType is the filesystem type 21459 of the volume that you want to mount. Tip: 21460 Ensure that the filesystem type is supported 21461 by the host operating system. Examples: 21462 "ext4", "xfs", "ntfs". Implicitly inferred 21463 to be "ext4" if unspecified. More info: 21464 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 21465 TODO: how do we prevent errors in the filesystem 21466 from compromising the machine' 21467 type: string 21468 initiatorName: 21469 description: initiatorName is the custom iSCSI 21470 Initiator Name. If initiatorName is specified 21471 with iscsiInterface simultaneously, new 21472 iSCSI interface <target portal>:<volume 21473 name> will be created for the connection. 21474 type: string 21475 iqn: 21476 description: iqn is the target iSCSI Qualified 21477 Name. 21478 type: string 21479 iscsiInterface: 21480 description: iscsiInterface is the interface 21481 Name that uses an iSCSI transport. Defaults 21482 to 'default' (tcp). 21483 type: string 21484 lun: 21485 description: lun represents iSCSI Target Lun 21486 number. 21487 format: int32 21488 type: integer 21489 portals: 21490 description: portals is the iSCSI Target Portal 21491 List. The portal is either an IP or ip_addr:port 21492 if the port is other than default (typically 21493 TCP ports 860 and 3260). 21494 items: 21495 type: string 21496 type: array 21497 readOnly: 21498 description: readOnly here will force the 21499 ReadOnly setting in VolumeMounts. Defaults 21500 to false. 21501 type: boolean 21502 secretRef: 21503 description: secretRef is the CHAP Secret 21504 for iSCSI target and initiator authentication 21505 properties: 21506 name: 21507 description: 'Name of the referent. More 21508 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 21509 TODO: Add other useful fields. apiVersion, 21510 kind, uid?' 21511 type: string 21512 type: object 21513 targetPortal: 21514 description: targetPortal is iSCSI Target 21515 Portal. The Portal is either an IP or ip_addr:port 21516 if the port is other than default (typically 21517 TCP ports 860 and 3260). 21518 type: string 21519 required: 21520 - iqn 21521 - lun 21522 - targetPortal 21523 type: object 21524 name: 21525 description: 'name of the volume. Must be a DNS_LABEL 21526 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 21527 type: string 21528 nfs: 21529 description: 'nfs represents an NFS mount on the 21530 host that shares a pod''s lifetime More info: 21531 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 21532 properties: 21533 path: 21534 description: 'path that is exported by the 21535 NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 21536 type: string 21537 readOnly: 21538 description: 'readOnly here will force the 21539 NFS export to be mounted with read-only 21540 permissions. Defaults to false. More info: 21541 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 21542 type: boolean 21543 server: 21544 description: 'server is the hostname or IP 21545 address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 21546 type: string 21547 required: 21548 - path 21549 - server 21550 type: object 21551 persistentVolumeClaim: 21552 description: 'persistentVolumeClaimVolumeSource 21553 represents a reference to a PersistentVolumeClaim 21554 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 21555 properties: 21556 claimName: 21557 description: 'claimName is the name of a PersistentVolumeClaim 21558 in the same namespace as the pod using this 21559 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 21560 type: string 21561 readOnly: 21562 description: readOnly Will force the ReadOnly 21563 setting in VolumeMounts. Default false. 21564 type: boolean 21565 required: 21566 - claimName 21567 type: object 21568 photonPersistentDisk: 21569 description: photonPersistentDisk represents a 21570 PhotonController persistent disk attached and 21571 mounted on kubelets host machine 21572 properties: 21573 fsType: 21574 description: fsType is the filesystem type 21575 to mount. Must be a filesystem type supported 21576 by the host operating system. Ex. "ext4", 21577 "xfs", "ntfs". Implicitly inferred to be 21578 "ext4" if unspecified. 21579 type: string 21580 pdID: 21581 description: pdID is the ID that identifies 21582 Photon Controller persistent disk 21583 type: string 21584 required: 21585 - pdID 21586 type: object 21587 portworxVolume: 21588 description: portworxVolume represents a portworx 21589 volume attached and mounted on kubelets host 21590 machine 21591 properties: 21592 fsType: 21593 description: fSType represents the filesystem 21594 type to mount Must be a filesystem type 21595 supported by the host operating system. 21596 Ex. "ext4", "xfs". Implicitly inferred to 21597 be "ext4" if unspecified. 21598 type: string 21599 readOnly: 21600 description: readOnly defaults to false (read/write). 21601 ReadOnly here will force the ReadOnly setting 21602 in VolumeMounts. 21603 type: boolean 21604 volumeID: 21605 description: volumeID uniquely identifies 21606 a Portworx volume 21607 type: string 21608 required: 21609 - volumeID 21610 type: object 21611 projected: 21612 description: projected items for all in one resources 21613 secrets, configmaps, and downward API 21614 properties: 21615 defaultMode: 21616 description: defaultMode are the mode bits 21617 used to set permissions on created files 21618 by default. Must be an octal value between 21619 0000 and 0777 or a decimal value between 21620 0 and 511. YAML accepts both octal and decimal 21621 values, JSON requires decimal values for 21622 mode bits. Directories within the path are 21623 not affected by this setting. This might 21624 be in conflict with other options that affect 21625 the file mode, like fsGroup, and the result 21626 can be other mode bits set. 21627 format: int32 21628 type: integer 21629 sources: 21630 description: sources is the list of volume 21631 projections 21632 items: 21633 description: Projection that may be projected 21634 along with other supported volume types 21635 properties: 21636 configMap: 21637 description: configMap information about 21638 the configMap data to project 21639 properties: 21640 items: 21641 description: items if unspecified, 21642 each key-value pair in the Data 21643 field of the referenced ConfigMap 21644 will be projected into the volume 21645 as a file whose name is the key 21646 and content is the value. If specified, 21647 the listed keys will be projected 21648 into the specified paths, and 21649 unlisted keys will not be present. 21650 If a key is specified which is 21651 not present in the ConfigMap, 21652 the volume setup will error unless 21653 it is marked optional. Paths must 21654 be relative and may not contain 21655 the '..' path or start with '..'. 21656 items: 21657 description: Maps a string key 21658 to a path within a volume. 21659 properties: 21660 key: 21661 description: key is the key 21662 to project. 21663 type: string 21664 mode: 21665 description: 'mode is Optional: 21666 mode bits used to set permissions 21667 on this file. Must be an 21668 octal value between 0000 21669 and 0777 or a decimal value 21670 between 0 and 511. YAML 21671 accepts both octal and decimal 21672 values, JSON requires decimal 21673 values for mode bits. If 21674 not specified, the volume 21675 defaultMode will be used. 21676 This might be in conflict 21677 with other options that 21678 affect the file mode, like 21679 fsGroup, and the result 21680 can be other mode bits set.' 21681 format: int32 21682 type: integer 21683 path: 21684 description: path is the relative 21685 path of the file to map 21686 the key to. May not be an 21687 absolute path. May not contain 21688 the path element '..'. May 21689 not start with the string 21690 '..'. 21691 type: string 21692 required: 21693 - key 21694 - path 21695 type: object 21696 type: array 21697 name: 21698 description: 'Name of the referent. 21699 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 21700 TODO: Add other useful fields. 21701 apiVersion, kind, uid?' 21702 type: string 21703 optional: 21704 description: optional specify whether 21705 the ConfigMap or its keys must 21706 be defined 21707 type: boolean 21708 type: object 21709 downwardAPI: 21710 description: downwardAPI information 21711 about the downwardAPI data to project 21712 properties: 21713 items: 21714 description: Items is a list of 21715 DownwardAPIVolume file 21716 items: 21717 description: DownwardAPIVolumeFile 21718 represents information to create 21719 the file containing the pod 21720 field 21721 properties: 21722 fieldRef: 21723 description: 'Required: Selects 21724 a field of the pod: only 21725 annotations, labels, name 21726 and namespace are supported.' 21727 properties: 21728 apiVersion: 21729 description: Version of 21730 the schema the FieldPath 21731 is written in terms 21732 of, defaults to "v1". 21733 type: string 21734 fieldPath: 21735 description: Path of the 21736 field to select in the 21737 specified API version. 21738 type: string 21739 required: 21740 - fieldPath 21741 type: object 21742 mode: 21743 description: 'Optional: mode 21744 bits used to set permissions 21745 on this file, must be an 21746 octal value between 0000 21747 and 0777 or a decimal value 21748 between 0 and 511. YAML 21749 accepts both octal and decimal 21750 values, JSON requires decimal 21751 values for mode bits. If 21752 not specified, the volume 21753 defaultMode will be used. 21754 This might be in conflict 21755 with other options that 21756 affect the file mode, like 21757 fsGroup, and the result 21758 can be other mode bits set.' 21759 format: int32 21760 type: integer 21761 path: 21762 description: 'Required: Path 21763 is the relative path name 21764 of the file to be created. 21765 Must not be absolute or 21766 contain the ''..'' path. 21767 Must be utf-8 encoded. The 21768 first item of the relative 21769 path must not start with 21770 ''..''' 21771 type: string 21772 resourceFieldRef: 21773 description: 'Selects a resource 21774 of the container: only resources 21775 limits and requests (limits.cpu, 21776 limits.memory, requests.cpu 21777 and requests.memory) are 21778 currently supported.' 21779 properties: 21780 containerName: 21781 description: 'Container 21782 name: required for volumes, 21783 optional for env vars' 21784 type: string 21785 divisor: 21786 anyOf: 21787 - type: integer 21788 - type: string 21789 description: Specifies 21790 the output format of 21791 the exposed resources, 21792 defaults to "1" 21793 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 21794 x-kubernetes-int-or-string: true 21795 resource: 21796 description: 'Required: 21797 resource to select' 21798 type: string 21799 required: 21800 - resource 21801 type: object 21802 required: 21803 - path 21804 type: object 21805 type: array 21806 type: object 21807 secret: 21808 description: secret information about 21809 the secret data to project 21810 properties: 21811 items: 21812 description: items if unspecified, 21813 each key-value pair in the Data 21814 field of the referenced Secret 21815 will be projected into the volume 21816 as a file whose name is the key 21817 and content is the value. If specified, 21818 the listed keys will be projected 21819 into the specified paths, and 21820 unlisted keys will not be present. 21821 If a key is specified which is 21822 not present in the Secret, the 21823 volume setup will error unless 21824 it is marked optional. Paths must 21825 be relative and may not contain 21826 the '..' path or start with '..'. 21827 items: 21828 description: Maps a string key 21829 to a path within a volume. 21830 properties: 21831 key: 21832 description: key is the key 21833 to project. 21834 type: string 21835 mode: 21836 description: 'mode is Optional: 21837 mode bits used to set permissions 21838 on this file. Must be an 21839 octal value between 0000 21840 and 0777 or a decimal value 21841 between 0 and 511. YAML 21842 accepts both octal and decimal 21843 values, JSON requires decimal 21844 values for mode bits. If 21845 not specified, the volume 21846 defaultMode will be used. 21847 This might be in conflict 21848 with other options that 21849 affect the file mode, like 21850 fsGroup, and the result 21851 can be other mode bits set.' 21852 format: int32 21853 type: integer 21854 path: 21855 description: path is the relative 21856 path of the file to map 21857 the key to. May not be an 21858 absolute path. May not contain 21859 the path element '..'. May 21860 not start with the string 21861 '..'. 21862 type: string 21863 required: 21864 - key 21865 - path 21866 type: object 21867 type: array 21868 name: 21869 description: 'Name of the referent. 21870 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 21871 TODO: Add other useful fields. 21872 apiVersion, kind, uid?' 21873 type: string 21874 optional: 21875 description: optional field specify 21876 whether the Secret or its key 21877 must be defined 21878 type: boolean 21879 type: object 21880 serviceAccountToken: 21881 description: serviceAccountToken is 21882 information about the serviceAccountToken 21883 data to project 21884 properties: 21885 audience: 21886 description: audience is the intended 21887 audience of the token. A recipient 21888 of a token must identify itself 21889 with an identifier specified in 21890 the audience of the token, and 21891 otherwise should reject the token. 21892 The audience defaults to the identifier 21893 of the apiserver. 21894 type: string 21895 expirationSeconds: 21896 description: expirationSeconds is 21897 the requested duration of validity 21898 of the service account token. 21899 As the token approaches expiration, 21900 the kubelet volume plugin will 21901 proactively rotate the service 21902 account token. The kubelet will 21903 start trying to rotate the token 21904 if the token is older than 80 21905 percent of its time to live or 21906 if the token is older than 24 21907 hours.Defaults to 1 hour and must 21908 be at least 10 minutes. 21909 format: int64 21910 type: integer 21911 path: 21912 description: path is the path relative 21913 to the mount point of the file 21914 to project the token into. 21915 type: string 21916 required: 21917 - path 21918 type: object 21919 type: object 21920 type: array 21921 type: object 21922 quobyte: 21923 description: quobyte represents a Quobyte mount 21924 on the host that shares a pod's lifetime 21925 properties: 21926 group: 21927 description: group to map volume access to 21928 Default is no group 21929 type: string 21930 readOnly: 21931 description: readOnly here will force the 21932 Quobyte volume to be mounted with read-only 21933 permissions. Defaults to false. 21934 type: boolean 21935 registry: 21936 description: registry represents a single 21937 or multiple Quobyte Registry services specified 21938 as a string as host:port pair (multiple 21939 entries are separated with commas) which 21940 acts as the central registry for volumes 21941 type: string 21942 tenant: 21943 description: tenant owning the given Quobyte 21944 volume in the Backend Used with dynamically 21945 provisioned Quobyte volumes, value is set 21946 by the plugin 21947 type: string 21948 user: 21949 description: user to map volume access to 21950 Defaults to serivceaccount user 21951 type: string 21952 volume: 21953 description: volume is a string that references 21954 an already created Quobyte volume by name. 21955 type: string 21956 required: 21957 - registry 21958 - volume 21959 type: object 21960 rbd: 21961 description: 'rbd represents a Rados Block Device 21962 mount on the host that shares a pod''s lifetime. 21963 More info: https://examples.k8s.io/volumes/rbd/README.md' 21964 properties: 21965 fsType: 21966 description: 'fsType is the filesystem type 21967 of the volume that you want to mount. Tip: 21968 Ensure that the filesystem type is supported 21969 by the host operating system. Examples: 21970 "ext4", "xfs", "ntfs". Implicitly inferred 21971 to be "ext4" if unspecified. More info: 21972 https://kubernetes.io/docs/concepts/storage/volumes#rbd 21973 TODO: how do we prevent errors in the filesystem 21974 from compromising the machine' 21975 type: string 21976 image: 21977 description: 'image is the rados image name. 21978 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 21979 type: string 21980 keyring: 21981 description: 'keyring is the path to key ring 21982 for RBDUser. Default is /etc/ceph/keyring. 21983 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 21984 type: string 21985 monitors: 21986 description: 'monitors is a collection of 21987 Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 21988 items: 21989 type: string 21990 type: array 21991 pool: 21992 description: 'pool is the rados pool name. 21993 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 21994 type: string 21995 readOnly: 21996 description: 'readOnly here will force the 21997 ReadOnly setting in VolumeMounts. Defaults 21998 to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 21999 type: boolean 22000 secretRef: 22001 description: 'secretRef is name of the authentication 22002 secret for RBDUser. If provided overrides 22003 keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 22004 properties: 22005 name: 22006 description: 'Name of the referent. More 22007 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22008 TODO: Add other useful fields. apiVersion, 22009 kind, uid?' 22010 type: string 22011 type: object 22012 user: 22013 description: 'user is the rados user name. 22014 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 22015 type: string 22016 required: 22017 - image 22018 - monitors 22019 type: object 22020 scaleIO: 22021 description: scaleIO represents a ScaleIO persistent 22022 volume attached and mounted on Kubernetes nodes. 22023 properties: 22024 fsType: 22025 description: fsType is the filesystem type 22026 to mount. Must be a filesystem type supported 22027 by the host operating system. Ex. "ext4", 22028 "xfs", "ntfs". Default is "xfs". 22029 type: string 22030 gateway: 22031 description: gateway is the host address of 22032 the ScaleIO API Gateway. 22033 type: string 22034 protectionDomain: 22035 description: protectionDomain is the name 22036 of the ScaleIO Protection Domain for the 22037 configured storage. 22038 type: string 22039 readOnly: 22040 description: readOnly Defaults to false (read/write). 22041 ReadOnly here will force the ReadOnly setting 22042 in VolumeMounts. 22043 type: boolean 22044 secretRef: 22045 description: secretRef references to the secret 22046 for ScaleIO user and other sensitive information. 22047 If this is not provided, Login operation 22048 will fail. 22049 properties: 22050 name: 22051 description: 'Name of the referent. More 22052 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22053 TODO: Add other useful fields. apiVersion, 22054 kind, uid?' 22055 type: string 22056 type: object 22057 sslEnabled: 22058 description: sslEnabled Flag enable/disable 22059 SSL communication with Gateway, default 22060 false 22061 type: boolean 22062 storageMode: 22063 description: storageMode indicates whether 22064 the storage for a volume should be ThickProvisioned 22065 or ThinProvisioned. Default is ThinProvisioned. 22066 type: string 22067 storagePool: 22068 description: storagePool is the ScaleIO Storage 22069 Pool associated with the protection domain. 22070 type: string 22071 system: 22072 description: system is the name of the storage 22073 system as configured in ScaleIO. 22074 type: string 22075 volumeName: 22076 description: volumeName is the name of a volume 22077 already created in the ScaleIO system that 22078 is associated with this volume source. 22079 type: string 22080 required: 22081 - gateway 22082 - secretRef 22083 - system 22084 type: object 22085 secret: 22086 description: 'secret represents a secret that 22087 should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 22088 properties: 22089 defaultMode: 22090 description: 'defaultMode is Optional: mode 22091 bits used to set permissions on created 22092 files by default. Must be an octal value 22093 between 0000 and 0777 or a decimal value 22094 between 0 and 511. YAML accepts both octal 22095 and decimal values, JSON requires decimal 22096 values for mode bits. Defaults to 0644. 22097 Directories within the path are not affected 22098 by this setting. This might be in conflict 22099 with other options that affect the file 22100 mode, like fsGroup, and the result can be 22101 other mode bits set.' 22102 format: int32 22103 type: integer 22104 items: 22105 description: items If unspecified, each key-value 22106 pair in the Data field of the referenced 22107 Secret will be projected into the volume 22108 as a file whose name is the key and content 22109 is the value. If specified, the listed keys 22110 will be projected into the specified paths, 22111 and unlisted keys will not be present. If 22112 a key is specified which is not present 22113 in the Secret, the volume setup will error 22114 unless it is marked optional. Paths must 22115 be relative and may not contain the '..' 22116 path or start with '..'. 22117 items: 22118 description: Maps a string key to a path 22119 within a volume. 22120 properties: 22121 key: 22122 description: key is the key to project. 22123 type: string 22124 mode: 22125 description: 'mode is Optional: mode 22126 bits used to set permissions on this 22127 file. Must be an octal value between 22128 0000 and 0777 or a decimal value between 22129 0 and 511. YAML accepts both octal 22130 and decimal values, JSON requires 22131 decimal values for mode bits. If not 22132 specified, the volume defaultMode 22133 will be used. This might be in conflict 22134 with other options that affect the 22135 file mode, like fsGroup, and the result 22136 can be other mode bits set.' 22137 format: int32 22138 type: integer 22139 path: 22140 description: path is the relative path 22141 of the file to map the key to. May 22142 not be an absolute path. May not contain 22143 the path element '..'. May not start 22144 with the string '..'. 22145 type: string 22146 required: 22147 - key 22148 - path 22149 type: object 22150 type: array 22151 optional: 22152 description: optional field specify whether 22153 the Secret or its keys must be defined 22154 type: boolean 22155 secretName: 22156 description: 'secretName is the name of the 22157 secret in the pod''s namespace to use. More 22158 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 22159 type: string 22160 type: object 22161 storageos: 22162 description: storageOS represents a StorageOS 22163 volume attached and mounted on Kubernetes nodes. 22164 properties: 22165 fsType: 22166 description: fsType is the filesystem type 22167 to mount. Must be a filesystem type supported 22168 by the host operating system. Ex. "ext4", 22169 "xfs", "ntfs". Implicitly inferred to be 22170 "ext4" if unspecified. 22171 type: string 22172 readOnly: 22173 description: readOnly defaults to false (read/write). 22174 ReadOnly here will force the ReadOnly setting 22175 in VolumeMounts. 22176 type: boolean 22177 secretRef: 22178 description: secretRef specifies the secret 22179 to use for obtaining the StorageOS API credentials. If 22180 not specified, default values will be attempted. 22181 properties: 22182 name: 22183 description: 'Name of the referent. More 22184 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22185 TODO: Add other useful fields. apiVersion, 22186 kind, uid?' 22187 type: string 22188 type: object 22189 volumeName: 22190 description: volumeName is the human-readable 22191 name of the StorageOS volume. Volume names 22192 are only unique within a namespace. 22193 type: string 22194 volumeNamespace: 22195 description: volumeNamespace specifies the 22196 scope of the volume within StorageOS. If 22197 no namespace is specified then the Pod's 22198 namespace will be used. This allows the 22199 Kubernetes name scoping to be mirrored within 22200 StorageOS for tighter integration. Set VolumeName 22201 to any name to override the default behaviour. 22202 Set to "default" if you are not using namespaces 22203 within StorageOS. Namespaces that do not 22204 pre-exist within StorageOS will be created. 22205 type: string 22206 type: object 22207 vsphereVolume: 22208 description: vsphereVolume represents a vSphere 22209 volume attached and mounted on kubelets host 22210 machine 22211 properties: 22212 fsType: 22213 description: fsType is filesystem type to 22214 mount. Must be a filesystem type supported 22215 by the host operating system. Ex. "ext4", 22216 "xfs", "ntfs". Implicitly inferred to be 22217 "ext4" if unspecified. 22218 type: string 22219 storagePolicyID: 22220 description: storagePolicyID is the storage 22221 Policy Based Management (SPBM) profile ID 22222 associated with the StoragePolicyName. 22223 type: string 22224 storagePolicyName: 22225 description: storagePolicyName is the storage 22226 Policy Based Management (SPBM) profile name. 22227 type: string 22228 volumePath: 22229 description: volumePath is the path that identifies 22230 vSphere volume vmdk 22231 type: string 22232 required: 22233 - volumePath 22234 type: object 22235 required: 22236 - name 22237 type: object 22238 type: array 22239 x-kubernetes-list-type: atomic 22240 type: object 22241 taskServiceAccountName: 22242 type: string 22243 type: object 22244 type: array 22245 x-kubernetes-list-type: atomic 22246 timeout: 22247 description: 'Timeout Deprecated: use pipelineRunSpec.Timeouts.Pipeline 22248 instead Time after which the Pipeline times out. Defaults to 22249 never. Refer to Go''s ParseDuration documentation for expected 22250 format: https://golang.org/pkg/time/#ParseDuration' 22251 type: string 22252 timeouts: 22253 description: Time after which the Pipeline times out. Currently 22254 three keys are accepted in the map pipeline, tasks and finally 22255 with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally 22256 properties: 22257 finally: 22258 description: Finally sets the maximum allowed duration of 22259 this pipeline's finally 22260 type: string 22261 pipeline: 22262 description: Pipeline sets the maximum allowed duration for 22263 execution of the entire pipeline. The sum of individual 22264 timeouts for tasks and finally must not exceed this value. 22265 type: string 22266 tasks: 22267 description: Tasks sets the maximum allowed duration of this 22268 pipeline's tasks 22269 type: string 22270 type: object 22271 workspaces: 22272 description: Workspaces holds a set of workspace bindings that 22273 must match names with those declared in the pipeline. 22274 items: 22275 description: WorkspaceBinding maps a Task's declared workspace 22276 to a Volume. 22277 properties: 22278 configMap: 22279 description: ConfigMap represents a configMap that should 22280 populate this workspace. 22281 properties: 22282 defaultMode: 22283 description: 'defaultMode is optional: mode bits used 22284 to set permissions on created files by default. Must 22285 be an octal value between 0000 and 0777 or a decimal 22286 value between 0 and 511. YAML accepts both octal and 22287 decimal values, JSON requires decimal values for mode 22288 bits. Defaults to 0644. Directories within the path 22289 are not affected by this setting. This might be in 22290 conflict with other options that affect the file mode, 22291 like fsGroup, and the result can be other mode bits 22292 set.' 22293 format: int32 22294 type: integer 22295 items: 22296 description: items if unspecified, each key-value pair 22297 in the Data field of the referenced ConfigMap will 22298 be projected into the volume as a file whose name 22299 is the key and content is the value. If specified, 22300 the listed keys will be projected into the specified 22301 paths, and unlisted keys will not be present. If a 22302 key is specified which is not present in the ConfigMap, 22303 the volume setup will error unless it is marked optional. 22304 Paths must be relative and may not contain the '..' 22305 path or start with '..'. 22306 items: 22307 description: Maps a string key to a path within a 22308 volume. 22309 properties: 22310 key: 22311 description: key is the key to project. 22312 type: string 22313 mode: 22314 description: 'mode is Optional: mode bits used 22315 to set permissions on this file. Must be an 22316 octal value between 0000 and 0777 or a decimal 22317 value between 0 and 511. YAML accepts both octal 22318 and decimal values, JSON requires decimal values 22319 for mode bits. If not specified, the volume 22320 defaultMode will be used. This might be in conflict 22321 with other options that affect the file mode, 22322 like fsGroup, and the result can be other mode 22323 bits set.' 22324 format: int32 22325 type: integer 22326 path: 22327 description: path is the relative path of the 22328 file to map the key to. May not be an absolute 22329 path. May not contain the path element '..'. 22330 May not start with the string '..'. 22331 type: string 22332 required: 22333 - key 22334 - path 22335 type: object 22336 type: array 22337 name: 22338 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22339 TODO: Add other useful fields. apiVersion, kind, uid?' 22340 type: string 22341 optional: 22342 description: optional specify whether the ConfigMap 22343 or its keys must be defined 22344 type: boolean 22345 type: object 22346 csi: 22347 description: CSI (Container Storage Interface) represents 22348 ephemeral storage that is handled by certain external 22349 CSI drivers. 22350 properties: 22351 driver: 22352 description: driver is the name of the CSI driver that 22353 handles this volume. Consult with your admin for the 22354 correct name as registered in the cluster. 22355 type: string 22356 fsType: 22357 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 22358 If not provided, the empty value is passed to the 22359 associated CSI driver which will determine the default 22360 filesystem to apply. 22361 type: string 22362 nodePublishSecretRef: 22363 description: nodePublishSecretRef is a reference to 22364 the secret object containing sensitive information 22365 to pass to the CSI driver to complete the CSI NodePublishVolume 22366 and NodeUnpublishVolume calls. This field is optional, 22367 and may be empty if no secret is required. If the 22368 secret object contains more than one secret, all secret 22369 references are passed. 22370 properties: 22371 name: 22372 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22373 TODO: Add other useful fields. apiVersion, kind, 22374 uid?' 22375 type: string 22376 type: object 22377 readOnly: 22378 description: readOnly specifies a read-only configuration 22379 for the volume. Defaults to false (read/write). 22380 type: boolean 22381 volumeAttributes: 22382 additionalProperties: 22383 type: string 22384 description: volumeAttributes stores driver-specific 22385 properties that are passed to the CSI driver. Consult 22386 your driver's documentation for supported values. 22387 type: object 22388 required: 22389 - driver 22390 type: object 22391 emptyDir: 22392 description: 'EmptyDir represents a temporary directory 22393 that shares a Task''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 22394 Either this OR PersistentVolumeClaim can be used.' 22395 properties: 22396 medium: 22397 description: 'medium represents what type of storage 22398 medium should back this directory. The default is 22399 "" which means to use the node''s default medium. 22400 Must be an empty string (default) or Memory. More 22401 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 22402 type: string 22403 sizeLimit: 22404 anyOf: 22405 - type: integer 22406 - type: string 22407 description: 'sizeLimit is the total amount of local 22408 storage required for this EmptyDir volume. The size 22409 limit is also applicable for memory medium. The maximum 22410 usage on memory medium EmptyDir would be the minimum 22411 value between the SizeLimit specified here and the 22412 sum of memory limits of all containers in a pod. The 22413 default is nil which means that the limit is undefined. 22414 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 22415 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 22416 x-kubernetes-int-or-string: true 22417 type: object 22418 name: 22419 description: Name is the name of the workspace populated 22420 by the volume. 22421 type: string 22422 persistentVolumeClaim: 22423 description: PersistentVolumeClaimVolumeSource represents 22424 a reference to a PersistentVolumeClaim in the same namespace. 22425 Either this OR EmptyDir can be used. 22426 properties: 22427 claimName: 22428 description: 'claimName is the name of a PersistentVolumeClaim 22429 in the same namespace as the pod using this volume. 22430 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 22431 type: string 22432 readOnly: 22433 description: readOnly Will force the ReadOnly setting 22434 in VolumeMounts. Default false. 22435 type: boolean 22436 required: 22437 - claimName 22438 type: object 22439 projected: 22440 description: Projected represents a projected volume that 22441 should populate this workspace. 22442 properties: 22443 defaultMode: 22444 description: defaultMode are the mode bits used to set 22445 permissions on created files by default. Must be an 22446 octal value between 0000 and 0777 or a decimal value 22447 between 0 and 511. YAML accepts both octal and decimal 22448 values, JSON requires decimal values for mode bits. 22449 Directories within the path are not affected by this 22450 setting. This might be in conflict with other options 22451 that affect the file mode, like fsGroup, and the result 22452 can be other mode bits set. 22453 format: int32 22454 type: integer 22455 sources: 22456 description: sources is the list of volume projections 22457 items: 22458 description: Projection that may be projected along 22459 with other supported volume types 22460 properties: 22461 configMap: 22462 description: configMap information about the configMap 22463 data to project 22464 properties: 22465 items: 22466 description: items if unspecified, each key-value 22467 pair in the Data field of the referenced 22468 ConfigMap will be projected into the volume 22469 as a file whose name is the key and content 22470 is the value. If specified, the listed keys 22471 will be projected into the specified paths, 22472 and unlisted keys will not be present. If 22473 a key is specified which is not present 22474 in the ConfigMap, the volume setup will 22475 error unless it is marked optional. Paths 22476 must be relative and may not contain the 22477 '..' path or start with '..'. 22478 items: 22479 description: Maps a string key to a path 22480 within a volume. 22481 properties: 22482 key: 22483 description: key is the key to project. 22484 type: string 22485 mode: 22486 description: 'mode is Optional: mode 22487 bits used to set permissions on this 22488 file. Must be an octal value between 22489 0000 and 0777 or a decimal value between 22490 0 and 511. YAML accepts both octal 22491 and decimal values, JSON requires 22492 decimal values for mode bits. If not 22493 specified, the volume defaultMode 22494 will be used. This might be in conflict 22495 with other options that affect the 22496 file mode, like fsGroup, and the result 22497 can be other mode bits set.' 22498 format: int32 22499 type: integer 22500 path: 22501 description: path is the relative path 22502 of the file to map the key to. May 22503 not be an absolute path. May not contain 22504 the path element '..'. May not start 22505 with the string '..'. 22506 type: string 22507 required: 22508 - key 22509 - path 22510 type: object 22511 type: array 22512 name: 22513 description: 'Name of the referent. More info: 22514 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22515 TODO: Add other useful fields. apiVersion, 22516 kind, uid?' 22517 type: string 22518 optional: 22519 description: optional specify whether the 22520 ConfigMap or its keys must be defined 22521 type: boolean 22522 type: object 22523 downwardAPI: 22524 description: downwardAPI information about the 22525 downwardAPI data to project 22526 properties: 22527 items: 22528 description: Items is a list of DownwardAPIVolume 22529 file 22530 items: 22531 description: DownwardAPIVolumeFile represents 22532 information to create the file containing 22533 the pod field 22534 properties: 22535 fieldRef: 22536 description: 'Required: Selects a field 22537 of the pod: only annotations, labels, 22538 name and namespace are supported.' 22539 properties: 22540 apiVersion: 22541 description: Version of the schema 22542 the FieldPath is written in terms 22543 of, defaults to "v1". 22544 type: string 22545 fieldPath: 22546 description: Path of the field to 22547 select in the specified API version. 22548 type: string 22549 required: 22550 - fieldPath 22551 type: object 22552 mode: 22553 description: 'Optional: mode bits used 22554 to set permissions on this file, must 22555 be an octal value between 0000 and 22556 0777 or a decimal value between 0 22557 and 511. YAML accepts both octal and 22558 decimal values, JSON requires decimal 22559 values for mode bits. If not specified, 22560 the volume defaultMode will be used. 22561 This might be in conflict with other 22562 options that affect the file mode, 22563 like fsGroup, and the result can be 22564 other mode bits set.' 22565 format: int32 22566 type: integer 22567 path: 22568 description: 'Required: Path is the 22569 relative path name of the file to 22570 be created. Must not be absolute or 22571 contain the ''..'' path. Must be utf-8 22572 encoded. The first item of the relative 22573 path must not start with ''..''' 22574 type: string 22575 resourceFieldRef: 22576 description: 'Selects a resource of 22577 the container: only resources limits 22578 and requests (limits.cpu, limits.memory, 22579 requests.cpu and requests.memory) 22580 are currently supported.' 22581 properties: 22582 containerName: 22583 description: 'Container name: required 22584 for volumes, optional for env 22585 vars' 22586 type: string 22587 divisor: 22588 anyOf: 22589 - type: integer 22590 - type: string 22591 description: Specifies the output 22592 format of the exposed resources, 22593 defaults to "1" 22594 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 22595 x-kubernetes-int-or-string: true 22596 resource: 22597 description: 'Required: resource 22598 to select' 22599 type: string 22600 required: 22601 - resource 22602 type: object 22603 required: 22604 - path 22605 type: object 22606 type: array 22607 type: object 22608 secret: 22609 description: secret information about the secret 22610 data to project 22611 properties: 22612 items: 22613 description: items if unspecified, each key-value 22614 pair in the Data field of the referenced 22615 Secret will be projected into the volume 22616 as a file whose name is the key and content 22617 is the value. If specified, the listed keys 22618 will be projected into the specified paths, 22619 and unlisted keys will not be present. If 22620 a key is specified which is not present 22621 in the Secret, the volume setup will error 22622 unless it is marked optional. Paths must 22623 be relative and may not contain the '..' 22624 path or start with '..'. 22625 items: 22626 description: Maps a string key to a path 22627 within a volume. 22628 properties: 22629 key: 22630 description: key is the key to project. 22631 type: string 22632 mode: 22633 description: 'mode is Optional: mode 22634 bits used to set permissions on this 22635 file. Must be an octal value between 22636 0000 and 0777 or a decimal value between 22637 0 and 511. YAML accepts both octal 22638 and decimal values, JSON requires 22639 decimal values for mode bits. If not 22640 specified, the volume defaultMode 22641 will be used. This might be in conflict 22642 with other options that affect the 22643 file mode, like fsGroup, and the result 22644 can be other mode bits set.' 22645 format: int32 22646 type: integer 22647 path: 22648 description: path is the relative path 22649 of the file to map the key to. May 22650 not be an absolute path. May not contain 22651 the path element '..'. May not start 22652 with the string '..'. 22653 type: string 22654 required: 22655 - key 22656 - path 22657 type: object 22658 type: array 22659 name: 22660 description: 'Name of the referent. More info: 22661 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 22662 TODO: Add other useful fields. apiVersion, 22663 kind, uid?' 22664 type: string 22665 optional: 22666 description: optional field specify whether 22667 the Secret or its key must be defined 22668 type: boolean 22669 type: object 22670 serviceAccountToken: 22671 description: serviceAccountToken is information 22672 about the serviceAccountToken data to project 22673 properties: 22674 audience: 22675 description: audience is the intended audience 22676 of the token. A recipient of a token must 22677 identify itself with an identifier specified 22678 in the audience of the token, and otherwise 22679 should reject the token. The audience defaults 22680 to the identifier of the apiserver. 22681 type: string 22682 expirationSeconds: 22683 description: expirationSeconds is the requested 22684 duration of validity of the service account 22685 token. As the token approaches expiration, 22686 the kubelet volume plugin will proactively 22687 rotate the service account token. The kubelet 22688 will start trying to rotate the token if 22689 the token is older than 80 percent of its 22690 time to live or if the token is older than 22691 24 hours.Defaults to 1 hour and must be 22692 at least 10 minutes. 22693 format: int64 22694 type: integer 22695 path: 22696 description: path is the path relative to 22697 the mount point of the file to project the 22698 token into. 22699 type: string 22700 required: 22701 - path 22702 type: object 22703 type: object 22704 type: array 22705 type: object 22706 secret: 22707 description: Secret represents a secret that should populate 22708 this workspace. 22709 properties: 22710 defaultMode: 22711 description: 'defaultMode is Optional: mode bits used 22712 to set permissions on created files by default. Must 22713 be an octal value between 0000 and 0777 or a decimal 22714 value between 0 and 511. YAML accepts both octal and 22715 decimal values, JSON requires decimal values for mode 22716 bits. Defaults to 0644. Directories within the path 22717 are not affected by this setting. This might be in 22718 conflict with other options that affect the file mode, 22719 like fsGroup, and the result can be other mode bits 22720 set.' 22721 format: int32 22722 type: integer 22723 items: 22724 description: items If unspecified, each key-value pair 22725 in the Data field of the referenced Secret will be 22726 projected into the volume as a file whose name is 22727 the key and content is the value. If specified, the 22728 listed keys will be projected into the specified paths, 22729 and unlisted keys will not be present. If a key is 22730 specified which is not present in the Secret, the 22731 volume setup will error unless it is marked optional. 22732 Paths must be relative and may not contain the '..' 22733 path or start with '..'. 22734 items: 22735 description: Maps a string key to a path within a 22736 volume. 22737 properties: 22738 key: 22739 description: key is the key to project. 22740 type: string 22741 mode: 22742 description: 'mode is Optional: mode bits used 22743 to set permissions on this file. Must be an 22744 octal value between 0000 and 0777 or a decimal 22745 value between 0 and 511. YAML accepts both octal 22746 and decimal values, JSON requires decimal values 22747 for mode bits. If not specified, the volume 22748 defaultMode will be used. This might be in conflict 22749 with other options that affect the file mode, 22750 like fsGroup, and the result can be other mode 22751 bits set.' 22752 format: int32 22753 type: integer 22754 path: 22755 description: path is the relative path of the 22756 file to map the key to. May not be an absolute 22757 path. May not contain the path element '..'. 22758 May not start with the string '..'. 22759 type: string 22760 required: 22761 - key 22762 - path 22763 type: object 22764 type: array 22765 optional: 22766 description: optional field specify whether the Secret 22767 or its keys must be defined 22768 type: boolean 22769 secretName: 22770 description: 'secretName is the name of the secret in 22771 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 22772 type: string 22773 type: object 22774 subPath: 22775 description: SubPath is optionally a directory on the volume 22776 which should be used for this binding (i.e. the volume 22777 will be mounted at this sub directory). 22778 type: string 22779 volumeClaimTemplate: 22780 description: VolumeClaimTemplate is a template for a claim 22781 that will be created in the same namespace. The PipelineRun 22782 controller is responsible for creating a unique claim 22783 for each instance of PipelineRun. 22784 properties: 22785 apiVersion: 22786 description: 'APIVersion defines the versioned schema 22787 of this representation of an object. Servers should 22788 convert recognized schemas to the latest internal 22789 value, and may reject unrecognized values. More info: 22790 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 22791 type: string 22792 kind: 22793 description: 'Kind is a string value representing the 22794 REST resource this object represents. Servers may 22795 infer this from the endpoint the client submits requests 22796 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 22797 type: string 22798 metadata: 22799 description: 'Standard object''s metadata. More info: 22800 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 22801 type: object 22802 spec: 22803 description: 'spec defines the desired characteristics 22804 of a volume requested by a pod author. More info: 22805 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 22806 properties: 22807 accessModes: 22808 description: 'accessModes contains the desired access 22809 modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 22810 items: 22811 type: string 22812 type: array 22813 dataSource: 22814 description: 'dataSource field can be used to specify 22815 either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 22816 * An existing PVC (PersistentVolumeClaim) If the 22817 provisioner or an external controller can support 22818 the specified data source, it will create a new 22819 volume based on the contents of the specified 22820 data source. When the AnyVolumeDataSource feature 22821 gate is enabled, dataSource contents will be copied 22822 to dataSourceRef, and dataSourceRef contents will 22823 be copied to dataSource when dataSourceRef.namespace 22824 is not specified. If the namespace is specified, 22825 then dataSourceRef will not be copied to dataSource.' 22826 properties: 22827 apiGroup: 22828 description: APIGroup is the group for the resource 22829 being referenced. If APIGroup is not specified, 22830 the specified Kind must be in the core API 22831 group. For any other third-party types, APIGroup 22832 is required. 22833 type: string 22834 kind: 22835 description: Kind is the type of resource being 22836 referenced 22837 type: string 22838 name: 22839 description: Name is the name of resource being 22840 referenced 22841 type: string 22842 required: 22843 - kind 22844 - name 22845 type: object 22846 dataSourceRef: 22847 description: 'dataSourceRef specifies the object 22848 from which to populate the volume with data, if 22849 a non-empty volume is desired. This may be any 22850 object from a non-empty API group (non core object) 22851 or a PersistentVolumeClaim object. When this field 22852 is specified, volume binding will only succeed 22853 if the type of the specified object matches some 22854 installed volume populator or dynamic provisioner. 22855 This field will replace the functionality of the 22856 dataSource field and as such if both fields are 22857 non-empty, they must have the same value. For 22858 backwards compatibility, when namespace isn''t 22859 specified in dataSourceRef, both fields (dataSource 22860 and dataSourceRef) will be set to the same value 22861 automatically if one of them is empty and the 22862 other is non-empty. When namespace is specified 22863 in dataSourceRef, dataSource isn''t set to the 22864 same value and must be empty. There are three 22865 important differences between dataSource and dataSourceRef: 22866 * While dataSource only allows two specific types 22867 of objects, dataSourceRef allows any non-core 22868 object, as well as PersistentVolumeClaim objects. 22869 * While dataSource ignores disallowed values (dropping 22870 them), dataSourceRef preserves all values, and 22871 generates an error if a disallowed value is specified. 22872 * While dataSource only allows local objects, 22873 dataSourceRef allows objects in any namespaces. 22874 (Beta) Using this field requires the AnyVolumeDataSource 22875 feature gate to be enabled. (Alpha) Using the 22876 namespace field of dataSourceRef requires the 22877 CrossNamespaceVolumeDataSource feature gate to 22878 be enabled.' 22879 properties: 22880 apiGroup: 22881 description: APIGroup is the group for the resource 22882 being referenced. If APIGroup is not specified, 22883 the specified Kind must be in the core API 22884 group. For any other third-party types, APIGroup 22885 is required. 22886 type: string 22887 kind: 22888 description: Kind is the type of resource being 22889 referenced 22890 type: string 22891 name: 22892 description: Name is the name of resource being 22893 referenced 22894 type: string 22895 namespace: 22896 description: Namespace is the namespace of resource 22897 being referenced Note that when a namespace 22898 is specified, a gateway.networking.k8s.io/ReferenceGrant 22899 object is required in the referent namespace 22900 to allow that namespace's owner to accept 22901 the reference. See the ReferenceGrant documentation 22902 for details. (Alpha) This field requires the 22903 CrossNamespaceVolumeDataSource feature gate 22904 to be enabled. 22905 type: string 22906 required: 22907 - kind 22908 - name 22909 type: object 22910 resources: 22911 description: 'resources represents the minimum resources 22912 the volume should have. If RecoverVolumeExpansionFailure 22913 feature is enabled users are allowed to specify 22914 resource requirements that are lower than previous 22915 value but must still be higher than capacity recorded 22916 in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 22917 properties: 22918 claims: 22919 description: "Claims lists the names of resources, 22920 defined in spec.resourceClaims, that are used 22921 by this container. \n This is an alpha field 22922 and requires enabling the DynamicResourceAllocation 22923 feature gate. \n This field is immutable. 22924 It can only be set for containers." 22925 items: 22926 description: ResourceClaim references one 22927 entry in PodSpec.ResourceClaims. 22928 properties: 22929 name: 22930 description: Name must match the name 22931 of one entry in pod.spec.resourceClaims 22932 of the Pod where this field is used. 22933 It makes that resource available inside 22934 a container. 22935 type: string 22936 required: 22937 - name 22938 type: object 22939 type: array 22940 x-kubernetes-list-map-keys: 22941 - name 22942 x-kubernetes-list-type: map 22943 limits: 22944 additionalProperties: 22945 anyOf: 22946 - type: integer 22947 - type: string 22948 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 22949 x-kubernetes-int-or-string: true 22950 description: 'Limits describes the maximum amount 22951 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 22952 type: object 22953 requests: 22954 additionalProperties: 22955 anyOf: 22956 - type: integer 22957 - type: string 22958 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 22959 x-kubernetes-int-or-string: true 22960 description: 'Requests describes the minimum 22961 amount of compute resources required. If Requests 22962 is omitted for a container, it defaults to 22963 Limits if that is explicitly specified, otherwise 22964 to an implementation-defined value. Requests 22965 cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 22966 type: object 22967 type: object 22968 selector: 22969 description: selector is a label query over volumes 22970 to consider for binding. 22971 properties: 22972 matchExpressions: 22973 description: matchExpressions is a list of label 22974 selector requirements. The requirements are 22975 ANDed. 22976 items: 22977 description: A label selector requirement 22978 is a selector that contains values, a key, 22979 and an operator that relates the key and 22980 values. 22981 properties: 22982 key: 22983 description: key is the label key that 22984 the selector applies to. 22985 type: string 22986 operator: 22987 description: operator represents a key's 22988 relationship to a set of values. Valid 22989 operators are In, NotIn, Exists and 22990 DoesNotExist. 22991 type: string 22992 values: 22993 description: values is an array of string 22994 values. If the operator is In or NotIn, 22995 the values array must be non-empty. 22996 If the operator is Exists or DoesNotExist, 22997 the values array must be empty. This 22998 array is replaced during a strategic 22999 merge patch. 23000 items: 23001 type: string 23002 type: array 23003 required: 23004 - key 23005 - operator 23006 type: object 23007 type: array 23008 matchLabels: 23009 additionalProperties: 23010 type: string 23011 description: matchLabels is a map of {key,value} 23012 pairs. A single {key,value} in the matchLabels 23013 map is equivalent to an element of matchExpressions, 23014 whose key field is "key", the operator is 23015 "In", and the values array contains only "value". 23016 The requirements are ANDed. 23017 type: object 23018 type: object 23019 storageClassName: 23020 description: 'storageClassName is the name of the 23021 StorageClass required by the claim. More info: 23022 https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 23023 type: string 23024 volumeMode: 23025 description: volumeMode defines what type of volume 23026 is required by the claim. Value of Filesystem 23027 is implied when not included in claim spec. 23028 type: string 23029 volumeName: 23030 description: volumeName is the binding reference 23031 to the PersistentVolume backing this claim. 23032 type: string 23033 type: object 23034 status: 23035 description: 'status represents the current information/status 23036 of a persistent volume claim. Read-only. More info: 23037 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 23038 properties: 23039 accessModes: 23040 description: 'accessModes contains the actual access 23041 modes the volume backing the PVC has. More info: 23042 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 23043 items: 23044 type: string 23045 type: array 23046 allocatedResourceStatuses: 23047 additionalProperties: 23048 description: When a controller receives persistentvolume 23049 claim update with ClaimResourceStatus for a 23050 resource that it does not recognizes, then it 23051 should ignore that update and let other controllers 23052 handle it. 23053 type: string 23054 description: "allocatedResourceStatuses stores status 23055 of resource being resized for the given PVC. Key 23056 names follow standard Kubernetes label syntax. 23057 Valid values are either: \t* Un-prefixed keys: 23058 \t\t- storage - the capacity of the volume. \t* 23059 Custom resources must use implementation-defined 23060 prefixed names such as \"example.com/my-custom-resource\" 23061 Apart from above values - keys that are unprefixed 23062 or have kubernetes.io prefix are considered reserved 23063 and hence may not be used. \n ClaimResourceStatus 23064 can be in any of following states: \t- ControllerResizeInProgress: 23065 \t\tState set when resize controller starts resizing 23066 the volume in control-plane. \t- ControllerResizeFailed: 23067 \t\tState set when resize has failed in resize 23068 controller with a terminal error. \t- NodeResizePending: 23069 \t\tState set when resize controller has finished 23070 resizing the volume but further resizing of \t\tvolume 23071 is needed on the node. \t- NodeResizeInProgress: 23072 \t\tState set when kubelet starts resizing the 23073 volume. \t- NodeResizeFailed: \t\tState set when 23074 resizing has failed in kubelet with a terminal 23075 error. Transient errors don't set \t\tNodeResizeFailed. 23076 For example: if expanding a PVC for more capacity 23077 - this field can be one of the following states: 23078 \t- pvc.status.allocatedResourceStatus['storage'] 23079 = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 23080 = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] 23081 = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] 23082 = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 23083 = \"NodeResizeFailed\" When this field is not 23084 set, it means that no resize operation is in progress 23085 for the given PVC. \n A controller that receives 23086 PVC update with previously unknown resourceName 23087 or ClaimResourceStatus should ignore the update 23088 for the purpose it was designed. For example - 23089 a controller that only is responsible for resizing 23090 capacity of the volume, should ignore PVC updates 23091 that change other valid resources associated with 23092 PVC. \n This is an alpha field and requires enabling 23093 RecoverVolumeExpansionFailure feature." 23094 type: object 23095 x-kubernetes-map-type: granular 23096 allocatedResources: 23097 additionalProperties: 23098 anyOf: 23099 - type: integer 23100 - type: string 23101 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 23102 x-kubernetes-int-or-string: true 23103 description: "allocatedResources tracks the resources 23104 allocated to a PVC including its capacity. Key 23105 names follow standard Kubernetes label syntax. 23106 Valid values are either: \t* Un-prefixed keys: 23107 \t\t- storage - the capacity of the volume. \t* 23108 Custom resources must use implementation-defined 23109 prefixed names such as \"example.com/my-custom-resource\" 23110 Apart from above values - keys that are unprefixed 23111 or have kubernetes.io prefix are considered reserved 23112 and hence may not be used. \n Capacity reported 23113 here may be larger than the actual capacity when 23114 a volume expansion operation is requested. For 23115 storage quota, the larger value from allocatedResources 23116 and PVC.spec.resources is used. If allocatedResources 23117 is not set, PVC.spec.resources alone is used for 23118 quota calculation. If a volume expansion capacity 23119 request is lowered, allocatedResources is only 23120 lowered if there are no expansion operations in 23121 progress and if the actual volume capacity is 23122 equal or lower than the requested capacity. \n 23123 A controller that receives PVC update with previously 23124 unknown resourceName should ignore the update 23125 for the purpose it was designed. For example - 23126 a controller that only is responsible for resizing 23127 capacity of the volume, should ignore PVC updates 23128 that change other valid resources associated with 23129 PVC. \n This is an alpha field and requires enabling 23130 RecoverVolumeExpansionFailure feature." 23131 type: object 23132 capacity: 23133 additionalProperties: 23134 anyOf: 23135 - type: integer 23136 - type: string 23137 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 23138 x-kubernetes-int-or-string: true 23139 description: capacity represents the actual resources 23140 of the underlying volume. 23141 type: object 23142 conditions: 23143 description: conditions is the current Condition 23144 of persistent volume claim. If underlying persistent 23145 volume is being resized then the Condition will 23146 be set to 'ResizeStarted'. 23147 items: 23148 description: PersistentVolumeClaimCondition contains 23149 details about state of pvc 23150 properties: 23151 lastProbeTime: 23152 description: lastProbeTime is the time we 23153 probed the condition. 23154 format: date-time 23155 type: string 23156 lastTransitionTime: 23157 description: lastTransitionTime is the time 23158 the condition transitioned from one status 23159 to another. 23160 format: date-time 23161 type: string 23162 message: 23163 description: message is the human-readable 23164 message indicating details about last transition. 23165 type: string 23166 reason: 23167 description: reason is a unique, this should 23168 be a short, machine understandable string 23169 that gives the reason for condition's last 23170 transition. If it reports "ResizeStarted" 23171 that means the underlying persistent volume 23172 is being resized. 23173 type: string 23174 status: 23175 type: string 23176 type: 23177 description: PersistentVolumeClaimConditionType 23178 is a valid value of PersistentVolumeClaimCondition.Type 23179 type: string 23180 required: 23181 - status 23182 - type 23183 type: object 23184 type: array 23185 phase: 23186 description: phase represents the current phase 23187 of PersistentVolumeClaim. 23188 type: string 23189 type: object 23190 type: object 23191 required: 23192 - name 23193 type: object 23194 type: array 23195 x-kubernetes-list-type: atomic 23196 type: object 23197 pod_spec: 23198 description: PodSpec provides the basis for running the test under 23199 a Kubernetes agent 23200 properties: 23201 activeDeadlineSeconds: 23202 description: Optional duration in seconds the pod may be active 23203 on the node relative to StartTime before the system will actively 23204 try to mark it failed and kill associated containers. Value 23205 must be a positive integer. 23206 format: int64 23207 type: integer 23208 affinity: 23209 description: If specified, the pod's scheduling constraints 23210 properties: 23211 nodeAffinity: 23212 description: Describes node affinity scheduling rules for 23213 the pod. 23214 properties: 23215 preferredDuringSchedulingIgnoredDuringExecution: 23216 description: The scheduler will prefer to schedule pods 23217 to nodes that satisfy the affinity expressions specified 23218 by this field, but it may choose a node that violates 23219 one or more of the expressions. The node that is most 23220 preferred is the one with the greatest sum of weights, 23221 i.e. for each node that meets all of the scheduling 23222 requirements (resource request, requiredDuringScheduling 23223 affinity expressions, etc.), compute a sum by iterating 23224 through the elements of this field and adding "weight" 23225 to the sum if the node matches the corresponding matchExpressions; 23226 the node(s) with the highest sum are the most preferred. 23227 items: 23228 description: An empty preferred scheduling term matches 23229 all objects with implicit weight 0 (i.e. it's a no-op). 23230 A null preferred scheduling term matches no objects 23231 (i.e. is also a no-op). 23232 properties: 23233 preference: 23234 description: A node selector term, associated with 23235 the corresponding weight. 23236 properties: 23237 matchExpressions: 23238 description: A list of node selector requirements 23239 by node's labels. 23240 items: 23241 description: A node selector requirement is 23242 a selector that contains values, a key, 23243 and an operator that relates the key and 23244 values. 23245 properties: 23246 key: 23247 description: The label key that the selector 23248 applies to. 23249 type: string 23250 operator: 23251 description: Represents a key's relationship 23252 to a set of values. Valid operators 23253 are In, NotIn, Exists, DoesNotExist. 23254 Gt, and Lt. 23255 type: string 23256 values: 23257 description: An array of string values. 23258 If the operator is In or NotIn, the 23259 values array must be non-empty. If the 23260 operator is Exists or DoesNotExist, 23261 the values array must be empty. If the 23262 operator is Gt or Lt, the values array 23263 must have a single element, which will 23264 be interpreted as an integer. This array 23265 is replaced during a strategic merge 23266 patch. 23267 items: 23268 type: string 23269 type: array 23270 required: 23271 - key 23272 - operator 23273 type: object 23274 type: array 23275 matchFields: 23276 description: A list of node selector requirements 23277 by node's fields. 23278 items: 23279 description: A node selector requirement is 23280 a selector that contains values, a key, 23281 and an operator that relates the key and 23282 values. 23283 properties: 23284 key: 23285 description: The label key that the selector 23286 applies to. 23287 type: string 23288 operator: 23289 description: Represents a key's relationship 23290 to a set of values. Valid operators 23291 are In, NotIn, Exists, DoesNotExist. 23292 Gt, and Lt. 23293 type: string 23294 values: 23295 description: An array of string values. 23296 If the operator is In or NotIn, the 23297 values array must be non-empty. If the 23298 operator is Exists or DoesNotExist, 23299 the values array must be empty. If the 23300 operator is Gt or Lt, the values array 23301 must have a single element, which will 23302 be interpreted as an integer. This array 23303 is replaced during a strategic merge 23304 patch. 23305 items: 23306 type: string 23307 type: array 23308 required: 23309 - key 23310 - operator 23311 type: object 23312 type: array 23313 type: object 23314 weight: 23315 description: Weight associated with matching the 23316 corresponding nodeSelectorTerm, in the range 1-100. 23317 format: int32 23318 type: integer 23319 required: 23320 - preference 23321 - weight 23322 type: object 23323 type: array 23324 requiredDuringSchedulingIgnoredDuringExecution: 23325 description: If the affinity requirements specified by 23326 this field are not met at scheduling time, the pod will 23327 not be scheduled onto the node. If the affinity requirements 23328 specified by this field cease to be met at some point 23329 during pod execution (e.g. due to an update), the system 23330 may or may not try to eventually evict the pod from 23331 its node. 23332 properties: 23333 nodeSelectorTerms: 23334 description: Required. A list of node selector terms. 23335 The terms are ORed. 23336 items: 23337 description: A null or empty node selector term 23338 matches no objects. The requirements of them are 23339 ANDed. The TopologySelectorTerm type implements 23340 a subset of the NodeSelectorTerm. 23341 properties: 23342 matchExpressions: 23343 description: A list of node selector requirements 23344 by node's labels. 23345 items: 23346 description: A node selector requirement is 23347 a selector that contains values, a key, 23348 and an operator that relates the key and 23349 values. 23350 properties: 23351 key: 23352 description: The label key that the selector 23353 applies to. 23354 type: string 23355 operator: 23356 description: Represents a key's relationship 23357 to a set of values. Valid operators 23358 are In, NotIn, Exists, DoesNotExist. 23359 Gt, and Lt. 23360 type: string 23361 values: 23362 description: An array of string values. 23363 If the operator is In or NotIn, the 23364 values array must be non-empty. If the 23365 operator is Exists or DoesNotExist, 23366 the values array must be empty. If the 23367 operator is Gt or Lt, the values array 23368 must have a single element, which will 23369 be interpreted as an integer. This array 23370 is replaced during a strategic merge 23371 patch. 23372 items: 23373 type: string 23374 type: array 23375 required: 23376 - key 23377 - operator 23378 type: object 23379 type: array 23380 matchFields: 23381 description: A list of node selector requirements 23382 by node's fields. 23383 items: 23384 description: A node selector requirement is 23385 a selector that contains values, a key, 23386 and an operator that relates the key and 23387 values. 23388 properties: 23389 key: 23390 description: The label key that the selector 23391 applies to. 23392 type: string 23393 operator: 23394 description: Represents a key's relationship 23395 to a set of values. Valid operators 23396 are In, NotIn, Exists, DoesNotExist. 23397 Gt, and Lt. 23398 type: string 23399 values: 23400 description: An array of string values. 23401 If the operator is In or NotIn, the 23402 values array must be non-empty. If the 23403 operator is Exists or DoesNotExist, 23404 the values array must be empty. If the 23405 operator is Gt or Lt, the values array 23406 must have a single element, which will 23407 be interpreted as an integer. This array 23408 is replaced during a strategic merge 23409 patch. 23410 items: 23411 type: string 23412 type: array 23413 required: 23414 - key 23415 - operator 23416 type: object 23417 type: array 23418 type: object 23419 type: array 23420 required: 23421 - nodeSelectorTerms 23422 type: object 23423 type: object 23424 podAffinity: 23425 description: Describes pod affinity scheduling rules (e.g. 23426 co-locate this pod in the same node, zone, etc. as some 23427 other pod(s)). 23428 properties: 23429 preferredDuringSchedulingIgnoredDuringExecution: 23430 description: The scheduler will prefer to schedule pods 23431 to nodes that satisfy the affinity expressions specified 23432 by this field, but it may choose a node that violates 23433 one or more of the expressions. The node that is most 23434 preferred is the one with the greatest sum of weights, 23435 i.e. for each node that meets all of the scheduling 23436 requirements (resource request, requiredDuringScheduling 23437 affinity expressions, etc.), compute a sum by iterating 23438 through the elements of this field and adding "weight" 23439 to the sum if the node has pods which matches the corresponding 23440 podAffinityTerm; the node(s) with the highest sum are 23441 the most preferred. 23442 items: 23443 description: The weights of all of the matched WeightedPodAffinityTerm 23444 fields are added per-node to find the most preferred 23445 node(s) 23446 properties: 23447 podAffinityTerm: 23448 description: Required. A pod affinity term, associated 23449 with the corresponding weight. 23450 properties: 23451 labelSelector: 23452 description: A label query over a set of resources, 23453 in this case pods. 23454 properties: 23455 matchExpressions: 23456 description: matchExpressions is a list 23457 of label selector requirements. The requirements 23458 are ANDed. 23459 items: 23460 description: A label selector requirement 23461 is a selector that contains values, 23462 a key, and an operator that relates 23463 the key and values. 23464 properties: 23465 key: 23466 description: key is the label key 23467 that the selector applies to. 23468 type: string 23469 operator: 23470 description: operator represents a 23471 key's relationship to a set of values. 23472 Valid operators are In, NotIn, Exists 23473 and DoesNotExist. 23474 type: string 23475 values: 23476 description: values is an array of 23477 string values. If the operator is 23478 In or NotIn, the values array must 23479 be non-empty. If the operator is 23480 Exists or DoesNotExist, the values 23481 array must be empty. This array 23482 is replaced during a strategic merge 23483 patch. 23484 items: 23485 type: string 23486 type: array 23487 required: 23488 - key 23489 - operator 23490 type: object 23491 type: array 23492 matchLabels: 23493 additionalProperties: 23494 type: string 23495 description: matchLabels is a map of {key,value} 23496 pairs. A single {key,value} in the matchLabels 23497 map is equivalent to an element of matchExpressions, 23498 whose key field is "key", the operator 23499 is "In", and the values array contains 23500 only "value". The requirements are ANDed. 23501 type: object 23502 type: object 23503 namespaceSelector: 23504 description: A label query over the set of namespaces 23505 that the term applies to. The term is applied 23506 to the union of the namespaces selected by 23507 this field and the ones listed in the namespaces 23508 field. null selector and null or empty namespaces 23509 list means "this pod's namespace". An empty 23510 selector ({}) matches all namespaces. 23511 properties: 23512 matchExpressions: 23513 description: matchExpressions is a list 23514 of label selector requirements. The requirements 23515 are ANDed. 23516 items: 23517 description: A label selector requirement 23518 is a selector that contains values, 23519 a key, and an operator that relates 23520 the key and values. 23521 properties: 23522 key: 23523 description: key is the label key 23524 that the selector applies to. 23525 type: string 23526 operator: 23527 description: operator represents a 23528 key's relationship to a set of values. 23529 Valid operators are In, NotIn, Exists 23530 and DoesNotExist. 23531 type: string 23532 values: 23533 description: values is an array of 23534 string values. If the operator is 23535 In or NotIn, the values array must 23536 be non-empty. If the operator is 23537 Exists or DoesNotExist, the values 23538 array must be empty. This array 23539 is replaced during a strategic merge 23540 patch. 23541 items: 23542 type: string 23543 type: array 23544 required: 23545 - key 23546 - operator 23547 type: object 23548 type: array 23549 matchLabels: 23550 additionalProperties: 23551 type: string 23552 description: matchLabels is a map of {key,value} 23553 pairs. A single {key,value} in the matchLabels 23554 map is equivalent to an element of matchExpressions, 23555 whose key field is "key", the operator 23556 is "In", and the values array contains 23557 only "value". The requirements are ANDed. 23558 type: object 23559 type: object 23560 namespaces: 23561 description: namespaces specifies a static list 23562 of namespace names that the term applies to. 23563 The term is applied to the union of the namespaces 23564 listed in this field and the ones selected 23565 by namespaceSelector. null or empty namespaces 23566 list and null namespaceSelector means "this 23567 pod's namespace". 23568 items: 23569 type: string 23570 type: array 23571 topologyKey: 23572 description: This pod should be co-located (affinity) 23573 or not co-located (anti-affinity) with the 23574 pods matching the labelSelector in the specified 23575 namespaces, where co-located is defined as 23576 running on a node whose value of the label 23577 with key topologyKey matches that of any node 23578 on which any of the selected pods is running. 23579 Empty topologyKey is not allowed. 23580 type: string 23581 required: 23582 - topologyKey 23583 type: object 23584 weight: 23585 description: weight associated with matching the 23586 corresponding podAffinityTerm, in the range 1-100. 23587 format: int32 23588 type: integer 23589 required: 23590 - podAffinityTerm 23591 - weight 23592 type: object 23593 type: array 23594 requiredDuringSchedulingIgnoredDuringExecution: 23595 description: If the affinity requirements specified by 23596 this field are not met at scheduling time, the pod will 23597 not be scheduled onto the node. If the affinity requirements 23598 specified by this field cease to be met at some point 23599 during pod execution (e.g. due to a pod label update), 23600 the system may or may not try to eventually evict the 23601 pod from its node. When there are multiple elements, 23602 the lists of nodes corresponding to each podAffinityTerm 23603 are intersected, i.e. all terms must be satisfied. 23604 items: 23605 description: Defines a set of pods (namely those matching 23606 the labelSelector relative to the given namespace(s)) 23607 that this pod should be co-located (affinity) or not 23608 co-located (anti-affinity) with, where co-located 23609 is defined as running on a node whose value of the 23610 label with key <topologyKey> matches that of any node 23611 on which a pod of the set of pods is running 23612 properties: 23613 labelSelector: 23614 description: A label query over a set of resources, 23615 in this case pods. 23616 properties: 23617 matchExpressions: 23618 description: matchExpressions is a list of label 23619 selector requirements. The requirements are 23620 ANDed. 23621 items: 23622 description: A label selector requirement 23623 is a selector that contains values, a key, 23624 and an operator that relates the key and 23625 values. 23626 properties: 23627 key: 23628 description: key is the label key that 23629 the selector applies to. 23630 type: string 23631 operator: 23632 description: operator represents a key's 23633 relationship to a set of values. Valid 23634 operators are In, NotIn, Exists and 23635 DoesNotExist. 23636 type: string 23637 values: 23638 description: values is an array of string 23639 values. If the operator is In or NotIn, 23640 the values array must be non-empty. 23641 If the operator is Exists or DoesNotExist, 23642 the values array must be empty. This 23643 array is replaced during a strategic 23644 merge patch. 23645 items: 23646 type: string 23647 type: array 23648 required: 23649 - key 23650 - operator 23651 type: object 23652 type: array 23653 matchLabels: 23654 additionalProperties: 23655 type: string 23656 description: matchLabels is a map of {key,value} 23657 pairs. A single {key,value} in the matchLabels 23658 map is equivalent to an element of matchExpressions, 23659 whose key field is "key", the operator is 23660 "In", and the values array contains only "value". 23661 The requirements are ANDed. 23662 type: object 23663 type: object 23664 namespaceSelector: 23665 description: A label query over the set of namespaces 23666 that the term applies to. The term is applied 23667 to the union of the namespaces selected by this 23668 field and the ones listed in the namespaces field. 23669 null selector and null or empty namespaces list 23670 means "this pod's namespace". An empty selector 23671 ({}) matches all namespaces. 23672 properties: 23673 matchExpressions: 23674 description: matchExpressions is a list of label 23675 selector requirements. The requirements are 23676 ANDed. 23677 items: 23678 description: A label selector requirement 23679 is a selector that contains values, a key, 23680 and an operator that relates the key and 23681 values. 23682 properties: 23683 key: 23684 description: key is the label key that 23685 the selector applies to. 23686 type: string 23687 operator: 23688 description: operator represents a key's 23689 relationship to a set of values. Valid 23690 operators are In, NotIn, Exists and 23691 DoesNotExist. 23692 type: string 23693 values: 23694 description: values is an array of string 23695 values. If the operator is In or NotIn, 23696 the values array must be non-empty. 23697 If the operator is Exists or DoesNotExist, 23698 the values array must be empty. This 23699 array is replaced during a strategic 23700 merge patch. 23701 items: 23702 type: string 23703 type: array 23704 required: 23705 - key 23706 - operator 23707 type: object 23708 type: array 23709 matchLabels: 23710 additionalProperties: 23711 type: string 23712 description: matchLabels is a map of {key,value} 23713 pairs. A single {key,value} in the matchLabels 23714 map is equivalent to an element of matchExpressions, 23715 whose key field is "key", the operator is 23716 "In", and the values array contains only "value". 23717 The requirements are ANDed. 23718 type: object 23719 type: object 23720 namespaces: 23721 description: namespaces specifies a static list 23722 of namespace names that the term applies to. The 23723 term is applied to the union of the namespaces 23724 listed in this field and the ones selected by 23725 namespaceSelector. null or empty namespaces list 23726 and null namespaceSelector means "this pod's namespace". 23727 items: 23728 type: string 23729 type: array 23730 topologyKey: 23731 description: This pod should be co-located (affinity) 23732 or not co-located (anti-affinity) with the pods 23733 matching the labelSelector in the specified namespaces, 23734 where co-located is defined as running on a node 23735 whose value of the label with key topologyKey 23736 matches that of any node on which any of the selected 23737 pods is running. Empty topologyKey is not allowed. 23738 type: string 23739 required: 23740 - topologyKey 23741 type: object 23742 type: array 23743 type: object 23744 podAntiAffinity: 23745 description: Describes pod anti-affinity scheduling rules 23746 (e.g. avoid putting this pod in the same node, zone, etc. 23747 as some other pod(s)). 23748 properties: 23749 preferredDuringSchedulingIgnoredDuringExecution: 23750 description: The scheduler will prefer to schedule pods 23751 to nodes that satisfy the anti-affinity expressions 23752 specified by this field, but it may choose a node that 23753 violates one or more of the expressions. The node that 23754 is most preferred is the one with the greatest sum of 23755 weights, i.e. for each node that meets all of the scheduling 23756 requirements (resource request, requiredDuringScheduling 23757 anti-affinity expressions, etc.), compute a sum by iterating 23758 through the elements of this field and adding "weight" 23759 to the sum if the node has pods which matches the corresponding 23760 podAffinityTerm; the node(s) with the highest sum are 23761 the most preferred. 23762 items: 23763 description: The weights of all of the matched WeightedPodAffinityTerm 23764 fields are added per-node to find the most preferred 23765 node(s) 23766 properties: 23767 podAffinityTerm: 23768 description: Required. A pod affinity term, associated 23769 with the corresponding weight. 23770 properties: 23771 labelSelector: 23772 description: A label query over a set of resources, 23773 in this case pods. 23774 properties: 23775 matchExpressions: 23776 description: matchExpressions is a list 23777 of label selector requirements. The requirements 23778 are ANDed. 23779 items: 23780 description: A label selector requirement 23781 is a selector that contains values, 23782 a key, and an operator that relates 23783 the key and values. 23784 properties: 23785 key: 23786 description: key is the label key 23787 that the selector applies to. 23788 type: string 23789 operator: 23790 description: operator represents a 23791 key's relationship to a set of values. 23792 Valid operators are In, NotIn, Exists 23793 and DoesNotExist. 23794 type: string 23795 values: 23796 description: values is an array of 23797 string values. If the operator is 23798 In or NotIn, the values array must 23799 be non-empty. If the operator is 23800 Exists or DoesNotExist, the values 23801 array must be empty. This array 23802 is replaced during a strategic merge 23803 patch. 23804 items: 23805 type: string 23806 type: array 23807 required: 23808 - key 23809 - operator 23810 type: object 23811 type: array 23812 matchLabels: 23813 additionalProperties: 23814 type: string 23815 description: matchLabels is a map of {key,value} 23816 pairs. A single {key,value} in the matchLabels 23817 map is equivalent to an element of matchExpressions, 23818 whose key field is "key", the operator 23819 is "In", and the values array contains 23820 only "value". The requirements are ANDed. 23821 type: object 23822 type: object 23823 namespaceSelector: 23824 description: A label query over the set of namespaces 23825 that the term applies to. The term is applied 23826 to the union of the namespaces selected by 23827 this field and the ones listed in the namespaces 23828 field. null selector and null or empty namespaces 23829 list means "this pod's namespace". An empty 23830 selector ({}) matches all namespaces. 23831 properties: 23832 matchExpressions: 23833 description: matchExpressions is a list 23834 of label selector requirements. The requirements 23835 are ANDed. 23836 items: 23837 description: A label selector requirement 23838 is a selector that contains values, 23839 a key, and an operator that relates 23840 the key and values. 23841 properties: 23842 key: 23843 description: key is the label key 23844 that the selector applies to. 23845 type: string 23846 operator: 23847 description: operator represents a 23848 key's relationship to a set of values. 23849 Valid operators are In, NotIn, Exists 23850 and DoesNotExist. 23851 type: string 23852 values: 23853 description: values is an array of 23854 string values. If the operator is 23855 In or NotIn, the values array must 23856 be non-empty. If the operator is 23857 Exists or DoesNotExist, the values 23858 array must be empty. This array 23859 is replaced during a strategic merge 23860 patch. 23861 items: 23862 type: string 23863 type: array 23864 required: 23865 - key 23866 - operator 23867 type: object 23868 type: array 23869 matchLabels: 23870 additionalProperties: 23871 type: string 23872 description: matchLabels is a map of {key,value} 23873 pairs. A single {key,value} in the matchLabels 23874 map is equivalent to an element of matchExpressions, 23875 whose key field is "key", the operator 23876 is "In", and the values array contains 23877 only "value". The requirements are ANDed. 23878 type: object 23879 type: object 23880 namespaces: 23881 description: namespaces specifies a static list 23882 of namespace names that the term applies to. 23883 The term is applied to the union of the namespaces 23884 listed in this field and the ones selected 23885 by namespaceSelector. null or empty namespaces 23886 list and null namespaceSelector means "this 23887 pod's namespace". 23888 items: 23889 type: string 23890 type: array 23891 topologyKey: 23892 description: This pod should be co-located (affinity) 23893 or not co-located (anti-affinity) with the 23894 pods matching the labelSelector in the specified 23895 namespaces, where co-located is defined as 23896 running on a node whose value of the label 23897 with key topologyKey matches that of any node 23898 on which any of the selected pods is running. 23899 Empty topologyKey is not allowed. 23900 type: string 23901 required: 23902 - topologyKey 23903 type: object 23904 weight: 23905 description: weight associated with matching the 23906 corresponding podAffinityTerm, in the range 1-100. 23907 format: int32 23908 type: integer 23909 required: 23910 - podAffinityTerm 23911 - weight 23912 type: object 23913 type: array 23914 requiredDuringSchedulingIgnoredDuringExecution: 23915 description: If the anti-affinity requirements specified 23916 by this field are not met at scheduling time, the pod 23917 will not be scheduled onto the node. If the anti-affinity 23918 requirements specified by this field cease to be met 23919 at some point during pod execution (e.g. due to a pod 23920 label update), the system may or may not try to eventually 23921 evict the pod from its node. When there are multiple 23922 elements, the lists of nodes corresponding to each podAffinityTerm 23923 are intersected, i.e. all terms must be satisfied. 23924 items: 23925 description: Defines a set of pods (namely those matching 23926 the labelSelector relative to the given namespace(s)) 23927 that this pod should be co-located (affinity) or not 23928 co-located (anti-affinity) with, where co-located 23929 is defined as running on a node whose value of the 23930 label with key <topologyKey> matches that of any node 23931 on which a pod of the set of pods is running 23932 properties: 23933 labelSelector: 23934 description: A label query over a set of resources, 23935 in this case pods. 23936 properties: 23937 matchExpressions: 23938 description: matchExpressions is a list of label 23939 selector requirements. The requirements are 23940 ANDed. 23941 items: 23942 description: A label selector requirement 23943 is a selector that contains values, a key, 23944 and an operator that relates the key and 23945 values. 23946 properties: 23947 key: 23948 description: key is the label key that 23949 the selector applies to. 23950 type: string 23951 operator: 23952 description: operator represents a key's 23953 relationship to a set of values. Valid 23954 operators are In, NotIn, Exists and 23955 DoesNotExist. 23956 type: string 23957 values: 23958 description: values is an array of string 23959 values. If the operator is In or NotIn, 23960 the values array must be non-empty. 23961 If the operator is Exists or DoesNotExist, 23962 the values array must be empty. This 23963 array is replaced during a strategic 23964 merge patch. 23965 items: 23966 type: string 23967 type: array 23968 required: 23969 - key 23970 - operator 23971 type: object 23972 type: array 23973 matchLabels: 23974 additionalProperties: 23975 type: string 23976 description: matchLabels is a map of {key,value} 23977 pairs. A single {key,value} in the matchLabels 23978 map is equivalent to an element of matchExpressions, 23979 whose key field is "key", the operator is 23980 "In", and the values array contains only "value". 23981 The requirements are ANDed. 23982 type: object 23983 type: object 23984 namespaceSelector: 23985 description: A label query over the set of namespaces 23986 that the term applies to. The term is applied 23987 to the union of the namespaces selected by this 23988 field and the ones listed in the namespaces field. 23989 null selector and null or empty namespaces list 23990 means "this pod's namespace". An empty selector 23991 ({}) matches all namespaces. 23992 properties: 23993 matchExpressions: 23994 description: matchExpressions is a list of label 23995 selector requirements. The requirements are 23996 ANDed. 23997 items: 23998 description: A label selector requirement 23999 is a selector that contains values, a key, 24000 and an operator that relates the key and 24001 values. 24002 properties: 24003 key: 24004 description: key is the label key that 24005 the selector applies to. 24006 type: string 24007 operator: 24008 description: operator represents a key's 24009 relationship to a set of values. Valid 24010 operators are In, NotIn, Exists and 24011 DoesNotExist. 24012 type: string 24013 values: 24014 description: values is an array of string 24015 values. If the operator is In or NotIn, 24016 the values array must be non-empty. 24017 If the operator is Exists or DoesNotExist, 24018 the values array must be empty. This 24019 array is replaced during a strategic 24020 merge patch. 24021 items: 24022 type: string 24023 type: array 24024 required: 24025 - key 24026 - operator 24027 type: object 24028 type: array 24029 matchLabels: 24030 additionalProperties: 24031 type: string 24032 description: matchLabels is a map of {key,value} 24033 pairs. A single {key,value} in the matchLabels 24034 map is equivalent to an element of matchExpressions, 24035 whose key field is "key", the operator is 24036 "In", and the values array contains only "value". 24037 The requirements are ANDed. 24038 type: object 24039 type: object 24040 namespaces: 24041 description: namespaces specifies a static list 24042 of namespace names that the term applies to. The 24043 term is applied to the union of the namespaces 24044 listed in this field and the ones selected by 24045 namespaceSelector. null or empty namespaces list 24046 and null namespaceSelector means "this pod's namespace". 24047 items: 24048 type: string 24049 type: array 24050 topologyKey: 24051 description: This pod should be co-located (affinity) 24052 or not co-located (anti-affinity) with the pods 24053 matching the labelSelector in the specified namespaces, 24054 where co-located is defined as running on a node 24055 whose value of the label with key topologyKey 24056 matches that of any node on which any of the selected 24057 pods is running. Empty topologyKey is not allowed. 24058 type: string 24059 required: 24060 - topologyKey 24061 type: object 24062 type: array 24063 type: object 24064 type: object 24065 automountServiceAccountToken: 24066 description: AutomountServiceAccountToken indicates whether a 24067 service account token should be automatically mounted. 24068 type: boolean 24069 containers: 24070 description: List of containers belonging to the pod. Containers 24071 cannot currently be added or removed. There must be at least 24072 one container in a Pod. Cannot be updated. 24073 items: 24074 description: A single application container that you want to 24075 run within a pod. 24076 properties: 24077 args: 24078 description: 'Arguments to the entrypoint. The container 24079 image''s CMD is used if this is not provided. Variable 24080 references $(VAR_NAME) are expanded using the container''s 24081 environment. If a variable cannot be resolved, the reference 24082 in the input string will be unchanged. Double $$ are reduced 24083 to a single $, which allows for escaping the $(VAR_NAME) 24084 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 24085 "$(VAR_NAME)". Escaped references will never be expanded, 24086 regardless of whether the variable exists or not. Cannot 24087 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 24088 items: 24089 type: string 24090 type: array 24091 command: 24092 description: 'Entrypoint array. Not executed within a shell. 24093 The container image''s ENTRYPOINT is used if this is not 24094 provided. Variable references $(VAR_NAME) are expanded 24095 using the container''s environment. If a variable cannot 24096 be resolved, the reference in the input string will be 24097 unchanged. Double $$ are reduced to a single $, which 24098 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 24099 will produce the string literal "$(VAR_NAME)". Escaped 24100 references will never be expanded, regardless of whether 24101 the variable exists or not. Cannot be updated. More info: 24102 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 24103 items: 24104 type: string 24105 type: array 24106 env: 24107 description: List of environment variables to set in the 24108 container. Cannot be updated. 24109 items: 24110 description: EnvVar represents an environment variable 24111 present in a Container. 24112 properties: 24113 name: 24114 description: Name of the environment variable. Must 24115 be a C_IDENTIFIER. 24116 type: string 24117 value: 24118 description: 'Variable references $(VAR_NAME) are 24119 expanded using the previously defined environment 24120 variables in the container and any service environment 24121 variables. If a variable cannot be resolved, the 24122 reference in the input string will be unchanged. 24123 Double $$ are reduced to a single $, which allows 24124 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 24125 will produce the string literal "$(VAR_NAME)". Escaped 24126 references will never be expanded, regardless of 24127 whether the variable exists or not. Defaults to 24128 "".' 24129 type: string 24130 valueFrom: 24131 description: Source for the environment variable's 24132 value. Cannot be used if value is not empty. 24133 properties: 24134 configMapKeyRef: 24135 description: Selects a key of a ConfigMap. 24136 properties: 24137 key: 24138 description: The key to select. 24139 type: string 24140 name: 24141 description: 'Name of the referent. More info: 24142 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 24143 TODO: Add other useful fields. apiVersion, 24144 kind, uid?' 24145 type: string 24146 optional: 24147 description: Specify whether the ConfigMap 24148 or its key must be defined 24149 type: boolean 24150 required: 24151 - key 24152 type: object 24153 fieldRef: 24154 description: 'Selects a field of the pod: supports 24155 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 24156 `metadata.annotations[''<KEY>'']`, spec.nodeName, 24157 spec.serviceAccountName, status.hostIP, status.podIP, 24158 status.podIPs.' 24159 properties: 24160 apiVersion: 24161 description: Version of the schema the FieldPath 24162 is written in terms of, defaults to "v1". 24163 type: string 24164 fieldPath: 24165 description: Path of the field to select in 24166 the specified API version. 24167 type: string 24168 required: 24169 - fieldPath 24170 type: object 24171 resourceFieldRef: 24172 description: 'Selects a resource of the container: 24173 only resources limits and requests (limits.cpu, 24174 limits.memory, limits.ephemeral-storage, requests.cpu, 24175 requests.memory and requests.ephemeral-storage) 24176 are currently supported.' 24177 properties: 24178 containerName: 24179 description: 'Container name: required for 24180 volumes, optional for env vars' 24181 type: string 24182 divisor: 24183 anyOf: 24184 - type: integer 24185 - type: string 24186 description: Specifies the output format of 24187 the exposed resources, defaults to "1" 24188 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 24189 x-kubernetes-int-or-string: true 24190 resource: 24191 description: 'Required: resource to select' 24192 type: string 24193 required: 24194 - resource 24195 type: object 24196 secretKeyRef: 24197 description: Selects a key of a secret in the 24198 pod's namespace 24199 properties: 24200 key: 24201 description: The key of the secret to select 24202 from. Must be a valid secret key. 24203 type: string 24204 name: 24205 description: 'Name of the referent. More info: 24206 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 24207 TODO: Add other useful fields. apiVersion, 24208 kind, uid?' 24209 type: string 24210 optional: 24211 description: Specify whether the Secret or 24212 its key must be defined 24213 type: boolean 24214 required: 24215 - key 24216 type: object 24217 type: object 24218 required: 24219 - name 24220 type: object 24221 type: array 24222 envFrom: 24223 description: List of sources to populate environment variables 24224 in the container. The keys defined within a source must 24225 be a C_IDENTIFIER. All invalid keys will be reported as 24226 an event when the container is starting. When a key exists 24227 in multiple sources, the value associated with the last 24228 source will take precedence. Values defined by an Env 24229 with a duplicate key will take precedence. Cannot be updated. 24230 items: 24231 description: EnvFromSource represents the source of a 24232 set of ConfigMaps 24233 properties: 24234 configMapRef: 24235 description: The ConfigMap to select from 24236 properties: 24237 name: 24238 description: 'Name of the referent. More info: 24239 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 24240 TODO: Add other useful fields. apiVersion, kind, 24241 uid?' 24242 type: string 24243 optional: 24244 description: Specify whether the ConfigMap must 24245 be defined 24246 type: boolean 24247 type: object 24248 prefix: 24249 description: An optional identifier to prepend to 24250 each key in the ConfigMap. Must be a C_IDENTIFIER. 24251 type: string 24252 secretRef: 24253 description: The Secret to select from 24254 properties: 24255 name: 24256 description: 'Name of the referent. More info: 24257 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 24258 TODO: Add other useful fields. apiVersion, kind, 24259 uid?' 24260 type: string 24261 optional: 24262 description: Specify whether the Secret must be 24263 defined 24264 type: boolean 24265 type: object 24266 type: object 24267 type: array 24268 image: 24269 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 24270 This field is optional to allow higher level config management 24271 to default or override container images in workload controllers 24272 like Deployments and StatefulSets.' 24273 type: string 24274 imagePullPolicy: 24275 description: 'Image pull policy. One of Always, Never, IfNotPresent. 24276 Defaults to Always if :latest tag is specified, or IfNotPresent 24277 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 24278 type: string 24279 lifecycle: 24280 description: Actions that the management system should take 24281 in response to container lifecycle events. Cannot be updated. 24282 properties: 24283 postStart: 24284 description: 'PostStart is called immediately after 24285 a container is created. If the handler fails, the 24286 container is terminated and restarted according to 24287 its restart policy. Other management of the container 24288 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 24289 properties: 24290 exec: 24291 description: Exec specifies the action to take. 24292 properties: 24293 command: 24294 description: Command is the command line to 24295 execute inside the container, the working 24296 directory for the command is root ('/') in 24297 the container's filesystem. The command is 24298 simply exec'd, it is not run inside a shell, 24299 so traditional shell instructions ('|', etc) 24300 won't work. To use a shell, you need to explicitly 24301 call out to that shell. Exit status of 0 is 24302 treated as live/healthy and non-zero is unhealthy. 24303 items: 24304 type: string 24305 type: array 24306 type: object 24307 httpGet: 24308 description: HTTPGet specifies the http request 24309 to perform. 24310 properties: 24311 host: 24312 description: Host name to connect to, defaults 24313 to the pod IP. You probably want to set "Host" 24314 in httpHeaders instead. 24315 type: string 24316 httpHeaders: 24317 description: Custom headers to set in the request. 24318 HTTP allows repeated headers. 24319 items: 24320 description: HTTPHeader describes a custom 24321 header to be used in HTTP probes 24322 properties: 24323 name: 24324 description: The header field name. This 24325 will be canonicalized upon output, so 24326 case-variant names will be understood 24327 as the same header. 24328 type: string 24329 value: 24330 description: The header field value 24331 type: string 24332 required: 24333 - name 24334 - value 24335 type: object 24336 type: array 24337 path: 24338 description: Path to access on the HTTP server. 24339 type: string 24340 port: 24341 anyOf: 24342 - type: integer 24343 - type: string 24344 description: Name or number of the port to access 24345 on the container. Number must be in the range 24346 1 to 65535. Name must be an IANA_SVC_NAME. 24347 x-kubernetes-int-or-string: true 24348 scheme: 24349 description: Scheme to use for connecting to 24350 the host. Defaults to HTTP. 24351 type: string 24352 required: 24353 - port 24354 type: object 24355 tcpSocket: 24356 description: Deprecated. TCPSocket is NOT supported 24357 as a LifecycleHandler and kept for the backward 24358 compatibility. There are no validation of this 24359 field and lifecycle hooks will fail in runtime 24360 when tcp handler is specified. 24361 properties: 24362 host: 24363 description: 'Optional: Host name to connect 24364 to, defaults to the pod IP.' 24365 type: string 24366 port: 24367 anyOf: 24368 - type: integer 24369 - type: string 24370 description: Number or name of the port to access 24371 on the container. Number must be in the range 24372 1 to 65535. Name must be an IANA_SVC_NAME. 24373 x-kubernetes-int-or-string: true 24374 required: 24375 - port 24376 type: object 24377 type: object 24378 preStop: 24379 description: 'PreStop is called immediately before a 24380 container is terminated due to an API request or management 24381 event such as liveness/startup probe failure, preemption, 24382 resource contention, etc. The handler is not called 24383 if the container crashes or exits. The Pod''s termination 24384 grace period countdown begins before the PreStop hook 24385 is executed. Regardless of the outcome of the handler, 24386 the container will eventually terminate within the 24387 Pod''s termination grace period (unless delayed by 24388 finalizers). Other management of the container blocks 24389 until the hook completes or until the termination 24390 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 24391 properties: 24392 exec: 24393 description: Exec specifies the action to take. 24394 properties: 24395 command: 24396 description: Command is the command line to 24397 execute inside the container, the working 24398 directory for the command is root ('/') in 24399 the container's filesystem. The command is 24400 simply exec'd, it is not run inside a shell, 24401 so traditional shell instructions ('|', etc) 24402 won't work. To use a shell, you need to explicitly 24403 call out to that shell. Exit status of 0 is 24404 treated as live/healthy and non-zero is unhealthy. 24405 items: 24406 type: string 24407 type: array 24408 type: object 24409 httpGet: 24410 description: HTTPGet specifies the http request 24411 to perform. 24412 properties: 24413 host: 24414 description: Host name to connect to, defaults 24415 to the pod IP. You probably want to set "Host" 24416 in httpHeaders instead. 24417 type: string 24418 httpHeaders: 24419 description: Custom headers to set in the request. 24420 HTTP allows repeated headers. 24421 items: 24422 description: HTTPHeader describes a custom 24423 header to be used in HTTP probes 24424 properties: 24425 name: 24426 description: The header field name. This 24427 will be canonicalized upon output, so 24428 case-variant names will be understood 24429 as the same header. 24430 type: string 24431 value: 24432 description: The header field value 24433 type: string 24434 required: 24435 - name 24436 - value 24437 type: object 24438 type: array 24439 path: 24440 description: Path to access on the HTTP server. 24441 type: string 24442 port: 24443 anyOf: 24444 - type: integer 24445 - type: string 24446 description: Name or number of the port to access 24447 on the container. Number must be in the range 24448 1 to 65535. Name must be an IANA_SVC_NAME. 24449 x-kubernetes-int-or-string: true 24450 scheme: 24451 description: Scheme to use for connecting to 24452 the host. Defaults to HTTP. 24453 type: string 24454 required: 24455 - port 24456 type: object 24457 tcpSocket: 24458 description: Deprecated. TCPSocket is NOT supported 24459 as a LifecycleHandler and kept for the backward 24460 compatibility. There are no validation of this 24461 field and lifecycle hooks will fail in runtime 24462 when tcp handler is specified. 24463 properties: 24464 host: 24465 description: 'Optional: Host name to connect 24466 to, defaults to the pod IP.' 24467 type: string 24468 port: 24469 anyOf: 24470 - type: integer 24471 - type: string 24472 description: Number or name of the port to access 24473 on the container. Number must be in the range 24474 1 to 65535. Name must be an IANA_SVC_NAME. 24475 x-kubernetes-int-or-string: true 24476 required: 24477 - port 24478 type: object 24479 type: object 24480 type: object 24481 livenessProbe: 24482 description: 'Periodic probe of container liveness. Container 24483 will be restarted if the probe fails. Cannot be updated. 24484 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24485 properties: 24486 exec: 24487 description: Exec specifies the action to take. 24488 properties: 24489 command: 24490 description: Command is the command line to execute 24491 inside the container, the working directory for 24492 the command is root ('/') in the container's 24493 filesystem. The command is simply exec'd, it is 24494 not run inside a shell, so traditional shell instructions 24495 ('|', etc) won't work. To use a shell, you need 24496 to explicitly call out to that shell. Exit status 24497 of 0 is treated as live/healthy and non-zero is 24498 unhealthy. 24499 items: 24500 type: string 24501 type: array 24502 type: object 24503 failureThreshold: 24504 description: Minimum consecutive failures for the probe 24505 to be considered failed after having succeeded. Defaults 24506 to 3. Minimum value is 1. 24507 format: int32 24508 type: integer 24509 grpc: 24510 description: GRPC specifies an action involving a GRPC 24511 port. 24512 properties: 24513 port: 24514 description: Port number of the gRPC service. Number 24515 must be in the range 1 to 65535. 24516 format: int32 24517 type: integer 24518 service: 24519 description: "Service is the name of the service 24520 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 24521 \n If this is not specified, the default behavior 24522 is defined by gRPC." 24523 type: string 24524 required: 24525 - port 24526 type: object 24527 httpGet: 24528 description: HTTPGet specifies the http request to perform. 24529 properties: 24530 host: 24531 description: Host name to connect to, defaults to 24532 the pod IP. You probably want to set "Host" in 24533 httpHeaders instead. 24534 type: string 24535 httpHeaders: 24536 description: Custom headers to set in the request. 24537 HTTP allows repeated headers. 24538 items: 24539 description: HTTPHeader describes a custom header 24540 to be used in HTTP probes 24541 properties: 24542 name: 24543 description: The header field name. This will 24544 be canonicalized upon output, so case-variant 24545 names will be understood as the same header. 24546 type: string 24547 value: 24548 description: The header field value 24549 type: string 24550 required: 24551 - name 24552 - value 24553 type: object 24554 type: array 24555 path: 24556 description: Path to access on the HTTP server. 24557 type: string 24558 port: 24559 anyOf: 24560 - type: integer 24561 - type: string 24562 description: Name or number of the port to access 24563 on the container. Number must be in the range 24564 1 to 65535. Name must be an IANA_SVC_NAME. 24565 x-kubernetes-int-or-string: true 24566 scheme: 24567 description: Scheme to use for connecting to the 24568 host. Defaults to HTTP. 24569 type: string 24570 required: 24571 - port 24572 type: object 24573 initialDelaySeconds: 24574 description: 'Number of seconds after the container 24575 has started before liveness probes are initiated. 24576 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24577 format: int32 24578 type: integer 24579 periodSeconds: 24580 description: How often (in seconds) to perform the probe. 24581 Default to 10 seconds. Minimum value is 1. 24582 format: int32 24583 type: integer 24584 successThreshold: 24585 description: Minimum consecutive successes for the probe 24586 to be considered successful after having failed. Defaults 24587 to 1. Must be 1 for liveness and startup. Minimum 24588 value is 1. 24589 format: int32 24590 type: integer 24591 tcpSocket: 24592 description: TCPSocket specifies an action involving 24593 a TCP port. 24594 properties: 24595 host: 24596 description: 'Optional: Host name to connect to, 24597 defaults to the pod IP.' 24598 type: string 24599 port: 24600 anyOf: 24601 - type: integer 24602 - type: string 24603 description: Number or name of the port to access 24604 on the container. Number must be in the range 24605 1 to 65535. Name must be an IANA_SVC_NAME. 24606 x-kubernetes-int-or-string: true 24607 required: 24608 - port 24609 type: object 24610 terminationGracePeriodSeconds: 24611 description: Optional duration in seconds the pod needs 24612 to terminate gracefully upon probe failure. The grace 24613 period is the duration in seconds after the processes 24614 running in the pod are sent a termination signal and 24615 the time when the processes are forcibly halted with 24616 a kill signal. Set this value longer than the expected 24617 cleanup time for your process. If this value is nil, 24618 the pod's terminationGracePeriodSeconds will be used. 24619 Otherwise, this value overrides the value provided 24620 by the pod spec. Value must be non-negative integer. 24621 The value zero indicates stop immediately via the 24622 kill signal (no opportunity to shut down). This is 24623 a beta field and requires enabling ProbeTerminationGracePeriod 24624 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 24625 is used if unset. 24626 format: int64 24627 type: integer 24628 timeoutSeconds: 24629 description: 'Number of seconds after which the probe 24630 times out. Defaults to 1 second. Minimum value is 24631 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24632 format: int32 24633 type: integer 24634 type: object 24635 name: 24636 description: Name of the container specified as a DNS_LABEL. 24637 Each container in a pod must have a unique name (DNS_LABEL). 24638 Cannot be updated. 24639 type: string 24640 ports: 24641 description: List of ports to expose from the container. 24642 Not specifying a port here DOES NOT prevent that port 24643 from being exposed. Any port which is listening on the 24644 default "0.0.0.0" address inside a container will be accessible 24645 from the network. Modifying this array with strategic 24646 merge patch may corrupt the data. For more information 24647 See https://github.com/kubernetes/kubernetes/issues/108255. 24648 Cannot be updated. 24649 items: 24650 description: ContainerPort represents a network port in 24651 a single container. 24652 properties: 24653 containerPort: 24654 description: Number of port to expose on the pod's 24655 IP address. This must be a valid port number, 0 24656 < x < 65536. 24657 format: int32 24658 type: integer 24659 hostIP: 24660 description: What host IP to bind the external port 24661 to. 24662 type: string 24663 hostPort: 24664 description: Number of port to expose on the host. 24665 If specified, this must be a valid port number, 24666 0 < x < 65536. If HostNetwork is specified, this 24667 must match ContainerPort. Most containers do not 24668 need this. 24669 format: int32 24670 type: integer 24671 name: 24672 description: If specified, this must be an IANA_SVC_NAME 24673 and unique within the pod. Each named port in a 24674 pod must have a unique name. Name for the port that 24675 can be referred to by services. 24676 type: string 24677 protocol: 24678 default: TCP 24679 description: Protocol for port. Must be UDP, TCP, 24680 or SCTP. Defaults to "TCP". 24681 type: string 24682 required: 24683 - containerPort 24684 type: object 24685 type: array 24686 x-kubernetes-list-map-keys: 24687 - containerPort 24688 - protocol 24689 x-kubernetes-list-type: map 24690 readinessProbe: 24691 description: 'Periodic probe of container service readiness. 24692 Container will be removed from service endpoints if the 24693 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24694 properties: 24695 exec: 24696 description: Exec specifies the action to take. 24697 properties: 24698 command: 24699 description: Command is the command line to execute 24700 inside the container, the working directory for 24701 the command is root ('/') in the container's 24702 filesystem. The command is simply exec'd, it is 24703 not run inside a shell, so traditional shell instructions 24704 ('|', etc) won't work. To use a shell, you need 24705 to explicitly call out to that shell. Exit status 24706 of 0 is treated as live/healthy and non-zero is 24707 unhealthy. 24708 items: 24709 type: string 24710 type: array 24711 type: object 24712 failureThreshold: 24713 description: Minimum consecutive failures for the probe 24714 to be considered failed after having succeeded. Defaults 24715 to 3. Minimum value is 1. 24716 format: int32 24717 type: integer 24718 grpc: 24719 description: GRPC specifies an action involving a GRPC 24720 port. 24721 properties: 24722 port: 24723 description: Port number of the gRPC service. Number 24724 must be in the range 1 to 65535. 24725 format: int32 24726 type: integer 24727 service: 24728 description: "Service is the name of the service 24729 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 24730 \n If this is not specified, the default behavior 24731 is defined by gRPC." 24732 type: string 24733 required: 24734 - port 24735 type: object 24736 httpGet: 24737 description: HTTPGet specifies the http request to perform. 24738 properties: 24739 host: 24740 description: Host name to connect to, defaults to 24741 the pod IP. You probably want to set "Host" in 24742 httpHeaders instead. 24743 type: string 24744 httpHeaders: 24745 description: Custom headers to set in the request. 24746 HTTP allows repeated headers. 24747 items: 24748 description: HTTPHeader describes a custom header 24749 to be used in HTTP probes 24750 properties: 24751 name: 24752 description: The header field name. This will 24753 be canonicalized upon output, so case-variant 24754 names will be understood as the same header. 24755 type: string 24756 value: 24757 description: The header field value 24758 type: string 24759 required: 24760 - name 24761 - value 24762 type: object 24763 type: array 24764 path: 24765 description: Path to access on the HTTP server. 24766 type: string 24767 port: 24768 anyOf: 24769 - type: integer 24770 - type: string 24771 description: Name or number of the port to access 24772 on the container. Number must be in the range 24773 1 to 65535. Name must be an IANA_SVC_NAME. 24774 x-kubernetes-int-or-string: true 24775 scheme: 24776 description: Scheme to use for connecting to the 24777 host. Defaults to HTTP. 24778 type: string 24779 required: 24780 - port 24781 type: object 24782 initialDelaySeconds: 24783 description: 'Number of seconds after the container 24784 has started before liveness probes are initiated. 24785 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24786 format: int32 24787 type: integer 24788 periodSeconds: 24789 description: How often (in seconds) to perform the probe. 24790 Default to 10 seconds. Minimum value is 1. 24791 format: int32 24792 type: integer 24793 successThreshold: 24794 description: Minimum consecutive successes for the probe 24795 to be considered successful after having failed. Defaults 24796 to 1. Must be 1 for liveness and startup. Minimum 24797 value is 1. 24798 format: int32 24799 type: integer 24800 tcpSocket: 24801 description: TCPSocket specifies an action involving 24802 a TCP port. 24803 properties: 24804 host: 24805 description: 'Optional: Host name to connect to, 24806 defaults to the pod IP.' 24807 type: string 24808 port: 24809 anyOf: 24810 - type: integer 24811 - type: string 24812 description: Number or name of the port to access 24813 on the container. Number must be in the range 24814 1 to 65535. Name must be an IANA_SVC_NAME. 24815 x-kubernetes-int-or-string: true 24816 required: 24817 - port 24818 type: object 24819 terminationGracePeriodSeconds: 24820 description: Optional duration in seconds the pod needs 24821 to terminate gracefully upon probe failure. The grace 24822 period is the duration in seconds after the processes 24823 running in the pod are sent a termination signal and 24824 the time when the processes are forcibly halted with 24825 a kill signal. Set this value longer than the expected 24826 cleanup time for your process. If this value is nil, 24827 the pod's terminationGracePeriodSeconds will be used. 24828 Otherwise, this value overrides the value provided 24829 by the pod spec. Value must be non-negative integer. 24830 The value zero indicates stop immediately via the 24831 kill signal (no opportunity to shut down). This is 24832 a beta field and requires enabling ProbeTerminationGracePeriod 24833 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 24834 is used if unset. 24835 format: int64 24836 type: integer 24837 timeoutSeconds: 24838 description: 'Number of seconds after which the probe 24839 times out. Defaults to 1 second. Minimum value is 24840 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 24841 format: int32 24842 type: integer 24843 type: object 24844 resizePolicy: 24845 description: Resources resize policy for the container. 24846 items: 24847 description: ContainerResizePolicy represents resource 24848 resize policy for the container. 24849 properties: 24850 resourceName: 24851 description: 'Name of the resource to which this resource 24852 resize policy applies. Supported values: cpu, memory.' 24853 type: string 24854 restartPolicy: 24855 description: Restart policy to apply when specified 24856 resource is resized. If not specified, it defaults 24857 to NotRequired. 24858 type: string 24859 required: 24860 - resourceName 24861 - restartPolicy 24862 type: object 24863 type: array 24864 x-kubernetes-list-type: atomic 24865 resources: 24866 description: 'Compute Resources required by this container. 24867 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 24868 properties: 24869 claims: 24870 description: "Claims lists the names of resources, defined 24871 in spec.resourceClaims, that are used by this container. 24872 \n This is an alpha field and requires enabling the 24873 DynamicResourceAllocation feature gate. \n This field 24874 is immutable. It can only be set for containers." 24875 items: 24876 description: ResourceClaim references one entry in 24877 PodSpec.ResourceClaims. 24878 properties: 24879 name: 24880 description: Name must match the name of one entry 24881 in pod.spec.resourceClaims of the Pod where 24882 this field is used. It makes that resource available 24883 inside a container. 24884 type: string 24885 required: 24886 - name 24887 type: object 24888 type: array 24889 x-kubernetes-list-map-keys: 24890 - name 24891 x-kubernetes-list-type: map 24892 limits: 24893 additionalProperties: 24894 anyOf: 24895 - type: integer 24896 - type: string 24897 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 24898 x-kubernetes-int-or-string: true 24899 description: 'Limits describes the maximum amount of 24900 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 24901 type: object 24902 requests: 24903 additionalProperties: 24904 anyOf: 24905 - type: integer 24906 - type: string 24907 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 24908 x-kubernetes-int-or-string: true 24909 description: 'Requests describes the minimum amount 24910 of compute resources required. If Requests is omitted 24911 for a container, it defaults to Limits if that is 24912 explicitly specified, otherwise to an implementation-defined 24913 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 24914 type: object 24915 type: object 24916 restartPolicy: 24917 description: 'RestartPolicy defines the restart behavior 24918 of individual containers in a pod. This field may only 24919 be set for init containers, and the only allowed value 24920 is "Always". For non-init containers or when this field 24921 is not specified, the restart behavior is defined by the 24922 Pod''s restart policy and the container type. Setting 24923 the RestartPolicy as "Always" for the init container will 24924 have the following effect: this init container will be 24925 continually restarted on exit until all regular containers 24926 have terminated. Once all regular containers have completed, 24927 all init containers with restartPolicy "Always" will be 24928 shut down. This lifecycle differs from normal init containers 24929 and is often referred to as a "sidecar" container. Although 24930 this init container still starts in the init container 24931 sequence, it does not wait for the container to complete 24932 before proceeding to the next init container. Instead, 24933 the next init container starts immediately after this 24934 init container is started, or after any startupProbe has 24935 successfully completed.' 24936 type: string 24937 securityContext: 24938 description: 'SecurityContext defines the security options 24939 the container should be run with. If set, the fields of 24940 SecurityContext override the equivalent fields of PodSecurityContext. 24941 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 24942 properties: 24943 allowPrivilegeEscalation: 24944 description: 'AllowPrivilegeEscalation controls whether 24945 a process can gain more privileges than its parent 24946 process. This bool directly controls if the no_new_privs 24947 flag will be set on the container process. AllowPrivilegeEscalation 24948 is true always when the container is: 1) run as Privileged 24949 2) has CAP_SYS_ADMIN Note that this field cannot be 24950 set when spec.os.name is windows.' 24951 type: boolean 24952 capabilities: 24953 description: The capabilities to add/drop when running 24954 containers. Defaults to the default set of capabilities 24955 granted by the container runtime. Note that this field 24956 cannot be set when spec.os.name is windows. 24957 properties: 24958 add: 24959 description: Added capabilities 24960 items: 24961 description: Capability represent POSIX capabilities 24962 type 24963 type: string 24964 type: array 24965 drop: 24966 description: Removed capabilities 24967 items: 24968 description: Capability represent POSIX capabilities 24969 type 24970 type: string 24971 type: array 24972 type: object 24973 privileged: 24974 description: Run container in privileged mode. Processes 24975 in privileged containers are essentially equivalent 24976 to root on the host. Defaults to false. Note that 24977 this field cannot be set when spec.os.name is windows. 24978 type: boolean 24979 procMount: 24980 description: procMount denotes the type of proc mount 24981 to use for the containers. The default is DefaultProcMount 24982 which uses the container runtime defaults for readonly 24983 paths and masked paths. This requires the ProcMountType 24984 feature flag to be enabled. Note that this field cannot 24985 be set when spec.os.name is windows. 24986 type: string 24987 readOnlyRootFilesystem: 24988 description: Whether this container has a read-only 24989 root filesystem. Default is false. Note that this 24990 field cannot be set when spec.os.name is windows. 24991 type: boolean 24992 runAsGroup: 24993 description: The GID to run the entrypoint of the container 24994 process. Uses runtime default if unset. May also be 24995 set in PodSecurityContext. If set in both SecurityContext 24996 and PodSecurityContext, the value specified in SecurityContext 24997 takes precedence. Note that this field cannot be set 24998 when spec.os.name is windows. 24999 format: int64 25000 type: integer 25001 runAsNonRoot: 25002 description: Indicates that the container must run as 25003 a non-root user. If true, the Kubelet will validate 25004 the image at runtime to ensure that it does not run 25005 as UID 0 (root) and fail to start the container if 25006 it does. If unset or false, no such validation will 25007 be performed. May also be set in PodSecurityContext. If 25008 set in both SecurityContext and PodSecurityContext, 25009 the value specified in SecurityContext takes precedence. 25010 type: boolean 25011 runAsUser: 25012 description: The UID to run the entrypoint of the container 25013 process. Defaults to user specified in image metadata 25014 if unspecified. May also be set in PodSecurityContext. If 25015 set in both SecurityContext and PodSecurityContext, 25016 the value specified in SecurityContext takes precedence. 25017 Note that this field cannot be set when spec.os.name 25018 is windows. 25019 format: int64 25020 type: integer 25021 seLinuxOptions: 25022 description: The SELinux context to be applied to the 25023 container. If unspecified, the container runtime will 25024 allocate a random SELinux context for each container. May 25025 also be set in PodSecurityContext. If set in both 25026 SecurityContext and PodSecurityContext, the value 25027 specified in SecurityContext takes precedence. Note 25028 that this field cannot be set when spec.os.name is 25029 windows. 25030 properties: 25031 level: 25032 description: Level is SELinux level label that applies 25033 to the container. 25034 type: string 25035 role: 25036 description: Role is a SELinux role label that applies 25037 to the container. 25038 type: string 25039 type: 25040 description: Type is a SELinux type label that applies 25041 to the container. 25042 type: string 25043 user: 25044 description: User is a SELinux user label that applies 25045 to the container. 25046 type: string 25047 type: object 25048 seccompProfile: 25049 description: The seccomp options to use by this container. 25050 If seccomp options are provided at both the pod & 25051 container level, the container options override the 25052 pod options. Note that this field cannot be set when 25053 spec.os.name is windows. 25054 properties: 25055 localhostProfile: 25056 description: localhostProfile indicates a profile 25057 defined in a file on the node should be used. 25058 The profile must be preconfigured on the node 25059 to work. Must be a descending path, relative to 25060 the kubelet's configured seccomp profile location. 25061 Must be set if type is "Localhost". Must NOT be 25062 set for any other type. 25063 type: string 25064 type: 25065 description: "type indicates which kind of seccomp 25066 profile will be applied. Valid options are: \n 25067 Localhost - a profile defined in a file on the 25068 node should be used. RuntimeDefault - the container 25069 runtime default profile should be used. Unconfined 25070 - no profile should be applied." 25071 type: string 25072 required: 25073 - type 25074 type: object 25075 windowsOptions: 25076 description: The Windows specific settings applied to 25077 all containers. If unspecified, the options from the 25078 PodSecurityContext will be used. If set in both SecurityContext 25079 and PodSecurityContext, the value specified in SecurityContext 25080 takes precedence. Note that this field cannot be set 25081 when spec.os.name is linux. 25082 properties: 25083 gmsaCredentialSpec: 25084 description: GMSACredentialSpec is where the GMSA 25085 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 25086 inlines the contents of the GMSA credential spec 25087 named by the GMSACredentialSpecName field. 25088 type: string 25089 gmsaCredentialSpecName: 25090 description: GMSACredentialSpecName is the name 25091 of the GMSA credential spec to use. 25092 type: string 25093 hostProcess: 25094 description: HostProcess determines if a container 25095 should be run as a 'Host Process' container. All 25096 of a Pod's containers must have the same effective 25097 HostProcess value (it is not allowed to have a 25098 mix of HostProcess containers and non-HostProcess 25099 containers). In addition, if HostProcess is true 25100 then HostNetwork must also be set to true. 25101 type: boolean 25102 runAsUserName: 25103 description: The UserName in Windows to run the 25104 entrypoint of the container process. Defaults 25105 to the user specified in image metadata if unspecified. 25106 May also be set in PodSecurityContext. If set 25107 in both SecurityContext and PodSecurityContext, 25108 the value specified in SecurityContext takes precedence. 25109 type: string 25110 type: object 25111 type: object 25112 startupProbe: 25113 description: 'StartupProbe indicates that the Pod has successfully 25114 initialized. If specified, no other probes are executed 25115 until this completes successfully. If this probe fails, 25116 the Pod will be restarted, just as if the livenessProbe 25117 failed. This can be used to provide different probe parameters 25118 at the beginning of a Pod''s lifecycle, when it might 25119 take a long time to load data or warm a cache, than during 25120 steady-state operation. This cannot be updated. More info: 25121 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 25122 properties: 25123 exec: 25124 description: Exec specifies the action to take. 25125 properties: 25126 command: 25127 description: Command is the command line to execute 25128 inside the container, the working directory for 25129 the command is root ('/') in the container's 25130 filesystem. The command is simply exec'd, it is 25131 not run inside a shell, so traditional shell instructions 25132 ('|', etc) won't work. To use a shell, you need 25133 to explicitly call out to that shell. Exit status 25134 of 0 is treated as live/healthy and non-zero is 25135 unhealthy. 25136 items: 25137 type: string 25138 type: array 25139 type: object 25140 failureThreshold: 25141 description: Minimum consecutive failures for the probe 25142 to be considered failed after having succeeded. Defaults 25143 to 3. Minimum value is 1. 25144 format: int32 25145 type: integer 25146 grpc: 25147 description: GRPC specifies an action involving a GRPC 25148 port. 25149 properties: 25150 port: 25151 description: Port number of the gRPC service. Number 25152 must be in the range 1 to 65535. 25153 format: int32 25154 type: integer 25155 service: 25156 description: "Service is the name of the service 25157 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 25158 \n If this is not specified, the default behavior 25159 is defined by gRPC." 25160 type: string 25161 required: 25162 - port 25163 type: object 25164 httpGet: 25165 description: HTTPGet specifies the http request to perform. 25166 properties: 25167 host: 25168 description: Host name to connect to, defaults to 25169 the pod IP. You probably want to set "Host" in 25170 httpHeaders instead. 25171 type: string 25172 httpHeaders: 25173 description: Custom headers to set in the request. 25174 HTTP allows repeated headers. 25175 items: 25176 description: HTTPHeader describes a custom header 25177 to be used in HTTP probes 25178 properties: 25179 name: 25180 description: The header field name. This will 25181 be canonicalized upon output, so case-variant 25182 names will be understood as the same header. 25183 type: string 25184 value: 25185 description: The header field value 25186 type: string 25187 required: 25188 - name 25189 - value 25190 type: object 25191 type: array 25192 path: 25193 description: Path to access on the HTTP server. 25194 type: string 25195 port: 25196 anyOf: 25197 - type: integer 25198 - type: string 25199 description: Name or number of the port to access 25200 on the container. Number must be in the range 25201 1 to 65535. Name must be an IANA_SVC_NAME. 25202 x-kubernetes-int-or-string: true 25203 scheme: 25204 description: Scheme to use for connecting to the 25205 host. Defaults to HTTP. 25206 type: string 25207 required: 25208 - port 25209 type: object 25210 initialDelaySeconds: 25211 description: 'Number of seconds after the container 25212 has started before liveness probes are initiated. 25213 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 25214 format: int32 25215 type: integer 25216 periodSeconds: 25217 description: How often (in seconds) to perform the probe. 25218 Default to 10 seconds. Minimum value is 1. 25219 format: int32 25220 type: integer 25221 successThreshold: 25222 description: Minimum consecutive successes for the probe 25223 to be considered successful after having failed. Defaults 25224 to 1. Must be 1 for liveness and startup. Minimum 25225 value is 1. 25226 format: int32 25227 type: integer 25228 tcpSocket: 25229 description: TCPSocket specifies an action involving 25230 a TCP port. 25231 properties: 25232 host: 25233 description: 'Optional: Host name to connect to, 25234 defaults to the pod IP.' 25235 type: string 25236 port: 25237 anyOf: 25238 - type: integer 25239 - type: string 25240 description: Number or name of the port to access 25241 on the container. Number must be in the range 25242 1 to 65535. Name must be an IANA_SVC_NAME. 25243 x-kubernetes-int-or-string: true 25244 required: 25245 - port 25246 type: object 25247 terminationGracePeriodSeconds: 25248 description: Optional duration in seconds the pod needs 25249 to terminate gracefully upon probe failure. The grace 25250 period is the duration in seconds after the processes 25251 running in the pod are sent a termination signal and 25252 the time when the processes are forcibly halted with 25253 a kill signal. Set this value longer than the expected 25254 cleanup time for your process. If this value is nil, 25255 the pod's terminationGracePeriodSeconds will be used. 25256 Otherwise, this value overrides the value provided 25257 by the pod spec. Value must be non-negative integer. 25258 The value zero indicates stop immediately via the 25259 kill signal (no opportunity to shut down). This is 25260 a beta field and requires enabling ProbeTerminationGracePeriod 25261 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 25262 is used if unset. 25263 format: int64 25264 type: integer 25265 timeoutSeconds: 25266 description: 'Number of seconds after which the probe 25267 times out. Defaults to 1 second. Minimum value is 25268 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 25269 format: int32 25270 type: integer 25271 type: object 25272 stdin: 25273 description: Whether this container should allocate a buffer 25274 for stdin in the container runtime. If this is not set, 25275 reads from stdin in the container will always result in 25276 EOF. Default is false. 25277 type: boolean 25278 stdinOnce: 25279 description: Whether the container runtime should close 25280 the stdin channel after it has been opened by a single 25281 attach. When stdin is true the stdin stream will remain 25282 open across multiple attach sessions. If stdinOnce is 25283 set to true, stdin is opened on container start, is empty 25284 until the first client attaches to stdin, and then remains 25285 open and accepts data until the client disconnects, at 25286 which time stdin is closed and remains closed until the 25287 container is restarted. If this flag is false, a container 25288 processes that reads from stdin will never receive an 25289 EOF. Default is false 25290 type: boolean 25291 terminationMessagePath: 25292 description: 'Optional: Path at which the file to which 25293 the container''s termination message will be written is 25294 mounted into the container''s filesystem. Message written 25295 is intended to be brief final status, such as an assertion 25296 failure message. Will be truncated by the node if greater 25297 than 4096 bytes. The total message length across all containers 25298 will be limited to 12kb. Defaults to /dev/termination-log. 25299 Cannot be updated.' 25300 type: string 25301 terminationMessagePolicy: 25302 description: Indicate how the termination message should 25303 be populated. File will use the contents of terminationMessagePath 25304 to populate the container status message on both success 25305 and failure. FallbackToLogsOnError will use the last chunk 25306 of container log output if the termination message file 25307 is empty and the container exited with an error. The log 25308 output is limited to 2048 bytes or 80 lines, whichever 25309 is smaller. Defaults to File. Cannot be updated. 25310 type: string 25311 tty: 25312 description: Whether this container should allocate a TTY 25313 for itself, also requires 'stdin' to be true. Default 25314 is false. 25315 type: boolean 25316 volumeDevices: 25317 description: volumeDevices is the list of block devices 25318 to be used by the container. 25319 items: 25320 description: volumeDevice describes a mapping of a raw 25321 block device within a container. 25322 properties: 25323 devicePath: 25324 description: devicePath is the path inside of the 25325 container that the device will be mapped to. 25326 type: string 25327 name: 25328 description: name must match the name of a persistentVolumeClaim 25329 in the pod 25330 type: string 25331 required: 25332 - devicePath 25333 - name 25334 type: object 25335 type: array 25336 volumeMounts: 25337 description: Pod volumes to mount into the container's filesystem. 25338 Cannot be updated. 25339 items: 25340 description: VolumeMount describes a mounting of a Volume 25341 within a container. 25342 properties: 25343 mountPath: 25344 description: Path within the container at which the 25345 volume should be mounted. Must not contain ':'. 25346 type: string 25347 mountPropagation: 25348 description: mountPropagation determines how mounts 25349 are propagated from the host to container and the 25350 other way around. When not set, MountPropagationNone 25351 is used. This field is beta in 1.10. 25352 type: string 25353 name: 25354 description: This must match the Name of a Volume. 25355 type: string 25356 readOnly: 25357 description: Mounted read-only if true, read-write 25358 otherwise (false or unspecified). Defaults to false. 25359 type: boolean 25360 subPath: 25361 description: Path within the volume from which the 25362 container's volume should be mounted. Defaults to 25363 "" (volume's root). 25364 type: string 25365 subPathExpr: 25366 description: Expanded path within the volume from 25367 which the container's volume should be mounted. 25368 Behaves similarly to SubPath but environment variable 25369 references $(VAR_NAME) are expanded using the container's 25370 environment. Defaults to "" (volume's root). SubPathExpr 25371 and SubPath are mutually exclusive. 25372 type: string 25373 required: 25374 - mountPath 25375 - name 25376 type: object 25377 type: array 25378 workingDir: 25379 description: Container's working directory. If not specified, 25380 the container runtime's default will be used, which might 25381 be configured in the container image. Cannot be updated. 25382 type: string 25383 required: 25384 - name 25385 type: object 25386 type: array 25387 dnsConfig: 25388 description: Specifies the DNS parameters of a pod. Parameters 25389 specified here will be merged to the generated DNS configuration 25390 based on DNSPolicy. 25391 properties: 25392 nameservers: 25393 description: A list of DNS name server IP addresses. This 25394 will be appended to the base nameservers generated from 25395 DNSPolicy. Duplicated nameservers will be removed. 25396 items: 25397 type: string 25398 type: array 25399 options: 25400 description: A list of DNS resolver options. This will be 25401 merged with the base options generated from DNSPolicy. Duplicated 25402 entries will be removed. Resolution options given in Options 25403 will override those that appear in the base DNSPolicy. 25404 items: 25405 description: PodDNSConfigOption defines DNS resolver options 25406 of a pod. 25407 properties: 25408 name: 25409 description: Required. 25410 type: string 25411 value: 25412 type: string 25413 type: object 25414 type: array 25415 searches: 25416 description: A list of DNS search domains for host-name lookup. 25417 This will be appended to the base search paths generated 25418 from DNSPolicy. Duplicated search paths will be removed. 25419 items: 25420 type: string 25421 type: array 25422 type: object 25423 dnsPolicy: 25424 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 25425 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 25426 'Default' or 'None'. DNS parameters given in DNSConfig will 25427 be merged with the policy selected with DNSPolicy. To have DNS 25428 options set along with hostNetwork, you have to specify DNS 25429 policy explicitly to 'ClusterFirstWithHostNet'. 25430 type: string 25431 enableServiceLinks: 25432 description: 'EnableServiceLinks indicates whether information 25433 about services should be injected into pod''s environment variables, 25434 matching the syntax of Docker links. Optional: Defaults to true.' 25435 type: boolean 25436 ephemeralContainers: 25437 description: List of ephemeral containers run in this pod. Ephemeral 25438 containers may be run in an existing pod to perform user-initiated 25439 actions such as debugging. This list cannot be specified when 25440 creating a pod, and it cannot be modified by updating the pod 25441 spec. In order to add an ephemeral container to an existing 25442 pod, use the pod's ephemeralcontainers subresource. 25443 items: 25444 description: "An EphemeralContainer is a temporary container 25445 that you may add to an existing Pod for user-initiated activities 25446 such as debugging. Ephemeral containers have no resource or 25447 scheduling guarantees, and they will not be restarted when 25448 they exit or when a Pod is removed or restarted. The kubelet 25449 may evict a Pod if an ephemeral container causes the Pod to 25450 exceed its resource allocation. \n To add an ephemeral container, 25451 use the ephemeralcontainers subresource of an existing Pod. 25452 Ephemeral containers may not be removed or restarted." 25453 properties: 25454 args: 25455 description: 'Arguments to the entrypoint. The image''s 25456 CMD is used if this is not provided. Variable references 25457 $(VAR_NAME) are expanded using the container''s environment. 25458 If a variable cannot be resolved, the reference in the 25459 input string will be unchanged. Double $$ are reduced 25460 to a single $, which allows for escaping the $(VAR_NAME) 25461 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 25462 "$(VAR_NAME)". Escaped references will never be expanded, 25463 regardless of whether the variable exists or not. Cannot 25464 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 25465 items: 25466 type: string 25467 type: array 25468 command: 25469 description: 'Entrypoint array. Not executed within a shell. 25470 The image''s ENTRYPOINT is used if this is not provided. 25471 Variable references $(VAR_NAME) are expanded using the 25472 container''s environment. If a variable cannot be resolved, 25473 the reference in the input string will be unchanged. Double 25474 $$ are reduced to a single $, which allows for escaping 25475 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce 25476 the string literal "$(VAR_NAME)". Escaped references will 25477 never be expanded, regardless of whether the variable 25478 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 25479 items: 25480 type: string 25481 type: array 25482 env: 25483 description: List of environment variables to set in the 25484 container. Cannot be updated. 25485 items: 25486 description: EnvVar represents an environment variable 25487 present in a Container. 25488 properties: 25489 name: 25490 description: Name of the environment variable. Must 25491 be a C_IDENTIFIER. 25492 type: string 25493 value: 25494 description: 'Variable references $(VAR_NAME) are 25495 expanded using the previously defined environment 25496 variables in the container and any service environment 25497 variables. If a variable cannot be resolved, the 25498 reference in the input string will be unchanged. 25499 Double $$ are reduced to a single $, which allows 25500 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 25501 will produce the string literal "$(VAR_NAME)". Escaped 25502 references will never be expanded, regardless of 25503 whether the variable exists or not. Defaults to 25504 "".' 25505 type: string 25506 valueFrom: 25507 description: Source for the environment variable's 25508 value. Cannot be used if value is not empty. 25509 properties: 25510 configMapKeyRef: 25511 description: Selects a key of a ConfigMap. 25512 properties: 25513 key: 25514 description: The key to select. 25515 type: string 25516 name: 25517 description: 'Name of the referent. More info: 25518 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 25519 TODO: Add other useful fields. apiVersion, 25520 kind, uid?' 25521 type: string 25522 optional: 25523 description: Specify whether the ConfigMap 25524 or its key must be defined 25525 type: boolean 25526 required: 25527 - key 25528 type: object 25529 fieldRef: 25530 description: 'Selects a field of the pod: supports 25531 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 25532 `metadata.annotations[''<KEY>'']`, spec.nodeName, 25533 spec.serviceAccountName, status.hostIP, status.podIP, 25534 status.podIPs.' 25535 properties: 25536 apiVersion: 25537 description: Version of the schema the FieldPath 25538 is written in terms of, defaults to "v1". 25539 type: string 25540 fieldPath: 25541 description: Path of the field to select in 25542 the specified API version. 25543 type: string 25544 required: 25545 - fieldPath 25546 type: object 25547 resourceFieldRef: 25548 description: 'Selects a resource of the container: 25549 only resources limits and requests (limits.cpu, 25550 limits.memory, limits.ephemeral-storage, requests.cpu, 25551 requests.memory and requests.ephemeral-storage) 25552 are currently supported.' 25553 properties: 25554 containerName: 25555 description: 'Container name: required for 25556 volumes, optional for env vars' 25557 type: string 25558 divisor: 25559 anyOf: 25560 - type: integer 25561 - type: string 25562 description: Specifies the output format of 25563 the exposed resources, defaults to "1" 25564 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 25565 x-kubernetes-int-or-string: true 25566 resource: 25567 description: 'Required: resource to select' 25568 type: string 25569 required: 25570 - resource 25571 type: object 25572 secretKeyRef: 25573 description: Selects a key of a secret in the 25574 pod's namespace 25575 properties: 25576 key: 25577 description: The key of the secret to select 25578 from. Must be a valid secret key. 25579 type: string 25580 name: 25581 description: 'Name of the referent. More info: 25582 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 25583 TODO: Add other useful fields. apiVersion, 25584 kind, uid?' 25585 type: string 25586 optional: 25587 description: Specify whether the Secret or 25588 its key must be defined 25589 type: boolean 25590 required: 25591 - key 25592 type: object 25593 type: object 25594 required: 25595 - name 25596 type: object 25597 type: array 25598 envFrom: 25599 description: List of sources to populate environment variables 25600 in the container. The keys defined within a source must 25601 be a C_IDENTIFIER. All invalid keys will be reported as 25602 an event when the container is starting. When a key exists 25603 in multiple sources, the value associated with the last 25604 source will take precedence. Values defined by an Env 25605 with a duplicate key will take precedence. Cannot be updated. 25606 items: 25607 description: EnvFromSource represents the source of a 25608 set of ConfigMaps 25609 properties: 25610 configMapRef: 25611 description: The ConfigMap to select from 25612 properties: 25613 name: 25614 description: 'Name of the referent. More info: 25615 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 25616 TODO: Add other useful fields. apiVersion, kind, 25617 uid?' 25618 type: string 25619 optional: 25620 description: Specify whether the ConfigMap must 25621 be defined 25622 type: boolean 25623 type: object 25624 prefix: 25625 description: An optional identifier to prepend to 25626 each key in the ConfigMap. Must be a C_IDENTIFIER. 25627 type: string 25628 secretRef: 25629 description: The Secret to select from 25630 properties: 25631 name: 25632 description: 'Name of the referent. More info: 25633 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 25634 TODO: Add other useful fields. apiVersion, kind, 25635 uid?' 25636 type: string 25637 optional: 25638 description: Specify whether the Secret must be 25639 defined 25640 type: boolean 25641 type: object 25642 type: object 25643 type: array 25644 image: 25645 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' 25646 type: string 25647 imagePullPolicy: 25648 description: 'Image pull policy. One of Always, Never, IfNotPresent. 25649 Defaults to Always if :latest tag is specified, or IfNotPresent 25650 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 25651 type: string 25652 lifecycle: 25653 description: Lifecycle is not allowed for ephemeral containers. 25654 properties: 25655 postStart: 25656 description: 'PostStart is called immediately after 25657 a container is created. If the handler fails, the 25658 container is terminated and restarted according to 25659 its restart policy. Other management of the container 25660 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 25661 properties: 25662 exec: 25663 description: Exec specifies the action to take. 25664 properties: 25665 command: 25666 description: Command is the command line to 25667 execute inside the container, the working 25668 directory for the command is root ('/') in 25669 the container's filesystem. The command is 25670 simply exec'd, it is not run inside a shell, 25671 so traditional shell instructions ('|', etc) 25672 won't work. To use a shell, you need to explicitly 25673 call out to that shell. Exit status of 0 is 25674 treated as live/healthy and non-zero is unhealthy. 25675 items: 25676 type: string 25677 type: array 25678 type: object 25679 httpGet: 25680 description: HTTPGet specifies the http request 25681 to perform. 25682 properties: 25683 host: 25684 description: Host name to connect to, defaults 25685 to the pod IP. You probably want to set "Host" 25686 in httpHeaders instead. 25687 type: string 25688 httpHeaders: 25689 description: Custom headers to set in the request. 25690 HTTP allows repeated headers. 25691 items: 25692 description: HTTPHeader describes a custom 25693 header to be used in HTTP probes 25694 properties: 25695 name: 25696 description: The header field name. This 25697 will be canonicalized upon output, so 25698 case-variant names will be understood 25699 as the same header. 25700 type: string 25701 value: 25702 description: The header field value 25703 type: string 25704 required: 25705 - name 25706 - value 25707 type: object 25708 type: array 25709 path: 25710 description: Path to access on the HTTP server. 25711 type: string 25712 port: 25713 anyOf: 25714 - type: integer 25715 - type: string 25716 description: Name or number of the port to access 25717 on the container. Number must be in the range 25718 1 to 65535. Name must be an IANA_SVC_NAME. 25719 x-kubernetes-int-or-string: true 25720 scheme: 25721 description: Scheme to use for connecting to 25722 the host. Defaults to HTTP. 25723 type: string 25724 required: 25725 - port 25726 type: object 25727 tcpSocket: 25728 description: Deprecated. TCPSocket is NOT supported 25729 as a LifecycleHandler and kept for the backward 25730 compatibility. There are no validation of this 25731 field and lifecycle hooks will fail in runtime 25732 when tcp handler is specified. 25733 properties: 25734 host: 25735 description: 'Optional: Host name to connect 25736 to, defaults to the pod IP.' 25737 type: string 25738 port: 25739 anyOf: 25740 - type: integer 25741 - type: string 25742 description: Number or name of the port to access 25743 on the container. Number must be in the range 25744 1 to 65535. Name must be an IANA_SVC_NAME. 25745 x-kubernetes-int-or-string: true 25746 required: 25747 - port 25748 type: object 25749 type: object 25750 preStop: 25751 description: 'PreStop is called immediately before a 25752 container is terminated due to an API request or management 25753 event such as liveness/startup probe failure, preemption, 25754 resource contention, etc. The handler is not called 25755 if the container crashes or exits. The Pod''s termination 25756 grace period countdown begins before the PreStop hook 25757 is executed. Regardless of the outcome of the handler, 25758 the container will eventually terminate within the 25759 Pod''s termination grace period (unless delayed by 25760 finalizers). Other management of the container blocks 25761 until the hook completes or until the termination 25762 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 25763 properties: 25764 exec: 25765 description: Exec specifies the action to take. 25766 properties: 25767 command: 25768 description: Command is the command line to 25769 execute inside the container, the working 25770 directory for the command is root ('/') in 25771 the container's filesystem. The command is 25772 simply exec'd, it is not run inside a shell, 25773 so traditional shell instructions ('|', etc) 25774 won't work. To use a shell, you need to explicitly 25775 call out to that shell. Exit status of 0 is 25776 treated as live/healthy and non-zero is unhealthy. 25777 items: 25778 type: string 25779 type: array 25780 type: object 25781 httpGet: 25782 description: HTTPGet specifies the http request 25783 to perform. 25784 properties: 25785 host: 25786 description: Host name to connect to, defaults 25787 to the pod IP. You probably want to set "Host" 25788 in httpHeaders instead. 25789 type: string 25790 httpHeaders: 25791 description: Custom headers to set in the request. 25792 HTTP allows repeated headers. 25793 items: 25794 description: HTTPHeader describes a custom 25795 header to be used in HTTP probes 25796 properties: 25797 name: 25798 description: The header field name. This 25799 will be canonicalized upon output, so 25800 case-variant names will be understood 25801 as the same header. 25802 type: string 25803 value: 25804 description: The header field value 25805 type: string 25806 required: 25807 - name 25808 - value 25809 type: object 25810 type: array 25811 path: 25812 description: Path to access on the HTTP server. 25813 type: string 25814 port: 25815 anyOf: 25816 - type: integer 25817 - type: string 25818 description: Name or number of the port to access 25819 on the container. Number must be in the range 25820 1 to 65535. Name must be an IANA_SVC_NAME. 25821 x-kubernetes-int-or-string: true 25822 scheme: 25823 description: Scheme to use for connecting to 25824 the host. Defaults to HTTP. 25825 type: string 25826 required: 25827 - port 25828 type: object 25829 tcpSocket: 25830 description: Deprecated. TCPSocket is NOT supported 25831 as a LifecycleHandler and kept for the backward 25832 compatibility. There are no validation of this 25833 field and lifecycle hooks will fail in runtime 25834 when tcp handler is specified. 25835 properties: 25836 host: 25837 description: 'Optional: Host name to connect 25838 to, defaults to the pod IP.' 25839 type: string 25840 port: 25841 anyOf: 25842 - type: integer 25843 - type: string 25844 description: Number or name of the port to access 25845 on the container. Number must be in the range 25846 1 to 65535. Name must be an IANA_SVC_NAME. 25847 x-kubernetes-int-or-string: true 25848 required: 25849 - port 25850 type: object 25851 type: object 25852 type: object 25853 livenessProbe: 25854 description: Probes are not allowed for ephemeral containers. 25855 properties: 25856 exec: 25857 description: Exec specifies the action to take. 25858 properties: 25859 command: 25860 description: Command is the command line to execute 25861 inside the container, the working directory for 25862 the command is root ('/') in the container's 25863 filesystem. The command is simply exec'd, it is 25864 not run inside a shell, so traditional shell instructions 25865 ('|', etc) won't work. To use a shell, you need 25866 to explicitly call out to that shell. Exit status 25867 of 0 is treated as live/healthy and non-zero is 25868 unhealthy. 25869 items: 25870 type: string 25871 type: array 25872 type: object 25873 failureThreshold: 25874 description: Minimum consecutive failures for the probe 25875 to be considered failed after having succeeded. Defaults 25876 to 3. Minimum value is 1. 25877 format: int32 25878 type: integer 25879 grpc: 25880 description: GRPC specifies an action involving a GRPC 25881 port. 25882 properties: 25883 port: 25884 description: Port number of the gRPC service. Number 25885 must be in the range 1 to 65535. 25886 format: int32 25887 type: integer 25888 service: 25889 description: "Service is the name of the service 25890 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 25891 \n If this is not specified, the default behavior 25892 is defined by gRPC." 25893 type: string 25894 required: 25895 - port 25896 type: object 25897 httpGet: 25898 description: HTTPGet specifies the http request to perform. 25899 properties: 25900 host: 25901 description: Host name to connect to, defaults to 25902 the pod IP. You probably want to set "Host" in 25903 httpHeaders instead. 25904 type: string 25905 httpHeaders: 25906 description: Custom headers to set in the request. 25907 HTTP allows repeated headers. 25908 items: 25909 description: HTTPHeader describes a custom header 25910 to be used in HTTP probes 25911 properties: 25912 name: 25913 description: The header field name. This will 25914 be canonicalized upon output, so case-variant 25915 names will be understood as the same header. 25916 type: string 25917 value: 25918 description: The header field value 25919 type: string 25920 required: 25921 - name 25922 - value 25923 type: object 25924 type: array 25925 path: 25926 description: Path to access on the HTTP server. 25927 type: string 25928 port: 25929 anyOf: 25930 - type: integer 25931 - type: string 25932 description: Name or number of the port to access 25933 on the container. Number must be in the range 25934 1 to 65535. Name must be an IANA_SVC_NAME. 25935 x-kubernetes-int-or-string: true 25936 scheme: 25937 description: Scheme to use for connecting to the 25938 host. Defaults to HTTP. 25939 type: string 25940 required: 25941 - port 25942 type: object 25943 initialDelaySeconds: 25944 description: 'Number of seconds after the container 25945 has started before liveness probes are initiated. 25946 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 25947 format: int32 25948 type: integer 25949 periodSeconds: 25950 description: How often (in seconds) to perform the probe. 25951 Default to 10 seconds. Minimum value is 1. 25952 format: int32 25953 type: integer 25954 successThreshold: 25955 description: Minimum consecutive successes for the probe 25956 to be considered successful after having failed. Defaults 25957 to 1. Must be 1 for liveness and startup. Minimum 25958 value is 1. 25959 format: int32 25960 type: integer 25961 tcpSocket: 25962 description: TCPSocket specifies an action involving 25963 a TCP port. 25964 properties: 25965 host: 25966 description: 'Optional: Host name to connect to, 25967 defaults to the pod IP.' 25968 type: string 25969 port: 25970 anyOf: 25971 - type: integer 25972 - type: string 25973 description: Number or name of the port to access 25974 on the container. Number must be in the range 25975 1 to 65535. Name must be an IANA_SVC_NAME. 25976 x-kubernetes-int-or-string: true 25977 required: 25978 - port 25979 type: object 25980 terminationGracePeriodSeconds: 25981 description: Optional duration in seconds the pod needs 25982 to terminate gracefully upon probe failure. The grace 25983 period is the duration in seconds after the processes 25984 running in the pod are sent a termination signal and 25985 the time when the processes are forcibly halted with 25986 a kill signal. Set this value longer than the expected 25987 cleanup time for your process. If this value is nil, 25988 the pod's terminationGracePeriodSeconds will be used. 25989 Otherwise, this value overrides the value provided 25990 by the pod spec. Value must be non-negative integer. 25991 The value zero indicates stop immediately via the 25992 kill signal (no opportunity to shut down). This is 25993 a beta field and requires enabling ProbeTerminationGracePeriod 25994 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 25995 is used if unset. 25996 format: int64 25997 type: integer 25998 timeoutSeconds: 25999 description: 'Number of seconds after which the probe 26000 times out. Defaults to 1 second. Minimum value is 26001 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 26002 format: int32 26003 type: integer 26004 type: object 26005 name: 26006 description: Name of the ephemeral container specified as 26007 a DNS_LABEL. This name must be unique among all containers, 26008 init containers and ephemeral containers. 26009 type: string 26010 ports: 26011 description: Ports are not allowed for ephemeral containers. 26012 items: 26013 description: ContainerPort represents a network port in 26014 a single container. 26015 properties: 26016 containerPort: 26017 description: Number of port to expose on the pod's 26018 IP address. This must be a valid port number, 0 26019 < x < 65536. 26020 format: int32 26021 type: integer 26022 hostIP: 26023 description: What host IP to bind the external port 26024 to. 26025 type: string 26026 hostPort: 26027 description: Number of port to expose on the host. 26028 If specified, this must be a valid port number, 26029 0 < x < 65536. If HostNetwork is specified, this 26030 must match ContainerPort. Most containers do not 26031 need this. 26032 format: int32 26033 type: integer 26034 name: 26035 description: If specified, this must be an IANA_SVC_NAME 26036 and unique within the pod. Each named port in a 26037 pod must have a unique name. Name for the port that 26038 can be referred to by services. 26039 type: string 26040 protocol: 26041 default: TCP 26042 description: Protocol for port. Must be UDP, TCP, 26043 or SCTP. Defaults to "TCP". 26044 type: string 26045 required: 26046 - containerPort 26047 type: object 26048 type: array 26049 x-kubernetes-list-map-keys: 26050 - containerPort 26051 - protocol 26052 x-kubernetes-list-type: map 26053 readinessProbe: 26054 description: Probes are not allowed for ephemeral containers. 26055 properties: 26056 exec: 26057 description: Exec specifies the action to take. 26058 properties: 26059 command: 26060 description: Command is the command line to execute 26061 inside the container, the working directory for 26062 the command is root ('/') in the container's 26063 filesystem. The command is simply exec'd, it is 26064 not run inside a shell, so traditional shell instructions 26065 ('|', etc) won't work. To use a shell, you need 26066 to explicitly call out to that shell. Exit status 26067 of 0 is treated as live/healthy and non-zero is 26068 unhealthy. 26069 items: 26070 type: string 26071 type: array 26072 type: object 26073 failureThreshold: 26074 description: Minimum consecutive failures for the probe 26075 to be considered failed after having succeeded. Defaults 26076 to 3. Minimum value is 1. 26077 format: int32 26078 type: integer 26079 grpc: 26080 description: GRPC specifies an action involving a GRPC 26081 port. 26082 properties: 26083 port: 26084 description: Port number of the gRPC service. Number 26085 must be in the range 1 to 65535. 26086 format: int32 26087 type: integer 26088 service: 26089 description: "Service is the name of the service 26090 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 26091 \n If this is not specified, the default behavior 26092 is defined by gRPC." 26093 type: string 26094 required: 26095 - port 26096 type: object 26097 httpGet: 26098 description: HTTPGet specifies the http request to perform. 26099 properties: 26100 host: 26101 description: Host name to connect to, defaults to 26102 the pod IP. You probably want to set "Host" in 26103 httpHeaders instead. 26104 type: string 26105 httpHeaders: 26106 description: Custom headers to set in the request. 26107 HTTP allows repeated headers. 26108 items: 26109 description: HTTPHeader describes a custom header 26110 to be used in HTTP probes 26111 properties: 26112 name: 26113 description: The header field name. This will 26114 be canonicalized upon output, so case-variant 26115 names will be understood as the same header. 26116 type: string 26117 value: 26118 description: The header field value 26119 type: string 26120 required: 26121 - name 26122 - value 26123 type: object 26124 type: array 26125 path: 26126 description: Path to access on the HTTP server. 26127 type: string 26128 port: 26129 anyOf: 26130 - type: integer 26131 - type: string 26132 description: Name or number of the port to access 26133 on the container. Number must be in the range 26134 1 to 65535. Name must be an IANA_SVC_NAME. 26135 x-kubernetes-int-or-string: true 26136 scheme: 26137 description: Scheme to use for connecting to the 26138 host. Defaults to HTTP. 26139 type: string 26140 required: 26141 - port 26142 type: object 26143 initialDelaySeconds: 26144 description: 'Number of seconds after the container 26145 has started before liveness probes are initiated. 26146 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 26147 format: int32 26148 type: integer 26149 periodSeconds: 26150 description: How often (in seconds) to perform the probe. 26151 Default to 10 seconds. Minimum value is 1. 26152 format: int32 26153 type: integer 26154 successThreshold: 26155 description: Minimum consecutive successes for the probe 26156 to be considered successful after having failed. Defaults 26157 to 1. Must be 1 for liveness and startup. Minimum 26158 value is 1. 26159 format: int32 26160 type: integer 26161 tcpSocket: 26162 description: TCPSocket specifies an action involving 26163 a TCP port. 26164 properties: 26165 host: 26166 description: 'Optional: Host name to connect to, 26167 defaults to the pod IP.' 26168 type: string 26169 port: 26170 anyOf: 26171 - type: integer 26172 - type: string 26173 description: Number or name of the port to access 26174 on the container. Number must be in the range 26175 1 to 65535. Name must be an IANA_SVC_NAME. 26176 x-kubernetes-int-or-string: true 26177 required: 26178 - port 26179 type: object 26180 terminationGracePeriodSeconds: 26181 description: Optional duration in seconds the pod needs 26182 to terminate gracefully upon probe failure. The grace 26183 period is the duration in seconds after the processes 26184 running in the pod are sent a termination signal and 26185 the time when the processes are forcibly halted with 26186 a kill signal. Set this value longer than the expected 26187 cleanup time for your process. If this value is nil, 26188 the pod's terminationGracePeriodSeconds will be used. 26189 Otherwise, this value overrides the value provided 26190 by the pod spec. Value must be non-negative integer. 26191 The value zero indicates stop immediately via the 26192 kill signal (no opportunity to shut down). This is 26193 a beta field and requires enabling ProbeTerminationGracePeriod 26194 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 26195 is used if unset. 26196 format: int64 26197 type: integer 26198 timeoutSeconds: 26199 description: 'Number of seconds after which the probe 26200 times out. Defaults to 1 second. Minimum value is 26201 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 26202 format: int32 26203 type: integer 26204 type: object 26205 resizePolicy: 26206 description: Resources resize policy for the container. 26207 items: 26208 description: ContainerResizePolicy represents resource 26209 resize policy for the container. 26210 properties: 26211 resourceName: 26212 description: 'Name of the resource to which this resource 26213 resize policy applies. Supported values: cpu, memory.' 26214 type: string 26215 restartPolicy: 26216 description: Restart policy to apply when specified 26217 resource is resized. If not specified, it defaults 26218 to NotRequired. 26219 type: string 26220 required: 26221 - resourceName 26222 - restartPolicy 26223 type: object 26224 type: array 26225 x-kubernetes-list-type: atomic 26226 resources: 26227 description: Resources are not allowed for ephemeral containers. 26228 Ephemeral containers use spare resources already allocated 26229 to the pod. 26230 properties: 26231 claims: 26232 description: "Claims lists the names of resources, defined 26233 in spec.resourceClaims, that are used by this container. 26234 \n This is an alpha field and requires enabling the 26235 DynamicResourceAllocation feature gate. \n This field 26236 is immutable. It can only be set for containers." 26237 items: 26238 description: ResourceClaim references one entry in 26239 PodSpec.ResourceClaims. 26240 properties: 26241 name: 26242 description: Name must match the name of one entry 26243 in pod.spec.resourceClaims of the Pod where 26244 this field is used. It makes that resource available 26245 inside a container. 26246 type: string 26247 required: 26248 - name 26249 type: object 26250 type: array 26251 x-kubernetes-list-map-keys: 26252 - name 26253 x-kubernetes-list-type: map 26254 limits: 26255 additionalProperties: 26256 anyOf: 26257 - type: integer 26258 - type: string 26259 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 26260 x-kubernetes-int-or-string: true 26261 description: 'Limits describes the maximum amount of 26262 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 26263 type: object 26264 requests: 26265 additionalProperties: 26266 anyOf: 26267 - type: integer 26268 - type: string 26269 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 26270 x-kubernetes-int-or-string: true 26271 description: 'Requests describes the minimum amount 26272 of compute resources required. If Requests is omitted 26273 for a container, it defaults to Limits if that is 26274 explicitly specified, otherwise to an implementation-defined 26275 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 26276 type: object 26277 type: object 26278 restartPolicy: 26279 description: Restart policy for the container to manage 26280 the restart behavior of each container within a pod. This 26281 may only be set for init containers. You cannot set this 26282 field on ephemeral containers. 26283 type: string 26284 securityContext: 26285 description: 'Optional: SecurityContext defines the security 26286 options the ephemeral container should be run with. If 26287 set, the fields of SecurityContext override the equivalent 26288 fields of PodSecurityContext.' 26289 properties: 26290 allowPrivilegeEscalation: 26291 description: 'AllowPrivilegeEscalation controls whether 26292 a process can gain more privileges than its parent 26293 process. This bool directly controls if the no_new_privs 26294 flag will be set on the container process. AllowPrivilegeEscalation 26295 is true always when the container is: 1) run as Privileged 26296 2) has CAP_SYS_ADMIN Note that this field cannot be 26297 set when spec.os.name is windows.' 26298 type: boolean 26299 capabilities: 26300 description: The capabilities to add/drop when running 26301 containers. Defaults to the default set of capabilities 26302 granted by the container runtime. Note that this field 26303 cannot be set when spec.os.name is windows. 26304 properties: 26305 add: 26306 description: Added capabilities 26307 items: 26308 description: Capability represent POSIX capabilities 26309 type 26310 type: string 26311 type: array 26312 drop: 26313 description: Removed capabilities 26314 items: 26315 description: Capability represent POSIX capabilities 26316 type 26317 type: string 26318 type: array 26319 type: object 26320 privileged: 26321 description: Run container in privileged mode. Processes 26322 in privileged containers are essentially equivalent 26323 to root on the host. Defaults to false. Note that 26324 this field cannot be set when spec.os.name is windows. 26325 type: boolean 26326 procMount: 26327 description: procMount denotes the type of proc mount 26328 to use for the containers. The default is DefaultProcMount 26329 which uses the container runtime defaults for readonly 26330 paths and masked paths. This requires the ProcMountType 26331 feature flag to be enabled. Note that this field cannot 26332 be set when spec.os.name is windows. 26333 type: string 26334 readOnlyRootFilesystem: 26335 description: Whether this container has a read-only 26336 root filesystem. Default is false. Note that this 26337 field cannot be set when spec.os.name is windows. 26338 type: boolean 26339 runAsGroup: 26340 description: The GID to run the entrypoint of the container 26341 process. Uses runtime default if unset. May also be 26342 set in PodSecurityContext. If set in both SecurityContext 26343 and PodSecurityContext, the value specified in SecurityContext 26344 takes precedence. Note that this field cannot be set 26345 when spec.os.name is windows. 26346 format: int64 26347 type: integer 26348 runAsNonRoot: 26349 description: Indicates that the container must run as 26350 a non-root user. If true, the Kubelet will validate 26351 the image at runtime to ensure that it does not run 26352 as UID 0 (root) and fail to start the container if 26353 it does. If unset or false, no such validation will 26354 be performed. May also be set in PodSecurityContext. If 26355 set in both SecurityContext and PodSecurityContext, 26356 the value specified in SecurityContext takes precedence. 26357 type: boolean 26358 runAsUser: 26359 description: The UID to run the entrypoint of the container 26360 process. Defaults to user specified in image metadata 26361 if unspecified. May also be set in PodSecurityContext. If 26362 set in both SecurityContext and PodSecurityContext, 26363 the value specified in SecurityContext takes precedence. 26364 Note that this field cannot be set when spec.os.name 26365 is windows. 26366 format: int64 26367 type: integer 26368 seLinuxOptions: 26369 description: The SELinux context to be applied to the 26370 container. If unspecified, the container runtime will 26371 allocate a random SELinux context for each container. May 26372 also be set in PodSecurityContext. If set in both 26373 SecurityContext and PodSecurityContext, the value 26374 specified in SecurityContext takes precedence. Note 26375 that this field cannot be set when spec.os.name is 26376 windows. 26377 properties: 26378 level: 26379 description: Level is SELinux level label that applies 26380 to the container. 26381 type: string 26382 role: 26383 description: Role is a SELinux role label that applies 26384 to the container. 26385 type: string 26386 type: 26387 description: Type is a SELinux type label that applies 26388 to the container. 26389 type: string 26390 user: 26391 description: User is a SELinux user label that applies 26392 to the container. 26393 type: string 26394 type: object 26395 seccompProfile: 26396 description: The seccomp options to use by this container. 26397 If seccomp options are provided at both the pod & 26398 container level, the container options override the 26399 pod options. Note that this field cannot be set when 26400 spec.os.name is windows. 26401 properties: 26402 localhostProfile: 26403 description: localhostProfile indicates a profile 26404 defined in a file on the node should be used. 26405 The profile must be preconfigured on the node 26406 to work. Must be a descending path, relative to 26407 the kubelet's configured seccomp profile location. 26408 Must be set if type is "Localhost". Must NOT be 26409 set for any other type. 26410 type: string 26411 type: 26412 description: "type indicates which kind of seccomp 26413 profile will be applied. Valid options are: \n 26414 Localhost - a profile defined in a file on the 26415 node should be used. RuntimeDefault - the container 26416 runtime default profile should be used. Unconfined 26417 - no profile should be applied." 26418 type: string 26419 required: 26420 - type 26421 type: object 26422 windowsOptions: 26423 description: The Windows specific settings applied to 26424 all containers. If unspecified, the options from the 26425 PodSecurityContext will be used. If set in both SecurityContext 26426 and PodSecurityContext, the value specified in SecurityContext 26427 takes precedence. Note that this field cannot be set 26428 when spec.os.name is linux. 26429 properties: 26430 gmsaCredentialSpec: 26431 description: GMSACredentialSpec is where the GMSA 26432 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 26433 inlines the contents of the GMSA credential spec 26434 named by the GMSACredentialSpecName field. 26435 type: string 26436 gmsaCredentialSpecName: 26437 description: GMSACredentialSpecName is the name 26438 of the GMSA credential spec to use. 26439 type: string 26440 hostProcess: 26441 description: HostProcess determines if a container 26442 should be run as a 'Host Process' container. All 26443 of a Pod's containers must have the same effective 26444 HostProcess value (it is not allowed to have a 26445 mix of HostProcess containers and non-HostProcess 26446 containers). In addition, if HostProcess is true 26447 then HostNetwork must also be set to true. 26448 type: boolean 26449 runAsUserName: 26450 description: The UserName in Windows to run the 26451 entrypoint of the container process. Defaults 26452 to the user specified in image metadata if unspecified. 26453 May also be set in PodSecurityContext. If set 26454 in both SecurityContext and PodSecurityContext, 26455 the value specified in SecurityContext takes precedence. 26456 type: string 26457 type: object 26458 type: object 26459 startupProbe: 26460 description: Probes are not allowed for ephemeral containers. 26461 properties: 26462 exec: 26463 description: Exec specifies the action to take. 26464 properties: 26465 command: 26466 description: Command is the command line to execute 26467 inside the container, the working directory for 26468 the command is root ('/') in the container's 26469 filesystem. The command is simply exec'd, it is 26470 not run inside a shell, so traditional shell instructions 26471 ('|', etc) won't work. To use a shell, you need 26472 to explicitly call out to that shell. Exit status 26473 of 0 is treated as live/healthy and non-zero is 26474 unhealthy. 26475 items: 26476 type: string 26477 type: array 26478 type: object 26479 failureThreshold: 26480 description: Minimum consecutive failures for the probe 26481 to be considered failed after having succeeded. Defaults 26482 to 3. Minimum value is 1. 26483 format: int32 26484 type: integer 26485 grpc: 26486 description: GRPC specifies an action involving a GRPC 26487 port. 26488 properties: 26489 port: 26490 description: Port number of the gRPC service. Number 26491 must be in the range 1 to 65535. 26492 format: int32 26493 type: integer 26494 service: 26495 description: "Service is the name of the service 26496 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 26497 \n If this is not specified, the default behavior 26498 is defined by gRPC." 26499 type: string 26500 required: 26501 - port 26502 type: object 26503 httpGet: 26504 description: HTTPGet specifies the http request to perform. 26505 properties: 26506 host: 26507 description: Host name to connect to, defaults to 26508 the pod IP. You probably want to set "Host" in 26509 httpHeaders instead. 26510 type: string 26511 httpHeaders: 26512 description: Custom headers to set in the request. 26513 HTTP allows repeated headers. 26514 items: 26515 description: HTTPHeader describes a custom header 26516 to be used in HTTP probes 26517 properties: 26518 name: 26519 description: The header field name. This will 26520 be canonicalized upon output, so case-variant 26521 names will be understood as the same header. 26522 type: string 26523 value: 26524 description: The header field value 26525 type: string 26526 required: 26527 - name 26528 - value 26529 type: object 26530 type: array 26531 path: 26532 description: Path to access on the HTTP server. 26533 type: string 26534 port: 26535 anyOf: 26536 - type: integer 26537 - type: string 26538 description: Name or number of the port to access 26539 on the container. Number must be in the range 26540 1 to 65535. Name must be an IANA_SVC_NAME. 26541 x-kubernetes-int-or-string: true 26542 scheme: 26543 description: Scheme to use for connecting to the 26544 host. Defaults to HTTP. 26545 type: string 26546 required: 26547 - port 26548 type: object 26549 initialDelaySeconds: 26550 description: 'Number of seconds after the container 26551 has started before liveness probes are initiated. 26552 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 26553 format: int32 26554 type: integer 26555 periodSeconds: 26556 description: How often (in seconds) to perform the probe. 26557 Default to 10 seconds. Minimum value is 1. 26558 format: int32 26559 type: integer 26560 successThreshold: 26561 description: Minimum consecutive successes for the probe 26562 to be considered successful after having failed. Defaults 26563 to 1. Must be 1 for liveness and startup. Minimum 26564 value is 1. 26565 format: int32 26566 type: integer 26567 tcpSocket: 26568 description: TCPSocket specifies an action involving 26569 a TCP port. 26570 properties: 26571 host: 26572 description: 'Optional: Host name to connect to, 26573 defaults to the pod IP.' 26574 type: string 26575 port: 26576 anyOf: 26577 - type: integer 26578 - type: string 26579 description: Number or name of the port to access 26580 on the container. Number must be in the range 26581 1 to 65535. Name must be an IANA_SVC_NAME. 26582 x-kubernetes-int-or-string: true 26583 required: 26584 - port 26585 type: object 26586 terminationGracePeriodSeconds: 26587 description: Optional duration in seconds the pod needs 26588 to terminate gracefully upon probe failure. The grace 26589 period is the duration in seconds after the processes 26590 running in the pod are sent a termination signal and 26591 the time when the processes are forcibly halted with 26592 a kill signal. Set this value longer than the expected 26593 cleanup time for your process. If this value is nil, 26594 the pod's terminationGracePeriodSeconds will be used. 26595 Otherwise, this value overrides the value provided 26596 by the pod spec. Value must be non-negative integer. 26597 The value zero indicates stop immediately via the 26598 kill signal (no opportunity to shut down). This is 26599 a beta field and requires enabling ProbeTerminationGracePeriod 26600 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 26601 is used if unset. 26602 format: int64 26603 type: integer 26604 timeoutSeconds: 26605 description: 'Number of seconds after which the probe 26606 times out. Defaults to 1 second. Minimum value is 26607 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 26608 format: int32 26609 type: integer 26610 type: object 26611 stdin: 26612 description: Whether this container should allocate a buffer 26613 for stdin in the container runtime. If this is not set, 26614 reads from stdin in the container will always result in 26615 EOF. Default is false. 26616 type: boolean 26617 stdinOnce: 26618 description: Whether the container runtime should close 26619 the stdin channel after it has been opened by a single 26620 attach. When stdin is true the stdin stream will remain 26621 open across multiple attach sessions. If stdinOnce is 26622 set to true, stdin is opened on container start, is empty 26623 until the first client attaches to stdin, and then remains 26624 open and accepts data until the client disconnects, at 26625 which time stdin is closed and remains closed until the 26626 container is restarted. If this flag is false, a container 26627 processes that reads from stdin will never receive an 26628 EOF. Default is false 26629 type: boolean 26630 targetContainerName: 26631 description: "If set, the name of the container from PodSpec 26632 that this ephemeral container targets. The ephemeral container 26633 will be run in the namespaces (IPC, PID, etc) of this 26634 container. If not set then the ephemeral container uses 26635 the namespaces configured in the Pod spec. \n The container 26636 runtime must implement support for this feature. If the 26637 runtime does not support namespace targeting then the 26638 result of setting this field is undefined." 26639 type: string 26640 terminationMessagePath: 26641 description: 'Optional: Path at which the file to which 26642 the container''s termination message will be written is 26643 mounted into the container''s filesystem. Message written 26644 is intended to be brief final status, such as an assertion 26645 failure message. Will be truncated by the node if greater 26646 than 4096 bytes. The total message length across all containers 26647 will be limited to 12kb. Defaults to /dev/termination-log. 26648 Cannot be updated.' 26649 type: string 26650 terminationMessagePolicy: 26651 description: Indicate how the termination message should 26652 be populated. File will use the contents of terminationMessagePath 26653 to populate the container status message on both success 26654 and failure. FallbackToLogsOnError will use the last chunk 26655 of container log output if the termination message file 26656 is empty and the container exited with an error. The log 26657 output is limited to 2048 bytes or 80 lines, whichever 26658 is smaller. Defaults to File. Cannot be updated. 26659 type: string 26660 tty: 26661 description: Whether this container should allocate a TTY 26662 for itself, also requires 'stdin' to be true. Default 26663 is false. 26664 type: boolean 26665 volumeDevices: 26666 description: volumeDevices is the list of block devices 26667 to be used by the container. 26668 items: 26669 description: volumeDevice describes a mapping of a raw 26670 block device within a container. 26671 properties: 26672 devicePath: 26673 description: devicePath is the path inside of the 26674 container that the device will be mapped to. 26675 type: string 26676 name: 26677 description: name must match the name of a persistentVolumeClaim 26678 in the pod 26679 type: string 26680 required: 26681 - devicePath 26682 - name 26683 type: object 26684 type: array 26685 volumeMounts: 26686 description: Pod volumes to mount into the container's filesystem. 26687 Subpath mounts are not allowed for ephemeral containers. 26688 Cannot be updated. 26689 items: 26690 description: VolumeMount describes a mounting of a Volume 26691 within a container. 26692 properties: 26693 mountPath: 26694 description: Path within the container at which the 26695 volume should be mounted. Must not contain ':'. 26696 type: string 26697 mountPropagation: 26698 description: mountPropagation determines how mounts 26699 are propagated from the host to container and the 26700 other way around. When not set, MountPropagationNone 26701 is used. This field is beta in 1.10. 26702 type: string 26703 name: 26704 description: This must match the Name of a Volume. 26705 type: string 26706 readOnly: 26707 description: Mounted read-only if true, read-write 26708 otherwise (false or unspecified). Defaults to false. 26709 type: boolean 26710 subPath: 26711 description: Path within the volume from which the 26712 container's volume should be mounted. Defaults to 26713 "" (volume's root). 26714 type: string 26715 subPathExpr: 26716 description: Expanded path within the volume from 26717 which the container's volume should be mounted. 26718 Behaves similarly to SubPath but environment variable 26719 references $(VAR_NAME) are expanded using the container's 26720 environment. Defaults to "" (volume's root). SubPathExpr 26721 and SubPath are mutually exclusive. 26722 type: string 26723 required: 26724 - mountPath 26725 - name 26726 type: object 26727 type: array 26728 workingDir: 26729 description: Container's working directory. If not specified, 26730 the container runtime's default will be used, which might 26731 be configured in the container image. Cannot be updated. 26732 type: string 26733 required: 26734 - name 26735 type: object 26736 type: array 26737 hostAliases: 26738 description: HostAliases is an optional list of hosts and IPs 26739 that will be injected into the pod's hosts file if specified. 26740 This is only valid for non-hostNetwork pods. 26741 items: 26742 description: HostAlias holds the mapping between IP and hostnames 26743 that will be injected as an entry in the pod's hosts file. 26744 properties: 26745 hostnames: 26746 description: Hostnames for the above IP address. 26747 items: 26748 type: string 26749 type: array 26750 ip: 26751 description: IP address of the host file entry. 26752 type: string 26753 type: object 26754 type: array 26755 hostIPC: 26756 description: 'Use the host''s ipc namespace. Optional: Default 26757 to false.' 26758 type: boolean 26759 hostNetwork: 26760 description: Host networking requested for this pod. Use the host's 26761 network namespace. If this option is set, the ports that will 26762 be used must be specified. Default to false. 26763 type: boolean 26764 hostPID: 26765 description: 'Use the host''s pid namespace. Optional: Default 26766 to false.' 26767 type: boolean 26768 hostUsers: 26769 description: 'Use the host''s user namespace. Optional: Default 26770 to true. If set to true or not present, the pod will be run 26771 in the host user namespace, useful for when the pod needs a 26772 feature only available to the host user namespace, such as loading 26773 a kernel module with CAP_SYS_MODULE. When set to false, a new 26774 userns is created for the pod. Setting false is useful for mitigating 26775 container breakout vulnerabilities even allowing users to run 26776 their containers as root without actually having root privileges 26777 on the host. This field is alpha-level and is only honored by 26778 servers that enable the UserNamespacesSupport feature.' 26779 type: boolean 26780 hostname: 26781 description: Specifies the hostname of the Pod If not specified, 26782 the pod's hostname will be set to a system-defined value. 26783 type: string 26784 imagePullSecrets: 26785 description: 'ImagePullSecrets is an optional list of references 26786 to secrets in the same namespace to use for pulling any of the 26787 images used by this PodSpec. If specified, these secrets will 26788 be passed to individual puller implementations for them to use. 26789 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' 26790 items: 26791 description: LocalObjectReference contains enough information 26792 to let you locate the referenced object inside the same namespace. 26793 properties: 26794 name: 26795 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 26796 TODO: Add other useful fields. apiVersion, kind, uid?' 26797 type: string 26798 type: object 26799 type: array 26800 initContainers: 26801 description: 'List of initialization containers belonging to the 26802 pod. Init containers are executed in order prior to containers 26803 being started. If any init container fails, the pod is considered 26804 to have failed and is handled according to its restartPolicy. 26805 The name for an init container or normal container must be unique 26806 among all containers. Init containers may not have Lifecycle 26807 actions, Readiness probes, Liveness probes, or Startup probes. 26808 The resourceRequirements of an init container are taken into 26809 account during scheduling by finding the highest request/limit 26810 for each resource type, and then using the max of of that value 26811 or the sum of the normal containers. Limits are applied to init 26812 containers in a similar fashion. Init containers cannot currently 26813 be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' 26814 items: 26815 description: A single application container that you want to 26816 run within a pod. 26817 properties: 26818 args: 26819 description: 'Arguments to the entrypoint. The container 26820 image''s CMD is used if this is not provided. Variable 26821 references $(VAR_NAME) are expanded using the container''s 26822 environment. If a variable cannot be resolved, the reference 26823 in the input string will be unchanged. Double $$ are reduced 26824 to a single $, which allows for escaping the $(VAR_NAME) 26825 syntax: i.e. "$$(VAR_NAME)" will produce the string literal 26826 "$(VAR_NAME)". Escaped references will never be expanded, 26827 regardless of whether the variable exists or not. Cannot 26828 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 26829 items: 26830 type: string 26831 type: array 26832 command: 26833 description: 'Entrypoint array. Not executed within a shell. 26834 The container image''s ENTRYPOINT is used if this is not 26835 provided. Variable references $(VAR_NAME) are expanded 26836 using the container''s environment. If a variable cannot 26837 be resolved, the reference in the input string will be 26838 unchanged. Double $$ are reduced to a single $, which 26839 allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 26840 will produce the string literal "$(VAR_NAME)". Escaped 26841 references will never be expanded, regardless of whether 26842 the variable exists or not. Cannot be updated. More info: 26843 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 26844 items: 26845 type: string 26846 type: array 26847 env: 26848 description: List of environment variables to set in the 26849 container. Cannot be updated. 26850 items: 26851 description: EnvVar represents an environment variable 26852 present in a Container. 26853 properties: 26854 name: 26855 description: Name of the environment variable. Must 26856 be a C_IDENTIFIER. 26857 type: string 26858 value: 26859 description: 'Variable references $(VAR_NAME) are 26860 expanded using the previously defined environment 26861 variables in the container and any service environment 26862 variables. If a variable cannot be resolved, the 26863 reference in the input string will be unchanged. 26864 Double $$ are reduced to a single $, which allows 26865 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 26866 will produce the string literal "$(VAR_NAME)". Escaped 26867 references will never be expanded, regardless of 26868 whether the variable exists or not. Defaults to 26869 "".' 26870 type: string 26871 valueFrom: 26872 description: Source for the environment variable's 26873 value. Cannot be used if value is not empty. 26874 properties: 26875 configMapKeyRef: 26876 description: Selects a key of a ConfigMap. 26877 properties: 26878 key: 26879 description: The key to select. 26880 type: string 26881 name: 26882 description: 'Name of the referent. More info: 26883 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 26884 TODO: Add other useful fields. apiVersion, 26885 kind, uid?' 26886 type: string 26887 optional: 26888 description: Specify whether the ConfigMap 26889 or its key must be defined 26890 type: boolean 26891 required: 26892 - key 26893 type: object 26894 fieldRef: 26895 description: 'Selects a field of the pod: supports 26896 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 26897 `metadata.annotations[''<KEY>'']`, spec.nodeName, 26898 spec.serviceAccountName, status.hostIP, status.podIP, 26899 status.podIPs.' 26900 properties: 26901 apiVersion: 26902 description: Version of the schema the FieldPath 26903 is written in terms of, defaults to "v1". 26904 type: string 26905 fieldPath: 26906 description: Path of the field to select in 26907 the specified API version. 26908 type: string 26909 required: 26910 - fieldPath 26911 type: object 26912 resourceFieldRef: 26913 description: 'Selects a resource of the container: 26914 only resources limits and requests (limits.cpu, 26915 limits.memory, limits.ephemeral-storage, requests.cpu, 26916 requests.memory and requests.ephemeral-storage) 26917 are currently supported.' 26918 properties: 26919 containerName: 26920 description: 'Container name: required for 26921 volumes, optional for env vars' 26922 type: string 26923 divisor: 26924 anyOf: 26925 - type: integer 26926 - type: string 26927 description: Specifies the output format of 26928 the exposed resources, defaults to "1" 26929 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 26930 x-kubernetes-int-or-string: true 26931 resource: 26932 description: 'Required: resource to select' 26933 type: string 26934 required: 26935 - resource 26936 type: object 26937 secretKeyRef: 26938 description: Selects a key of a secret in the 26939 pod's namespace 26940 properties: 26941 key: 26942 description: The key of the secret to select 26943 from. Must be a valid secret key. 26944 type: string 26945 name: 26946 description: 'Name of the referent. More info: 26947 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 26948 TODO: Add other useful fields. apiVersion, 26949 kind, uid?' 26950 type: string 26951 optional: 26952 description: Specify whether the Secret or 26953 its key must be defined 26954 type: boolean 26955 required: 26956 - key 26957 type: object 26958 type: object 26959 required: 26960 - name 26961 type: object 26962 type: array 26963 envFrom: 26964 description: List of sources to populate environment variables 26965 in the container. The keys defined within a source must 26966 be a C_IDENTIFIER. All invalid keys will be reported as 26967 an event when the container is starting. When a key exists 26968 in multiple sources, the value associated with the last 26969 source will take precedence. Values defined by an Env 26970 with a duplicate key will take precedence. Cannot be updated. 26971 items: 26972 description: EnvFromSource represents the source of a 26973 set of ConfigMaps 26974 properties: 26975 configMapRef: 26976 description: The ConfigMap to select from 26977 properties: 26978 name: 26979 description: 'Name of the referent. More info: 26980 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 26981 TODO: Add other useful fields. apiVersion, kind, 26982 uid?' 26983 type: string 26984 optional: 26985 description: Specify whether the ConfigMap must 26986 be defined 26987 type: boolean 26988 type: object 26989 prefix: 26990 description: An optional identifier to prepend to 26991 each key in the ConfigMap. Must be a C_IDENTIFIER. 26992 type: string 26993 secretRef: 26994 description: The Secret to select from 26995 properties: 26996 name: 26997 description: 'Name of the referent. More info: 26998 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 26999 TODO: Add other useful fields. apiVersion, kind, 27000 uid?' 27001 type: string 27002 optional: 27003 description: Specify whether the Secret must be 27004 defined 27005 type: boolean 27006 type: object 27007 type: object 27008 type: array 27009 image: 27010 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images 27011 This field is optional to allow higher level config management 27012 to default or override container images in workload controllers 27013 like Deployments and StatefulSets.' 27014 type: string 27015 imagePullPolicy: 27016 description: 'Image pull policy. One of Always, Never, IfNotPresent. 27017 Defaults to Always if :latest tag is specified, or IfNotPresent 27018 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 27019 type: string 27020 lifecycle: 27021 description: Actions that the management system should take 27022 in response to container lifecycle events. Cannot be updated. 27023 properties: 27024 postStart: 27025 description: 'PostStart is called immediately after 27026 a container is created. If the handler fails, the 27027 container is terminated and restarted according to 27028 its restart policy. Other management of the container 27029 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 27030 properties: 27031 exec: 27032 description: Exec specifies the action to take. 27033 properties: 27034 command: 27035 description: Command is the command line to 27036 execute inside the container, the working 27037 directory for the command is root ('/') in 27038 the container's filesystem. The command is 27039 simply exec'd, it is not run inside a shell, 27040 so traditional shell instructions ('|', etc) 27041 won't work. To use a shell, you need to explicitly 27042 call out to that shell. Exit status of 0 is 27043 treated as live/healthy and non-zero is unhealthy. 27044 items: 27045 type: string 27046 type: array 27047 type: object 27048 httpGet: 27049 description: HTTPGet specifies the http request 27050 to perform. 27051 properties: 27052 host: 27053 description: Host name to connect to, defaults 27054 to the pod IP. You probably want to set "Host" 27055 in httpHeaders instead. 27056 type: string 27057 httpHeaders: 27058 description: Custom headers to set in the request. 27059 HTTP allows repeated headers. 27060 items: 27061 description: HTTPHeader describes a custom 27062 header to be used in HTTP probes 27063 properties: 27064 name: 27065 description: The header field name. This 27066 will be canonicalized upon output, so 27067 case-variant names will be understood 27068 as the same header. 27069 type: string 27070 value: 27071 description: The header field value 27072 type: string 27073 required: 27074 - name 27075 - value 27076 type: object 27077 type: array 27078 path: 27079 description: Path to access on the HTTP server. 27080 type: string 27081 port: 27082 anyOf: 27083 - type: integer 27084 - type: string 27085 description: Name or number of the port to access 27086 on the container. Number must be in the range 27087 1 to 65535. Name must be an IANA_SVC_NAME. 27088 x-kubernetes-int-or-string: true 27089 scheme: 27090 description: Scheme to use for connecting to 27091 the host. Defaults to HTTP. 27092 type: string 27093 required: 27094 - port 27095 type: object 27096 tcpSocket: 27097 description: Deprecated. TCPSocket is NOT supported 27098 as a LifecycleHandler and kept for the backward 27099 compatibility. There are no validation of this 27100 field and lifecycle hooks will fail in runtime 27101 when tcp handler is specified. 27102 properties: 27103 host: 27104 description: 'Optional: Host name to connect 27105 to, defaults to the pod IP.' 27106 type: string 27107 port: 27108 anyOf: 27109 - type: integer 27110 - type: string 27111 description: Number or name of the port to access 27112 on the container. Number must be in the range 27113 1 to 65535. Name must be an IANA_SVC_NAME. 27114 x-kubernetes-int-or-string: true 27115 required: 27116 - port 27117 type: object 27118 type: object 27119 preStop: 27120 description: 'PreStop is called immediately before a 27121 container is terminated due to an API request or management 27122 event such as liveness/startup probe failure, preemption, 27123 resource contention, etc. The handler is not called 27124 if the container crashes or exits. The Pod''s termination 27125 grace period countdown begins before the PreStop hook 27126 is executed. Regardless of the outcome of the handler, 27127 the container will eventually terminate within the 27128 Pod''s termination grace period (unless delayed by 27129 finalizers). Other management of the container blocks 27130 until the hook completes or until the termination 27131 grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 27132 properties: 27133 exec: 27134 description: Exec specifies the action to take. 27135 properties: 27136 command: 27137 description: Command is the command line to 27138 execute inside the container, the working 27139 directory for the command is root ('/') in 27140 the container's filesystem. The command is 27141 simply exec'd, it is not run inside a shell, 27142 so traditional shell instructions ('|', etc) 27143 won't work. To use a shell, you need to explicitly 27144 call out to that shell. Exit status of 0 is 27145 treated as live/healthy and non-zero is unhealthy. 27146 items: 27147 type: string 27148 type: array 27149 type: object 27150 httpGet: 27151 description: HTTPGet specifies the http request 27152 to perform. 27153 properties: 27154 host: 27155 description: Host name to connect to, defaults 27156 to the pod IP. You probably want to set "Host" 27157 in httpHeaders instead. 27158 type: string 27159 httpHeaders: 27160 description: Custom headers to set in the request. 27161 HTTP allows repeated headers. 27162 items: 27163 description: HTTPHeader describes a custom 27164 header to be used in HTTP probes 27165 properties: 27166 name: 27167 description: The header field name. This 27168 will be canonicalized upon output, so 27169 case-variant names will be understood 27170 as the same header. 27171 type: string 27172 value: 27173 description: The header field value 27174 type: string 27175 required: 27176 - name 27177 - value 27178 type: object 27179 type: array 27180 path: 27181 description: Path to access on the HTTP server. 27182 type: string 27183 port: 27184 anyOf: 27185 - type: integer 27186 - type: string 27187 description: Name or number of the port to access 27188 on the container. Number must be in the range 27189 1 to 65535. Name must be an IANA_SVC_NAME. 27190 x-kubernetes-int-or-string: true 27191 scheme: 27192 description: Scheme to use for connecting to 27193 the host. Defaults to HTTP. 27194 type: string 27195 required: 27196 - port 27197 type: object 27198 tcpSocket: 27199 description: Deprecated. TCPSocket is NOT supported 27200 as a LifecycleHandler and kept for the backward 27201 compatibility. There are no validation of this 27202 field and lifecycle hooks will fail in runtime 27203 when tcp handler is specified. 27204 properties: 27205 host: 27206 description: 'Optional: Host name to connect 27207 to, defaults to the pod IP.' 27208 type: string 27209 port: 27210 anyOf: 27211 - type: integer 27212 - type: string 27213 description: Number or name of the port to access 27214 on the container. Number must be in the range 27215 1 to 65535. Name must be an IANA_SVC_NAME. 27216 x-kubernetes-int-or-string: true 27217 required: 27218 - port 27219 type: object 27220 type: object 27221 type: object 27222 livenessProbe: 27223 description: 'Periodic probe of container liveness. Container 27224 will be restarted if the probe fails. Cannot be updated. 27225 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27226 properties: 27227 exec: 27228 description: Exec specifies the action to take. 27229 properties: 27230 command: 27231 description: Command is the command line to execute 27232 inside the container, the working directory for 27233 the command is root ('/') in the container's 27234 filesystem. The command is simply exec'd, it is 27235 not run inside a shell, so traditional shell instructions 27236 ('|', etc) won't work. To use a shell, you need 27237 to explicitly call out to that shell. Exit status 27238 of 0 is treated as live/healthy and non-zero is 27239 unhealthy. 27240 items: 27241 type: string 27242 type: array 27243 type: object 27244 failureThreshold: 27245 description: Minimum consecutive failures for the probe 27246 to be considered failed after having succeeded. Defaults 27247 to 3. Minimum value is 1. 27248 format: int32 27249 type: integer 27250 grpc: 27251 description: GRPC specifies an action involving a GRPC 27252 port. 27253 properties: 27254 port: 27255 description: Port number of the gRPC service. Number 27256 must be in the range 1 to 65535. 27257 format: int32 27258 type: integer 27259 service: 27260 description: "Service is the name of the service 27261 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 27262 \n If this is not specified, the default behavior 27263 is defined by gRPC." 27264 type: string 27265 required: 27266 - port 27267 type: object 27268 httpGet: 27269 description: HTTPGet specifies the http request to perform. 27270 properties: 27271 host: 27272 description: Host name to connect to, defaults to 27273 the pod IP. You probably want to set "Host" in 27274 httpHeaders instead. 27275 type: string 27276 httpHeaders: 27277 description: Custom headers to set in the request. 27278 HTTP allows repeated headers. 27279 items: 27280 description: HTTPHeader describes a custom header 27281 to be used in HTTP probes 27282 properties: 27283 name: 27284 description: The header field name. This will 27285 be canonicalized upon output, so case-variant 27286 names will be understood as the same header. 27287 type: string 27288 value: 27289 description: The header field value 27290 type: string 27291 required: 27292 - name 27293 - value 27294 type: object 27295 type: array 27296 path: 27297 description: Path to access on the HTTP server. 27298 type: string 27299 port: 27300 anyOf: 27301 - type: integer 27302 - type: string 27303 description: Name or number of the port to access 27304 on the container. Number must be in the range 27305 1 to 65535. Name must be an IANA_SVC_NAME. 27306 x-kubernetes-int-or-string: true 27307 scheme: 27308 description: Scheme to use for connecting to the 27309 host. Defaults to HTTP. 27310 type: string 27311 required: 27312 - port 27313 type: object 27314 initialDelaySeconds: 27315 description: 'Number of seconds after the container 27316 has started before liveness probes are initiated. 27317 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27318 format: int32 27319 type: integer 27320 periodSeconds: 27321 description: How often (in seconds) to perform the probe. 27322 Default to 10 seconds. Minimum value is 1. 27323 format: int32 27324 type: integer 27325 successThreshold: 27326 description: Minimum consecutive successes for the probe 27327 to be considered successful after having failed. Defaults 27328 to 1. Must be 1 for liveness and startup. Minimum 27329 value is 1. 27330 format: int32 27331 type: integer 27332 tcpSocket: 27333 description: TCPSocket specifies an action involving 27334 a TCP port. 27335 properties: 27336 host: 27337 description: 'Optional: Host name to connect to, 27338 defaults to the pod IP.' 27339 type: string 27340 port: 27341 anyOf: 27342 - type: integer 27343 - type: string 27344 description: Number or name of the port to access 27345 on the container. Number must be in the range 27346 1 to 65535. Name must be an IANA_SVC_NAME. 27347 x-kubernetes-int-or-string: true 27348 required: 27349 - port 27350 type: object 27351 terminationGracePeriodSeconds: 27352 description: Optional duration in seconds the pod needs 27353 to terminate gracefully upon probe failure. The grace 27354 period is the duration in seconds after the processes 27355 running in the pod are sent a termination signal and 27356 the time when the processes are forcibly halted with 27357 a kill signal. Set this value longer than the expected 27358 cleanup time for your process. If this value is nil, 27359 the pod's terminationGracePeriodSeconds will be used. 27360 Otherwise, this value overrides the value provided 27361 by the pod spec. Value must be non-negative integer. 27362 The value zero indicates stop immediately via the 27363 kill signal (no opportunity to shut down). This is 27364 a beta field and requires enabling ProbeTerminationGracePeriod 27365 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 27366 is used if unset. 27367 format: int64 27368 type: integer 27369 timeoutSeconds: 27370 description: 'Number of seconds after which the probe 27371 times out. Defaults to 1 second. Minimum value is 27372 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27373 format: int32 27374 type: integer 27375 type: object 27376 name: 27377 description: Name of the container specified as a DNS_LABEL. 27378 Each container in a pod must have a unique name (DNS_LABEL). 27379 Cannot be updated. 27380 type: string 27381 ports: 27382 description: List of ports to expose from the container. 27383 Not specifying a port here DOES NOT prevent that port 27384 from being exposed. Any port which is listening on the 27385 default "0.0.0.0" address inside a container will be accessible 27386 from the network. Modifying this array with strategic 27387 merge patch may corrupt the data. For more information 27388 See https://github.com/kubernetes/kubernetes/issues/108255. 27389 Cannot be updated. 27390 items: 27391 description: ContainerPort represents a network port in 27392 a single container. 27393 properties: 27394 containerPort: 27395 description: Number of port to expose on the pod's 27396 IP address. This must be a valid port number, 0 27397 < x < 65536. 27398 format: int32 27399 type: integer 27400 hostIP: 27401 description: What host IP to bind the external port 27402 to. 27403 type: string 27404 hostPort: 27405 description: Number of port to expose on the host. 27406 If specified, this must be a valid port number, 27407 0 < x < 65536. If HostNetwork is specified, this 27408 must match ContainerPort. Most containers do not 27409 need this. 27410 format: int32 27411 type: integer 27412 name: 27413 description: If specified, this must be an IANA_SVC_NAME 27414 and unique within the pod. Each named port in a 27415 pod must have a unique name. Name for the port that 27416 can be referred to by services. 27417 type: string 27418 protocol: 27419 default: TCP 27420 description: Protocol for port. Must be UDP, TCP, 27421 or SCTP. Defaults to "TCP". 27422 type: string 27423 required: 27424 - containerPort 27425 type: object 27426 type: array 27427 x-kubernetes-list-map-keys: 27428 - containerPort 27429 - protocol 27430 x-kubernetes-list-type: map 27431 readinessProbe: 27432 description: 'Periodic probe of container service readiness. 27433 Container will be removed from service endpoints if the 27434 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27435 properties: 27436 exec: 27437 description: Exec specifies the action to take. 27438 properties: 27439 command: 27440 description: Command is the command line to execute 27441 inside the container, the working directory for 27442 the command is root ('/') in the container's 27443 filesystem. The command is simply exec'd, it is 27444 not run inside a shell, so traditional shell instructions 27445 ('|', etc) won't work. To use a shell, you need 27446 to explicitly call out to that shell. Exit status 27447 of 0 is treated as live/healthy and non-zero is 27448 unhealthy. 27449 items: 27450 type: string 27451 type: array 27452 type: object 27453 failureThreshold: 27454 description: Minimum consecutive failures for the probe 27455 to be considered failed after having succeeded. Defaults 27456 to 3. Minimum value is 1. 27457 format: int32 27458 type: integer 27459 grpc: 27460 description: GRPC specifies an action involving a GRPC 27461 port. 27462 properties: 27463 port: 27464 description: Port number of the gRPC service. Number 27465 must be in the range 1 to 65535. 27466 format: int32 27467 type: integer 27468 service: 27469 description: "Service is the name of the service 27470 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 27471 \n If this is not specified, the default behavior 27472 is defined by gRPC." 27473 type: string 27474 required: 27475 - port 27476 type: object 27477 httpGet: 27478 description: HTTPGet specifies the http request to perform. 27479 properties: 27480 host: 27481 description: Host name to connect to, defaults to 27482 the pod IP. You probably want to set "Host" in 27483 httpHeaders instead. 27484 type: string 27485 httpHeaders: 27486 description: Custom headers to set in the request. 27487 HTTP allows repeated headers. 27488 items: 27489 description: HTTPHeader describes a custom header 27490 to be used in HTTP probes 27491 properties: 27492 name: 27493 description: The header field name. This will 27494 be canonicalized upon output, so case-variant 27495 names will be understood as the same header. 27496 type: string 27497 value: 27498 description: The header field value 27499 type: string 27500 required: 27501 - name 27502 - value 27503 type: object 27504 type: array 27505 path: 27506 description: Path to access on the HTTP server. 27507 type: string 27508 port: 27509 anyOf: 27510 - type: integer 27511 - type: string 27512 description: Name or number of the port to access 27513 on the container. Number must be in the range 27514 1 to 65535. Name must be an IANA_SVC_NAME. 27515 x-kubernetes-int-or-string: true 27516 scheme: 27517 description: Scheme to use for connecting to the 27518 host. Defaults to HTTP. 27519 type: string 27520 required: 27521 - port 27522 type: object 27523 initialDelaySeconds: 27524 description: 'Number of seconds after the container 27525 has started before liveness probes are initiated. 27526 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27527 format: int32 27528 type: integer 27529 periodSeconds: 27530 description: How often (in seconds) to perform the probe. 27531 Default to 10 seconds. Minimum value is 1. 27532 format: int32 27533 type: integer 27534 successThreshold: 27535 description: Minimum consecutive successes for the probe 27536 to be considered successful after having failed. Defaults 27537 to 1. Must be 1 for liveness and startup. Minimum 27538 value is 1. 27539 format: int32 27540 type: integer 27541 tcpSocket: 27542 description: TCPSocket specifies an action involving 27543 a TCP port. 27544 properties: 27545 host: 27546 description: 'Optional: Host name to connect to, 27547 defaults to the pod IP.' 27548 type: string 27549 port: 27550 anyOf: 27551 - type: integer 27552 - type: string 27553 description: Number or name of the port to access 27554 on the container. Number must be in the range 27555 1 to 65535. Name must be an IANA_SVC_NAME. 27556 x-kubernetes-int-or-string: true 27557 required: 27558 - port 27559 type: object 27560 terminationGracePeriodSeconds: 27561 description: Optional duration in seconds the pod needs 27562 to terminate gracefully upon probe failure. The grace 27563 period is the duration in seconds after the processes 27564 running in the pod are sent a termination signal and 27565 the time when the processes are forcibly halted with 27566 a kill signal. Set this value longer than the expected 27567 cleanup time for your process. If this value is nil, 27568 the pod's terminationGracePeriodSeconds will be used. 27569 Otherwise, this value overrides the value provided 27570 by the pod spec. Value must be non-negative integer. 27571 The value zero indicates stop immediately via the 27572 kill signal (no opportunity to shut down). This is 27573 a beta field and requires enabling ProbeTerminationGracePeriod 27574 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 27575 is used if unset. 27576 format: int64 27577 type: integer 27578 timeoutSeconds: 27579 description: 'Number of seconds after which the probe 27580 times out. Defaults to 1 second. Minimum value is 27581 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27582 format: int32 27583 type: integer 27584 type: object 27585 resizePolicy: 27586 description: Resources resize policy for the container. 27587 items: 27588 description: ContainerResizePolicy represents resource 27589 resize policy for the container. 27590 properties: 27591 resourceName: 27592 description: 'Name of the resource to which this resource 27593 resize policy applies. Supported values: cpu, memory.' 27594 type: string 27595 restartPolicy: 27596 description: Restart policy to apply when specified 27597 resource is resized. If not specified, it defaults 27598 to NotRequired. 27599 type: string 27600 required: 27601 - resourceName 27602 - restartPolicy 27603 type: object 27604 type: array 27605 x-kubernetes-list-type: atomic 27606 resources: 27607 description: 'Compute Resources required by this container. 27608 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 27609 properties: 27610 claims: 27611 description: "Claims lists the names of resources, defined 27612 in spec.resourceClaims, that are used by this container. 27613 \n This is an alpha field and requires enabling the 27614 DynamicResourceAllocation feature gate. \n This field 27615 is immutable. It can only be set for containers." 27616 items: 27617 description: ResourceClaim references one entry in 27618 PodSpec.ResourceClaims. 27619 properties: 27620 name: 27621 description: Name must match the name of one entry 27622 in pod.spec.resourceClaims of the Pod where 27623 this field is used. It makes that resource available 27624 inside a container. 27625 type: string 27626 required: 27627 - name 27628 type: object 27629 type: array 27630 x-kubernetes-list-map-keys: 27631 - name 27632 x-kubernetes-list-type: map 27633 limits: 27634 additionalProperties: 27635 anyOf: 27636 - type: integer 27637 - type: string 27638 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 27639 x-kubernetes-int-or-string: true 27640 description: 'Limits describes the maximum amount of 27641 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 27642 type: object 27643 requests: 27644 additionalProperties: 27645 anyOf: 27646 - type: integer 27647 - type: string 27648 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 27649 x-kubernetes-int-or-string: true 27650 description: 'Requests describes the minimum amount 27651 of compute resources required. If Requests is omitted 27652 for a container, it defaults to Limits if that is 27653 explicitly specified, otherwise to an implementation-defined 27654 value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 27655 type: object 27656 type: object 27657 restartPolicy: 27658 description: 'RestartPolicy defines the restart behavior 27659 of individual containers in a pod. This field may only 27660 be set for init containers, and the only allowed value 27661 is "Always". For non-init containers or when this field 27662 is not specified, the restart behavior is defined by the 27663 Pod''s restart policy and the container type. Setting 27664 the RestartPolicy as "Always" for the init container will 27665 have the following effect: this init container will be 27666 continually restarted on exit until all regular containers 27667 have terminated. Once all regular containers have completed, 27668 all init containers with restartPolicy "Always" will be 27669 shut down. This lifecycle differs from normal init containers 27670 and is often referred to as a "sidecar" container. Although 27671 this init container still starts in the init container 27672 sequence, it does not wait for the container to complete 27673 before proceeding to the next init container. Instead, 27674 the next init container starts immediately after this 27675 init container is started, or after any startupProbe has 27676 successfully completed.' 27677 type: string 27678 securityContext: 27679 description: 'SecurityContext defines the security options 27680 the container should be run with. If set, the fields of 27681 SecurityContext override the equivalent fields of PodSecurityContext. 27682 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 27683 properties: 27684 allowPrivilegeEscalation: 27685 description: 'AllowPrivilegeEscalation controls whether 27686 a process can gain more privileges than its parent 27687 process. This bool directly controls if the no_new_privs 27688 flag will be set on the container process. AllowPrivilegeEscalation 27689 is true always when the container is: 1) run as Privileged 27690 2) has CAP_SYS_ADMIN Note that this field cannot be 27691 set when spec.os.name is windows.' 27692 type: boolean 27693 capabilities: 27694 description: The capabilities to add/drop when running 27695 containers. Defaults to the default set of capabilities 27696 granted by the container runtime. Note that this field 27697 cannot be set when spec.os.name is windows. 27698 properties: 27699 add: 27700 description: Added capabilities 27701 items: 27702 description: Capability represent POSIX capabilities 27703 type 27704 type: string 27705 type: array 27706 drop: 27707 description: Removed capabilities 27708 items: 27709 description: Capability represent POSIX capabilities 27710 type 27711 type: string 27712 type: array 27713 type: object 27714 privileged: 27715 description: Run container in privileged mode. Processes 27716 in privileged containers are essentially equivalent 27717 to root on the host. Defaults to false. Note that 27718 this field cannot be set when spec.os.name is windows. 27719 type: boolean 27720 procMount: 27721 description: procMount denotes the type of proc mount 27722 to use for the containers. The default is DefaultProcMount 27723 which uses the container runtime defaults for readonly 27724 paths and masked paths. This requires the ProcMountType 27725 feature flag to be enabled. Note that this field cannot 27726 be set when spec.os.name is windows. 27727 type: string 27728 readOnlyRootFilesystem: 27729 description: Whether this container has a read-only 27730 root filesystem. Default is false. Note that this 27731 field cannot be set when spec.os.name is windows. 27732 type: boolean 27733 runAsGroup: 27734 description: The GID to run the entrypoint of the container 27735 process. Uses runtime default if unset. May also be 27736 set in PodSecurityContext. If set in both SecurityContext 27737 and PodSecurityContext, the value specified in SecurityContext 27738 takes precedence. Note that this field cannot be set 27739 when spec.os.name is windows. 27740 format: int64 27741 type: integer 27742 runAsNonRoot: 27743 description: Indicates that the container must run as 27744 a non-root user. If true, the Kubelet will validate 27745 the image at runtime to ensure that it does not run 27746 as UID 0 (root) and fail to start the container if 27747 it does. If unset or false, no such validation will 27748 be performed. May also be set in PodSecurityContext. If 27749 set in both SecurityContext and PodSecurityContext, 27750 the value specified in SecurityContext takes precedence. 27751 type: boolean 27752 runAsUser: 27753 description: The UID to run the entrypoint of the container 27754 process. Defaults to user specified in image metadata 27755 if unspecified. May also be set in PodSecurityContext. If 27756 set in both SecurityContext and PodSecurityContext, 27757 the value specified in SecurityContext takes precedence. 27758 Note that this field cannot be set when spec.os.name 27759 is windows. 27760 format: int64 27761 type: integer 27762 seLinuxOptions: 27763 description: The SELinux context to be applied to the 27764 container. If unspecified, the container runtime will 27765 allocate a random SELinux context for each container. May 27766 also be set in PodSecurityContext. If set in both 27767 SecurityContext and PodSecurityContext, the value 27768 specified in SecurityContext takes precedence. Note 27769 that this field cannot be set when spec.os.name is 27770 windows. 27771 properties: 27772 level: 27773 description: Level is SELinux level label that applies 27774 to the container. 27775 type: string 27776 role: 27777 description: Role is a SELinux role label that applies 27778 to the container. 27779 type: string 27780 type: 27781 description: Type is a SELinux type label that applies 27782 to the container. 27783 type: string 27784 user: 27785 description: User is a SELinux user label that applies 27786 to the container. 27787 type: string 27788 type: object 27789 seccompProfile: 27790 description: The seccomp options to use by this container. 27791 If seccomp options are provided at both the pod & 27792 container level, the container options override the 27793 pod options. Note that this field cannot be set when 27794 spec.os.name is windows. 27795 properties: 27796 localhostProfile: 27797 description: localhostProfile indicates a profile 27798 defined in a file on the node should be used. 27799 The profile must be preconfigured on the node 27800 to work. Must be a descending path, relative to 27801 the kubelet's configured seccomp profile location. 27802 Must be set if type is "Localhost". Must NOT be 27803 set for any other type. 27804 type: string 27805 type: 27806 description: "type indicates which kind of seccomp 27807 profile will be applied. Valid options are: \n 27808 Localhost - a profile defined in a file on the 27809 node should be used. RuntimeDefault - the container 27810 runtime default profile should be used. Unconfined 27811 - no profile should be applied." 27812 type: string 27813 required: 27814 - type 27815 type: object 27816 windowsOptions: 27817 description: The Windows specific settings applied to 27818 all containers. If unspecified, the options from the 27819 PodSecurityContext will be used. If set in both SecurityContext 27820 and PodSecurityContext, the value specified in SecurityContext 27821 takes precedence. Note that this field cannot be set 27822 when spec.os.name is linux. 27823 properties: 27824 gmsaCredentialSpec: 27825 description: GMSACredentialSpec is where the GMSA 27826 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 27827 inlines the contents of the GMSA credential spec 27828 named by the GMSACredentialSpecName field. 27829 type: string 27830 gmsaCredentialSpecName: 27831 description: GMSACredentialSpecName is the name 27832 of the GMSA credential spec to use. 27833 type: string 27834 hostProcess: 27835 description: HostProcess determines if a container 27836 should be run as a 'Host Process' container. All 27837 of a Pod's containers must have the same effective 27838 HostProcess value (it is not allowed to have a 27839 mix of HostProcess containers and non-HostProcess 27840 containers). In addition, if HostProcess is true 27841 then HostNetwork must also be set to true. 27842 type: boolean 27843 runAsUserName: 27844 description: The UserName in Windows to run the 27845 entrypoint of the container process. Defaults 27846 to the user specified in image metadata if unspecified. 27847 May also be set in PodSecurityContext. If set 27848 in both SecurityContext and PodSecurityContext, 27849 the value specified in SecurityContext takes precedence. 27850 type: string 27851 type: object 27852 type: object 27853 startupProbe: 27854 description: 'StartupProbe indicates that the Pod has successfully 27855 initialized. If specified, no other probes are executed 27856 until this completes successfully. If this probe fails, 27857 the Pod will be restarted, just as if the livenessProbe 27858 failed. This can be used to provide different probe parameters 27859 at the beginning of a Pod''s lifecycle, when it might 27860 take a long time to load data or warm a cache, than during 27861 steady-state operation. This cannot be updated. More info: 27862 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27863 properties: 27864 exec: 27865 description: Exec specifies the action to take. 27866 properties: 27867 command: 27868 description: Command is the command line to execute 27869 inside the container, the working directory for 27870 the command is root ('/') in the container's 27871 filesystem. The command is simply exec'd, it is 27872 not run inside a shell, so traditional shell instructions 27873 ('|', etc) won't work. To use a shell, you need 27874 to explicitly call out to that shell. Exit status 27875 of 0 is treated as live/healthy and non-zero is 27876 unhealthy. 27877 items: 27878 type: string 27879 type: array 27880 type: object 27881 failureThreshold: 27882 description: Minimum consecutive failures for the probe 27883 to be considered failed after having succeeded. Defaults 27884 to 3. Minimum value is 1. 27885 format: int32 27886 type: integer 27887 grpc: 27888 description: GRPC specifies an action involving a GRPC 27889 port. 27890 properties: 27891 port: 27892 description: Port number of the gRPC service. Number 27893 must be in the range 1 to 65535. 27894 format: int32 27895 type: integer 27896 service: 27897 description: "Service is the name of the service 27898 to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 27899 \n If this is not specified, the default behavior 27900 is defined by gRPC." 27901 type: string 27902 required: 27903 - port 27904 type: object 27905 httpGet: 27906 description: HTTPGet specifies the http request to perform. 27907 properties: 27908 host: 27909 description: Host name to connect to, defaults to 27910 the pod IP. You probably want to set "Host" in 27911 httpHeaders instead. 27912 type: string 27913 httpHeaders: 27914 description: Custom headers to set in the request. 27915 HTTP allows repeated headers. 27916 items: 27917 description: HTTPHeader describes a custom header 27918 to be used in HTTP probes 27919 properties: 27920 name: 27921 description: The header field name. This will 27922 be canonicalized upon output, so case-variant 27923 names will be understood as the same header. 27924 type: string 27925 value: 27926 description: The header field value 27927 type: string 27928 required: 27929 - name 27930 - value 27931 type: object 27932 type: array 27933 path: 27934 description: Path to access on the HTTP server. 27935 type: string 27936 port: 27937 anyOf: 27938 - type: integer 27939 - type: string 27940 description: Name or number of the port to access 27941 on the container. Number must be in the range 27942 1 to 65535. Name must be an IANA_SVC_NAME. 27943 x-kubernetes-int-or-string: true 27944 scheme: 27945 description: Scheme to use for connecting to the 27946 host. Defaults to HTTP. 27947 type: string 27948 required: 27949 - port 27950 type: object 27951 initialDelaySeconds: 27952 description: 'Number of seconds after the container 27953 has started before liveness probes are initiated. 27954 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 27955 format: int32 27956 type: integer 27957 periodSeconds: 27958 description: How often (in seconds) to perform the probe. 27959 Default to 10 seconds. Minimum value is 1. 27960 format: int32 27961 type: integer 27962 successThreshold: 27963 description: Minimum consecutive successes for the probe 27964 to be considered successful after having failed. Defaults 27965 to 1. Must be 1 for liveness and startup. Minimum 27966 value is 1. 27967 format: int32 27968 type: integer 27969 tcpSocket: 27970 description: TCPSocket specifies an action involving 27971 a TCP port. 27972 properties: 27973 host: 27974 description: 'Optional: Host name to connect to, 27975 defaults to the pod IP.' 27976 type: string 27977 port: 27978 anyOf: 27979 - type: integer 27980 - type: string 27981 description: Number or name of the port to access 27982 on the container. Number must be in the range 27983 1 to 65535. Name must be an IANA_SVC_NAME. 27984 x-kubernetes-int-or-string: true 27985 required: 27986 - port 27987 type: object 27988 terminationGracePeriodSeconds: 27989 description: Optional duration in seconds the pod needs 27990 to terminate gracefully upon probe failure. The grace 27991 period is the duration in seconds after the processes 27992 running in the pod are sent a termination signal and 27993 the time when the processes are forcibly halted with 27994 a kill signal. Set this value longer than the expected 27995 cleanup time for your process. If this value is nil, 27996 the pod's terminationGracePeriodSeconds will be used. 27997 Otherwise, this value overrides the value provided 27998 by the pod spec. Value must be non-negative integer. 27999 The value zero indicates stop immediately via the 28000 kill signal (no opportunity to shut down). This is 28001 a beta field and requires enabling ProbeTerminationGracePeriod 28002 feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds 28003 is used if unset. 28004 format: int64 28005 type: integer 28006 timeoutSeconds: 28007 description: 'Number of seconds after which the probe 28008 times out. Defaults to 1 second. Minimum value is 28009 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 28010 format: int32 28011 type: integer 28012 type: object 28013 stdin: 28014 description: Whether this container should allocate a buffer 28015 for stdin in the container runtime. If this is not set, 28016 reads from stdin in the container will always result in 28017 EOF. Default is false. 28018 type: boolean 28019 stdinOnce: 28020 description: Whether the container runtime should close 28021 the stdin channel after it has been opened by a single 28022 attach. When stdin is true the stdin stream will remain 28023 open across multiple attach sessions. If stdinOnce is 28024 set to true, stdin is opened on container start, is empty 28025 until the first client attaches to stdin, and then remains 28026 open and accepts data until the client disconnects, at 28027 which time stdin is closed and remains closed until the 28028 container is restarted. If this flag is false, a container 28029 processes that reads from stdin will never receive an 28030 EOF. Default is false 28031 type: boolean 28032 terminationMessagePath: 28033 description: 'Optional: Path at which the file to which 28034 the container''s termination message will be written is 28035 mounted into the container''s filesystem. Message written 28036 is intended to be brief final status, such as an assertion 28037 failure message. Will be truncated by the node if greater 28038 than 4096 bytes. The total message length across all containers 28039 will be limited to 12kb. Defaults to /dev/termination-log. 28040 Cannot be updated.' 28041 type: string 28042 terminationMessagePolicy: 28043 description: Indicate how the termination message should 28044 be populated. File will use the contents of terminationMessagePath 28045 to populate the container status message on both success 28046 and failure. FallbackToLogsOnError will use the last chunk 28047 of container log output if the termination message file 28048 is empty and the container exited with an error. The log 28049 output is limited to 2048 bytes or 80 lines, whichever 28050 is smaller. Defaults to File. Cannot be updated. 28051 type: string 28052 tty: 28053 description: Whether this container should allocate a TTY 28054 for itself, also requires 'stdin' to be true. Default 28055 is false. 28056 type: boolean 28057 volumeDevices: 28058 description: volumeDevices is the list of block devices 28059 to be used by the container. 28060 items: 28061 description: volumeDevice describes a mapping of a raw 28062 block device within a container. 28063 properties: 28064 devicePath: 28065 description: devicePath is the path inside of the 28066 container that the device will be mapped to. 28067 type: string 28068 name: 28069 description: name must match the name of a persistentVolumeClaim 28070 in the pod 28071 type: string 28072 required: 28073 - devicePath 28074 - name 28075 type: object 28076 type: array 28077 volumeMounts: 28078 description: Pod volumes to mount into the container's filesystem. 28079 Cannot be updated. 28080 items: 28081 description: VolumeMount describes a mounting of a Volume 28082 within a container. 28083 properties: 28084 mountPath: 28085 description: Path within the container at which the 28086 volume should be mounted. Must not contain ':'. 28087 type: string 28088 mountPropagation: 28089 description: mountPropagation determines how mounts 28090 are propagated from the host to container and the 28091 other way around. When not set, MountPropagationNone 28092 is used. This field is beta in 1.10. 28093 type: string 28094 name: 28095 description: This must match the Name of a Volume. 28096 type: string 28097 readOnly: 28098 description: Mounted read-only if true, read-write 28099 otherwise (false or unspecified). Defaults to false. 28100 type: boolean 28101 subPath: 28102 description: Path within the volume from which the 28103 container's volume should be mounted. Defaults to 28104 "" (volume's root). 28105 type: string 28106 subPathExpr: 28107 description: Expanded path within the volume from 28108 which the container's volume should be mounted. 28109 Behaves similarly to SubPath but environment variable 28110 references $(VAR_NAME) are expanded using the container's 28111 environment. Defaults to "" (volume's root). SubPathExpr 28112 and SubPath are mutually exclusive. 28113 type: string 28114 required: 28115 - mountPath 28116 - name 28117 type: object 28118 type: array 28119 workingDir: 28120 description: Container's working directory. If not specified, 28121 the container runtime's default will be used, which might 28122 be configured in the container image. Cannot be updated. 28123 type: string 28124 required: 28125 - name 28126 type: object 28127 type: array 28128 nodeName: 28129 description: NodeName is a request to schedule this pod onto a 28130 specific node. If it is non-empty, the scheduler simply schedules 28131 this pod onto that node, assuming that it fits resource requirements. 28132 type: string 28133 nodeSelector: 28134 additionalProperties: 28135 type: string 28136 description: 'NodeSelector is a selector which must be true for 28137 the pod to fit on a node. Selector which must match a node''s 28138 labels for the pod to be scheduled on that node. More info: 28139 https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 28140 type: object 28141 x-kubernetes-map-type: atomic 28142 os: 28143 description: "Specifies the OS of the containers in the pod. Some 28144 pod and container fields are restricted if this is set. \n If 28145 the OS field is set to linux, the following fields must be unset: 28146 -securityContext.windowsOptions \n If the OS field is set to 28147 windows, following fields must be unset: - spec.hostPID - spec.hostIPC 28148 - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile 28149 - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy 28150 - spec.securityContext.sysctls - spec.shareProcessNamespace 28151 - spec.securityContext.runAsUser - spec.securityContext.runAsGroup 28152 - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions 28153 - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities 28154 - spec.containers[*].securityContext.readOnlyRootFilesystem 28155 - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation 28156 - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser 28157 - spec.containers[*].securityContext.runAsGroup" 28158 properties: 28159 name: 28160 description: 'Name is the name of the operating system. The 28161 currently supported values are linux and windows. Additional 28162 value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 28163 Clients should expect to handle additional values and treat 28164 unrecognized values in this field as os: null' 28165 type: string 28166 required: 28167 - name 28168 type: object 28169 overhead: 28170 additionalProperties: 28171 anyOf: 28172 - type: integer 28173 - type: string 28174 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 28175 x-kubernetes-int-or-string: true 28176 description: 'Overhead represents the resource overhead associated 28177 with running a pod for a given RuntimeClass. This field will 28178 be autopopulated at admission time by the RuntimeClass admission 28179 controller. If the RuntimeClass admission controller is enabled, 28180 overhead must not be set in Pod create requests. The RuntimeClass 28181 admission controller will reject Pod create requests which have 28182 the overhead already set. If RuntimeClass is configured and 28183 selected in the PodSpec, Overhead will be set to the value defined 28184 in the corresponding RuntimeClass, otherwise it will remain 28185 unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' 28186 type: object 28187 preemptionPolicy: 28188 description: PreemptionPolicy is the Policy for preempting pods 28189 with lower priority. One of Never, PreemptLowerPriority. Defaults 28190 to PreemptLowerPriority if unset. 28191 type: string 28192 priority: 28193 description: The priority value. Various system components use 28194 this field to find the priority of the pod. When Priority Admission 28195 Controller is enabled, it prevents users from setting this field. 28196 The admission controller populates this field from PriorityClassName. 28197 The higher the value, the higher the priority. 28198 format: int32 28199 type: integer 28200 priorityClassName: 28201 description: If specified, indicates the pod's priority. "system-node-critical" 28202 and "system-cluster-critical" are two special keywords which 28203 indicate the highest priorities with the former being the highest 28204 priority. Any other name must be defined by creating a PriorityClass 28205 object with that name. If not specified, the pod priority will 28206 be default or zero if there is no default. 28207 type: string 28208 readinessGates: 28209 description: 'If specified, all readiness gates will be evaluated 28210 for pod readiness. A pod is ready when all its containers are 28211 ready AND all conditions specified in the readiness gates have 28212 status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' 28213 items: 28214 description: PodReadinessGate contains the reference to a pod 28215 condition 28216 properties: 28217 conditionType: 28218 description: ConditionType refers to a condition in the 28219 pod's condition list with matching type. 28220 type: string 28221 required: 28222 - conditionType 28223 type: object 28224 type: array 28225 resourceClaims: 28226 description: "ResourceClaims defines which ResourceClaims must 28227 be allocated and reserved before the Pod is allowed to start. 28228 The resources will be made available to those containers which 28229 consume them by name. \n This is an alpha field and requires 28230 enabling the DynamicResourceAllocation feature gate. \n This 28231 field is immutable." 28232 items: 28233 description: PodResourceClaim references exactly one ResourceClaim 28234 through a ClaimSource. It adds a name to it that uniquely 28235 identifies the ResourceClaim inside the Pod. Containers that 28236 need access to the ResourceClaim reference it with this name. 28237 properties: 28238 name: 28239 description: Name uniquely identifies this resource claim 28240 inside the pod. This must be a DNS_LABEL. 28241 type: string 28242 source: 28243 description: Source describes where to find the ResourceClaim. 28244 properties: 28245 resourceClaimName: 28246 description: ResourceClaimName is the name of a ResourceClaim 28247 object in the same namespace as this pod. 28248 type: string 28249 resourceClaimTemplateName: 28250 description: "ResourceClaimTemplateName is the name 28251 of a ResourceClaimTemplate object in the same namespace 28252 as this pod. \n The template will be used to create 28253 a new ResourceClaim, which will be bound to this pod. 28254 When this pod is deleted, the ResourceClaim will also 28255 be deleted. The pod name and resource name, along 28256 with a generated component, will be used to form a 28257 unique name for the ResourceClaim, which will be recorded 28258 in pod.status.resourceClaimStatuses. \n This field 28259 is immutable and no changes will be made to the corresponding 28260 ResourceClaim by the control plane after creating 28261 the ResourceClaim." 28262 type: string 28263 type: object 28264 required: 28265 - name 28266 type: object 28267 type: array 28268 x-kubernetes-list-map-keys: 28269 - name 28270 x-kubernetes-list-type: map 28271 restartPolicy: 28272 description: 'Restart policy for all containers within the pod. 28273 One of Always, OnFailure, Never. In some contexts, only a subset 28274 of those values may be permitted. Default to Always. More info: 28275 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' 28276 type: string 28277 runtimeClassName: 28278 description: 'RuntimeClassName refers to a RuntimeClass object 28279 in the node.k8s.io group, which should be used to run this pod. If 28280 no RuntimeClass resource matches the named class, the pod will 28281 not be run. If unset or empty, the "legacy" RuntimeClass will 28282 be used, which is an implicit class with an empty definition 28283 that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' 28284 type: string 28285 schedulerName: 28286 description: If specified, the pod will be dispatched by specified 28287 scheduler. If not specified, the pod will be dispatched by default 28288 scheduler. 28289 type: string 28290 schedulingGates: 28291 description: "SchedulingGates is an opaque list of values that 28292 if specified will block scheduling the pod. If schedulingGates 28293 is not empty, the pod will stay in the SchedulingGated state 28294 and the scheduler will not attempt to schedule the pod. \n SchedulingGates 28295 can only be set at pod creation time, and be removed only afterwards. 28296 \n This is a beta feature enabled by the PodSchedulingReadiness 28297 feature gate." 28298 items: 28299 description: PodSchedulingGate is associated to a Pod to guard 28300 its scheduling. 28301 properties: 28302 name: 28303 description: Name of the scheduling gate. Each scheduling 28304 gate must have a unique name field. 28305 type: string 28306 required: 28307 - name 28308 type: object 28309 type: array 28310 x-kubernetes-list-map-keys: 28311 - name 28312 x-kubernetes-list-type: map 28313 securityContext: 28314 description: 'SecurityContext holds pod-level security attributes 28315 and common container settings. Optional: Defaults to empty. See 28316 type description for default values of each field.' 28317 properties: 28318 fsGroup: 28319 description: "A special supplemental group that applies to 28320 all containers in a pod. Some volume types allow the Kubelet 28321 to change the ownership of that volume to be owned by the 28322 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 28323 bit is set (new files created in the volume will be owned 28324 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 28325 \n If unset, the Kubelet will not modify the ownership and 28326 permissions of any volume. Note that this field cannot be 28327 set when spec.os.name is windows." 28328 format: int64 28329 type: integer 28330 fsGroupChangePolicy: 28331 description: 'fsGroupChangePolicy defines behavior of changing 28332 ownership and permission of the volume before being exposed 28333 inside Pod. This field will only apply to volume types which 28334 support fsGroup based ownership(and permissions). It will 28335 have no effect on ephemeral volume types such as: secret, 28336 configmaps and emptydir. Valid values are "OnRootMismatch" 28337 and "Always". If not specified, "Always" is used. Note that 28338 this field cannot be set when spec.os.name is windows.' 28339 type: string 28340 runAsGroup: 28341 description: The GID to run the entrypoint of the container 28342 process. Uses runtime default if unset. May also be set 28343 in SecurityContext. If set in both SecurityContext and 28344 PodSecurityContext, the value specified in SecurityContext 28345 takes precedence for that container. Note that this field 28346 cannot be set when spec.os.name is windows. 28347 format: int64 28348 type: integer 28349 runAsNonRoot: 28350 description: Indicates that the container must run as a non-root 28351 user. If true, the Kubelet will validate the image at runtime 28352 to ensure that it does not run as UID 0 (root) and fail 28353 to start the container if it does. If unset or false, no 28354 such validation will be performed. May also be set in SecurityContext. If 28355 set in both SecurityContext and PodSecurityContext, the 28356 value specified in SecurityContext takes precedence. 28357 type: boolean 28358 runAsUser: 28359 description: The UID to run the entrypoint of the container 28360 process. Defaults to user specified in image metadata if 28361 unspecified. May also be set in SecurityContext. If set 28362 in both SecurityContext and PodSecurityContext, the value 28363 specified in SecurityContext takes precedence for that container. 28364 Note that this field cannot be set when spec.os.name is 28365 windows. 28366 format: int64 28367 type: integer 28368 seLinuxOptions: 28369 description: The SELinux context to be applied to all containers. 28370 If unspecified, the container runtime will allocate a random 28371 SELinux context for each container. May also be set in 28372 SecurityContext. If set in both SecurityContext and PodSecurityContext, 28373 the value specified in SecurityContext takes precedence 28374 for that container. Note that this field cannot be set when 28375 spec.os.name is windows. 28376 properties: 28377 level: 28378 description: Level is SELinux level label that applies 28379 to the container. 28380 type: string 28381 role: 28382 description: Role is a SELinux role label that applies 28383 to the container. 28384 type: string 28385 type: 28386 description: Type is a SELinux type label that applies 28387 to the container. 28388 type: string 28389 user: 28390 description: User is a SELinux user label that applies 28391 to the container. 28392 type: string 28393 type: object 28394 seccompProfile: 28395 description: The seccomp options to use by the containers 28396 in this pod. Note that this field cannot be set when spec.os.name 28397 is windows. 28398 properties: 28399 localhostProfile: 28400 description: localhostProfile indicates a profile defined 28401 in a file on the node should be used. The profile must 28402 be preconfigured on the node to work. Must be a descending 28403 path, relative to the kubelet's configured seccomp profile 28404 location. Must be set if type is "Localhost". Must NOT 28405 be set for any other type. 28406 type: string 28407 type: 28408 description: "type indicates which kind of seccomp profile 28409 will be applied. Valid options are: \n Localhost - a 28410 profile defined in a file on the node should be used. 28411 RuntimeDefault - the container runtime default profile 28412 should be used. Unconfined - no profile should be applied." 28413 type: string 28414 required: 28415 - type 28416 type: object 28417 supplementalGroups: 28418 description: A list of groups applied to the first process 28419 run in each container, in addition to the container's primary 28420 GID, the fsGroup (if specified), and group memberships defined 28421 in the container image for the uid of the container process. 28422 If unspecified, no additional groups are added to any container. 28423 Note that group memberships defined in the container image 28424 for the uid of the container process are still effective, 28425 even if they are not included in this list. Note that this 28426 field cannot be set when spec.os.name is windows. 28427 items: 28428 format: int64 28429 type: integer 28430 type: array 28431 sysctls: 28432 description: Sysctls hold a list of namespaced sysctls used 28433 for the pod. Pods with unsupported sysctls (by the container 28434 runtime) might fail to launch. Note that this field cannot 28435 be set when spec.os.name is windows. 28436 items: 28437 description: Sysctl defines a kernel parameter to be set 28438 properties: 28439 name: 28440 description: Name of a property to set 28441 type: string 28442 value: 28443 description: Value of a property to set 28444 type: string 28445 required: 28446 - name 28447 - value 28448 type: object 28449 type: array 28450 windowsOptions: 28451 description: The Windows specific settings applied to all 28452 containers. If unspecified, the options within a container's 28453 SecurityContext will be used. If set in both SecurityContext 28454 and PodSecurityContext, the value specified in SecurityContext 28455 takes precedence. Note that this field cannot be set when 28456 spec.os.name is linux. 28457 properties: 28458 gmsaCredentialSpec: 28459 description: GMSACredentialSpec is where the GMSA admission 28460 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 28461 inlines the contents of the GMSA credential spec named 28462 by the GMSACredentialSpecName field. 28463 type: string 28464 gmsaCredentialSpecName: 28465 description: GMSACredentialSpecName is the name of the 28466 GMSA credential spec to use. 28467 type: string 28468 hostProcess: 28469 description: HostProcess determines if a container should 28470 be run as a 'Host Process' container. All of a Pod's 28471 containers must have the same effective HostProcess 28472 value (it is not allowed to have a mix of HostProcess 28473 containers and non-HostProcess containers). In addition, 28474 if HostProcess is true then HostNetwork must also be 28475 set to true. 28476 type: boolean 28477 runAsUserName: 28478 description: The UserName in Windows to run the entrypoint 28479 of the container process. Defaults to the user specified 28480 in image metadata if unspecified. May also be set in 28481 PodSecurityContext. If set in both SecurityContext and 28482 PodSecurityContext, the value specified in SecurityContext 28483 takes precedence. 28484 type: string 28485 type: object 28486 type: object 28487 serviceAccount: 28488 description: 'DeprecatedServiceAccount is a depreciated alias 28489 for ServiceAccountName. Deprecated: Use serviceAccountName instead.' 28490 type: string 28491 serviceAccountName: 28492 description: 'ServiceAccountName is the name of the ServiceAccount 28493 to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' 28494 type: string 28495 setHostnameAsFQDN: 28496 description: If true the pod's hostname will be configured as 28497 the pod's FQDN, rather than the leaf name (the default). In 28498 Linux containers, this means setting the FQDN in the hostname 28499 field of the kernel (the nodename field of struct utsname). 28500 In Windows containers, this means setting the registry value 28501 of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters 28502 to FQDN. If a pod does not have FQDN, this has no effect. Default 28503 to false. 28504 type: boolean 28505 shareProcessNamespace: 28506 description: 'Share a single process namespace between all of 28507 the containers in a pod. When this is set containers will be 28508 able to view and signal processes from other containers in the 28509 same pod, and the first process in each container will not be 28510 assigned PID 1. HostPID and ShareProcessNamespace cannot both 28511 be set. Optional: Default to false.' 28512 type: boolean 28513 subdomain: 28514 description: If specified, the fully qualified Pod hostname will 28515 be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 28516 If not specified, the pod will not have a domainname at all. 28517 type: string 28518 terminationGracePeriodSeconds: 28519 description: Optional duration in seconds the pod needs to terminate 28520 gracefully. May be decreased in delete request. Value must be 28521 non-negative integer. The value zero indicates stop immediately 28522 via the kill signal (no opportunity to shut down). If this value 28523 is nil, the default grace period will be used instead. The grace 28524 period is the duration in seconds after the processes running 28525 in the pod are sent a termination signal and the time when the 28526 processes are forcibly halted with a kill signal. Set this value 28527 longer than the expected cleanup time for your process. Defaults 28528 to 30 seconds. 28529 format: int64 28530 type: integer 28531 tolerations: 28532 description: If specified, the pod's tolerations. 28533 items: 28534 description: The pod this Toleration is attached to tolerates 28535 any taint that matches the triple <key,value,effect> using 28536 the matching operator <operator>. 28537 properties: 28538 effect: 28539 description: Effect indicates the taint effect to match. 28540 Empty means match all taint effects. When specified, allowed 28541 values are NoSchedule, PreferNoSchedule and NoExecute. 28542 type: string 28543 key: 28544 description: Key is the taint key that the toleration applies 28545 to. Empty means match all taint keys. If the key is empty, 28546 operator must be Exists; this combination means to match 28547 all values and all keys. 28548 type: string 28549 operator: 28550 description: Operator represents a key's relationship to 28551 the value. Valid operators are Exists and Equal. Defaults 28552 to Equal. Exists is equivalent to wildcard for value, 28553 so that a pod can tolerate all taints of a particular 28554 category. 28555 type: string 28556 tolerationSeconds: 28557 description: TolerationSeconds represents the period of 28558 time the toleration (which must be of effect NoExecute, 28559 otherwise this field is ignored) tolerates the taint. 28560 By default, it is not set, which means tolerate the taint 28561 forever (do not evict). Zero and negative values will 28562 be treated as 0 (evict immediately) by the system. 28563 format: int64 28564 type: integer 28565 value: 28566 description: Value is the taint value the toleration matches 28567 to. If the operator is Exists, the value should be empty, 28568 otherwise just a regular string. 28569 type: string 28570 type: object 28571 type: array 28572 topologySpreadConstraints: 28573 description: TopologySpreadConstraints describes how a group of 28574 pods ought to spread across topology domains. Scheduler will 28575 schedule pods in a way which abides by the constraints. All 28576 topologySpreadConstraints are ANDed. 28577 items: 28578 description: TopologySpreadConstraint specifies how to spread 28579 matching pods among the given topology. 28580 properties: 28581 labelSelector: 28582 description: LabelSelector is used to find matching pods. 28583 Pods that match this label selector are counted to determine 28584 the number of pods in their corresponding topology domain. 28585 properties: 28586 matchExpressions: 28587 description: matchExpressions is a list of label selector 28588 requirements. The requirements are ANDed. 28589 items: 28590 description: A label selector requirement is a selector 28591 that contains values, a key, and an operator that 28592 relates the key and values. 28593 properties: 28594 key: 28595 description: key is the label key that the selector 28596 applies to. 28597 type: string 28598 operator: 28599 description: operator represents a key's relationship 28600 to a set of values. Valid operators are In, 28601 NotIn, Exists and DoesNotExist. 28602 type: string 28603 values: 28604 description: values is an array of string values. 28605 If the operator is In or NotIn, the values array 28606 must be non-empty. If the operator is Exists 28607 or DoesNotExist, the values array must be empty. 28608 This array is replaced during a strategic merge 28609 patch. 28610 items: 28611 type: string 28612 type: array 28613 required: 28614 - key 28615 - operator 28616 type: object 28617 type: array 28618 matchLabels: 28619 additionalProperties: 28620 type: string 28621 description: matchLabels is a map of {key,value} pairs. 28622 A single {key,value} in the matchLabels map is equivalent 28623 to an element of matchExpressions, whose key field 28624 is "key", the operator is "In", and the values array 28625 contains only "value". The requirements are ANDed. 28626 type: object 28627 type: object 28628 matchLabelKeys: 28629 description: "MatchLabelKeys is a set of pod label keys 28630 to select the pods over which spreading will be calculated. 28631 The keys are used to lookup values from the incoming pod 28632 labels, those key-value labels are ANDed with labelSelector 28633 to select the group of existing pods over which spreading 28634 will be calculated for the incoming pod. The same key 28635 is forbidden to exist in both MatchLabelKeys and LabelSelector. 28636 MatchLabelKeys cannot be set when LabelSelector isn't 28637 set. Keys that don't exist in the incoming pod labels 28638 will be ignored. A null or empty list means only match 28639 against labelSelector. \n This is a beta field and requires 28640 the MatchLabelKeysInPodTopologySpread feature gate to 28641 be enabled (enabled by default)." 28642 items: 28643 type: string 28644 type: array 28645 x-kubernetes-list-type: atomic 28646 maxSkew: 28647 description: 'MaxSkew describes the degree to which pods 28648 may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 28649 it is the maximum permitted difference between the number 28650 of matching pods in the target topology and the global 28651 minimum. The global minimum is the minimum number of matching 28652 pods in an eligible domain or zero if the number of eligible 28653 domains is less than MinDomains. For example, in a 3-zone 28654 cluster, MaxSkew is set to 1, and pods with the same labelSelector 28655 spread as 2/2/1: In this case, the global minimum is 1. 28656 | zone1 | zone2 | zone3 | | P P | P P | P | - 28657 if MaxSkew is 1, incoming pod can only be scheduled to 28658 zone3 to become 2/2/2; scheduling it onto zone1(zone2) 28659 would make the ActualSkew(3-1) on zone1(zone2) violate 28660 MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled 28661 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 28662 it is used to give higher precedence to topologies that 28663 satisfy it. It''s a required field. Default value is 1 28664 and 0 is not allowed.' 28665 format: int32 28666 type: integer 28667 minDomains: 28668 description: "MinDomains indicates a minimum number of eligible 28669 domains. When the number of eligible domains with matching 28670 topology keys is less than minDomains, Pod Topology Spread 28671 treats \"global minimum\" as 0, and then the calculation 28672 of Skew is performed. And when the number of eligible 28673 domains with matching topology keys equals or greater 28674 than minDomains, this value has no effect on scheduling. 28675 As a result, when the number of eligible domains is less 28676 than minDomains, scheduler won't schedule more than maxSkew 28677 Pods to those domains. If value is nil, the constraint 28678 behaves as if MinDomains is equal to 1. Valid values are 28679 integers greater than 0. When value is not nil, WhenUnsatisfiable 28680 must be DoNotSchedule. \n For example, in a 3-zone cluster, 28681 MaxSkew is set to 2, MinDomains is set to 5 and pods with 28682 the same labelSelector spread as 2/2/2: | zone1 | zone2 28683 | zone3 | | P P | P P | P P | The number of domains 28684 is less than 5(MinDomains), so \"global minimum\" is treated 28685 as 0. In this situation, new pod with the same labelSelector 28686 cannot be scheduled, because computed skew will be 3(3 28687 - 0) if new Pod is scheduled to any of the three zones, 28688 it will violate MaxSkew. \n This is a beta field and requires 28689 the MinDomainsInPodTopologySpread feature gate to be enabled 28690 (enabled by default)." 28691 format: int32 28692 type: integer 28693 nodeAffinityPolicy: 28694 description: "NodeAffinityPolicy indicates how we will treat 28695 Pod's nodeAffinity/nodeSelector when calculating pod topology 28696 spread skew. Options are: - Honor: only nodes matching 28697 nodeAffinity/nodeSelector are included in the calculations. 28698 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes 28699 are included in the calculations. \n If this value is 28700 nil, the behavior is equivalent to the Honor policy. This 28701 is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread 28702 feature flag." 28703 type: string 28704 nodeTaintsPolicy: 28705 description: "NodeTaintsPolicy indicates how we will treat 28706 node taints when calculating pod topology spread skew. 28707 Options are: - Honor: nodes without taints, along with 28708 tainted nodes for which the incoming pod has a toleration, 28709 are included. - Ignore: node taints are ignored. All nodes 28710 are included. \n If this value is nil, the behavior is 28711 equivalent to the Ignore policy. This is a beta-level 28712 feature default enabled by the NodeInclusionPolicyInPodTopologySpread 28713 feature flag." 28714 type: string 28715 topologyKey: 28716 description: TopologyKey is the key of node labels. Nodes 28717 that have a label with this key and identical values are 28718 considered to be in the same topology. We consider each 28719 <key, value> as a "bucket", and try to put balanced number 28720 of pods into each bucket. We define a domain as a particular 28721 instance of a topology. Also, we define an eligible domain 28722 as a domain whose nodes meet the requirements of nodeAffinityPolicy 28723 and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", 28724 each Node is a domain of that topology. And, if TopologyKey 28725 is "topology.kubernetes.io/zone", each zone is a domain 28726 of that topology. It's a required field. 28727 type: string 28728 whenUnsatisfiable: 28729 description: 'WhenUnsatisfiable indicates how to deal with 28730 a pod if it doesn''t satisfy the spread constraint. - 28731 DoNotSchedule (default) tells the scheduler not to schedule 28732 it. - ScheduleAnyway tells the scheduler to schedule the 28733 pod in any location, but giving higher precedence to 28734 topologies that would help reduce the skew. A constraint 28735 is considered "Unsatisfiable" for an incoming pod if and 28736 only if every possible node assignment for that pod would 28737 violate "MaxSkew" on some topology. For example, in a 28738 3-zone cluster, MaxSkew is set to 1, and pods with the 28739 same labelSelector spread as 3/1/1: | zone1 | zone2 | 28740 zone3 | | P P P | P | P | If WhenUnsatisfiable 28741 is set to DoNotSchedule, incoming pod can only be scheduled 28742 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) 28743 on zone2(zone3) satisfies MaxSkew(1). In other words, 28744 the cluster can still be imbalanced, but scheduler won''t 28745 make it *more* imbalanced. It''s a required field.' 28746 type: string 28747 required: 28748 - maxSkew 28749 - topologyKey 28750 - whenUnsatisfiable 28751 type: object 28752 type: array 28753 x-kubernetes-list-map-keys: 28754 - topologyKey 28755 - whenUnsatisfiable 28756 x-kubernetes-list-type: map 28757 volumes: 28758 description: 'List of volumes that can be mounted by containers 28759 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 28760 items: 28761 description: Volume represents a named volume in a pod that 28762 may be accessed by any container in the pod. 28763 properties: 28764 awsElasticBlockStore: 28765 description: 'awsElasticBlockStore represents an AWS Disk 28766 resource that is attached to a kubelet''s host machine 28767 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 28768 properties: 28769 fsType: 28770 description: 'fsType is the filesystem type of the volume 28771 that you want to mount. Tip: Ensure that the filesystem 28772 type is supported by the host operating system. Examples: 28773 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 28774 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 28775 TODO: how do we prevent errors in the filesystem from 28776 compromising the machine' 28777 type: string 28778 partition: 28779 description: 'partition is the partition in the volume 28780 that you want to mount. If omitted, the default is 28781 to mount by volume name. Examples: For volume /dev/sda1, 28782 you specify the partition as "1". Similarly, the volume 28783 partition for /dev/sda is "0" (or you can leave the 28784 property empty).' 28785 format: int32 28786 type: integer 28787 readOnly: 28788 description: 'readOnly value true will force the readOnly 28789 setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 28790 type: boolean 28791 volumeID: 28792 description: 'volumeID is unique ID of the persistent 28793 disk resource in AWS (Amazon EBS volume). More info: 28794 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 28795 type: string 28796 required: 28797 - volumeID 28798 type: object 28799 azureDisk: 28800 description: azureDisk represents an Azure Data Disk mount 28801 on the host and bind mount to the pod. 28802 properties: 28803 cachingMode: 28804 description: 'cachingMode is the Host Caching mode: 28805 None, Read Only, Read Write.' 28806 type: string 28807 diskName: 28808 description: diskName is the Name of the data disk in 28809 the blob storage 28810 type: string 28811 diskURI: 28812 description: diskURI is the URI of data disk in the 28813 blob storage 28814 type: string 28815 fsType: 28816 description: fsType is Filesystem type to mount. Must 28817 be a filesystem type supported by the host operating 28818 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 28819 to be "ext4" if unspecified. 28820 type: string 28821 kind: 28822 description: 'kind expected values are Shared: multiple 28823 blob disks per storage account Dedicated: single 28824 blob disk per storage account Managed: azure managed 28825 data disk (only in managed availability set). defaults 28826 to shared' 28827 type: string 28828 readOnly: 28829 description: readOnly Defaults to false (read/write). 28830 ReadOnly here will force the ReadOnly setting in VolumeMounts. 28831 type: boolean 28832 required: 28833 - diskName 28834 - diskURI 28835 type: object 28836 azureFile: 28837 description: azureFile represents an Azure File Service 28838 mount on the host and bind mount to the pod. 28839 properties: 28840 readOnly: 28841 description: readOnly defaults to false (read/write). 28842 ReadOnly here will force the ReadOnly setting in VolumeMounts. 28843 type: boolean 28844 secretName: 28845 description: secretName is the name of secret that 28846 contains Azure Storage Account Name and Key 28847 type: string 28848 shareName: 28849 description: shareName is the azure share Name 28850 type: string 28851 required: 28852 - secretName 28853 - shareName 28854 type: object 28855 cephfs: 28856 description: cephFS represents a Ceph FS mount on the host 28857 that shares a pod's lifetime 28858 properties: 28859 monitors: 28860 description: 'monitors is Required: Monitors is a collection 28861 of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 28862 items: 28863 type: string 28864 type: array 28865 path: 28866 description: 'path is Optional: Used as the mounted 28867 root, rather than the full Ceph tree, default is /' 28868 type: string 28869 readOnly: 28870 description: 'readOnly is Optional: Defaults to false 28871 (read/write). ReadOnly here will force the ReadOnly 28872 setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 28873 type: boolean 28874 secretFile: 28875 description: 'secretFile is Optional: SecretFile is 28876 the path to key ring for User, default is /etc/ceph/user.secret 28877 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 28878 type: string 28879 secretRef: 28880 description: 'secretRef is Optional: SecretRef is reference 28881 to the authentication secret for User, default is 28882 empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 28883 properties: 28884 name: 28885 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 28886 TODO: Add other useful fields. apiVersion, kind, 28887 uid?' 28888 type: string 28889 type: object 28890 user: 28891 description: 'user is optional: User is the rados user 28892 name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 28893 type: string 28894 required: 28895 - monitors 28896 type: object 28897 cinder: 28898 description: 'cinder represents a cinder volume attached 28899 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 28900 properties: 28901 fsType: 28902 description: 'fsType is the filesystem type to mount. 28903 Must be a filesystem type supported by the host operating 28904 system. Examples: "ext4", "xfs", "ntfs". Implicitly 28905 inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 28906 type: string 28907 readOnly: 28908 description: 'readOnly defaults to false (read/write). 28909 ReadOnly here will force the ReadOnly setting in VolumeMounts. 28910 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 28911 type: boolean 28912 secretRef: 28913 description: 'secretRef is optional: points to a secret 28914 object containing parameters used to connect to OpenStack.' 28915 properties: 28916 name: 28917 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 28918 TODO: Add other useful fields. apiVersion, kind, 28919 uid?' 28920 type: string 28921 type: object 28922 volumeID: 28923 description: 'volumeID used to identify the volume in 28924 cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 28925 type: string 28926 required: 28927 - volumeID 28928 type: object 28929 configMap: 28930 description: configMap represents a configMap that should 28931 populate this volume 28932 properties: 28933 defaultMode: 28934 description: 'defaultMode is optional: mode bits used 28935 to set permissions on created files by default. Must 28936 be an octal value between 0000 and 0777 or a decimal 28937 value between 0 and 511. YAML accepts both octal and 28938 decimal values, JSON requires decimal values for mode 28939 bits. Defaults to 0644. Directories within the path 28940 are not affected by this setting. This might be in 28941 conflict with other options that affect the file mode, 28942 like fsGroup, and the result can be other mode bits 28943 set.' 28944 format: int32 28945 type: integer 28946 items: 28947 description: items if unspecified, each key-value pair 28948 in the Data field of the referenced ConfigMap will 28949 be projected into the volume as a file whose name 28950 is the key and content is the value. If specified, 28951 the listed keys will be projected into the specified 28952 paths, and unlisted keys will not be present. If a 28953 key is specified which is not present in the ConfigMap, 28954 the volume setup will error unless it is marked optional. 28955 Paths must be relative and may not contain the '..' 28956 path or start with '..'. 28957 items: 28958 description: Maps a string key to a path within a 28959 volume. 28960 properties: 28961 key: 28962 description: key is the key to project. 28963 type: string 28964 mode: 28965 description: 'mode is Optional: mode bits used 28966 to set permissions on this file. Must be an 28967 octal value between 0000 and 0777 or a decimal 28968 value between 0 and 511. YAML accepts both octal 28969 and decimal values, JSON requires decimal values 28970 for mode bits. If not specified, the volume 28971 defaultMode will be used. This might be in conflict 28972 with other options that affect the file mode, 28973 like fsGroup, and the result can be other mode 28974 bits set.' 28975 format: int32 28976 type: integer 28977 path: 28978 description: path is the relative path of the 28979 file to map the key to. May not be an absolute 28980 path. May not contain the path element '..'. 28981 May not start with the string '..'. 28982 type: string 28983 required: 28984 - key 28985 - path 28986 type: object 28987 type: array 28988 name: 28989 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 28990 TODO: Add other useful fields. apiVersion, kind, uid?' 28991 type: string 28992 optional: 28993 description: optional specify whether the ConfigMap 28994 or its keys must be defined 28995 type: boolean 28996 type: object 28997 csi: 28998 description: csi (Container Storage Interface) represents 28999 ephemeral storage that is handled by certain external 29000 CSI drivers (Beta feature). 29001 properties: 29002 driver: 29003 description: driver is the name of the CSI driver that 29004 handles this volume. Consult with your admin for the 29005 correct name as registered in the cluster. 29006 type: string 29007 fsType: 29008 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". 29009 If not provided, the empty value is passed to the 29010 associated CSI driver which will determine the default 29011 filesystem to apply. 29012 type: string 29013 nodePublishSecretRef: 29014 description: nodePublishSecretRef is a reference to 29015 the secret object containing sensitive information 29016 to pass to the CSI driver to complete the CSI NodePublishVolume 29017 and NodeUnpublishVolume calls. This field is optional, 29018 and may be empty if no secret is required. If the 29019 secret object contains more than one secret, all secret 29020 references are passed. 29021 properties: 29022 name: 29023 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 29024 TODO: Add other useful fields. apiVersion, kind, 29025 uid?' 29026 type: string 29027 type: object 29028 readOnly: 29029 description: readOnly specifies a read-only configuration 29030 for the volume. Defaults to false (read/write). 29031 type: boolean 29032 volumeAttributes: 29033 additionalProperties: 29034 type: string 29035 description: volumeAttributes stores driver-specific 29036 properties that are passed to the CSI driver. Consult 29037 your driver's documentation for supported values. 29038 type: object 29039 required: 29040 - driver 29041 type: object 29042 downwardAPI: 29043 description: downwardAPI represents downward API about the 29044 pod that should populate this volume 29045 properties: 29046 defaultMode: 29047 description: 'Optional: mode bits to use on created 29048 files by default. Must be a Optional: mode bits used 29049 to set permissions on created files by default. Must 29050 be an octal value between 0000 and 0777 or a decimal 29051 value between 0 and 511. YAML accepts both octal and 29052 decimal values, JSON requires decimal values for mode 29053 bits. Defaults to 0644. Directories within the path 29054 are not affected by this setting. This might be in 29055 conflict with other options that affect the file mode, 29056 like fsGroup, and the result can be other mode bits 29057 set.' 29058 format: int32 29059 type: integer 29060 items: 29061 description: Items is a list of downward API volume 29062 file 29063 items: 29064 description: DownwardAPIVolumeFile represents information 29065 to create the file containing the pod field 29066 properties: 29067 fieldRef: 29068 description: 'Required: Selects a field of the 29069 pod: only annotations, labels, name and namespace 29070 are supported.' 29071 properties: 29072 apiVersion: 29073 description: Version of the schema the FieldPath 29074 is written in terms of, defaults to "v1". 29075 type: string 29076 fieldPath: 29077 description: Path of the field to select in 29078 the specified API version. 29079 type: string 29080 required: 29081 - fieldPath 29082 type: object 29083 mode: 29084 description: 'Optional: mode bits used to set 29085 permissions on this file, must be an octal value 29086 between 0000 and 0777 or a decimal value between 29087 0 and 511. YAML accepts both octal and decimal 29088 values, JSON requires decimal values for mode 29089 bits. If not specified, the volume defaultMode 29090 will be used. This might be in conflict with 29091 other options that affect the file mode, like 29092 fsGroup, and the result can be other mode bits 29093 set.' 29094 format: int32 29095 type: integer 29096 path: 29097 description: 'Required: Path is the relative 29098 path name of the file to be created. Must not 29099 be absolute or contain the ''..'' path. Must 29100 be utf-8 encoded. The first item of the relative 29101 path must not start with ''..''' 29102 type: string 29103 resourceFieldRef: 29104 description: 'Selects a resource of the container: 29105 only resources limits and requests (limits.cpu, 29106 limits.memory, requests.cpu and requests.memory) 29107 are currently supported.' 29108 properties: 29109 containerName: 29110 description: 'Container name: required for 29111 volumes, optional for env vars' 29112 type: string 29113 divisor: 29114 anyOf: 29115 - type: integer 29116 - type: string 29117 description: Specifies the output format of 29118 the exposed resources, defaults to "1" 29119 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 29120 x-kubernetes-int-or-string: true 29121 resource: 29122 description: 'Required: resource to select' 29123 type: string 29124 required: 29125 - resource 29126 type: object 29127 required: 29128 - path 29129 type: object 29130 type: array 29131 type: object 29132 emptyDir: 29133 description: 'emptyDir represents a temporary directory 29134 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 29135 properties: 29136 medium: 29137 description: 'medium represents what type of storage 29138 medium should back this directory. The default is 29139 "" which means to use the node''s default medium. 29140 Must be an empty string (default) or Memory. More 29141 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 29142 type: string 29143 sizeLimit: 29144 anyOf: 29145 - type: integer 29146 - type: string 29147 description: 'sizeLimit is the total amount of local 29148 storage required for this EmptyDir volume. The size 29149 limit is also applicable for memory medium. The maximum 29150 usage on memory medium EmptyDir would be the minimum 29151 value between the SizeLimit specified here and the 29152 sum of memory limits of all containers in a pod. The 29153 default is nil which means that the limit is undefined. 29154 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 29155 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 29156 x-kubernetes-int-or-string: true 29157 type: object 29158 ephemeral: 29159 description: "ephemeral represents a volume that is handled 29160 by a cluster storage driver. The volume's lifecycle is 29161 tied to the pod that defines it - it will be created before 29162 the pod starts, and deleted when the pod is removed. \n 29163 Use this if: a) the volume is only needed while the pod 29164 runs, b) features of normal volumes like restoring from 29165 snapshot or capacity tracking are needed, c) the storage 29166 driver is specified through a storage class, and d) the 29167 storage driver supports dynamic volume provisioning through 29168 \ a PersistentVolumeClaim (see EphemeralVolumeSource 29169 for more information on the connection between this 29170 volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim 29171 or one of the vendor-specific APIs for volumes that persist 29172 for longer than the lifecycle of an individual pod. \n 29173 Use CSI for light-weight local ephemeral volumes if the 29174 CSI driver is meant to be used that way - see the documentation 29175 of the driver for more information. \n A pod can use both 29176 types of ephemeral volumes and persistent volumes at the 29177 same time." 29178 properties: 29179 volumeClaimTemplate: 29180 description: "Will be used to create a stand-alone PVC 29181 to provision the volume. The pod in which this EphemeralVolumeSource 29182 is embedded will be the owner of the PVC, i.e. the 29183 PVC will be deleted together with the pod. The name 29184 of the PVC will be `<pod name>-<volume name>` where 29185 `<volume name>` is the name from the `PodSpec.Volumes` 29186 array entry. Pod validation will reject the pod if 29187 the concatenated name is not valid for a PVC (for 29188 example, too long). \n An existing PVC with that name 29189 that is not owned by the pod will *not* be used for 29190 the pod to avoid using an unrelated volume by mistake. 29191 Starting the pod is then blocked until the unrelated 29192 PVC is removed. If such a pre-created PVC is meant 29193 to be used by the pod, the PVC has to updated with 29194 an owner reference to the pod once the pod exists. 29195 Normally this should not be necessary, but it may 29196 be useful when manually reconstructing a broken cluster. 29197 \n This field is read-only and no changes will be 29198 made by Kubernetes to the PVC after it has been created. 29199 \n Required, must not be nil." 29200 properties: 29201 metadata: 29202 description: May contain labels and annotations 29203 that will be copied into the PVC when creating 29204 it. No other fields are allowed and will be rejected 29205 during validation. 29206 type: object 29207 spec: 29208 description: The specification for the PersistentVolumeClaim. 29209 The entire content is copied unchanged into the 29210 PVC that gets created from this template. The 29211 same fields as in a PersistentVolumeClaim are 29212 also valid here. 29213 properties: 29214 accessModes: 29215 description: 'accessModes contains the desired 29216 access modes the volume should have. More 29217 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 29218 items: 29219 type: string 29220 type: array 29221 dataSource: 29222 description: 'dataSource field can be used to 29223 specify either: * An existing VolumeSnapshot 29224 object (snapshot.storage.k8s.io/VolumeSnapshot) 29225 * An existing PVC (PersistentVolumeClaim) 29226 If the provisioner or an external controller 29227 can support the specified data source, it 29228 will create a new volume based on the contents 29229 of the specified data source. When the AnyVolumeDataSource 29230 feature gate is enabled, dataSource contents 29231 will be copied to dataSourceRef, and dataSourceRef 29232 contents will be copied to dataSource when 29233 dataSourceRef.namespace is not specified. 29234 If the namespace is specified, then dataSourceRef 29235 will not be copied to dataSource.' 29236 properties: 29237 apiGroup: 29238 description: APIGroup is the group for the 29239 resource being referenced. If APIGroup 29240 is not specified, the specified Kind must 29241 be in the core API group. For any other 29242 third-party types, APIGroup is required. 29243 type: string 29244 kind: 29245 description: Kind is the type of resource 29246 being referenced 29247 type: string 29248 name: 29249 description: Name is the name of resource 29250 being referenced 29251 type: string 29252 required: 29253 - kind 29254 - name 29255 type: object 29256 dataSourceRef: 29257 description: 'dataSourceRef specifies the object 29258 from which to populate the volume with data, 29259 if a non-empty volume is desired. This may 29260 be any object from a non-empty API group (non 29261 core object) or a PersistentVolumeClaim object. 29262 When this field is specified, volume binding 29263 will only succeed if the type of the specified 29264 object matches some installed volume populator 29265 or dynamic provisioner. This field will replace 29266 the functionality of the dataSource field 29267 and as such if both fields are non-empty, 29268 they must have the same value. For backwards 29269 compatibility, when namespace isn''t specified 29270 in dataSourceRef, both fields (dataSource 29271 and dataSourceRef) will be set to the same 29272 value automatically if one of them is empty 29273 and the other is non-empty. When namespace 29274 is specified in dataSourceRef, dataSource 29275 isn''t set to the same value and must be empty. 29276 There are three important differences between 29277 dataSource and dataSourceRef: * While dataSource 29278 only allows two specific types of objects, 29279 dataSourceRef allows any non-core object, 29280 as well as PersistentVolumeClaim objects. 29281 * While dataSource ignores disallowed values 29282 (dropping them), dataSourceRef preserves 29283 all values, and generates an error if a disallowed 29284 value is specified. * While dataSource only 29285 allows local objects, dataSourceRef allows 29286 objects in any namespaces. (Beta) Using 29287 this field requires the AnyVolumeDataSource 29288 feature gate to be enabled. (Alpha) Using 29289 the namespace field of dataSourceRef requires 29290 the CrossNamespaceVolumeDataSource feature 29291 gate to be enabled.' 29292 properties: 29293 apiGroup: 29294 description: APIGroup is the group for the 29295 resource being referenced. If APIGroup 29296 is not specified, the specified Kind must 29297 be in the core API group. For any other 29298 third-party types, APIGroup is required. 29299 type: string 29300 kind: 29301 description: Kind is the type of resource 29302 being referenced 29303 type: string 29304 name: 29305 description: Name is the name of resource 29306 being referenced 29307 type: string 29308 namespace: 29309 description: Namespace is the namespace 29310 of resource being referenced Note that 29311 when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 29312 object is required in the referent namespace 29313 to allow that namespace's owner to accept 29314 the reference. See the ReferenceGrant 29315 documentation for details. (Alpha) This 29316 field requires the CrossNamespaceVolumeDataSource 29317 feature gate to be enabled. 29318 type: string 29319 required: 29320 - kind 29321 - name 29322 type: object 29323 resources: 29324 description: 'resources represents the minimum 29325 resources the volume should have. If RecoverVolumeExpansionFailure 29326 feature is enabled users are allowed to specify 29327 resource requirements that are lower than 29328 previous value but must still be higher than 29329 capacity recorded in the status field of the 29330 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 29331 properties: 29332 claims: 29333 description: "Claims lists the names of 29334 resources, defined in spec.resourceClaims, 29335 that are used by this container. \n This 29336 is an alpha field and requires enabling 29337 the DynamicResourceAllocation feature 29338 gate. \n This field is immutable. It can 29339 only be set for containers." 29340 items: 29341 description: ResourceClaim references 29342 one entry in PodSpec.ResourceClaims. 29343 properties: 29344 name: 29345 description: Name must match the name 29346 of one entry in pod.spec.resourceClaims 29347 of the Pod where this field is used. 29348 It makes that resource available 29349 inside a container. 29350 type: string 29351 required: 29352 - name 29353 type: object 29354 type: array 29355 x-kubernetes-list-map-keys: 29356 - name 29357 x-kubernetes-list-type: map 29358 limits: 29359 additionalProperties: 29360 anyOf: 29361 - type: integer 29362 - type: string 29363 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 29364 x-kubernetes-int-or-string: true 29365 description: 'Limits describes the maximum 29366 amount of compute resources allowed. More 29367 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 29368 type: object 29369 requests: 29370 additionalProperties: 29371 anyOf: 29372 - type: integer 29373 - type: string 29374 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 29375 x-kubernetes-int-or-string: true 29376 description: 'Requests describes the minimum 29377 amount of compute resources required. 29378 If Requests is omitted for a container, 29379 it defaults to Limits if that is explicitly 29380 specified, otherwise to an implementation-defined 29381 value. Requests cannot exceed Limits. 29382 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 29383 type: object 29384 type: object 29385 selector: 29386 description: selector is a label query over 29387 volumes to consider for binding. 29388 properties: 29389 matchExpressions: 29390 description: matchExpressions is a list 29391 of label selector requirements. The requirements 29392 are ANDed. 29393 items: 29394 description: A label selector requirement 29395 is a selector that contains values, 29396 a key, and an operator that relates 29397 the key and values. 29398 properties: 29399 key: 29400 description: key is the label key 29401 that the selector applies to. 29402 type: string 29403 operator: 29404 description: operator represents a 29405 key's relationship to a set of values. 29406 Valid operators are In, NotIn, Exists 29407 and DoesNotExist. 29408 type: string 29409 values: 29410 description: values is an array of 29411 string values. If the operator is 29412 In or NotIn, the values array must 29413 be non-empty. If the operator is 29414 Exists or DoesNotExist, the values 29415 array must be empty. This array 29416 is replaced during a strategic merge 29417 patch. 29418 items: 29419 type: string 29420 type: array 29421 required: 29422 - key 29423 - operator 29424 type: object 29425 type: array 29426 matchLabels: 29427 additionalProperties: 29428 type: string 29429 description: matchLabels is a map of {key,value} 29430 pairs. A single {key,value} in the matchLabels 29431 map is equivalent to an element of matchExpressions, 29432 whose key field is "key", the operator 29433 is "In", and the values array contains 29434 only "value". The requirements are ANDed. 29435 type: object 29436 type: object 29437 storageClassName: 29438 description: 'storageClassName is the name of 29439 the StorageClass required by the claim. More 29440 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 29441 type: string 29442 volumeMode: 29443 description: volumeMode defines what type of 29444 volume is required by the claim. Value of 29445 Filesystem is implied when not included in 29446 claim spec. 29447 type: string 29448 volumeName: 29449 description: volumeName is the binding reference 29450 to the PersistentVolume backing this claim. 29451 type: string 29452 type: object 29453 required: 29454 - spec 29455 type: object 29456 type: object 29457 fc: 29458 description: fc represents a Fibre Channel resource that 29459 is attached to a kubelet's host machine and then exposed 29460 to the pod. 29461 properties: 29462 fsType: 29463 description: 'fsType is the filesystem type to mount. 29464 Must be a filesystem type supported by the host operating 29465 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 29466 to be "ext4" if unspecified. TODO: how do we prevent 29467 errors in the filesystem from compromising the machine' 29468 type: string 29469 lun: 29470 description: 'lun is Optional: FC target lun number' 29471 format: int32 29472 type: integer 29473 readOnly: 29474 description: 'readOnly is Optional: Defaults to false 29475 (read/write). ReadOnly here will force the ReadOnly 29476 setting in VolumeMounts.' 29477 type: boolean 29478 targetWWNs: 29479 description: 'targetWWNs is Optional: FC target worldwide 29480 names (WWNs)' 29481 items: 29482 type: string 29483 type: array 29484 wwids: 29485 description: 'wwids Optional: FC volume world wide identifiers 29486 (wwids) Either wwids or combination of targetWWNs 29487 and lun must be set, but not both simultaneously.' 29488 items: 29489 type: string 29490 type: array 29491 type: object 29492 flexVolume: 29493 description: flexVolume represents a generic volume resource 29494 that is provisioned/attached using an exec based plugin. 29495 properties: 29496 driver: 29497 description: driver is the name of the driver to use 29498 for this volume. 29499 type: string 29500 fsType: 29501 description: fsType is the filesystem type to mount. 29502 Must be a filesystem type supported by the host operating 29503 system. Ex. "ext4", "xfs", "ntfs". The default filesystem 29504 depends on FlexVolume script. 29505 type: string 29506 options: 29507 additionalProperties: 29508 type: string 29509 description: 'options is Optional: this field holds 29510 extra command options if any.' 29511 type: object 29512 readOnly: 29513 description: 'readOnly is Optional: defaults to false 29514 (read/write). ReadOnly here will force the ReadOnly 29515 setting in VolumeMounts.' 29516 type: boolean 29517 secretRef: 29518 description: 'secretRef is Optional: secretRef is reference 29519 to the secret object containing sensitive information 29520 to pass to the plugin scripts. This may be empty if 29521 no secret object is specified. If the secret object 29522 contains more than one secret, all secrets are passed 29523 to the plugin scripts.' 29524 properties: 29525 name: 29526 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 29527 TODO: Add other useful fields. apiVersion, kind, 29528 uid?' 29529 type: string 29530 type: object 29531 required: 29532 - driver 29533 type: object 29534 flocker: 29535 description: flocker represents a Flocker volume attached 29536 to a kubelet's host machine. This depends on the Flocker 29537 control service being running 29538 properties: 29539 datasetName: 29540 description: datasetName is Name of the dataset stored 29541 as metadata -> name on the dataset for Flocker should 29542 be considered as deprecated 29543 type: string 29544 datasetUUID: 29545 description: datasetUUID is the UUID of the dataset. 29546 This is unique identifier of a Flocker dataset 29547 type: string 29548 type: object 29549 gcePersistentDisk: 29550 description: 'gcePersistentDisk represents a GCE Disk resource 29551 that is attached to a kubelet''s host machine and then 29552 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 29553 properties: 29554 fsType: 29555 description: 'fsType is filesystem type of the volume 29556 that you want to mount. Tip: Ensure that the filesystem 29557 type is supported by the host operating system. Examples: 29558 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 29559 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 29560 TODO: how do we prevent errors in the filesystem from 29561 compromising the machine' 29562 type: string 29563 partition: 29564 description: 'partition is the partition in the volume 29565 that you want to mount. If omitted, the default is 29566 to mount by volume name. Examples: For volume /dev/sda1, 29567 you specify the partition as "1". Similarly, the volume 29568 partition for /dev/sda is "0" (or you can leave the 29569 property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 29570 format: int32 29571 type: integer 29572 pdName: 29573 description: 'pdName is unique name of the PD resource 29574 in GCE. Used to identify the disk in GCE. More info: 29575 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 29576 type: string 29577 readOnly: 29578 description: 'readOnly here will force the ReadOnly 29579 setting in VolumeMounts. Defaults to false. More info: 29580 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 29581 type: boolean 29582 required: 29583 - pdName 29584 type: object 29585 gitRepo: 29586 description: 'gitRepo represents a git repository at a particular 29587 revision. DEPRECATED: GitRepo is deprecated. To provision 29588 a container with a git repo, mount an EmptyDir into an 29589 InitContainer that clones the repo using git, then mount 29590 the EmptyDir into the Pod''s container.' 29591 properties: 29592 directory: 29593 description: directory is the target directory name. 29594 Must not contain or start with '..'. If '.' is supplied, 29595 the volume directory will be the git repository. Otherwise, 29596 if specified, the volume will contain the git repository 29597 in the subdirectory with the given name. 29598 type: string 29599 repository: 29600 description: repository is the URL 29601 type: string 29602 revision: 29603 description: revision is the commit hash for the specified 29604 revision. 29605 type: string 29606 required: 29607 - repository 29608 type: object 29609 glusterfs: 29610 description: 'glusterfs represents a Glusterfs mount on 29611 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 29612 properties: 29613 endpoints: 29614 description: 'endpoints is the endpoint name that details 29615 Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 29616 type: string 29617 path: 29618 description: 'path is the Glusterfs volume path. More 29619 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 29620 type: string 29621 readOnly: 29622 description: 'readOnly here will force the Glusterfs 29623 volume to be mounted with read-only permissions. Defaults 29624 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 29625 type: boolean 29626 required: 29627 - endpoints 29628 - path 29629 type: object 29630 hostPath: 29631 description: 'hostPath represents a pre-existing file or 29632 directory on the host machine that is directly exposed 29633 to the container. This is generally used for system agents 29634 or other privileged things that are allowed to see the 29635 host machine. Most containers will NOT need this. More 29636 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 29637 --- TODO(jonesdl) We need to restrict who can use host 29638 directory mounts and who can/can not mount host directories 29639 as read/write.' 29640 properties: 29641 path: 29642 description: 'path of the directory on the host. If 29643 the path is a symlink, it will follow the link to 29644 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 29645 type: string 29646 type: 29647 description: 'type for HostPath Volume Defaults to "" 29648 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 29649 type: string 29650 required: 29651 - path 29652 type: object 29653 iscsi: 29654 description: 'iscsi represents an ISCSI Disk resource that 29655 is attached to a kubelet''s host machine and then exposed 29656 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 29657 properties: 29658 chapAuthDiscovery: 29659 description: chapAuthDiscovery defines whether support 29660 iSCSI Discovery CHAP authentication 29661 type: boolean 29662 chapAuthSession: 29663 description: chapAuthSession defines whether support 29664 iSCSI Session CHAP authentication 29665 type: boolean 29666 fsType: 29667 description: 'fsType is the filesystem type of the volume 29668 that you want to mount. Tip: Ensure that the filesystem 29669 type is supported by the host operating system. Examples: 29670 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 29671 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 29672 TODO: how do we prevent errors in the filesystem from 29673 compromising the machine' 29674 type: string 29675 initiatorName: 29676 description: initiatorName is the custom iSCSI Initiator 29677 Name. If initiatorName is specified with iscsiInterface 29678 simultaneously, new iSCSI interface <target portal>:<volume 29679 name> will be created for the connection. 29680 type: string 29681 iqn: 29682 description: iqn is the target iSCSI Qualified Name. 29683 type: string 29684 iscsiInterface: 29685 description: iscsiInterface is the interface Name that 29686 uses an iSCSI transport. Defaults to 'default' (tcp). 29687 type: string 29688 lun: 29689 description: lun represents iSCSI Target Lun number. 29690 format: int32 29691 type: integer 29692 portals: 29693 description: portals is the iSCSI Target Portal List. 29694 The portal is either an IP or ip_addr:port if the 29695 port is other than default (typically TCP ports 860 29696 and 3260). 29697 items: 29698 type: string 29699 type: array 29700 readOnly: 29701 description: readOnly here will force the ReadOnly setting 29702 in VolumeMounts. Defaults to false. 29703 type: boolean 29704 secretRef: 29705 description: secretRef is the CHAP Secret for iSCSI 29706 target and initiator authentication 29707 properties: 29708 name: 29709 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 29710 TODO: Add other useful fields. apiVersion, kind, 29711 uid?' 29712 type: string 29713 type: object 29714 targetPortal: 29715 description: targetPortal is iSCSI Target Portal. The 29716 Portal is either an IP or ip_addr:port if the port 29717 is other than default (typically TCP ports 860 and 29718 3260). 29719 type: string 29720 required: 29721 - iqn 29722 - lun 29723 - targetPortal 29724 type: object 29725 name: 29726 description: 'name of the volume. Must be a DNS_LABEL and 29727 unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 29728 type: string 29729 nfs: 29730 description: 'nfs represents an NFS mount on the host that 29731 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 29732 properties: 29733 path: 29734 description: 'path that is exported by the NFS server. 29735 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 29736 type: string 29737 readOnly: 29738 description: 'readOnly here will force the NFS export 29739 to be mounted with read-only permissions. Defaults 29740 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 29741 type: boolean 29742 server: 29743 description: 'server is the hostname or IP address of 29744 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 29745 type: string 29746 required: 29747 - path 29748 - server 29749 type: object 29750 persistentVolumeClaim: 29751 description: 'persistentVolumeClaimVolumeSource represents 29752 a reference to a PersistentVolumeClaim in the same namespace. 29753 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 29754 properties: 29755 claimName: 29756 description: 'claimName is the name of a PersistentVolumeClaim 29757 in the same namespace as the pod using this volume. 29758 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 29759 type: string 29760 readOnly: 29761 description: readOnly Will force the ReadOnly setting 29762 in VolumeMounts. Default false. 29763 type: boolean 29764 required: 29765 - claimName 29766 type: object 29767 photonPersistentDisk: 29768 description: photonPersistentDisk represents a PhotonController 29769 persistent disk attached and mounted on kubelets host 29770 machine 29771 properties: 29772 fsType: 29773 description: fsType is the filesystem type to mount. 29774 Must be a filesystem type supported by the host operating 29775 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 29776 to be "ext4" if unspecified. 29777 type: string 29778 pdID: 29779 description: pdID is the ID that identifies Photon Controller 29780 persistent disk 29781 type: string 29782 required: 29783 - pdID 29784 type: object 29785 portworxVolume: 29786 description: portworxVolume represents a portworx volume 29787 attached and mounted on kubelets host machine 29788 properties: 29789 fsType: 29790 description: fSType represents the filesystem type to 29791 mount Must be a filesystem type supported by the host 29792 operating system. Ex. "ext4", "xfs". Implicitly inferred 29793 to be "ext4" if unspecified. 29794 type: string 29795 readOnly: 29796 description: readOnly defaults to false (read/write). 29797 ReadOnly here will force the ReadOnly setting in VolumeMounts. 29798 type: boolean 29799 volumeID: 29800 description: volumeID uniquely identifies a Portworx 29801 volume 29802 type: string 29803 required: 29804 - volumeID 29805 type: object 29806 projected: 29807 description: projected items for all in one resources secrets, 29808 configmaps, and downward API 29809 properties: 29810 defaultMode: 29811 description: defaultMode are the mode bits used to set 29812 permissions on created files by default. Must be an 29813 octal value between 0000 and 0777 or a decimal value 29814 between 0 and 511. YAML accepts both octal and decimal 29815 values, JSON requires decimal values for mode bits. 29816 Directories within the path are not affected by this 29817 setting. This might be in conflict with other options 29818 that affect the file mode, like fsGroup, and the result 29819 can be other mode bits set. 29820 format: int32 29821 type: integer 29822 sources: 29823 description: sources is the list of volume projections 29824 items: 29825 description: Projection that may be projected along 29826 with other supported volume types 29827 properties: 29828 configMap: 29829 description: configMap information about the configMap 29830 data to project 29831 properties: 29832 items: 29833 description: items if unspecified, each key-value 29834 pair in the Data field of the referenced 29835 ConfigMap will be projected into the volume 29836 as a file whose name is the key and content 29837 is the value. If specified, the listed keys 29838 will be projected into the specified paths, 29839 and unlisted keys will not be present. If 29840 a key is specified which is not present 29841 in the ConfigMap, the volume setup will 29842 error unless it is marked optional. Paths 29843 must be relative and may not contain the 29844 '..' path or start with '..'. 29845 items: 29846 description: Maps a string key to a path 29847 within a volume. 29848 properties: 29849 key: 29850 description: key is the key to project. 29851 type: string 29852 mode: 29853 description: 'mode is Optional: mode 29854 bits used to set permissions on this 29855 file. Must be an octal value between 29856 0000 and 0777 or a decimal value between 29857 0 and 511. YAML accepts both octal 29858 and decimal values, JSON requires 29859 decimal values for mode bits. If not 29860 specified, the volume defaultMode 29861 will be used. This might be in conflict 29862 with other options that affect the 29863 file mode, like fsGroup, and the result 29864 can be other mode bits set.' 29865 format: int32 29866 type: integer 29867 path: 29868 description: path is the relative path 29869 of the file to map the key to. May 29870 not be an absolute path. May not contain 29871 the path element '..'. May not start 29872 with the string '..'. 29873 type: string 29874 required: 29875 - key 29876 - path 29877 type: object 29878 type: array 29879 name: 29880 description: 'Name of the referent. More info: 29881 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 29882 TODO: Add other useful fields. apiVersion, 29883 kind, uid?' 29884 type: string 29885 optional: 29886 description: optional specify whether the 29887 ConfigMap or its keys must be defined 29888 type: boolean 29889 type: object 29890 downwardAPI: 29891 description: downwardAPI information about the 29892 downwardAPI data to project 29893 properties: 29894 items: 29895 description: Items is a list of DownwardAPIVolume 29896 file 29897 items: 29898 description: DownwardAPIVolumeFile represents 29899 information to create the file containing 29900 the pod field 29901 properties: 29902 fieldRef: 29903 description: 'Required: Selects a field 29904 of the pod: only annotations, labels, 29905 name and namespace are supported.' 29906 properties: 29907 apiVersion: 29908 description: Version of the schema 29909 the FieldPath is written in terms 29910 of, defaults to "v1". 29911 type: string 29912 fieldPath: 29913 description: Path of the field to 29914 select in the specified API version. 29915 type: string 29916 required: 29917 - fieldPath 29918 type: object 29919 mode: 29920 description: 'Optional: mode bits used 29921 to set permissions on this file, must 29922 be an octal value between 0000 and 29923 0777 or a decimal value between 0 29924 and 511. YAML accepts both octal and 29925 decimal values, JSON requires decimal 29926 values for mode bits. If not specified, 29927 the volume defaultMode will be used. 29928 This might be in conflict with other 29929 options that affect the file mode, 29930 like fsGroup, and the result can be 29931 other mode bits set.' 29932 format: int32 29933 type: integer 29934 path: 29935 description: 'Required: Path is the 29936 relative path name of the file to 29937 be created. Must not be absolute or 29938 contain the ''..'' path. Must be utf-8 29939 encoded. The first item of the relative 29940 path must not start with ''..''' 29941 type: string 29942 resourceFieldRef: 29943 description: 'Selects a resource of 29944 the container: only resources limits 29945 and requests (limits.cpu, limits.memory, 29946 requests.cpu and requests.memory) 29947 are currently supported.' 29948 properties: 29949 containerName: 29950 description: 'Container name: required 29951 for volumes, optional for env 29952 vars' 29953 type: string 29954 divisor: 29955 anyOf: 29956 - type: integer 29957 - type: string 29958 description: Specifies the output 29959 format of the exposed resources, 29960 defaults to "1" 29961 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 29962 x-kubernetes-int-or-string: true 29963 resource: 29964 description: 'Required: resource 29965 to select' 29966 type: string 29967 required: 29968 - resource 29969 type: object 29970 required: 29971 - path 29972 type: object 29973 type: array 29974 type: object 29975 secret: 29976 description: secret information about the secret 29977 data to project 29978 properties: 29979 items: 29980 description: items if unspecified, each key-value 29981 pair in the Data field of the referenced 29982 Secret will be projected into the volume 29983 as a file whose name is the key and content 29984 is the value. If specified, the listed keys 29985 will be projected into the specified paths, 29986 and unlisted keys will not be present. If 29987 a key is specified which is not present 29988 in the Secret, the volume setup will error 29989 unless it is marked optional. Paths must 29990 be relative and may not contain the '..' 29991 path or start with '..'. 29992 items: 29993 description: Maps a string key to a path 29994 within a volume. 29995 properties: 29996 key: 29997 description: key is the key to project. 29998 type: string 29999 mode: 30000 description: 'mode is Optional: mode 30001 bits used to set permissions on this 30002 file. Must be an octal value between 30003 0000 and 0777 or a decimal value between 30004 0 and 511. YAML accepts both octal 30005 and decimal values, JSON requires 30006 decimal values for mode bits. If not 30007 specified, the volume defaultMode 30008 will be used. This might be in conflict 30009 with other options that affect the 30010 file mode, like fsGroup, and the result 30011 can be other mode bits set.' 30012 format: int32 30013 type: integer 30014 path: 30015 description: path is the relative path 30016 of the file to map the key to. May 30017 not be an absolute path. May not contain 30018 the path element '..'. May not start 30019 with the string '..'. 30020 type: string 30021 required: 30022 - key 30023 - path 30024 type: object 30025 type: array 30026 name: 30027 description: 'Name of the referent. More info: 30028 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 30029 TODO: Add other useful fields. apiVersion, 30030 kind, uid?' 30031 type: string 30032 optional: 30033 description: optional field specify whether 30034 the Secret or its key must be defined 30035 type: boolean 30036 type: object 30037 serviceAccountToken: 30038 description: serviceAccountToken is information 30039 about the serviceAccountToken data to project 30040 properties: 30041 audience: 30042 description: audience is the intended audience 30043 of the token. A recipient of a token must 30044 identify itself with an identifier specified 30045 in the audience of the token, and otherwise 30046 should reject the token. The audience defaults 30047 to the identifier of the apiserver. 30048 type: string 30049 expirationSeconds: 30050 description: expirationSeconds is the requested 30051 duration of validity of the service account 30052 token. As the token approaches expiration, 30053 the kubelet volume plugin will proactively 30054 rotate the service account token. The kubelet 30055 will start trying to rotate the token if 30056 the token is older than 80 percent of its 30057 time to live or if the token is older than 30058 24 hours.Defaults to 1 hour and must be 30059 at least 10 minutes. 30060 format: int64 30061 type: integer 30062 path: 30063 description: path is the path relative to 30064 the mount point of the file to project the 30065 token into. 30066 type: string 30067 required: 30068 - path 30069 type: object 30070 type: object 30071 type: array 30072 type: object 30073 quobyte: 30074 description: quobyte represents a Quobyte mount on the host 30075 that shares a pod's lifetime 30076 properties: 30077 group: 30078 description: group to map volume access to Default is 30079 no group 30080 type: string 30081 readOnly: 30082 description: readOnly here will force the Quobyte volume 30083 to be mounted with read-only permissions. Defaults 30084 to false. 30085 type: boolean 30086 registry: 30087 description: registry represents a single or multiple 30088 Quobyte Registry services specified as a string as 30089 host:port pair (multiple entries are separated with 30090 commas) which acts as the central registry for volumes 30091 type: string 30092 tenant: 30093 description: tenant owning the given Quobyte volume 30094 in the Backend Used with dynamically provisioned Quobyte 30095 volumes, value is set by the plugin 30096 type: string 30097 user: 30098 description: user to map volume access to Defaults to 30099 serivceaccount user 30100 type: string 30101 volume: 30102 description: volume is a string that references an already 30103 created Quobyte volume by name. 30104 type: string 30105 required: 30106 - registry 30107 - volume 30108 type: object 30109 rbd: 30110 description: 'rbd represents a Rados Block Device mount 30111 on the host that shares a pod''s lifetime. More info: 30112 https://examples.k8s.io/volumes/rbd/README.md' 30113 properties: 30114 fsType: 30115 description: 'fsType is the filesystem type of the volume 30116 that you want to mount. Tip: Ensure that the filesystem 30117 type is supported by the host operating system. Examples: 30118 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" 30119 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 30120 TODO: how do we prevent errors in the filesystem from 30121 compromising the machine' 30122 type: string 30123 image: 30124 description: 'image is the rados image name. More info: 30125 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30126 type: string 30127 keyring: 30128 description: 'keyring is the path to key ring for RBDUser. 30129 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30130 type: string 30131 monitors: 30132 description: 'monitors is a collection of Ceph monitors. 30133 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30134 items: 30135 type: string 30136 type: array 30137 pool: 30138 description: 'pool is the rados pool name. Default is 30139 rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30140 type: string 30141 readOnly: 30142 description: 'readOnly here will force the ReadOnly 30143 setting in VolumeMounts. Defaults to false. More info: 30144 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30145 type: boolean 30146 secretRef: 30147 description: 'secretRef is name of the authentication 30148 secret for RBDUser. If provided overrides keyring. 30149 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30150 properties: 30151 name: 30152 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 30153 TODO: Add other useful fields. apiVersion, kind, 30154 uid?' 30155 type: string 30156 type: object 30157 user: 30158 description: 'user is the rados user name. Default is 30159 admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 30160 type: string 30161 required: 30162 - image 30163 - monitors 30164 type: object 30165 scaleIO: 30166 description: scaleIO represents a ScaleIO persistent volume 30167 attached and mounted on Kubernetes nodes. 30168 properties: 30169 fsType: 30170 description: fsType is the filesystem type to mount. 30171 Must be a filesystem type supported by the host operating 30172 system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 30173 type: string 30174 gateway: 30175 description: gateway is the host address of the ScaleIO 30176 API Gateway. 30177 type: string 30178 protectionDomain: 30179 description: protectionDomain is the name of the ScaleIO 30180 Protection Domain for the configured storage. 30181 type: string 30182 readOnly: 30183 description: readOnly Defaults to false (read/write). 30184 ReadOnly here will force the ReadOnly setting in VolumeMounts. 30185 type: boolean 30186 secretRef: 30187 description: secretRef references to the secret for 30188 ScaleIO user and other sensitive information. If this 30189 is not provided, Login operation will fail. 30190 properties: 30191 name: 30192 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 30193 TODO: Add other useful fields. apiVersion, kind, 30194 uid?' 30195 type: string 30196 type: object 30197 sslEnabled: 30198 description: sslEnabled Flag enable/disable SSL communication 30199 with Gateway, default false 30200 type: boolean 30201 storageMode: 30202 description: storageMode indicates whether the storage 30203 for a volume should be ThickProvisioned or ThinProvisioned. 30204 Default is ThinProvisioned. 30205 type: string 30206 storagePool: 30207 description: storagePool is the ScaleIO Storage Pool 30208 associated with the protection domain. 30209 type: string 30210 system: 30211 description: system is the name of the storage system 30212 as configured in ScaleIO. 30213 type: string 30214 volumeName: 30215 description: volumeName is the name of a volume already 30216 created in the ScaleIO system that is associated with 30217 this volume source. 30218 type: string 30219 required: 30220 - gateway 30221 - secretRef 30222 - system 30223 type: object 30224 secret: 30225 description: 'secret represents a secret that should populate 30226 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 30227 properties: 30228 defaultMode: 30229 description: 'defaultMode is Optional: mode bits used 30230 to set permissions on created files by default. Must 30231 be an octal value between 0000 and 0777 or a decimal 30232 value between 0 and 511. YAML accepts both octal and 30233 decimal values, JSON requires decimal values for mode 30234 bits. Defaults to 0644. Directories within the path 30235 are not affected by this setting. This might be in 30236 conflict with other options that affect the file mode, 30237 like fsGroup, and the result can be other mode bits 30238 set.' 30239 format: int32 30240 type: integer 30241 items: 30242 description: items If unspecified, each key-value pair 30243 in the Data field of the referenced Secret will be 30244 projected into the volume as a file whose name is 30245 the key and content is the value. If specified, the 30246 listed keys will be projected into the specified paths, 30247 and unlisted keys will not be present. If a key is 30248 specified which is not present in the Secret, the 30249 volume setup will error unless it is marked optional. 30250 Paths must be relative and may not contain the '..' 30251 path or start with '..'. 30252 items: 30253 description: Maps a string key to a path within a 30254 volume. 30255 properties: 30256 key: 30257 description: key is the key to project. 30258 type: string 30259 mode: 30260 description: 'mode is Optional: mode bits used 30261 to set permissions on this file. Must be an 30262 octal value between 0000 and 0777 or a decimal 30263 value between 0 and 511. YAML accepts both octal 30264 and decimal values, JSON requires decimal values 30265 for mode bits. If not specified, the volume 30266 defaultMode will be used. This might be in conflict 30267 with other options that affect the file mode, 30268 like fsGroup, and the result can be other mode 30269 bits set.' 30270 format: int32 30271 type: integer 30272 path: 30273 description: path is the relative path of the 30274 file to map the key to. May not be an absolute 30275 path. May not contain the path element '..'. 30276 May not start with the string '..'. 30277 type: string 30278 required: 30279 - key 30280 - path 30281 type: object 30282 type: array 30283 optional: 30284 description: optional field specify whether the Secret 30285 or its keys must be defined 30286 type: boolean 30287 secretName: 30288 description: 'secretName is the name of the secret in 30289 the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 30290 type: string 30291 type: object 30292 storageos: 30293 description: storageOS represents a StorageOS volume attached 30294 and mounted on Kubernetes nodes. 30295 properties: 30296 fsType: 30297 description: fsType is the filesystem type to mount. 30298 Must be a filesystem type supported by the host operating 30299 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 30300 to be "ext4" if unspecified. 30301 type: string 30302 readOnly: 30303 description: readOnly defaults to false (read/write). 30304 ReadOnly here will force the ReadOnly setting in VolumeMounts. 30305 type: boolean 30306 secretRef: 30307 description: secretRef specifies the secret to use for 30308 obtaining the StorageOS API credentials. If not specified, 30309 default values will be attempted. 30310 properties: 30311 name: 30312 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 30313 TODO: Add other useful fields. apiVersion, kind, 30314 uid?' 30315 type: string 30316 type: object 30317 volumeName: 30318 description: volumeName is the human-readable name of 30319 the StorageOS volume. Volume names are only unique 30320 within a namespace. 30321 type: string 30322 volumeNamespace: 30323 description: volumeNamespace specifies the scope of 30324 the volume within StorageOS. If no namespace is specified 30325 then the Pod's namespace will be used. This allows 30326 the Kubernetes name scoping to be mirrored within 30327 StorageOS for tighter integration. Set VolumeName 30328 to any name to override the default behaviour. Set 30329 to "default" if you are not using namespaces within 30330 StorageOS. Namespaces that do not pre-exist within 30331 StorageOS will be created. 30332 type: string 30333 type: object 30334 vsphereVolume: 30335 description: vsphereVolume represents a vSphere volume attached 30336 and mounted on kubelets host machine 30337 properties: 30338 fsType: 30339 description: fsType is filesystem type to mount. Must 30340 be a filesystem type supported by the host operating 30341 system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred 30342 to be "ext4" if unspecified. 30343 type: string 30344 storagePolicyID: 30345 description: storagePolicyID is the storage Policy Based 30346 Management (SPBM) profile ID associated with the StoragePolicyName. 30347 type: string 30348 storagePolicyName: 30349 description: storagePolicyName is the storage Policy 30350 Based Management (SPBM) profile name. 30351 type: string 30352 volumePath: 30353 description: volumePath is the path that identifies 30354 vSphere volume vmdk 30355 type: string 30356 required: 30357 - volumePath 30358 type: object 30359 required: 30360 - name 30361 type: object 30362 type: array 30363 required: 30364 - containers 30365 type: object 30366 prowjob_defaults: 30367 description: ProwJobDefault holds configuration options provided as 30368 defaults in the Prow config 30369 properties: 30370 resultstore_config: 30371 description: ResultStoreConfig specifies parameters for uploading 30372 results to the ResultStore service. 30373 properties: 30374 project_id: 30375 description: ProjectID specifies the ResultStore InvocationAttributes.ProjectID, 30376 used for various quota and GUI access control purposes. 30377 In practice, it is generally the same as the Google Cloud 30378 Project ID or number of the job's GCS storage bucket. Required 30379 to upload results to ResultStore. 30380 type: string 30381 type: object 30382 tenant_id: 30383 type: string 30384 type: object 30385 refs: 30386 description: Refs is the code under test, determined at runtime by 30387 Prow itself 30388 properties: 30389 base_link: 30390 description: BaseLink is a link to the commit identified by BaseSHA. 30391 type: string 30392 base_ref: 30393 type: string 30394 base_sha: 30395 type: string 30396 blobless_fetch: 30397 description: BloblessFetch tells prow to avoid fetching objects 30398 when cloning using the --filter=blob:none flag. If unspecified, 30399 defaults to DecorationConfig.BloblessFetch. 30400 type: boolean 30401 clone_depth: 30402 description: CloneDepth is the depth of the clone that will be 30403 used. A depth of zero will do a full clone. 30404 type: integer 30405 clone_uri: 30406 description: CloneURI is the URI that is used to clone the repository. 30407 If unset, will default to `https://github.com/org/repo.git`. 30408 type: string 30409 org: 30410 description: Org is something like kubernetes or k8s.io 30411 type: string 30412 path_alias: 30413 description: PathAlias is the location under <root-dir>/src where 30414 this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo 30415 will be used as the default. 30416 type: string 30417 pulls: 30418 items: 30419 description: Pull describes a pull request at a particular point 30420 in time. 30421 properties: 30422 author: 30423 type: string 30424 author_link: 30425 description: AuthorLink links to the author of the pull 30426 request. 30427 type: string 30428 commit_link: 30429 description: CommitLink links to the commit identified by 30430 the SHA. 30431 type: string 30432 head_ref: 30433 description: 'HeadRef is the git ref (branch name) of the 30434 proposed change. This can be more human-readable than 30435 just a PR #, and some tools want this metadata to help 30436 associate the work with a pull request (e.g. some code 30437 scanning services, or chromatic.com).' 30438 type: string 30439 link: 30440 description: Link links to the pull request itself. 30441 type: string 30442 number: 30443 type: integer 30444 ref: 30445 description: 'Ref is git ref can be checked out for a change 30446 for example, github: pull/123/head gerrit: refs/changes/00/123/1' 30447 type: string 30448 sha: 30449 type: string 30450 title: 30451 type: string 30452 required: 30453 - author 30454 - number 30455 - sha 30456 type: object 30457 type: array 30458 repo: 30459 description: Repo is something like test-infra 30460 type: string 30461 repo_link: 30462 description: RepoLink links to the source for Repo. 30463 type: string 30464 skip_fetch_head: 30465 description: SkipFetchHead tells prow to avoid a git fetch <remote> 30466 call. Multiheaded repos may need to not make this call. The 30467 git fetch <remote> <BaseRef> call occurs regardless. 30468 type: boolean 30469 skip_submodules: 30470 description: SkipSubmodules determines if submodules should be 30471 cloned when the job is run. Defaults to false. 30472 type: boolean 30473 workdir: 30474 description: WorkDir defines if the location of the cloned repository 30475 will be used as the default working directory. 30476 type: boolean 30477 required: 30478 - org 30479 - repo 30480 type: object 30481 report: 30482 description: Report determines if the result of this job should be 30483 reported (e.g. status on GitHub, message in Slack, etc.) 30484 type: boolean 30485 reporter_config: 30486 description: ReporterConfig holds reporter-specific configuration 30487 properties: 30488 slack: 30489 properties: 30490 channel: 30491 type: string 30492 host: 30493 type: string 30494 job_states_to_report: 30495 items: 30496 description: ProwJobState specifies whether the job is running 30497 type: string 30498 type: array 30499 report: 30500 description: 'Report is derived from JobStatesToReport, it''s 30501 used for differentiating nil from empty slice, as yaml roundtrip 30502 by design can''t tell the difference when omitempty is supplied. 30503 See https://github.com/kubernetes/test-infra/pull/24168 30504 for details Priority-wise, it goes by following order: - 30505 `report: true/false`` in job config - `JobStatesToReport: 30506 <anything including empty slice>` in job config - `report: 30507 true/false`` in global config - `JobStatesToReport:` in 30508 global config' 30509 type: boolean 30510 report_template: 30511 type: string 30512 type: object 30513 type: object 30514 rerun_auth_config: 30515 description: RerunAuthConfig holds information about which users can 30516 rerun the job 30517 properties: 30518 allow_anyone: 30519 description: If AllowAnyone is set to true, any user can rerun 30520 the job 30521 type: boolean 30522 github_orgs: 30523 description: GitHubOrgs contains names of GitHub organizations 30524 whose members can rerun the job 30525 items: 30526 type: string 30527 type: array 30528 github_team_ids: 30529 description: 'GitHubTeams contains IDs of GitHub teams of users 30530 who can rerun the job If you know the name of a team and the 30531 org it belongs to, you can look up its ID using this command, 30532 where the team slug is the hyphenated name: curl -H "Authorization: 30533 token <token>" "https://api.github.com/orgs/<org-name>/teams/<team 30534 slug>" or, to list all teams in a given org, use curl -H "Authorization: 30535 token <token>" "https://api.github.com/orgs/<org-name>/teams"' 30536 items: 30537 type: integer 30538 type: array 30539 github_team_slugs: 30540 description: GitHubTeamSlugs contains slugs and orgs of teams 30541 of users who can rerun the job 30542 items: 30543 properties: 30544 org: 30545 type: string 30546 slug: 30547 type: string 30548 required: 30549 - org 30550 - slug 30551 type: object 30552 type: array 30553 github_users: 30554 description: GitHubUsers contains names of individual users who 30555 can rerun the job 30556 items: 30557 type: string 30558 type: array 30559 type: object 30560 rerun_command: 30561 description: RerunCommand is the command a user would write to trigger 30562 this job on their pull request 30563 type: string 30564 tekton_pipeline_run_spec: 30565 description: TektonPipelineRunSpec provides the basis for running 30566 the test as a pipeline-crd resource https://github.com/tektoncd/pipeline 30567 properties: 30568 v1beta1: 30569 description: PipelineRunSpec defines the desired state of PipelineRun 30570 properties: 30571 params: 30572 description: Params is a list of parameter names and values. 30573 items: 30574 description: Param declares an ParamValues to use for the 30575 parameter called name. 30576 properties: 30577 name: 30578 type: string 30579 value: 30580 description: ParamValue is a type that can hold a single 30581 string or string array. Used in JSON unmarshalling 30582 so that a single JSON field can accept either an individual 30583 string or an array of strings. 30584 properties: 30585 arrayVal: 30586 items: 30587 type: string 30588 type: array 30589 x-kubernetes-list-type: atomic 30590 objectVal: 30591 additionalProperties: 30592 type: string 30593 type: object 30594 stringVal: 30595 type: string 30596 type: 30597 description: ParamType indicates the type of an 30598 input parameter; Used to distinguish between a 30599 single string and an array of strings. 30600 type: string 30601 required: 30602 - arrayVal 30603 - objectVal 30604 - stringVal 30605 - type 30606 type: object 30607 required: 30608 - name 30609 - value 30610 type: object 30611 type: array 30612 x-kubernetes-list-type: atomic 30613 pipelineRef: 30614 description: PipelineRef can be used to refer to a specific 30615 instance of a Pipeline. 30616 properties: 30617 apiVersion: 30618 description: API version of the referent 30619 type: string 30620 bundle: 30621 description: 'Bundle url reference to a Tekton Bundle. 30622 Deprecated: Please use ResolverRef with the bundles 30623 resolver instead.' 30624 type: string 30625 name: 30626 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 30627 type: string 30628 params: 30629 description: Params contains the parameters used to identify 30630 the referenced Tekton resource. Example entries might 30631 include "repo" or "path" but the set of params ultimately 30632 depends on the chosen resolver. 30633 items: 30634 description: Param declares an ParamValues to use for 30635 the parameter called name. 30636 properties: 30637 name: 30638 type: string 30639 value: 30640 description: ParamValue is a type that can hold 30641 a single string or string array. Used in JSON 30642 unmarshalling so that a single JSON field can 30643 accept either an individual string or an array 30644 of strings. 30645 properties: 30646 arrayVal: 30647 items: 30648 type: string 30649 type: array 30650 x-kubernetes-list-type: atomic 30651 objectVal: 30652 additionalProperties: 30653 type: string 30654 type: object 30655 stringVal: 30656 type: string 30657 type: 30658 description: ParamType indicates the type of 30659 an input parameter; Used to distinguish between 30660 a single string and an array of strings. 30661 type: string 30662 required: 30663 - arrayVal 30664 - objectVal 30665 - stringVal 30666 - type 30667 type: object 30668 required: 30669 - name 30670 - value 30671 type: object 30672 type: array 30673 x-kubernetes-list-type: atomic 30674 resolver: 30675 description: Resolver is the name of the resolver that 30676 should perform resolution of the referenced Tekton resource, 30677 such as "git". 30678 type: string 30679 type: object 30680 pipelineSpec: 30681 description: PipelineSpec defines the desired state of Pipeline. 30682 properties: 30683 description: 30684 description: Description is a user-facing description 30685 of the pipeline that may be used to populate a UI. 30686 type: string 30687 finally: 30688 description: Finally declares the list of Tasks that execute 30689 just before leaving the Pipeline i.e. either after all 30690 Tasks are finished executing successfully or after a 30691 failure which would result in ending the Pipeline 30692 items: 30693 description: PipelineTask defines a task in a Pipeline, 30694 passing inputs from both Params and from the output 30695 of previous tasks. 30696 properties: 30697 matrix: 30698 description: Matrix declares parameters used to 30699 fan out this task. 30700 properties: 30701 params: 30702 description: Params is a list of parameters 30703 used to fan out the pipelineTask Params takes 30704 only `Parameters` of type `"array"` Each array 30705 element is supplied to the `PipelineTask` 30706 by substituting `params` of type `"string"` 30707 in the underlying `Task`. The names of the 30708 `params` in the `Matrix` must match the names 30709 of the `params` in the underlying `Task` that 30710 they will be substituting. 30711 items: 30712 description: Param declares an ParamValues 30713 to use for the parameter called name. 30714 properties: 30715 name: 30716 type: string 30717 value: 30718 description: ParamValue is a type that 30719 can hold a single string or string array. 30720 Used in JSON unmarshalling so that a 30721 single JSON field can accept either 30722 an individual string or an array of 30723 strings. 30724 properties: 30725 arrayVal: 30726 items: 30727 type: string 30728 type: array 30729 x-kubernetes-list-type: atomic 30730 objectVal: 30731 additionalProperties: 30732 type: string 30733 type: object 30734 stringVal: 30735 type: string 30736 type: 30737 description: ParamType indicates the 30738 type of an input parameter; Used 30739 to distinguish between a single 30740 string and an array of strings. 30741 type: string 30742 required: 30743 - arrayVal 30744 - objectVal 30745 - stringVal 30746 - type 30747 type: object 30748 required: 30749 - name 30750 - value 30751 type: object 30752 type: array 30753 x-kubernetes-list-type: atomic 30754 type: object 30755 name: 30756 description: Name is the name of this task within 30757 the context of a Pipeline. Name is used as a coordinate 30758 with the `from` and `runAfter` fields to establish 30759 the execution order of tasks relative to one another. 30760 type: string 30761 params: 30762 description: Parameters declares parameters passed 30763 to this task. 30764 items: 30765 description: Param declares an ParamValues to 30766 use for the parameter called name. 30767 properties: 30768 name: 30769 type: string 30770 value: 30771 description: ParamValue is a type that can 30772 hold a single string or string array. Used 30773 in JSON unmarshalling so that a single JSON 30774 field can accept either an individual string 30775 or an array of strings. 30776 properties: 30777 arrayVal: 30778 items: 30779 type: string 30780 type: array 30781 x-kubernetes-list-type: atomic 30782 objectVal: 30783 additionalProperties: 30784 type: string 30785 type: object 30786 stringVal: 30787 type: string 30788 type: 30789 description: ParamType indicates the type 30790 of an input parameter; Used to distinguish 30791 between a single string and an array 30792 of strings. 30793 type: string 30794 required: 30795 - arrayVal 30796 - objectVal 30797 - stringVal 30798 - type 30799 type: object 30800 required: 30801 - name 30802 - value 30803 type: object 30804 type: array 30805 x-kubernetes-list-type: atomic 30806 resources: 30807 description: Resources declares the resources given 30808 to this task as inputs and outputs. 30809 properties: 30810 inputs: 30811 description: Inputs holds the mapping from the 30812 PipelineResources declared in DeclaredPipelineResources 30813 to the input PipelineResources required by 30814 the Task. 30815 items: 30816 description: PipelineTaskInputResource maps 30817 the name of a declared PipelineResource 30818 input dependency in a Task to the resource 30819 in the Pipeline's DeclaredPipelineResources 30820 that should be used. This input may come 30821 from a previous task. 30822 properties: 30823 from: 30824 description: From is the list of PipelineTask 30825 names that the resource has to come 30826 from. (Implies an ordering in the execution 30827 graph.) 30828 items: 30829 type: string 30830 type: array 30831 x-kubernetes-list-type: atomic 30832 name: 30833 description: Name is the name of the PipelineResource 30834 as declared by the Task. 30835 type: string 30836 resource: 30837 description: Resource is the name of the 30838 DeclaredPipelineResource to use. 30839 type: string 30840 required: 30841 - name 30842 - resource 30843 type: object 30844 type: array 30845 x-kubernetes-list-type: atomic 30846 outputs: 30847 description: Outputs holds the mapping from 30848 the PipelineResources declared in DeclaredPipelineResources 30849 to the input PipelineResources required by 30850 the Task. 30851 items: 30852 description: PipelineTaskOutputResource maps 30853 the name of a declared PipelineResource 30854 output dependency in a Task to the resource 30855 in the Pipeline's DeclaredPipelineResources 30856 that should be used. 30857 properties: 30858 name: 30859 description: Name is the name of the PipelineResource 30860 as declared by the Task. 30861 type: string 30862 resource: 30863 description: Resource is the name of the 30864 DeclaredPipelineResource to use. 30865 type: string 30866 required: 30867 - name 30868 - resource 30869 type: object 30870 type: array 30871 x-kubernetes-list-type: atomic 30872 type: object 30873 retries: 30874 description: 'Retries represents how many times 30875 this task should be retried in case of task failure: 30876 ConditionSucceeded set to False' 30877 type: integer 30878 runAfter: 30879 description: RunAfter is the list of PipelineTask 30880 names that should be executed before this Task 30881 executes. (Used to force a specific ordering in 30882 graph execution.) 30883 items: 30884 type: string 30885 type: array 30886 x-kubernetes-list-type: atomic 30887 taskRef: 30888 description: TaskRef is a reference to a task definition. 30889 properties: 30890 apiVersion: 30891 description: API version of the referent 30892 type: string 30893 bundle: 30894 description: 'Bundle url reference to a Tekton 30895 Bundle. Deprecated: Please use ResolverRef 30896 with the bundles resolver instead.' 30897 type: string 30898 kind: 30899 description: TaskKind indicates the kind of 30900 the task, namespaced or cluster scoped. 30901 type: string 30902 name: 30903 description: 'Name of the referent; More info: 30904 http://kubernetes.io/docs/user-guide/identifiers#names' 30905 type: string 30906 params: 30907 description: Params contains the parameters 30908 used to identify the referenced Tekton resource. 30909 Example entries might include "repo" or "path" 30910 but the set of params ultimately depends on 30911 the chosen resolver. 30912 items: 30913 description: Param declares an ParamValues 30914 to use for the parameter called name. 30915 properties: 30916 name: 30917 type: string 30918 value: 30919 description: ParamValue is a type that 30920 can hold a single string or string array. 30921 Used in JSON unmarshalling so that a 30922 single JSON field can accept either 30923 an individual string or an array of 30924 strings. 30925 properties: 30926 arrayVal: 30927 items: 30928 type: string 30929 type: array 30930 x-kubernetes-list-type: atomic 30931 objectVal: 30932 additionalProperties: 30933 type: string 30934 type: object 30935 stringVal: 30936 type: string 30937 type: 30938 description: ParamType indicates the 30939 type of an input parameter; Used 30940 to distinguish between a single 30941 string and an array of strings. 30942 type: string 30943 required: 30944 - arrayVal 30945 - objectVal 30946 - stringVal 30947 - type 30948 type: object 30949 required: 30950 - name 30951 - value 30952 type: object 30953 type: array 30954 x-kubernetes-list-type: atomic 30955 resolver: 30956 description: Resolver is the name of the resolver 30957 that should perform resolution of the referenced 30958 Tekton resource, such as "git". 30959 type: string 30960 type: object 30961 taskSpec: 30962 description: TaskSpec is a specification of a task 30963 properties: 30964 apiVersion: 30965 type: string 30966 description: 30967 description: Description is a user-facing description 30968 of the task that may be used to populate a 30969 UI. 30970 type: string 30971 kind: 30972 type: string 30973 metadata: 30974 description: PipelineTaskMetadata contains the 30975 labels or annotations for an EmbeddedTask 30976 properties: 30977 annotations: 30978 additionalProperties: 30979 type: string 30980 type: object 30981 labels: 30982 additionalProperties: 30983 type: string 30984 type: object 30985 type: object 30986 params: 30987 description: Params is a list of input parameters 30988 required to run the task. Params must be supplied 30989 as inputs in TaskRuns unless they declare 30990 a default value. 30991 items: 30992 description: ParamSpec defines arbitrary parameters 30993 needed beyond typed inputs (such as resources). 30994 Parameter values are provided by users as 30995 inputs on a TaskRun or PipelineRun. 30996 properties: 30997 default: 30998 description: Default is the value a parameter 30999 takes if no input value is supplied. 31000 If default is set, a Task may be executed 31001 without a supplied value for the parameter. 31002 properties: 31003 arrayVal: 31004 items: 31005 type: string 31006 type: array 31007 x-kubernetes-list-type: atomic 31008 objectVal: 31009 additionalProperties: 31010 type: string 31011 type: object 31012 stringVal: 31013 type: string 31014 type: 31015 description: ParamType indicates the 31016 type of an input parameter; Used 31017 to distinguish between a single 31018 string and an array of strings. 31019 type: string 31020 required: 31021 - arrayVal 31022 - objectVal 31023 - stringVal 31024 - type 31025 type: object 31026 description: 31027 description: Description is a user-facing 31028 description of the parameter that may 31029 be used to populate a UI. 31030 type: string 31031 name: 31032 description: Name declares the name by 31033 which a parameter is referenced. 31034 type: string 31035 properties: 31036 additionalProperties: 31037 description: PropertySpec defines the 31038 struct for object keys 31039 properties: 31040 type: 31041 description: ParamType indicates 31042 the type of an input parameter; 31043 Used to distinguish between a 31044 single string and an array of 31045 strings. 31046 type: string 31047 type: object 31048 description: Properties is the JSON Schema 31049 properties to support key-value pairs 31050 parameter. 31051 type: object 31052 type: 31053 description: Type is the user-specified 31054 type of the parameter. The possible 31055 types are currently "string", "array" 31056 and "object", and "string" is the default. 31057 type: string 31058 required: 31059 - name 31060 type: object 31061 type: array 31062 x-kubernetes-list-type: atomic 31063 resources: 31064 description: Resources is a list input and output 31065 resource to run the task Resources are represented 31066 in TaskRuns as bindings to instances of PipelineResources. 31067 properties: 31068 inputs: 31069 description: Inputs holds the mapping from 31070 the PipelineResources declared in DeclaredPipelineResources 31071 to the input PipelineResources required 31072 by the Task. 31073 items: 31074 description: TaskResource defines an input 31075 or output Resource declared as a requirement 31076 by a Task. The Name field will be used 31077 to refer to these Resources within the 31078 Task definition, and when provided as 31079 an Input, the Name will be the path 31080 to the volume mounted containing this 31081 Resource as an input (e.g. an input 31082 Resource named `workspace` will be mounted 31083 at `/workspace`). 31084 properties: 31085 description: 31086 description: Description is a user-facing 31087 description of the declared resource 31088 that may be used to populate a UI. 31089 type: string 31090 name: 31091 description: Name declares the name 31092 by which a resource is referenced 31093 in the definition. Resources may 31094 be referenced by name in the definition 31095 of a Task's steps. 31096 type: string 31097 optional: 31098 description: 'Optional declares the 31099 resource as optional. By default 31100 optional is set to false which makes 31101 a resource required. optional: true 31102 - the resource is considered optional 31103 optional: false - the resource is 31104 considered required (equivalent 31105 of not specifying it)' 31106 type: boolean 31107 targetPath: 31108 description: TargetPath is the path 31109 in workspace directory where the 31110 resource will be copied. 31111 type: string 31112 type: 31113 description: Type is the type of this 31114 resource; 31115 type: string 31116 required: 31117 - name 31118 - type 31119 type: object 31120 type: array 31121 x-kubernetes-list-type: atomic 31122 outputs: 31123 description: Outputs holds the mapping from 31124 the PipelineResources declared in DeclaredPipelineResources 31125 to the input PipelineResources required 31126 by the Task. 31127 items: 31128 description: TaskResource defines an input 31129 or output Resource declared as a requirement 31130 by a Task. The Name field will be used 31131 to refer to these Resources within the 31132 Task definition, and when provided as 31133 an Input, the Name will be the path 31134 to the volume mounted containing this 31135 Resource as an input (e.g. an input 31136 Resource named `workspace` will be mounted 31137 at `/workspace`). 31138 properties: 31139 description: 31140 description: Description is a user-facing 31141 description of the declared resource 31142 that may be used to populate a UI. 31143 type: string 31144 name: 31145 description: Name declares the name 31146 by which a resource is referenced 31147 in the definition. Resources may 31148 be referenced by name in the definition 31149 of a Task's steps. 31150 type: string 31151 optional: 31152 description: 'Optional declares the 31153 resource as optional. By default 31154 optional is set to false which makes 31155 a resource required. optional: true 31156 - the resource is considered optional 31157 optional: false - the resource is 31158 considered required (equivalent 31159 of not specifying it)' 31160 type: boolean 31161 targetPath: 31162 description: TargetPath is the path 31163 in workspace directory where the 31164 resource will be copied. 31165 type: string 31166 type: 31167 description: Type is the type of this 31168 resource; 31169 type: string 31170 required: 31171 - name 31172 - type 31173 type: object 31174 type: array 31175 x-kubernetes-list-type: atomic 31176 type: object 31177 results: 31178 description: Results are values that this Task 31179 can output 31180 items: 31181 description: TaskResult used to describe the 31182 results of a task 31183 properties: 31184 description: 31185 description: Description is a human-readable 31186 description of the result 31187 type: string 31188 name: 31189 description: Name the given name 31190 type: string 31191 properties: 31192 additionalProperties: 31193 description: PropertySpec defines the 31194 struct for object keys 31195 properties: 31196 type: 31197 description: ParamType indicates 31198 the type of an input parameter; 31199 Used to distinguish between a 31200 single string and an array of 31201 strings. 31202 type: string 31203 type: object 31204 description: Properties is the JSON Schema 31205 properties to support key-value pairs 31206 results. 31207 type: object 31208 type: 31209 description: Type is the user-specified 31210 type of the result. The possible type 31211 is currently "string" and will support 31212 "array" in following work. 31213 type: string 31214 required: 31215 - name 31216 type: object 31217 type: array 31218 x-kubernetes-list-type: atomic 31219 sidecars: 31220 description: Sidecars are run alongside the 31221 Task's step containers. They begin before 31222 the steps start and end after the steps complete. 31223 items: 31224 description: Sidecar has nearly the same data 31225 structure as Step but does not have the 31226 ability to timeout. 31227 properties: 31228 args: 31229 description: 'Arguments to the entrypoint. 31230 The image''s CMD is used if this is 31231 not provided. Variable references $(VAR_NAME) 31232 are expanded using the container''s 31233 environment. If a variable cannot be 31234 resolved, the reference in the input 31235 string will be unchanged. Double $$ 31236 are reduced to a single $, which allows 31237 for escaping the $(VAR_NAME) syntax: 31238 i.e. "$$(VAR_NAME)" will produce the 31239 string literal "$(VAR_NAME)". Escaped 31240 references will never be expanded, regardless 31241 of whether the variable exists or not. 31242 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 31243 items: 31244 type: string 31245 type: array 31246 x-kubernetes-list-type: atomic 31247 command: 31248 description: 'Entrypoint array. Not executed 31249 within a shell. The image''s ENTRYPOINT 31250 is used if this is not provided. Variable 31251 references $(VAR_NAME) are expanded 31252 using the Sidecar''s environment. If 31253 a variable cannot be resolved, the reference 31254 in the input string will be unchanged. 31255 Double $$ are reduced to a single $, 31256 which allows for escaping the $(VAR_NAME) 31257 syntax: i.e. "$$(VAR_NAME)" will produce 31258 the string literal "$(VAR_NAME)". Escaped 31259 references will never be expanded, regardless 31260 of whether the variable exists or not. 31261 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 31262 items: 31263 type: string 31264 type: array 31265 x-kubernetes-list-type: atomic 31266 env: 31267 description: List of environment variables 31268 to set in the Sidecar. Cannot be updated. 31269 items: 31270 description: EnvVar represents an environment 31271 variable present in a Container. 31272 properties: 31273 name: 31274 description: Name of the environment 31275 variable. Must be a C_IDENTIFIER. 31276 type: string 31277 value: 31278 description: 'Variable references 31279 $(VAR_NAME) are expanded using 31280 the previously defined environment 31281 variables in the container and 31282 any service environment variables. 31283 If a variable cannot be resolved, 31284 the reference in the input string 31285 will be unchanged. Double $$ are 31286 reduced to a single $, which allows 31287 for escaping the $(VAR_NAME) syntax: 31288 i.e. "$$(VAR_NAME)" will produce 31289 the string literal "$(VAR_NAME)". 31290 Escaped references will never 31291 be expanded, regardless of whether 31292 the variable exists or not. Defaults 31293 to "".' 31294 type: string 31295 valueFrom: 31296 description: Source for the environment 31297 variable's value. Cannot be used 31298 if value is not empty. 31299 properties: 31300 configMapKeyRef: 31301 description: Selects a key of 31302 a ConfigMap. 31303 properties: 31304 key: 31305 description: The key to 31306 select. 31307 type: string 31308 name: 31309 description: 'Name of the 31310 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 31311 TODO: Add other useful 31312 fields. apiVersion, kind, 31313 uid?' 31314 type: string 31315 optional: 31316 description: Specify whether 31317 the ConfigMap or its key 31318 must be defined 31319 type: boolean 31320 required: 31321 - key 31322 type: object 31323 fieldRef: 31324 description: 'Selects a field 31325 of the pod: supports metadata.name, 31326 metadata.namespace, `metadata.labels[''<KEY>'']`, 31327 `metadata.annotations[''<KEY>'']`, 31328 spec.nodeName, spec.serviceAccountName, 31329 status.hostIP, status.podIP, 31330 status.podIPs.' 31331 properties: 31332 apiVersion: 31333 description: Version of 31334 the schema the FieldPath 31335 is written in terms of, 31336 defaults to "v1". 31337 type: string 31338 fieldPath: 31339 description: Path of the 31340 field to select in the 31341 specified API version. 31342 type: string 31343 required: 31344 - fieldPath 31345 type: object 31346 resourceFieldRef: 31347 description: 'Selects a resource 31348 of the container: only resources 31349 limits and requests (limits.cpu, 31350 limits.memory, limits.ephemeral-storage, 31351 requests.cpu, requests.memory 31352 and requests.ephemeral-storage) 31353 are currently supported.' 31354 properties: 31355 containerName: 31356 description: 'Container 31357 name: required for volumes, 31358 optional for env vars' 31359 type: string 31360 divisor: 31361 anyOf: 31362 - type: integer 31363 - type: string 31364 description: Specifies the 31365 output format of the exposed 31366 resources, defaults to 31367 "1" 31368 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 31369 x-kubernetes-int-or-string: true 31370 resource: 31371 description: 'Required: 31372 resource to select' 31373 type: string 31374 required: 31375 - resource 31376 type: object 31377 secretKeyRef: 31378 description: Selects a key of 31379 a secret in the pod's namespace 31380 properties: 31381 key: 31382 description: The key of 31383 the secret to select from. Must 31384 be a valid secret key. 31385 type: string 31386 name: 31387 description: 'Name of the 31388 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 31389 TODO: Add other useful 31390 fields. apiVersion, kind, 31391 uid?' 31392 type: string 31393 optional: 31394 description: Specify whether 31395 the Secret or its key 31396 must be defined 31397 type: boolean 31398 required: 31399 - key 31400 type: object 31401 type: object 31402 required: 31403 - name 31404 type: object 31405 type: array 31406 x-kubernetes-list-type: atomic 31407 envFrom: 31408 description: List of sources to populate 31409 environment variables in the Sidecar. 31410 The keys defined within a source must 31411 be a C_IDENTIFIER. All invalid keys 31412 will be reported as an event when the 31413 Sidecar is starting. When a key exists 31414 in multiple sources, the value associated 31415 with the last source will take precedence. 31416 Values defined by an Env with a duplicate 31417 key will take precedence. Cannot be 31418 updated. 31419 items: 31420 description: EnvFromSource represents 31421 the source of a set of ConfigMaps 31422 properties: 31423 configMapRef: 31424 description: The ConfigMap to select 31425 from 31426 properties: 31427 name: 31428 description: 'Name of the referent. 31429 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 31430 TODO: Add other useful fields. 31431 apiVersion, kind, uid?' 31432 type: string 31433 optional: 31434 description: Specify whether 31435 the ConfigMap must be defined 31436 type: boolean 31437 type: object 31438 prefix: 31439 description: An optional identifier 31440 to prepend to each key in the 31441 ConfigMap. Must be a C_IDENTIFIER. 31442 type: string 31443 secretRef: 31444 description: The Secret to select 31445 from 31446 properties: 31447 name: 31448 description: 'Name of the referent. 31449 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 31450 TODO: Add other useful fields. 31451 apiVersion, kind, uid?' 31452 type: string 31453 optional: 31454 description: Specify whether 31455 the Secret must be defined 31456 type: boolean 31457 type: object 31458 type: object 31459 type: array 31460 x-kubernetes-list-type: atomic 31461 image: 31462 description: 'Image name to be used by 31463 the Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images' 31464 type: string 31465 imagePullPolicy: 31466 description: 'Image pull policy. One of 31467 Always, Never, IfNotPresent. Defaults 31468 to Always if :latest tag is specified, 31469 or IfNotPresent otherwise. Cannot be 31470 updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 31471 type: string 31472 lifecycle: 31473 description: Actions that the management 31474 system should take in response to Sidecar 31475 lifecycle events. Cannot be updated. 31476 properties: 31477 postStart: 31478 description: 'PostStart is called 31479 immediately after a container is 31480 created. If the handler fails, the 31481 container is terminated and restarted 31482 according to its restart policy. 31483 Other management of the container 31484 blocks until the hook completes. 31485 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 31486 properties: 31487 exec: 31488 description: Exec specifies the 31489 action to take. 31490 properties: 31491 command: 31492 description: Command is the 31493 command line to execute 31494 inside the container, the 31495 working directory for the 31496 command is root ('/') in 31497 the container's filesystem. 31498 The command is simply exec'd, 31499 it is not run inside a shell, 31500 so traditional shell instructions 31501 ('|', etc) won't work. To 31502 use a shell, you need to 31503 explicitly call out to that 31504 shell. Exit status of 0 31505 is treated as live/healthy 31506 and non-zero is unhealthy. 31507 items: 31508 type: string 31509 type: array 31510 type: object 31511 httpGet: 31512 description: HTTPGet specifies 31513 the http request to perform. 31514 properties: 31515 host: 31516 description: Host name to 31517 connect to, defaults to 31518 the pod IP. You probably 31519 want to set "Host" in httpHeaders 31520 instead. 31521 type: string 31522 httpHeaders: 31523 description: Custom headers 31524 to set in the request. HTTP 31525 allows repeated headers. 31526 items: 31527 description: HTTPHeader 31528 describes a custom header 31529 to be used in HTTP probes 31530 properties: 31531 name: 31532 description: The header 31533 field name. This will 31534 be canonicalized upon 31535 output, so case-variant 31536 names will be understood 31537 as the same header. 31538 type: string 31539 value: 31540 description: The header 31541 field value 31542 type: string 31543 required: 31544 - name 31545 - value 31546 type: object 31547 type: array 31548 path: 31549 description: Path to access 31550 on the HTTP server. 31551 type: string 31552 port: 31553 anyOf: 31554 - type: integer 31555 - type: string 31556 description: Name or number 31557 of the port to access on 31558 the container. Number must 31559 be in the range 1 to 65535. 31560 Name must be an IANA_SVC_NAME. 31561 x-kubernetes-int-or-string: true 31562 scheme: 31563 description: Scheme to use 31564 for connecting to the host. 31565 Defaults to HTTP. 31566 type: string 31567 required: 31568 - port 31569 type: object 31570 tcpSocket: 31571 description: Deprecated. TCPSocket 31572 is NOT supported as a LifecycleHandler 31573 and kept for the backward compatibility. 31574 There are no validation of this 31575 field and lifecycle hooks will 31576 fail in runtime when tcp handler 31577 is specified. 31578 properties: 31579 host: 31580 description: 'Optional: Host 31581 name to connect to, defaults 31582 to the pod IP.' 31583 type: string 31584 port: 31585 anyOf: 31586 - type: integer 31587 - type: string 31588 description: Number or name 31589 of the port to access on 31590 the container. Number must 31591 be in the range 1 to 65535. 31592 Name must be an IANA_SVC_NAME. 31593 x-kubernetes-int-or-string: true 31594 required: 31595 - port 31596 type: object 31597 type: object 31598 preStop: 31599 description: 'PreStop is called immediately 31600 before a container is terminated 31601 due to an API request or management 31602 event such as liveness/startup probe 31603 failure, preemption, resource contention, 31604 etc. The handler is not called if 31605 the container crashes or exits. 31606 The Pod''s termination grace period 31607 countdown begins before the PreStop 31608 hook is executed. Regardless of 31609 the outcome of the handler, the 31610 container will eventually terminate 31611 within the Pod''s termination grace 31612 period (unless delayed by finalizers). 31613 Other management of the container 31614 blocks until the hook completes 31615 or until the termination grace period 31616 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 31617 properties: 31618 exec: 31619 description: Exec specifies the 31620 action to take. 31621 properties: 31622 command: 31623 description: Command is the 31624 command line to execute 31625 inside the container, the 31626 working directory for the 31627 command is root ('/') in 31628 the container's filesystem. 31629 The command is simply exec'd, 31630 it is not run inside a shell, 31631 so traditional shell instructions 31632 ('|', etc) won't work. To 31633 use a shell, you need to 31634 explicitly call out to that 31635 shell. Exit status of 0 31636 is treated as live/healthy 31637 and non-zero is unhealthy. 31638 items: 31639 type: string 31640 type: array 31641 type: object 31642 httpGet: 31643 description: HTTPGet specifies 31644 the http request to perform. 31645 properties: 31646 host: 31647 description: Host name to 31648 connect to, defaults to 31649 the pod IP. You probably 31650 want to set "Host" in httpHeaders 31651 instead. 31652 type: string 31653 httpHeaders: 31654 description: Custom headers 31655 to set in the request. HTTP 31656 allows repeated headers. 31657 items: 31658 description: HTTPHeader 31659 describes a custom header 31660 to be used in HTTP probes 31661 properties: 31662 name: 31663 description: The header 31664 field name. This will 31665 be canonicalized upon 31666 output, so case-variant 31667 names will be understood 31668 as the same header. 31669 type: string 31670 value: 31671 description: The header 31672 field value 31673 type: string 31674 required: 31675 - name 31676 - value 31677 type: object 31678 type: array 31679 path: 31680 description: Path to access 31681 on the HTTP server. 31682 type: string 31683 port: 31684 anyOf: 31685 - type: integer 31686 - type: string 31687 description: Name or number 31688 of the port to access on 31689 the container. Number must 31690 be in the range 1 to 65535. 31691 Name must be an IANA_SVC_NAME. 31692 x-kubernetes-int-or-string: true 31693 scheme: 31694 description: Scheme to use 31695 for connecting to the host. 31696 Defaults to HTTP. 31697 type: string 31698 required: 31699 - port 31700 type: object 31701 tcpSocket: 31702 description: Deprecated. TCPSocket 31703 is NOT supported as a LifecycleHandler 31704 and kept for the backward compatibility. 31705 There are no validation of this 31706 field and lifecycle hooks will 31707 fail in runtime when tcp handler 31708 is specified. 31709 properties: 31710 host: 31711 description: 'Optional: Host 31712 name to connect to, defaults 31713 to the pod IP.' 31714 type: string 31715 port: 31716 anyOf: 31717 - type: integer 31718 - type: string 31719 description: Number or name 31720 of the port to access on 31721 the container. Number must 31722 be in the range 1 to 65535. 31723 Name must be an IANA_SVC_NAME. 31724 x-kubernetes-int-or-string: true 31725 required: 31726 - port 31727 type: object 31728 type: object 31729 type: object 31730 livenessProbe: 31731 description: 'Periodic probe of Sidecar 31732 liveness. Container will be restarted 31733 if the probe fails. Cannot be updated. 31734 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 31735 properties: 31736 exec: 31737 description: Exec specifies the action 31738 to take. 31739 properties: 31740 command: 31741 description: Command is the command 31742 line to execute inside the container, 31743 the working directory for the 31744 command is root ('/') in the 31745 container's filesystem. The 31746 command is simply exec'd, it 31747 is not run inside a shell, so 31748 traditional shell instructions 31749 ('|', etc) won't work. To use 31750 a shell, you need to explicitly 31751 call out to that shell. Exit 31752 status of 0 is treated as live/healthy 31753 and non-zero is unhealthy. 31754 items: 31755 type: string 31756 type: array 31757 type: object 31758 failureThreshold: 31759 description: Minimum consecutive failures 31760 for the probe to be considered failed 31761 after having succeeded. Defaults 31762 to 3. Minimum value is 1. 31763 format: int32 31764 type: integer 31765 grpc: 31766 description: GRPC specifies an action 31767 involving a GRPC port. 31768 properties: 31769 port: 31770 description: Port number of the 31771 gRPC service. Number must be 31772 in the range 1 to 65535. 31773 format: int32 31774 type: integer 31775 service: 31776 description: "Service is the name 31777 of the service to place in the 31778 gRPC HealthCheckRequest (see 31779 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 31780 \n If this is not specified, 31781 the default behavior is defined 31782 by gRPC." 31783 type: string 31784 required: 31785 - port 31786 type: object 31787 httpGet: 31788 description: HTTPGet specifies the 31789 http request to perform. 31790 properties: 31791 host: 31792 description: Host name to connect 31793 to, defaults to the pod IP. 31794 You probably want to set "Host" 31795 in httpHeaders instead. 31796 type: string 31797 httpHeaders: 31798 description: Custom headers to 31799 set in the request. HTTP allows 31800 repeated headers. 31801 items: 31802 description: HTTPHeader describes 31803 a custom header to be used 31804 in HTTP probes 31805 properties: 31806 name: 31807 description: The header 31808 field name. This will 31809 be canonicalized upon 31810 output, so case-variant 31811 names will be understood 31812 as the same header. 31813 type: string 31814 value: 31815 description: The header 31816 field value 31817 type: string 31818 required: 31819 - name 31820 - value 31821 type: object 31822 type: array 31823 path: 31824 description: Path to access on 31825 the HTTP server. 31826 type: string 31827 port: 31828 anyOf: 31829 - type: integer 31830 - type: string 31831 description: Name or number of 31832 the port to access on the container. 31833 Number must be in the range 31834 1 to 65535. Name must be an 31835 IANA_SVC_NAME. 31836 x-kubernetes-int-or-string: true 31837 scheme: 31838 description: Scheme to use for 31839 connecting to the host. Defaults 31840 to HTTP. 31841 type: string 31842 required: 31843 - port 31844 type: object 31845 initialDelaySeconds: 31846 description: 'Number of seconds after 31847 the container has started before 31848 liveness probes are initiated. More 31849 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 31850 format: int32 31851 type: integer 31852 periodSeconds: 31853 description: How often (in seconds) 31854 to perform the probe. Default to 31855 10 seconds. Minimum value is 1. 31856 format: int32 31857 type: integer 31858 successThreshold: 31859 description: Minimum consecutive successes 31860 for the probe to be considered successful 31861 after having failed. Defaults to 31862 1. Must be 1 for liveness and startup. 31863 Minimum value is 1. 31864 format: int32 31865 type: integer 31866 tcpSocket: 31867 description: TCPSocket specifies an 31868 action involving a TCP port. 31869 properties: 31870 host: 31871 description: 'Optional: Host name 31872 to connect to, defaults to the 31873 pod IP.' 31874 type: string 31875 port: 31876 anyOf: 31877 - type: integer 31878 - type: string 31879 description: Number or name of 31880 the port to access on the container. 31881 Number must be in the range 31882 1 to 65535. Name must be an 31883 IANA_SVC_NAME. 31884 x-kubernetes-int-or-string: true 31885 required: 31886 - port 31887 type: object 31888 terminationGracePeriodSeconds: 31889 description: Optional duration in 31890 seconds the pod needs to terminate 31891 gracefully upon probe failure. The 31892 grace period is the duration in 31893 seconds after the processes running 31894 in the pod are sent a termination 31895 signal and the time when the processes 31896 are forcibly halted with a kill 31897 signal. Set this value longer than 31898 the expected cleanup time for your 31899 process. If this value is nil, the 31900 pod's terminationGracePeriodSeconds 31901 will be used. Otherwise, this value 31902 overrides the value provided by 31903 the pod spec. Value must be non-negative 31904 integer. The value zero indicates 31905 stop immediately via the kill signal 31906 (no opportunity to shut down). This 31907 is a beta field and requires enabling 31908 ProbeTerminationGracePeriod feature 31909 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 31910 is used if unset. 31911 format: int64 31912 type: integer 31913 timeoutSeconds: 31914 description: 'Number of seconds after 31915 which the probe times out. Defaults 31916 to 1 second. Minimum value is 1. 31917 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 31918 format: int32 31919 type: integer 31920 type: object 31921 name: 31922 description: Name of the Sidecar specified 31923 as a DNS_LABEL. Each Sidecar in a Task 31924 must have a unique name (DNS_LABEL). 31925 Cannot be updated. 31926 type: string 31927 ports: 31928 description: List of ports to expose from 31929 the Sidecar. Exposing a port here gives 31930 the system additional information about 31931 the network connections a container 31932 uses, but is primarily informational. 31933 Not specifying a port here DOES NOT 31934 prevent that port from being exposed. 31935 Any port which is listening on the default 31936 "0.0.0.0" address inside a container 31937 will be accessible from the network. 31938 Cannot be updated. 31939 items: 31940 description: ContainerPort represents 31941 a network port in a single container. 31942 properties: 31943 containerPort: 31944 description: Number of port to expose 31945 on the pod's IP address. This 31946 must be a valid port number, 0 31947 < x < 65536. 31948 format: int32 31949 type: integer 31950 hostIP: 31951 description: What host IP to bind 31952 the external port to. 31953 type: string 31954 hostPort: 31955 description: Number of port to expose 31956 on the host. If specified, this 31957 must be a valid port number, 0 31958 < x < 65536. If HostNetwork is 31959 specified, this must match ContainerPort. 31960 Most containers do not need this. 31961 format: int32 31962 type: integer 31963 name: 31964 description: If specified, this 31965 must be an IANA_SVC_NAME and unique 31966 within the pod. Each named port 31967 in a pod must have a unique name. 31968 Name for the port that can be 31969 referred to by services. 31970 type: string 31971 protocol: 31972 default: TCP 31973 description: Protocol for port. 31974 Must be UDP, TCP, or SCTP. Defaults 31975 to "TCP". 31976 type: string 31977 required: 31978 - containerPort 31979 type: object 31980 type: array 31981 x-kubernetes-list-map-keys: 31982 - containerPort 31983 - protocol 31984 x-kubernetes-list-type: map 31985 readinessProbe: 31986 description: 'Periodic probe of Sidecar 31987 service readiness. Container will be 31988 removed from service endpoints if the 31989 probe fails. Cannot be updated. More 31990 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 31991 properties: 31992 exec: 31993 description: Exec specifies the action 31994 to take. 31995 properties: 31996 command: 31997 description: Command is the command 31998 line to execute inside the container, 31999 the working directory for the 32000 command is root ('/') in the 32001 container's filesystem. The 32002 command is simply exec'd, it 32003 is not run inside a shell, so 32004 traditional shell instructions 32005 ('|', etc) won't work. To use 32006 a shell, you need to explicitly 32007 call out to that shell. Exit 32008 status of 0 is treated as live/healthy 32009 and non-zero is unhealthy. 32010 items: 32011 type: string 32012 type: array 32013 type: object 32014 failureThreshold: 32015 description: Minimum consecutive failures 32016 for the probe to be considered failed 32017 after having succeeded. Defaults 32018 to 3. Minimum value is 1. 32019 format: int32 32020 type: integer 32021 grpc: 32022 description: GRPC specifies an action 32023 involving a GRPC port. 32024 properties: 32025 port: 32026 description: Port number of the 32027 gRPC service. Number must be 32028 in the range 1 to 65535. 32029 format: int32 32030 type: integer 32031 service: 32032 description: "Service is the name 32033 of the service to place in the 32034 gRPC HealthCheckRequest (see 32035 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 32036 \n If this is not specified, 32037 the default behavior is defined 32038 by gRPC." 32039 type: string 32040 required: 32041 - port 32042 type: object 32043 httpGet: 32044 description: HTTPGet specifies the 32045 http request to perform. 32046 properties: 32047 host: 32048 description: Host name to connect 32049 to, defaults to the pod IP. 32050 You probably want to set "Host" 32051 in httpHeaders instead. 32052 type: string 32053 httpHeaders: 32054 description: Custom headers to 32055 set in the request. HTTP allows 32056 repeated headers. 32057 items: 32058 description: HTTPHeader describes 32059 a custom header to be used 32060 in HTTP probes 32061 properties: 32062 name: 32063 description: The header 32064 field name. This will 32065 be canonicalized upon 32066 output, so case-variant 32067 names will be understood 32068 as the same header. 32069 type: string 32070 value: 32071 description: The header 32072 field value 32073 type: string 32074 required: 32075 - name 32076 - value 32077 type: object 32078 type: array 32079 path: 32080 description: Path to access on 32081 the HTTP server. 32082 type: string 32083 port: 32084 anyOf: 32085 - type: integer 32086 - type: string 32087 description: Name or number of 32088 the port to access on the container. 32089 Number must be in the range 32090 1 to 65535. Name must be an 32091 IANA_SVC_NAME. 32092 x-kubernetes-int-or-string: true 32093 scheme: 32094 description: Scheme to use for 32095 connecting to the host. Defaults 32096 to HTTP. 32097 type: string 32098 required: 32099 - port 32100 type: object 32101 initialDelaySeconds: 32102 description: 'Number of seconds after 32103 the container has started before 32104 liveness probes are initiated. More 32105 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 32106 format: int32 32107 type: integer 32108 periodSeconds: 32109 description: How often (in seconds) 32110 to perform the probe. Default to 32111 10 seconds. Minimum value is 1. 32112 format: int32 32113 type: integer 32114 successThreshold: 32115 description: Minimum consecutive successes 32116 for the probe to be considered successful 32117 after having failed. Defaults to 32118 1. Must be 1 for liveness and startup. 32119 Minimum value is 1. 32120 format: int32 32121 type: integer 32122 tcpSocket: 32123 description: TCPSocket specifies an 32124 action involving a TCP port. 32125 properties: 32126 host: 32127 description: 'Optional: Host name 32128 to connect to, defaults to the 32129 pod IP.' 32130 type: string 32131 port: 32132 anyOf: 32133 - type: integer 32134 - type: string 32135 description: Number or name of 32136 the port to access on the container. 32137 Number must be in the range 32138 1 to 65535. Name must be an 32139 IANA_SVC_NAME. 32140 x-kubernetes-int-or-string: true 32141 required: 32142 - port 32143 type: object 32144 terminationGracePeriodSeconds: 32145 description: Optional duration in 32146 seconds the pod needs to terminate 32147 gracefully upon probe failure. The 32148 grace period is the duration in 32149 seconds after the processes running 32150 in the pod are sent a termination 32151 signal and the time when the processes 32152 are forcibly halted with a kill 32153 signal. Set this value longer than 32154 the expected cleanup time for your 32155 process. If this value is nil, the 32156 pod's terminationGracePeriodSeconds 32157 will be used. Otherwise, this value 32158 overrides the value provided by 32159 the pod spec. Value must be non-negative 32160 integer. The value zero indicates 32161 stop immediately via the kill signal 32162 (no opportunity to shut down). This 32163 is a beta field and requires enabling 32164 ProbeTerminationGracePeriod feature 32165 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 32166 is used if unset. 32167 format: int64 32168 type: integer 32169 timeoutSeconds: 32170 description: 'Number of seconds after 32171 which the probe times out. Defaults 32172 to 1 second. Minimum value is 1. 32173 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 32174 format: int32 32175 type: integer 32176 type: object 32177 resources: 32178 description: 'Compute Resources required 32179 by this Sidecar. Cannot be updated. 32180 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 32181 properties: 32182 claims: 32183 description: "Claims lists the names 32184 of resources, defined in spec.resourceClaims, 32185 that are used by this container. 32186 \n This is an alpha field and requires 32187 enabling the DynamicResourceAllocation 32188 feature gate. \n This field is immutable. 32189 It can only be set for containers." 32190 items: 32191 description: ResourceClaim references 32192 one entry in PodSpec.ResourceClaims. 32193 properties: 32194 name: 32195 description: Name must match 32196 the name of one entry in pod.spec.resourceClaims 32197 of the Pod where this field 32198 is used. It makes that resource 32199 available inside a container. 32200 type: string 32201 required: 32202 - name 32203 type: object 32204 type: array 32205 x-kubernetes-list-map-keys: 32206 - name 32207 x-kubernetes-list-type: map 32208 limits: 32209 additionalProperties: 32210 anyOf: 32211 - type: integer 32212 - type: string 32213 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 32214 x-kubernetes-int-or-string: true 32215 description: 'Limits describes the 32216 maximum amount of compute resources 32217 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 32218 type: object 32219 requests: 32220 additionalProperties: 32221 anyOf: 32222 - type: integer 32223 - type: string 32224 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 32225 x-kubernetes-int-or-string: true 32226 description: 'Requests describes the 32227 minimum amount of compute resources 32228 required. If Requests is omitted 32229 for a container, it defaults to 32230 Limits if that is explicitly specified, 32231 otherwise to an implementation-defined 32232 value. Requests cannot exceed Limits. 32233 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 32234 type: object 32235 type: object 32236 script: 32237 description: "Script is the contents of 32238 an executable file to execute. \n If 32239 Script is not empty, the Step cannot 32240 have an Command or Args." 32241 type: string 32242 securityContext: 32243 description: 'SecurityContext defines 32244 the security options the Sidecar should 32245 be run with. If set, the fields of SecurityContext 32246 override the equivalent fields of PodSecurityContext. 32247 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 32248 properties: 32249 allowPrivilegeEscalation: 32250 description: 'AllowPrivilegeEscalation 32251 controls whether a process can gain 32252 more privileges than its parent 32253 process. This bool directly controls 32254 if the no_new_privs flag will be 32255 set on the container process. AllowPrivilegeEscalation 32256 is true always when the container 32257 is: 1) run as Privileged 2) has 32258 CAP_SYS_ADMIN Note that this field 32259 cannot be set when spec.os.name 32260 is windows.' 32261 type: boolean 32262 capabilities: 32263 description: The capabilities to add/drop 32264 when running containers. Defaults 32265 to the default set of capabilities 32266 granted by the container runtime. 32267 Note that this field cannot be set 32268 when spec.os.name is windows. 32269 properties: 32270 add: 32271 description: Added capabilities 32272 items: 32273 description: Capability represent 32274 POSIX capabilities type 32275 type: string 32276 type: array 32277 drop: 32278 description: Removed capabilities 32279 items: 32280 description: Capability represent 32281 POSIX capabilities type 32282 type: string 32283 type: array 32284 type: object 32285 privileged: 32286 description: Run container in privileged 32287 mode. Processes in privileged containers 32288 are essentially equivalent to root 32289 on the host. Defaults to false. 32290 Note that this field cannot be set 32291 when spec.os.name is windows. 32292 type: boolean 32293 procMount: 32294 description: procMount denotes the 32295 type of proc mount to use for the 32296 containers. The default is DefaultProcMount 32297 which uses the container runtime 32298 defaults for readonly paths and 32299 masked paths. This requires the 32300 ProcMountType feature flag to be 32301 enabled. Note that this field cannot 32302 be set when spec.os.name is windows. 32303 type: string 32304 readOnlyRootFilesystem: 32305 description: Whether this container 32306 has a read-only root filesystem. 32307 Default is false. Note that this 32308 field cannot be set when spec.os.name 32309 is windows. 32310 type: boolean 32311 runAsGroup: 32312 description: The GID to run the entrypoint 32313 of the container process. Uses runtime 32314 default if unset. May also be set 32315 in PodSecurityContext. If set in 32316 both SecurityContext and PodSecurityContext, 32317 the value specified in SecurityContext 32318 takes precedence. Note that this 32319 field cannot be set when spec.os.name 32320 is windows. 32321 format: int64 32322 type: integer 32323 runAsNonRoot: 32324 description: Indicates that the container 32325 must run as a non-root user. If 32326 true, the Kubelet will validate 32327 the image at runtime to ensure that 32328 it does not run as UID 0 (root) 32329 and fail to start the container 32330 if it does. If unset or false, no 32331 such validation will be performed. 32332 May also be set in PodSecurityContext. If 32333 set in both SecurityContext and 32334 PodSecurityContext, the value specified 32335 in SecurityContext takes precedence. 32336 type: boolean 32337 runAsUser: 32338 description: The UID to run the entrypoint 32339 of the container process. Defaults 32340 to user specified in image metadata 32341 if unspecified. May also be set 32342 in PodSecurityContext. If set in 32343 both SecurityContext and PodSecurityContext, 32344 the value specified in SecurityContext 32345 takes precedence. Note that this 32346 field cannot be set when spec.os.name 32347 is windows. 32348 format: int64 32349 type: integer 32350 seLinuxOptions: 32351 description: The SELinux context to 32352 be applied to the container. If 32353 unspecified, the container runtime 32354 will allocate a random SELinux context 32355 for each container. May also be 32356 set in PodSecurityContext. If set 32357 in both SecurityContext and PodSecurityContext, 32358 the value specified in SecurityContext 32359 takes precedence. Note that this 32360 field cannot be set when spec.os.name 32361 is windows. 32362 properties: 32363 level: 32364 description: Level is SELinux 32365 level label that applies to 32366 the container. 32367 type: string 32368 role: 32369 description: Role is a SELinux 32370 role label that applies to the 32371 container. 32372 type: string 32373 type: 32374 description: Type is a SELinux 32375 type label that applies to the 32376 container. 32377 type: string 32378 user: 32379 description: User is a SELinux 32380 user label that applies to the 32381 container. 32382 type: string 32383 type: object 32384 seccompProfile: 32385 description: The seccomp options to 32386 use by this container. If seccomp 32387 options are provided at both the 32388 pod & container level, the container 32389 options override the pod options. 32390 Note that this field cannot be set 32391 when spec.os.name is windows. 32392 properties: 32393 localhostProfile: 32394 description: localhostProfile 32395 indicates a profile defined 32396 in a file on the node should 32397 be used. The profile must be 32398 preconfigured on the node to 32399 work. Must be a descending path, 32400 relative to the kubelet's configured 32401 seccomp profile location. Must 32402 be set if type is "Localhost". 32403 Must NOT be set for any other 32404 type. 32405 type: string 32406 type: 32407 description: "type indicates which 32408 kind of seccomp profile will 32409 be applied. Valid options are: 32410 \n Localhost - a profile defined 32411 in a file on the node should 32412 be used. RuntimeDefault - the 32413 container runtime default profile 32414 should be used. Unconfined - 32415 no profile should be applied." 32416 type: string 32417 required: 32418 - type 32419 type: object 32420 windowsOptions: 32421 description: The Windows specific 32422 settings applied to all containers. 32423 If unspecified, the options from 32424 the PodSecurityContext will be used. 32425 If set in both SecurityContext and 32426 PodSecurityContext, the value specified 32427 in SecurityContext takes precedence. 32428 Note that this field cannot be set 32429 when spec.os.name is linux. 32430 properties: 32431 gmsaCredentialSpec: 32432 description: GMSACredentialSpec 32433 is where the GMSA admission 32434 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 32435 inlines the contents of the 32436 GMSA credential spec named by 32437 the GMSACredentialSpecName field. 32438 type: string 32439 gmsaCredentialSpecName: 32440 description: GMSACredentialSpecName 32441 is the name of the GMSA credential 32442 spec to use. 32443 type: string 32444 hostProcess: 32445 description: HostProcess determines 32446 if a container should be run 32447 as a 'Host Process' container. 32448 All of a Pod's containers must 32449 have the same effective HostProcess 32450 value (it is not allowed to 32451 have a mix of HostProcess containers 32452 and non-HostProcess containers). 32453 In addition, if HostProcess 32454 is true then HostNetwork must 32455 also be set to true. 32456 type: boolean 32457 runAsUserName: 32458 description: The UserName in Windows 32459 to run the entrypoint of the 32460 container process. Defaults 32461 to the user specified in image 32462 metadata if unspecified. May 32463 also be set in PodSecurityContext. 32464 If set in both SecurityContext 32465 and PodSecurityContext, the 32466 value specified in SecurityContext 32467 takes precedence. 32468 type: string 32469 type: object 32470 type: object 32471 startupProbe: 32472 description: 'StartupProbe indicates that 32473 the Pod the Sidecar is running in has 32474 successfully initialized. If specified, 32475 no other probes are executed until this 32476 completes successfully. If this probe 32477 fails, the Pod will be restarted, just 32478 as if the livenessProbe failed. This 32479 can be used to provide different probe 32480 parameters at the beginning of a Pod''s 32481 lifecycle, when it might take a long 32482 time to load data or warm a cache, than 32483 during steady-state operation. This 32484 cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 32485 properties: 32486 exec: 32487 description: Exec specifies the action 32488 to take. 32489 properties: 32490 command: 32491 description: Command is the command 32492 line to execute inside the container, 32493 the working directory for the 32494 command is root ('/') in the 32495 container's filesystem. The 32496 command is simply exec'd, it 32497 is not run inside a shell, so 32498 traditional shell instructions 32499 ('|', etc) won't work. To use 32500 a shell, you need to explicitly 32501 call out to that shell. Exit 32502 status of 0 is treated as live/healthy 32503 and non-zero is unhealthy. 32504 items: 32505 type: string 32506 type: array 32507 type: object 32508 failureThreshold: 32509 description: Minimum consecutive failures 32510 for the probe to be considered failed 32511 after having succeeded. Defaults 32512 to 3. Minimum value is 1. 32513 format: int32 32514 type: integer 32515 grpc: 32516 description: GRPC specifies an action 32517 involving a GRPC port. 32518 properties: 32519 port: 32520 description: Port number of the 32521 gRPC service. Number must be 32522 in the range 1 to 65535. 32523 format: int32 32524 type: integer 32525 service: 32526 description: "Service is the name 32527 of the service to place in the 32528 gRPC HealthCheckRequest (see 32529 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 32530 \n If this is not specified, 32531 the default behavior is defined 32532 by gRPC." 32533 type: string 32534 required: 32535 - port 32536 type: object 32537 httpGet: 32538 description: HTTPGet specifies the 32539 http request to perform. 32540 properties: 32541 host: 32542 description: Host name to connect 32543 to, defaults to the pod IP. 32544 You probably want to set "Host" 32545 in httpHeaders instead. 32546 type: string 32547 httpHeaders: 32548 description: Custom headers to 32549 set in the request. HTTP allows 32550 repeated headers. 32551 items: 32552 description: HTTPHeader describes 32553 a custom header to be used 32554 in HTTP probes 32555 properties: 32556 name: 32557 description: The header 32558 field name. This will 32559 be canonicalized upon 32560 output, so case-variant 32561 names will be understood 32562 as the same header. 32563 type: string 32564 value: 32565 description: The header 32566 field value 32567 type: string 32568 required: 32569 - name 32570 - value 32571 type: object 32572 type: array 32573 path: 32574 description: Path to access on 32575 the HTTP server. 32576 type: string 32577 port: 32578 anyOf: 32579 - type: integer 32580 - type: string 32581 description: Name or number of 32582 the port to access on the container. 32583 Number must be in the range 32584 1 to 65535. Name must be an 32585 IANA_SVC_NAME. 32586 x-kubernetes-int-or-string: true 32587 scheme: 32588 description: Scheme to use for 32589 connecting to the host. Defaults 32590 to HTTP. 32591 type: string 32592 required: 32593 - port 32594 type: object 32595 initialDelaySeconds: 32596 description: 'Number of seconds after 32597 the container has started before 32598 liveness probes are initiated. More 32599 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 32600 format: int32 32601 type: integer 32602 periodSeconds: 32603 description: How often (in seconds) 32604 to perform the probe. Default to 32605 10 seconds. Minimum value is 1. 32606 format: int32 32607 type: integer 32608 successThreshold: 32609 description: Minimum consecutive successes 32610 for the probe to be considered successful 32611 after having failed. Defaults to 32612 1. Must be 1 for liveness and startup. 32613 Minimum value is 1. 32614 format: int32 32615 type: integer 32616 tcpSocket: 32617 description: TCPSocket specifies an 32618 action involving a TCP port. 32619 properties: 32620 host: 32621 description: 'Optional: Host name 32622 to connect to, defaults to the 32623 pod IP.' 32624 type: string 32625 port: 32626 anyOf: 32627 - type: integer 32628 - type: string 32629 description: Number or name of 32630 the port to access on the container. 32631 Number must be in the range 32632 1 to 65535. Name must be an 32633 IANA_SVC_NAME. 32634 x-kubernetes-int-or-string: true 32635 required: 32636 - port 32637 type: object 32638 terminationGracePeriodSeconds: 32639 description: Optional duration in 32640 seconds the pod needs to terminate 32641 gracefully upon probe failure. The 32642 grace period is the duration in 32643 seconds after the processes running 32644 in the pod are sent a termination 32645 signal and the time when the processes 32646 are forcibly halted with a kill 32647 signal. Set this value longer than 32648 the expected cleanup time for your 32649 process. If this value is nil, the 32650 pod's terminationGracePeriodSeconds 32651 will be used. Otherwise, this value 32652 overrides the value provided by 32653 the pod spec. Value must be non-negative 32654 integer. The value zero indicates 32655 stop immediately via the kill signal 32656 (no opportunity to shut down). This 32657 is a beta field and requires enabling 32658 ProbeTerminationGracePeriod feature 32659 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 32660 is used if unset. 32661 format: int64 32662 type: integer 32663 timeoutSeconds: 32664 description: 'Number of seconds after 32665 which the probe times out. Defaults 32666 to 1 second. Minimum value is 1. 32667 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 32668 format: int32 32669 type: integer 32670 type: object 32671 stdin: 32672 description: Whether this Sidecar should 32673 allocate a buffer for stdin in the container 32674 runtime. If this is not set, reads from 32675 stdin in the Sidecar will always result 32676 in EOF. Default is false. 32677 type: boolean 32678 stdinOnce: 32679 description: Whether the container runtime 32680 should close the stdin channel after 32681 it has been opened by a single attach. 32682 When stdin is true the stdin stream 32683 will remain open across multiple attach 32684 sessions. If stdinOnce is set to true, 32685 stdin is opened on Sidecar start, is 32686 empty until the first client attaches 32687 to stdin, and then remains open and 32688 accepts data until the client disconnects, 32689 at which time stdin is closed and remains 32690 closed until the Sidecar is restarted. 32691 If this flag is false, a container processes 32692 that reads from stdin will never receive 32693 an EOF. Default is false 32694 type: boolean 32695 terminationMessagePath: 32696 description: 'Optional: Path at which 32697 the file to which the Sidecar''s termination 32698 message will be written is mounted into 32699 the Sidecar''s filesystem. Message written 32700 is intended to be brief final status, 32701 such as an assertion failure message. 32702 Will be truncated by the node if greater 32703 than 4096 bytes. The total message length 32704 across all containers will be limited 32705 to 12kb. Defaults to /dev/termination-log. 32706 Cannot be updated.' 32707 type: string 32708 terminationMessagePolicy: 32709 description: Indicate how the termination 32710 message should be populated. File will 32711 use the contents of terminationMessagePath 32712 to populate the Sidecar status message 32713 on both success and failure. FallbackToLogsOnError 32714 will use the last chunk of Sidecar log 32715 output if the termination message file 32716 is empty and the Sidecar exited with 32717 an error. The log output is limited 32718 to 2048 bytes or 80 lines, whichever 32719 is smaller. Defaults to File. Cannot 32720 be updated. 32721 type: string 32722 tty: 32723 description: Whether this Sidecar should 32724 allocate a TTY for itself, also requires 32725 'stdin' to be true. Default is false. 32726 type: boolean 32727 volumeDevices: 32728 description: volumeDevices is the list 32729 of block devices to be used by the Sidecar. 32730 items: 32731 description: volumeDevice describes 32732 a mapping of a raw block device within 32733 a container. 32734 properties: 32735 devicePath: 32736 description: devicePath is the path 32737 inside of the container that the 32738 device will be mapped to. 32739 type: string 32740 name: 32741 description: name must match the 32742 name of a persistentVolumeClaim 32743 in the pod 32744 type: string 32745 required: 32746 - devicePath 32747 - name 32748 type: object 32749 type: array 32750 x-kubernetes-list-type: atomic 32751 volumeMounts: 32752 description: Volumes to mount into the 32753 Sidecar's filesystem. Cannot be updated. 32754 items: 32755 description: VolumeMount describes a 32756 mounting of a Volume within a container. 32757 properties: 32758 mountPath: 32759 description: Path within the container 32760 at which the volume should be 32761 mounted. Must not contain ':'. 32762 type: string 32763 mountPropagation: 32764 description: mountPropagation determines 32765 how mounts are propagated from 32766 the host to container and the 32767 other way around. When not set, 32768 MountPropagationNone is used. 32769 This field is beta in 1.10. 32770 type: string 32771 name: 32772 description: This must match the 32773 Name of a Volume. 32774 type: string 32775 readOnly: 32776 description: Mounted read-only if 32777 true, read-write otherwise (false 32778 or unspecified). Defaults to false. 32779 type: boolean 32780 subPath: 32781 description: Path within the volume 32782 from which the container's volume 32783 should be mounted. Defaults to 32784 "" (volume's root). 32785 type: string 32786 subPathExpr: 32787 description: Expanded path within 32788 the volume from which the container's 32789 volume should be mounted. Behaves 32790 similarly to SubPath but environment 32791 variable references $(VAR_NAME) 32792 are expanded using the container's 32793 environment. Defaults to "" (volume's 32794 root). SubPathExpr and SubPath 32795 are mutually exclusive. 32796 type: string 32797 required: 32798 - mountPath 32799 - name 32800 type: object 32801 type: array 32802 x-kubernetes-list-type: atomic 32803 workingDir: 32804 description: Sidecar's working directory. 32805 If not specified, the container runtime's 32806 default will be used, which might be 32807 configured in the container image. Cannot 32808 be updated. 32809 type: string 32810 workspaces: 32811 description: "This is an alpha field. 32812 You must set the \"enable-api-fields\" 32813 feature flag to \"alpha\" for this field 32814 to be supported. \n Workspaces is a 32815 list of workspaces from the Task that 32816 this Sidecar wants exclusive access 32817 to. Adding a workspace to this list 32818 means that any other Step or Sidecar 32819 that does not also request this Workspace 32820 will not have access to it." 32821 items: 32822 description: WorkspaceUsage is used 32823 by a Step or Sidecar to declare that 32824 it wants isolated access to a Workspace 32825 defined in a Task. 32826 properties: 32827 mountPath: 32828 description: MountPath is the path 32829 that the workspace should be mounted 32830 to inside the Step or Sidecar, 32831 overriding any MountPath specified 32832 in the Task's WorkspaceDeclaration. 32833 type: string 32834 name: 32835 description: Name is the name of 32836 the workspace this Step or Sidecar 32837 wants access to. 32838 type: string 32839 required: 32840 - mountPath 32841 - name 32842 type: object 32843 type: array 32844 x-kubernetes-list-type: atomic 32845 required: 32846 - name 32847 type: object 32848 type: array 32849 x-kubernetes-list-type: atomic 32850 spec: 32851 description: Spec is a specification of a custom 32852 task 32853 type: object 32854 stepTemplate: 32855 description: StepTemplate can be used as the 32856 basis for all step containers within the Task, 32857 so that the steps inherit settings on the 32858 base container. 32859 properties: 32860 args: 32861 description: 'Arguments to the entrypoint. 32862 The image''s CMD is used if this is not 32863 provided. Variable references $(VAR_NAME) 32864 are expanded using the Step''s environment. 32865 If a variable cannot be resolved, the 32866 reference in the input string will be 32867 unchanged. Double $$ are reduced to a 32868 single $, which allows for escaping the 32869 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 32870 will produce the string literal "$(VAR_NAME)". 32871 Escaped references will never be expanded, 32872 regardless of whether the variable exists 32873 or not. Cannot be updated. More info: 32874 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 32875 items: 32876 type: string 32877 type: array 32878 x-kubernetes-list-type: atomic 32879 command: 32880 description: 'Entrypoint array. Not executed 32881 within a shell. The docker image''s ENTRYPOINT 32882 is used if this is not provided. Variable 32883 references $(VAR_NAME) are expanded using 32884 the Step''s environment. If a variable 32885 cannot be resolved, the reference in the 32886 input string will be unchanged. Double 32887 $$ are reduced to a single $, which allows 32888 for escaping the $(VAR_NAME) syntax: i.e. 32889 "$$(VAR_NAME)" will produce the string 32890 literal "$(VAR_NAME)". Escaped references 32891 will never be expanded, regardless of 32892 whether the variable exists or not. Cannot 32893 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 32894 items: 32895 type: string 32896 type: array 32897 x-kubernetes-list-type: atomic 32898 env: 32899 description: List of environment variables 32900 to set in the container. Cannot be updated. 32901 items: 32902 description: EnvVar represents an environment 32903 variable present in a Container. 32904 properties: 32905 name: 32906 description: Name of the environment 32907 variable. Must be a C_IDENTIFIER. 32908 type: string 32909 value: 32910 description: 'Variable references 32911 $(VAR_NAME) are expanded using the 32912 previously defined environment variables 32913 in the container and any service 32914 environment variables. If a variable 32915 cannot be resolved, the reference 32916 in the input string will be unchanged. 32917 Double $$ are reduced to a single 32918 $, which allows for escaping the 32919 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 32920 will produce the string literal 32921 "$(VAR_NAME)". Escaped references 32922 will never be expanded, regardless 32923 of whether the variable exists or 32924 not. Defaults to "".' 32925 type: string 32926 valueFrom: 32927 description: Source for the environment 32928 variable's value. Cannot be used 32929 if value is not empty. 32930 properties: 32931 configMapKeyRef: 32932 description: Selects a key of 32933 a ConfigMap. 32934 properties: 32935 key: 32936 description: The key to select. 32937 type: string 32938 name: 32939 description: 'Name of the 32940 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 32941 TODO: Add other useful fields. 32942 apiVersion, kind, uid?' 32943 type: string 32944 optional: 32945 description: Specify whether 32946 the ConfigMap or its key 32947 must be defined 32948 type: boolean 32949 required: 32950 - key 32951 type: object 32952 fieldRef: 32953 description: 'Selects a field 32954 of the pod: supports metadata.name, 32955 metadata.namespace, `metadata.labels[''<KEY>'']`, 32956 `metadata.annotations[''<KEY>'']`, 32957 spec.nodeName, spec.serviceAccountName, 32958 status.hostIP, status.podIP, 32959 status.podIPs.' 32960 properties: 32961 apiVersion: 32962 description: Version of the 32963 schema the FieldPath is 32964 written in terms of, defaults 32965 to "v1". 32966 type: string 32967 fieldPath: 32968 description: Path of the field 32969 to select in the specified 32970 API version. 32971 type: string 32972 required: 32973 - fieldPath 32974 type: object 32975 resourceFieldRef: 32976 description: 'Selects a resource 32977 of the container: only resources 32978 limits and requests (limits.cpu, 32979 limits.memory, limits.ephemeral-storage, 32980 requests.cpu, requests.memory 32981 and requests.ephemeral-storage) 32982 are currently supported.' 32983 properties: 32984 containerName: 32985 description: 'Container name: 32986 required for volumes, optional 32987 for env vars' 32988 type: string 32989 divisor: 32990 anyOf: 32991 - type: integer 32992 - type: string 32993 description: Specifies the 32994 output format of the exposed 32995 resources, defaults to "1" 32996 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 32997 x-kubernetes-int-or-string: true 32998 resource: 32999 description: 'Required: resource 33000 to select' 33001 type: string 33002 required: 33003 - resource 33004 type: object 33005 secretKeyRef: 33006 description: Selects a key of 33007 a secret in the pod's namespace 33008 properties: 33009 key: 33010 description: The key of the 33011 secret to select from. Must 33012 be a valid secret key. 33013 type: string 33014 name: 33015 description: 'Name of the 33016 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 33017 TODO: Add other useful fields. 33018 apiVersion, kind, uid?' 33019 type: string 33020 optional: 33021 description: Specify whether 33022 the Secret or its key must 33023 be defined 33024 type: boolean 33025 required: 33026 - key 33027 type: object 33028 type: object 33029 required: 33030 - name 33031 type: object 33032 type: array 33033 x-kubernetes-list-type: atomic 33034 envFrom: 33035 description: List of sources to populate 33036 environment variables in the Step. The 33037 keys defined within a source must be a 33038 C_IDENTIFIER. All invalid keys will be 33039 reported as an event when the container 33040 is starting. When a key exists in multiple 33041 sources, the value associated with the 33042 last source will take precedence. Values 33043 defined by an Env with a duplicate key 33044 will take precedence. Cannot be updated. 33045 items: 33046 description: EnvFromSource represents 33047 the source of a set of ConfigMaps 33048 properties: 33049 configMapRef: 33050 description: The ConfigMap to select 33051 from 33052 properties: 33053 name: 33054 description: 'Name of the referent. 33055 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 33056 TODO: Add other useful fields. 33057 apiVersion, kind, uid?' 33058 type: string 33059 optional: 33060 description: Specify whether the 33061 ConfigMap must be defined 33062 type: boolean 33063 type: object 33064 prefix: 33065 description: An optional identifier 33066 to prepend to each key in the ConfigMap. 33067 Must be a C_IDENTIFIER. 33068 type: string 33069 secretRef: 33070 description: The Secret to select 33071 from 33072 properties: 33073 name: 33074 description: 'Name of the referent. 33075 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 33076 TODO: Add other useful fields. 33077 apiVersion, kind, uid?' 33078 type: string 33079 optional: 33080 description: Specify whether the 33081 Secret must be defined 33082 type: boolean 33083 type: object 33084 type: object 33085 type: array 33086 x-kubernetes-list-type: atomic 33087 image: 33088 description: 'Default image name to use 33089 for each Step. More info: https://kubernetes.io/docs/concepts/containers/images 33090 This field is optional to allow higher 33091 level config management to default or 33092 override container images in workload 33093 controllers like Deployments and StatefulSets.' 33094 type: string 33095 imagePullPolicy: 33096 description: 'Image pull policy. One of 33097 Always, Never, IfNotPresent. Defaults 33098 to Always if :latest tag is specified, 33099 or IfNotPresent otherwise. Cannot be updated. 33100 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 33101 type: string 33102 lifecycle: 33103 description: Deprecated. This field will 33104 be removed in a future release. Actions 33105 that the management system should take 33106 in response to container lifecycle events. 33107 Cannot be updated. 33108 properties: 33109 postStart: 33110 description: 'PostStart is called immediately 33111 after a container is created. If the 33112 handler fails, the container is terminated 33113 and restarted according to its restart 33114 policy. Other management of the container 33115 blocks until the hook completes. More 33116 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 33117 properties: 33118 exec: 33119 description: Exec specifies the 33120 action to take. 33121 properties: 33122 command: 33123 description: Command is the 33124 command line to execute inside 33125 the container, the working 33126 directory for the command is 33127 root ('/') in the container's 33128 filesystem. The command is 33129 simply exec'd, it is not run 33130 inside a shell, so traditional 33131 shell instructions ('|', etc) 33132 won't work. To use a shell, 33133 you need to explicitly call 33134 out to that shell. Exit status 33135 of 0 is treated as live/healthy 33136 and non-zero is unhealthy. 33137 items: 33138 type: string 33139 type: array 33140 type: object 33141 httpGet: 33142 description: HTTPGet specifies the 33143 http request to perform. 33144 properties: 33145 host: 33146 description: Host name to connect 33147 to, defaults to the pod IP. 33148 You probably want to set "Host" 33149 in httpHeaders instead. 33150 type: string 33151 httpHeaders: 33152 description: Custom headers 33153 to set in the request. HTTP 33154 allows repeated headers. 33155 items: 33156 description: HTTPHeader describes 33157 a custom header to be used 33158 in HTTP probes 33159 properties: 33160 name: 33161 description: The header 33162 field name. This will 33163 be canonicalized upon 33164 output, so case-variant 33165 names will be understood 33166 as the same header. 33167 type: string 33168 value: 33169 description: The header 33170 field value 33171 type: string 33172 required: 33173 - name 33174 - value 33175 type: object 33176 type: array 33177 path: 33178 description: Path to access 33179 on the HTTP server. 33180 type: string 33181 port: 33182 anyOf: 33183 - type: integer 33184 - type: string 33185 description: Name or number 33186 of the port to access on the 33187 container. Number must be 33188 in the range 1 to 65535. Name 33189 must be an IANA_SVC_NAME. 33190 x-kubernetes-int-or-string: true 33191 scheme: 33192 description: Scheme to use for 33193 connecting to the host. Defaults 33194 to HTTP. 33195 type: string 33196 required: 33197 - port 33198 type: object 33199 tcpSocket: 33200 description: Deprecated. TCPSocket 33201 is NOT supported as a LifecycleHandler 33202 and kept for the backward compatibility. 33203 There are no validation of this 33204 field and lifecycle hooks will 33205 fail in runtime when tcp handler 33206 is specified. 33207 properties: 33208 host: 33209 description: 'Optional: Host 33210 name to connect to, defaults 33211 to the pod IP.' 33212 type: string 33213 port: 33214 anyOf: 33215 - type: integer 33216 - type: string 33217 description: Number or name 33218 of the port to access on the 33219 container. Number must be 33220 in the range 1 to 65535. Name 33221 must be an IANA_SVC_NAME. 33222 x-kubernetes-int-or-string: true 33223 required: 33224 - port 33225 type: object 33226 type: object 33227 preStop: 33228 description: 'PreStop is called immediately 33229 before a container is terminated due 33230 to an API request or management event 33231 such as liveness/startup probe failure, 33232 preemption, resource contention, etc. 33233 The handler is not called if the container 33234 crashes or exits. The Pod''s termination 33235 grace period countdown begins before 33236 the PreStop hook is executed. Regardless 33237 of the outcome of the handler, the 33238 container will eventually terminate 33239 within the Pod''s termination grace 33240 period (unless delayed by finalizers). 33241 Other management of the container 33242 blocks until the hook completes or 33243 until the termination grace period 33244 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 33245 properties: 33246 exec: 33247 description: Exec specifies the 33248 action to take. 33249 properties: 33250 command: 33251 description: Command is the 33252 command line to execute inside 33253 the container, the working 33254 directory for the command is 33255 root ('/') in the container's 33256 filesystem. The command is 33257 simply exec'd, it is not run 33258 inside a shell, so traditional 33259 shell instructions ('|', etc) 33260 won't work. To use a shell, 33261 you need to explicitly call 33262 out to that shell. Exit status 33263 of 0 is treated as live/healthy 33264 and non-zero is unhealthy. 33265 items: 33266 type: string 33267 type: array 33268 type: object 33269 httpGet: 33270 description: HTTPGet specifies the 33271 http request to perform. 33272 properties: 33273 host: 33274 description: Host name to connect 33275 to, defaults to the pod IP. 33276 You probably want to set "Host" 33277 in httpHeaders instead. 33278 type: string 33279 httpHeaders: 33280 description: Custom headers 33281 to set in the request. HTTP 33282 allows repeated headers. 33283 items: 33284 description: HTTPHeader describes 33285 a custom header to be used 33286 in HTTP probes 33287 properties: 33288 name: 33289 description: The header 33290 field name. This will 33291 be canonicalized upon 33292 output, so case-variant 33293 names will be understood 33294 as the same header. 33295 type: string 33296 value: 33297 description: The header 33298 field value 33299 type: string 33300 required: 33301 - name 33302 - value 33303 type: object 33304 type: array 33305 path: 33306 description: Path to access 33307 on the HTTP server. 33308 type: string 33309 port: 33310 anyOf: 33311 - type: integer 33312 - type: string 33313 description: Name or number 33314 of the port to access on the 33315 container. Number must be 33316 in the range 1 to 65535. Name 33317 must be an IANA_SVC_NAME. 33318 x-kubernetes-int-or-string: true 33319 scheme: 33320 description: Scheme to use for 33321 connecting to the host. Defaults 33322 to HTTP. 33323 type: string 33324 required: 33325 - port 33326 type: object 33327 tcpSocket: 33328 description: Deprecated. TCPSocket 33329 is NOT supported as a LifecycleHandler 33330 and kept for the backward compatibility. 33331 There are no validation of this 33332 field and lifecycle hooks will 33333 fail in runtime when tcp handler 33334 is specified. 33335 properties: 33336 host: 33337 description: 'Optional: Host 33338 name to connect to, defaults 33339 to the pod IP.' 33340 type: string 33341 port: 33342 anyOf: 33343 - type: integer 33344 - type: string 33345 description: Number or name 33346 of the port to access on the 33347 container. Number must be 33348 in the range 1 to 65535. Name 33349 must be an IANA_SVC_NAME. 33350 x-kubernetes-int-or-string: true 33351 required: 33352 - port 33353 type: object 33354 type: object 33355 type: object 33356 livenessProbe: 33357 description: 'Deprecated. This field will 33358 be removed in a future release. Periodic 33359 probe of container liveness. Container 33360 will be restarted if the probe fails. 33361 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33362 properties: 33363 exec: 33364 description: Exec specifies the action 33365 to take. 33366 properties: 33367 command: 33368 description: Command is the command 33369 line to execute inside the container, 33370 the working directory for the 33371 command is root ('/') in the 33372 container's filesystem. The command 33373 is simply exec'd, it is not run 33374 inside a shell, so traditional 33375 shell instructions ('|', etc) 33376 won't work. To use a shell, you 33377 need to explicitly call out to 33378 that shell. Exit status of 0 is 33379 treated as live/healthy and non-zero 33380 is unhealthy. 33381 items: 33382 type: string 33383 type: array 33384 type: object 33385 failureThreshold: 33386 description: Minimum consecutive failures 33387 for the probe to be considered failed 33388 after having succeeded. Defaults to 33389 3. Minimum value is 1. 33390 format: int32 33391 type: integer 33392 grpc: 33393 description: GRPC specifies an action 33394 involving a GRPC port. 33395 properties: 33396 port: 33397 description: Port number of the 33398 gRPC service. Number must be in 33399 the range 1 to 65535. 33400 format: int32 33401 type: integer 33402 service: 33403 description: "Service is the name 33404 of the service to place in the 33405 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 33406 \n If this is not specified, the 33407 default behavior is defined by 33408 gRPC." 33409 type: string 33410 required: 33411 - port 33412 type: object 33413 httpGet: 33414 description: HTTPGet specifies the http 33415 request to perform. 33416 properties: 33417 host: 33418 description: Host name to connect 33419 to, defaults to the pod IP. You 33420 probably want to set "Host" in 33421 httpHeaders instead. 33422 type: string 33423 httpHeaders: 33424 description: Custom headers to set 33425 in the request. HTTP allows repeated 33426 headers. 33427 items: 33428 description: HTTPHeader describes 33429 a custom header to be used in 33430 HTTP probes 33431 properties: 33432 name: 33433 description: The header field 33434 name. This will be canonicalized 33435 upon output, so case-variant 33436 names will be understood 33437 as the same header. 33438 type: string 33439 value: 33440 description: The header field 33441 value 33442 type: string 33443 required: 33444 - name 33445 - value 33446 type: object 33447 type: array 33448 path: 33449 description: Path to access on the 33450 HTTP server. 33451 type: string 33452 port: 33453 anyOf: 33454 - type: integer 33455 - type: string 33456 description: Name or number of the 33457 port to access on the container. 33458 Number must be in the range 1 33459 to 65535. Name must be an IANA_SVC_NAME. 33460 x-kubernetes-int-or-string: true 33461 scheme: 33462 description: Scheme to use for connecting 33463 to the host. Defaults to HTTP. 33464 type: string 33465 required: 33466 - port 33467 type: object 33468 initialDelaySeconds: 33469 description: 'Number of seconds after 33470 the container has started before liveness 33471 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33472 format: int32 33473 type: integer 33474 periodSeconds: 33475 description: How often (in seconds) 33476 to perform the probe. Default to 10 33477 seconds. Minimum value is 1. 33478 format: int32 33479 type: integer 33480 successThreshold: 33481 description: Minimum consecutive successes 33482 for the probe to be considered successful 33483 after having failed. Defaults to 1. 33484 Must be 1 for liveness and startup. 33485 Minimum value is 1. 33486 format: int32 33487 type: integer 33488 tcpSocket: 33489 description: TCPSocket specifies an 33490 action involving a TCP port. 33491 properties: 33492 host: 33493 description: 'Optional: Host name 33494 to connect to, defaults to the 33495 pod IP.' 33496 type: string 33497 port: 33498 anyOf: 33499 - type: integer 33500 - type: string 33501 description: Number or name of the 33502 port to access on the container. 33503 Number must be in the range 1 33504 to 65535. Name must be an IANA_SVC_NAME. 33505 x-kubernetes-int-or-string: true 33506 required: 33507 - port 33508 type: object 33509 terminationGracePeriodSeconds: 33510 description: Optional duration in seconds 33511 the pod needs to terminate gracefully 33512 upon probe failure. The grace period 33513 is the duration in seconds after the 33514 processes running in the pod are sent 33515 a termination signal and the time 33516 when the processes are forcibly halted 33517 with a kill signal. Set this value 33518 longer than the expected cleanup time 33519 for your process. If this value is 33520 nil, the pod's terminationGracePeriodSeconds 33521 will be used. Otherwise, this value 33522 overrides the value provided by the 33523 pod spec. Value must be non-negative 33524 integer. The value zero indicates 33525 stop immediately via the kill signal 33526 (no opportunity to shut down). This 33527 is a beta field and requires enabling 33528 ProbeTerminationGracePeriod feature 33529 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 33530 is used if unset. 33531 format: int64 33532 type: integer 33533 timeoutSeconds: 33534 description: 'Number of seconds after 33535 which the probe times out. Defaults 33536 to 1 second. Minimum value is 1. More 33537 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33538 format: int32 33539 type: integer 33540 type: object 33541 name: 33542 description: Deprecated. This field will 33543 be removed in a future release. Default 33544 name for each Step specified as a DNS_LABEL. 33545 Each Step in a Task must have a unique 33546 name. Cannot be updated. 33547 type: string 33548 ports: 33549 description: Deprecated. This field will 33550 be removed in a future release. List of 33551 ports to expose from the Step's container. 33552 Exposing a port here gives the system 33553 additional information about the network 33554 connections a container uses, but is primarily 33555 informational. Not specifying a port here 33556 DOES NOT prevent that port from being 33557 exposed. Any port which is listening on 33558 the default "0.0.0.0" address inside a 33559 container will be accessible from the 33560 network. Cannot be updated. 33561 items: 33562 description: ContainerPort represents 33563 a network port in a single container. 33564 properties: 33565 containerPort: 33566 description: Number of port to expose 33567 on the pod's IP address. This must 33568 be a valid port number, 0 < x < 33569 65536. 33570 format: int32 33571 type: integer 33572 hostIP: 33573 description: What host IP to bind 33574 the external port to. 33575 type: string 33576 hostPort: 33577 description: Number of port to expose 33578 on the host. If specified, this 33579 must be a valid port number, 0 < 33580 x < 65536. If HostNetwork is specified, 33581 this must match ContainerPort. Most 33582 containers do not need this. 33583 format: int32 33584 type: integer 33585 name: 33586 description: If specified, this must 33587 be an IANA_SVC_NAME and unique within 33588 the pod. Each named port in a pod 33589 must have a unique name. Name for 33590 the port that can be referred to 33591 by services. 33592 type: string 33593 protocol: 33594 default: TCP 33595 description: Protocol for port. Must 33596 be UDP, TCP, or SCTP. Defaults to 33597 "TCP". 33598 type: string 33599 required: 33600 - containerPort 33601 type: object 33602 type: array 33603 x-kubernetes-list-map-keys: 33604 - containerPort 33605 - protocol 33606 x-kubernetes-list-type: map 33607 readinessProbe: 33608 description: 'Deprecated. This field will 33609 be removed in a future release. Periodic 33610 probe of container service readiness. 33611 Container will be removed from service 33612 endpoints if the probe fails. Cannot be 33613 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33614 properties: 33615 exec: 33616 description: Exec specifies the action 33617 to take. 33618 properties: 33619 command: 33620 description: Command is the command 33621 line to execute inside the container, 33622 the working directory for the 33623 command is root ('/') in the 33624 container's filesystem. The command 33625 is simply exec'd, it is not run 33626 inside a shell, so traditional 33627 shell instructions ('|', etc) 33628 won't work. To use a shell, you 33629 need to explicitly call out to 33630 that shell. Exit status of 0 is 33631 treated as live/healthy and non-zero 33632 is unhealthy. 33633 items: 33634 type: string 33635 type: array 33636 type: object 33637 failureThreshold: 33638 description: Minimum consecutive failures 33639 for the probe to be considered failed 33640 after having succeeded. Defaults to 33641 3. Minimum value is 1. 33642 format: int32 33643 type: integer 33644 grpc: 33645 description: GRPC specifies an action 33646 involving a GRPC port. 33647 properties: 33648 port: 33649 description: Port number of the 33650 gRPC service. Number must be in 33651 the range 1 to 65535. 33652 format: int32 33653 type: integer 33654 service: 33655 description: "Service is the name 33656 of the service to place in the 33657 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 33658 \n If this is not specified, the 33659 default behavior is defined by 33660 gRPC." 33661 type: string 33662 required: 33663 - port 33664 type: object 33665 httpGet: 33666 description: HTTPGet specifies the http 33667 request to perform. 33668 properties: 33669 host: 33670 description: Host name to connect 33671 to, defaults to the pod IP. You 33672 probably want to set "Host" in 33673 httpHeaders instead. 33674 type: string 33675 httpHeaders: 33676 description: Custom headers to set 33677 in the request. HTTP allows repeated 33678 headers. 33679 items: 33680 description: HTTPHeader describes 33681 a custom header to be used in 33682 HTTP probes 33683 properties: 33684 name: 33685 description: The header field 33686 name. This will be canonicalized 33687 upon output, so case-variant 33688 names will be understood 33689 as the same header. 33690 type: string 33691 value: 33692 description: The header field 33693 value 33694 type: string 33695 required: 33696 - name 33697 - value 33698 type: object 33699 type: array 33700 path: 33701 description: Path to access on the 33702 HTTP server. 33703 type: string 33704 port: 33705 anyOf: 33706 - type: integer 33707 - type: string 33708 description: Name or number of the 33709 port to access on the container. 33710 Number must be in the range 1 33711 to 65535. Name must be an IANA_SVC_NAME. 33712 x-kubernetes-int-or-string: true 33713 scheme: 33714 description: Scheme to use for connecting 33715 to the host. Defaults to HTTP. 33716 type: string 33717 required: 33718 - port 33719 type: object 33720 initialDelaySeconds: 33721 description: 'Number of seconds after 33722 the container has started before liveness 33723 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33724 format: int32 33725 type: integer 33726 periodSeconds: 33727 description: How often (in seconds) 33728 to perform the probe. Default to 10 33729 seconds. Minimum value is 1. 33730 format: int32 33731 type: integer 33732 successThreshold: 33733 description: Minimum consecutive successes 33734 for the probe to be considered successful 33735 after having failed. Defaults to 1. 33736 Must be 1 for liveness and startup. 33737 Minimum value is 1. 33738 format: int32 33739 type: integer 33740 tcpSocket: 33741 description: TCPSocket specifies an 33742 action involving a TCP port. 33743 properties: 33744 host: 33745 description: 'Optional: Host name 33746 to connect to, defaults to the 33747 pod IP.' 33748 type: string 33749 port: 33750 anyOf: 33751 - type: integer 33752 - type: string 33753 description: Number or name of the 33754 port to access on the container. 33755 Number must be in the range 1 33756 to 65535. Name must be an IANA_SVC_NAME. 33757 x-kubernetes-int-or-string: true 33758 required: 33759 - port 33760 type: object 33761 terminationGracePeriodSeconds: 33762 description: Optional duration in seconds 33763 the pod needs to terminate gracefully 33764 upon probe failure. The grace period 33765 is the duration in seconds after the 33766 processes running in the pod are sent 33767 a termination signal and the time 33768 when the processes are forcibly halted 33769 with a kill signal. Set this value 33770 longer than the expected cleanup time 33771 for your process. If this value is 33772 nil, the pod's terminationGracePeriodSeconds 33773 will be used. Otherwise, this value 33774 overrides the value provided by the 33775 pod spec. Value must be non-negative 33776 integer. The value zero indicates 33777 stop immediately via the kill signal 33778 (no opportunity to shut down). This 33779 is a beta field and requires enabling 33780 ProbeTerminationGracePeriod feature 33781 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 33782 is used if unset. 33783 format: int64 33784 type: integer 33785 timeoutSeconds: 33786 description: 'Number of seconds after 33787 which the probe times out. Defaults 33788 to 1 second. Minimum value is 1. More 33789 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 33790 format: int32 33791 type: integer 33792 type: object 33793 resources: 33794 description: 'Compute Resources required 33795 by this Step. Cannot be updated. More 33796 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 33797 properties: 33798 claims: 33799 description: "Claims lists the names 33800 of resources, defined in spec.resourceClaims, 33801 that are used by this container. \n 33802 This is an alpha field and requires 33803 enabling the DynamicResourceAllocation 33804 feature gate. \n This field is immutable. 33805 It can only be set for containers." 33806 items: 33807 description: ResourceClaim references 33808 one entry in PodSpec.ResourceClaims. 33809 properties: 33810 name: 33811 description: Name must match the 33812 name of one entry in pod.spec.resourceClaims 33813 of the Pod where this field 33814 is used. It makes that resource 33815 available inside a container. 33816 type: string 33817 required: 33818 - name 33819 type: object 33820 type: array 33821 x-kubernetes-list-map-keys: 33822 - name 33823 x-kubernetes-list-type: map 33824 limits: 33825 additionalProperties: 33826 anyOf: 33827 - type: integer 33828 - type: string 33829 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 33830 x-kubernetes-int-or-string: true 33831 description: 'Limits describes the maximum 33832 amount of compute resources allowed. 33833 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 33834 type: object 33835 requests: 33836 additionalProperties: 33837 anyOf: 33838 - type: integer 33839 - type: string 33840 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 33841 x-kubernetes-int-or-string: true 33842 description: 'Requests describes the 33843 minimum amount of compute resources 33844 required. If Requests is omitted for 33845 a container, it defaults to Limits 33846 if that is explicitly specified, otherwise 33847 to an implementation-defined value. 33848 Requests cannot exceed Limits. More 33849 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 33850 type: object 33851 type: object 33852 securityContext: 33853 description: 'SecurityContext defines the 33854 security options the Step should be run 33855 with. If set, the fields of SecurityContext 33856 override the equivalent fields of PodSecurityContext. 33857 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 33858 properties: 33859 allowPrivilegeEscalation: 33860 description: 'AllowPrivilegeEscalation 33861 controls whether a process can gain 33862 more privileges than its parent process. 33863 This bool directly controls if the 33864 no_new_privs flag will be set on the 33865 container process. AllowPrivilegeEscalation 33866 is true always when the container 33867 is: 1) run as Privileged 2) has CAP_SYS_ADMIN 33868 Note that this field cannot be set 33869 when spec.os.name is windows.' 33870 type: boolean 33871 capabilities: 33872 description: The capabilities to add/drop 33873 when running containers. Defaults 33874 to the default set of capabilities 33875 granted by the container runtime. 33876 Note that this field cannot be set 33877 when spec.os.name is windows. 33878 properties: 33879 add: 33880 description: Added capabilities 33881 items: 33882 description: Capability represent 33883 POSIX capabilities type 33884 type: string 33885 type: array 33886 drop: 33887 description: Removed capabilities 33888 items: 33889 description: Capability represent 33890 POSIX capabilities type 33891 type: string 33892 type: array 33893 type: object 33894 privileged: 33895 description: Run container in privileged 33896 mode. Processes in privileged containers 33897 are essentially equivalent to root 33898 on the host. Defaults to false. Note 33899 that this field cannot be set when 33900 spec.os.name is windows. 33901 type: boolean 33902 procMount: 33903 description: procMount denotes the type 33904 of proc mount to use for the containers. 33905 The default is DefaultProcMount which 33906 uses the container runtime defaults 33907 for readonly paths and masked paths. 33908 This requires the ProcMountType feature 33909 flag to be enabled. Note that this 33910 field cannot be set when spec.os.name 33911 is windows. 33912 type: string 33913 readOnlyRootFilesystem: 33914 description: Whether this container 33915 has a read-only root filesystem. Default 33916 is false. Note that this field cannot 33917 be set when spec.os.name is windows. 33918 type: boolean 33919 runAsGroup: 33920 description: The GID to run the entrypoint 33921 of the container process. Uses runtime 33922 default if unset. May also be set 33923 in PodSecurityContext. If set in 33924 both SecurityContext and PodSecurityContext, 33925 the value specified in SecurityContext 33926 takes precedence. Note that this field 33927 cannot be set when spec.os.name is 33928 windows. 33929 format: int64 33930 type: integer 33931 runAsNonRoot: 33932 description: Indicates that the container 33933 must run as a non-root user. If true, 33934 the Kubelet will validate the image 33935 at runtime to ensure that it does 33936 not run as UID 0 (root) and fail to 33937 start the container if it does. If 33938 unset or false, no such validation 33939 will be performed. May also be set 33940 in PodSecurityContext. If set in 33941 both SecurityContext and PodSecurityContext, 33942 the value specified in SecurityContext 33943 takes precedence. 33944 type: boolean 33945 runAsUser: 33946 description: The UID to run the entrypoint 33947 of the container process. Defaults 33948 to user specified in image metadata 33949 if unspecified. May also be set in 33950 PodSecurityContext. If set in both 33951 SecurityContext and PodSecurityContext, 33952 the value specified in SecurityContext 33953 takes precedence. Note that this field 33954 cannot be set when spec.os.name is 33955 windows. 33956 format: int64 33957 type: integer 33958 seLinuxOptions: 33959 description: The SELinux context to 33960 be applied to the container. If unspecified, 33961 the container runtime will allocate 33962 a random SELinux context for each 33963 container. May also be set in PodSecurityContext. If 33964 set in both SecurityContext and PodSecurityContext, 33965 the value specified in SecurityContext 33966 takes precedence. Note that this field 33967 cannot be set when spec.os.name is 33968 windows. 33969 properties: 33970 level: 33971 description: Level is SELinux level 33972 label that applies to the container. 33973 type: string 33974 role: 33975 description: Role is a SELinux role 33976 label that applies to the container. 33977 type: string 33978 type: 33979 description: Type is a SELinux type 33980 label that applies to the container. 33981 type: string 33982 user: 33983 description: User is a SELinux user 33984 label that applies to the container. 33985 type: string 33986 type: object 33987 seccompProfile: 33988 description: The seccomp options to 33989 use by this container. If seccomp 33990 options are provided at both the pod 33991 & container level, the container options 33992 override the pod options. Note that 33993 this field cannot be set when spec.os.name 33994 is windows. 33995 properties: 33996 localhostProfile: 33997 description: localhostProfile indicates 33998 a profile defined in a file on 33999 the node should be used. The profile 34000 must be preconfigured on the node 34001 to work. Must be a descending 34002 path, relative to the kubelet's 34003 configured seccomp profile location. 34004 Must be set if type is "Localhost". 34005 Must NOT be set for any other 34006 type. 34007 type: string 34008 type: 34009 description: "type indicates which 34010 kind of seccomp profile will be 34011 applied. Valid options are: \n 34012 Localhost - a profile defined 34013 in a file on the node should be 34014 used. RuntimeDefault - the container 34015 runtime default profile should 34016 be used. Unconfined - no profile 34017 should be applied." 34018 type: string 34019 required: 34020 - type 34021 type: object 34022 windowsOptions: 34023 description: The Windows specific settings 34024 applied to all containers. If unspecified, 34025 the options from the PodSecurityContext 34026 will be used. If set in both SecurityContext 34027 and PodSecurityContext, the value 34028 specified in SecurityContext takes 34029 precedence. Note that this field cannot 34030 be set when spec.os.name is linux. 34031 properties: 34032 gmsaCredentialSpec: 34033 description: GMSACredentialSpec 34034 is where the GMSA admission webhook 34035 (https://github.com/kubernetes-sigs/windows-gmsa) 34036 inlines the contents of the GMSA 34037 credential spec named by the GMSACredentialSpecName 34038 field. 34039 type: string 34040 gmsaCredentialSpecName: 34041 description: GMSACredentialSpecName 34042 is the name of the GMSA credential 34043 spec to use. 34044 type: string 34045 hostProcess: 34046 description: HostProcess determines 34047 if a container should be run as 34048 a 'Host Process' container. All 34049 of a Pod's containers must have 34050 the same effective HostProcess 34051 value (it is not allowed to have 34052 a mix of HostProcess containers 34053 and non-HostProcess containers). 34054 In addition, if HostProcess is 34055 true then HostNetwork must also 34056 be set to true. 34057 type: boolean 34058 runAsUserName: 34059 description: The UserName in Windows 34060 to run the entrypoint of the container 34061 process. Defaults to the user 34062 specified in image metadata if 34063 unspecified. May also be set in 34064 PodSecurityContext. If set in 34065 both SecurityContext and PodSecurityContext, 34066 the value specified in SecurityContext 34067 takes precedence. 34068 type: string 34069 type: object 34070 type: object 34071 startupProbe: 34072 description: 'Deprecated. This field will 34073 be removed in a future release. DeprecatedStartupProbe 34074 indicates that the Pod has successfully 34075 initialized. If specified, no other probes 34076 are executed until this completes successfully. 34077 If this probe fails, the Pod will be restarted, 34078 just as if the livenessProbe failed. This 34079 can be used to provide different probe 34080 parameters at the beginning of a Pod''s 34081 lifecycle, when it might take a long time 34082 to load data or warm a cache, than during 34083 steady-state operation. This cannot be 34084 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 34085 properties: 34086 exec: 34087 description: Exec specifies the action 34088 to take. 34089 properties: 34090 command: 34091 description: Command is the command 34092 line to execute inside the container, 34093 the working directory for the 34094 command is root ('/') in the 34095 container's filesystem. The command 34096 is simply exec'd, it is not run 34097 inside a shell, so traditional 34098 shell instructions ('|', etc) 34099 won't work. To use a shell, you 34100 need to explicitly call out to 34101 that shell. Exit status of 0 is 34102 treated as live/healthy and non-zero 34103 is unhealthy. 34104 items: 34105 type: string 34106 type: array 34107 type: object 34108 failureThreshold: 34109 description: Minimum consecutive failures 34110 for the probe to be considered failed 34111 after having succeeded. Defaults to 34112 3. Minimum value is 1. 34113 format: int32 34114 type: integer 34115 grpc: 34116 description: GRPC specifies an action 34117 involving a GRPC port. 34118 properties: 34119 port: 34120 description: Port number of the 34121 gRPC service. Number must be in 34122 the range 1 to 65535. 34123 format: int32 34124 type: integer 34125 service: 34126 description: "Service is the name 34127 of the service to place in the 34128 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 34129 \n If this is not specified, the 34130 default behavior is defined by 34131 gRPC." 34132 type: string 34133 required: 34134 - port 34135 type: object 34136 httpGet: 34137 description: HTTPGet specifies the http 34138 request to perform. 34139 properties: 34140 host: 34141 description: Host name to connect 34142 to, defaults to the pod IP. You 34143 probably want to set "Host" in 34144 httpHeaders instead. 34145 type: string 34146 httpHeaders: 34147 description: Custom headers to set 34148 in the request. HTTP allows repeated 34149 headers. 34150 items: 34151 description: HTTPHeader describes 34152 a custom header to be used in 34153 HTTP probes 34154 properties: 34155 name: 34156 description: The header field 34157 name. This will be canonicalized 34158 upon output, so case-variant 34159 names will be understood 34160 as the same header. 34161 type: string 34162 value: 34163 description: The header field 34164 value 34165 type: string 34166 required: 34167 - name 34168 - value 34169 type: object 34170 type: array 34171 path: 34172 description: Path to access on the 34173 HTTP server. 34174 type: string 34175 port: 34176 anyOf: 34177 - type: integer 34178 - type: string 34179 description: Name or number of the 34180 port to access on the container. 34181 Number must be in the range 1 34182 to 65535. Name must be an IANA_SVC_NAME. 34183 x-kubernetes-int-or-string: true 34184 scheme: 34185 description: Scheme to use for connecting 34186 to the host. Defaults to HTTP. 34187 type: string 34188 required: 34189 - port 34190 type: object 34191 initialDelaySeconds: 34192 description: 'Number of seconds after 34193 the container has started before liveness 34194 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 34195 format: int32 34196 type: integer 34197 periodSeconds: 34198 description: How often (in seconds) 34199 to perform the probe. Default to 10 34200 seconds. Minimum value is 1. 34201 format: int32 34202 type: integer 34203 successThreshold: 34204 description: Minimum consecutive successes 34205 for the probe to be considered successful 34206 after having failed. Defaults to 1. 34207 Must be 1 for liveness and startup. 34208 Minimum value is 1. 34209 format: int32 34210 type: integer 34211 tcpSocket: 34212 description: TCPSocket specifies an 34213 action involving a TCP port. 34214 properties: 34215 host: 34216 description: 'Optional: Host name 34217 to connect to, defaults to the 34218 pod IP.' 34219 type: string 34220 port: 34221 anyOf: 34222 - type: integer 34223 - type: string 34224 description: Number or name of the 34225 port to access on the container. 34226 Number must be in the range 1 34227 to 65535. Name must be an IANA_SVC_NAME. 34228 x-kubernetes-int-or-string: true 34229 required: 34230 - port 34231 type: object 34232 terminationGracePeriodSeconds: 34233 description: Optional duration in seconds 34234 the pod needs to terminate gracefully 34235 upon probe failure. The grace period 34236 is the duration in seconds after the 34237 processes running in the pod are sent 34238 a termination signal and the time 34239 when the processes are forcibly halted 34240 with a kill signal. Set this value 34241 longer than the expected cleanup time 34242 for your process. If this value is 34243 nil, the pod's terminationGracePeriodSeconds 34244 will be used. Otherwise, this value 34245 overrides the value provided by the 34246 pod spec. Value must be non-negative 34247 integer. The value zero indicates 34248 stop immediately via the kill signal 34249 (no opportunity to shut down). This 34250 is a beta field and requires enabling 34251 ProbeTerminationGracePeriod feature 34252 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 34253 is used if unset. 34254 format: int64 34255 type: integer 34256 timeoutSeconds: 34257 description: 'Number of seconds after 34258 which the probe times out. Defaults 34259 to 1 second. Minimum value is 1. More 34260 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 34261 format: int32 34262 type: integer 34263 type: object 34264 stdin: 34265 description: Deprecated. This field will 34266 be removed in a future release. Whether 34267 this Step should allocate a buffer for 34268 stdin in the container runtime. If this 34269 is not set, reads from stdin in the Step 34270 will always result in EOF. Default is 34271 false. 34272 type: boolean 34273 stdinOnce: 34274 description: Deprecated. This field will 34275 be removed in a future release. Whether 34276 the container runtime should close the 34277 stdin channel after it has been opened 34278 by a single attach. When stdin is true 34279 the stdin stream will remain open across 34280 multiple attach sessions. If stdinOnce 34281 is set to true, stdin is opened on container 34282 start, is empty until the first client 34283 attaches to stdin, and then remains open 34284 and accepts data until the client disconnects, 34285 at which time stdin is closed and remains 34286 closed until the container is restarted. 34287 If this flag is false, a container processes 34288 that reads from stdin will never receive 34289 an EOF. Default is false 34290 type: boolean 34291 terminationMessagePath: 34292 description: Deprecated. This field will 34293 be removed in a future release and cannot 34294 be meaningfully used. 34295 type: string 34296 terminationMessagePolicy: 34297 description: Deprecated. This field will 34298 be removed in a future release and cannot 34299 be meaningfully used. 34300 type: string 34301 tty: 34302 description: Deprecated. This field will 34303 be removed in a future release. Whether 34304 this Step should allocate a DeprecatedTTY 34305 for itself, also requires 'stdin' to be 34306 true. Default is false. 34307 type: boolean 34308 volumeDevices: 34309 description: volumeDevices is the list of 34310 block devices to be used by the Step. 34311 items: 34312 description: volumeDevice describes a 34313 mapping of a raw block device within 34314 a container. 34315 properties: 34316 devicePath: 34317 description: devicePath is the path 34318 inside of the container that the 34319 device will be mapped to. 34320 type: string 34321 name: 34322 description: name must match the name 34323 of a persistentVolumeClaim in the 34324 pod 34325 type: string 34326 required: 34327 - devicePath 34328 - name 34329 type: object 34330 type: array 34331 x-kubernetes-list-type: atomic 34332 volumeMounts: 34333 description: Volumes to mount into the Step's 34334 filesystem. Cannot be updated. 34335 items: 34336 description: VolumeMount describes a mounting 34337 of a Volume within a container. 34338 properties: 34339 mountPath: 34340 description: Path within the container 34341 at which the volume should be mounted. Must 34342 not contain ':'. 34343 type: string 34344 mountPropagation: 34345 description: mountPropagation determines 34346 how mounts are propagated from the 34347 host to container and the other 34348 way around. When not set, MountPropagationNone 34349 is used. This field is beta in 1.10. 34350 type: string 34351 name: 34352 description: This must match the Name 34353 of a Volume. 34354 type: string 34355 readOnly: 34356 description: Mounted read-only if 34357 true, read-write otherwise (false 34358 or unspecified). Defaults to false. 34359 type: boolean 34360 subPath: 34361 description: Path within the volume 34362 from which the container's volume 34363 should be mounted. Defaults to "" 34364 (volume's root). 34365 type: string 34366 subPathExpr: 34367 description: Expanded path within 34368 the volume from which the container's 34369 volume should be mounted. Behaves 34370 similarly to SubPath but environment 34371 variable references $(VAR_NAME) 34372 are expanded using the container's 34373 environment. Defaults to "" (volume's 34374 root). SubPathExpr and SubPath are 34375 mutually exclusive. 34376 type: string 34377 required: 34378 - mountPath 34379 - name 34380 type: object 34381 type: array 34382 x-kubernetes-list-type: atomic 34383 workingDir: 34384 description: Step's working directory. If 34385 not specified, the container runtime's 34386 default will be used, which might be configured 34387 in the container image. Cannot be updated. 34388 type: string 34389 required: 34390 - name 34391 type: object 34392 steps: 34393 description: Steps are the steps of the build; 34394 each step is run sequentially with the source 34395 mounted into /workspace. 34396 items: 34397 description: Step runs a subcomponent of a 34398 Task 34399 properties: 34400 args: 34401 description: 'Arguments to the entrypoint. 34402 The image''s CMD is used if this is 34403 not provided. Variable references $(VAR_NAME) 34404 are expanded using the container''s 34405 environment. If a variable cannot be 34406 resolved, the reference in the input 34407 string will be unchanged. Double $$ 34408 are reduced to a single $, which allows 34409 for escaping the $(VAR_NAME) syntax: 34410 i.e. "$$(VAR_NAME)" will produce the 34411 string literal "$(VAR_NAME)". Escaped 34412 references will never be expanded, regardless 34413 of whether the variable exists or not. 34414 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 34415 items: 34416 type: string 34417 type: array 34418 x-kubernetes-list-type: atomic 34419 command: 34420 description: 'Entrypoint array. Not executed 34421 within a shell. The image''s ENTRYPOINT 34422 is used if this is not provided. Variable 34423 references $(VAR_NAME) are expanded 34424 using the container''s environment. 34425 If a variable cannot be resolved, the 34426 reference in the input string will be 34427 unchanged. Double $$ are reduced to 34428 a single $, which allows for escaping 34429 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 34430 will produce the string literal "$(VAR_NAME)". 34431 Escaped references will never be expanded, 34432 regardless of whether the variable exists 34433 or not. Cannot be updated. More info: 34434 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 34435 items: 34436 type: string 34437 type: array 34438 x-kubernetes-list-type: atomic 34439 env: 34440 description: List of environment variables 34441 to set in the container. Cannot be updated. 34442 items: 34443 description: EnvVar represents an environment 34444 variable present in a Container. 34445 properties: 34446 name: 34447 description: Name of the environment 34448 variable. Must be a C_IDENTIFIER. 34449 type: string 34450 value: 34451 description: 'Variable references 34452 $(VAR_NAME) are expanded using 34453 the previously defined environment 34454 variables in the container and 34455 any service environment variables. 34456 If a variable cannot be resolved, 34457 the reference in the input string 34458 will be unchanged. Double $$ are 34459 reduced to a single $, which allows 34460 for escaping the $(VAR_NAME) syntax: 34461 i.e. "$$(VAR_NAME)" will produce 34462 the string literal "$(VAR_NAME)". 34463 Escaped references will never 34464 be expanded, regardless of whether 34465 the variable exists or not. Defaults 34466 to "".' 34467 type: string 34468 valueFrom: 34469 description: Source for the environment 34470 variable's value. Cannot be used 34471 if value is not empty. 34472 properties: 34473 configMapKeyRef: 34474 description: Selects a key of 34475 a ConfigMap. 34476 properties: 34477 key: 34478 description: The key to 34479 select. 34480 type: string 34481 name: 34482 description: 'Name of the 34483 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 34484 TODO: Add other useful 34485 fields. apiVersion, kind, 34486 uid?' 34487 type: string 34488 optional: 34489 description: Specify whether 34490 the ConfigMap or its key 34491 must be defined 34492 type: boolean 34493 required: 34494 - key 34495 type: object 34496 fieldRef: 34497 description: 'Selects a field 34498 of the pod: supports metadata.name, 34499 metadata.namespace, `metadata.labels[''<KEY>'']`, 34500 `metadata.annotations[''<KEY>'']`, 34501 spec.nodeName, spec.serviceAccountName, 34502 status.hostIP, status.podIP, 34503 status.podIPs.' 34504 properties: 34505 apiVersion: 34506 description: Version of 34507 the schema the FieldPath 34508 is written in terms of, 34509 defaults to "v1". 34510 type: string 34511 fieldPath: 34512 description: Path of the 34513 field to select in the 34514 specified API version. 34515 type: string 34516 required: 34517 - fieldPath 34518 type: object 34519 resourceFieldRef: 34520 description: 'Selects a resource 34521 of the container: only resources 34522 limits and requests (limits.cpu, 34523 limits.memory, limits.ephemeral-storage, 34524 requests.cpu, requests.memory 34525 and requests.ephemeral-storage) 34526 are currently supported.' 34527 properties: 34528 containerName: 34529 description: 'Container 34530 name: required for volumes, 34531 optional for env vars' 34532 type: string 34533 divisor: 34534 anyOf: 34535 - type: integer 34536 - type: string 34537 description: Specifies the 34538 output format of the exposed 34539 resources, defaults to 34540 "1" 34541 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 34542 x-kubernetes-int-or-string: true 34543 resource: 34544 description: 'Required: 34545 resource to select' 34546 type: string 34547 required: 34548 - resource 34549 type: object 34550 secretKeyRef: 34551 description: Selects a key of 34552 a secret in the pod's namespace 34553 properties: 34554 key: 34555 description: The key of 34556 the secret to select from. Must 34557 be a valid secret key. 34558 type: string 34559 name: 34560 description: 'Name of the 34561 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 34562 TODO: Add other useful 34563 fields. apiVersion, kind, 34564 uid?' 34565 type: string 34566 optional: 34567 description: Specify whether 34568 the Secret or its key 34569 must be defined 34570 type: boolean 34571 required: 34572 - key 34573 type: object 34574 type: object 34575 required: 34576 - name 34577 type: object 34578 type: array 34579 x-kubernetes-list-type: atomic 34580 envFrom: 34581 description: List of sources to populate 34582 environment variables in the container. 34583 The keys defined within a source must 34584 be a C_IDENTIFIER. All invalid keys 34585 will be reported as an event when the 34586 container is starting. When a key exists 34587 in multiple sources, the value associated 34588 with the last source will take precedence. 34589 Values defined by an Env with a duplicate 34590 key will take precedence. Cannot be 34591 updated. 34592 items: 34593 description: EnvFromSource represents 34594 the source of a set of ConfigMaps 34595 properties: 34596 configMapRef: 34597 description: The ConfigMap to select 34598 from 34599 properties: 34600 name: 34601 description: 'Name of the referent. 34602 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 34603 TODO: Add other useful fields. 34604 apiVersion, kind, uid?' 34605 type: string 34606 optional: 34607 description: Specify whether 34608 the ConfigMap must be defined 34609 type: boolean 34610 type: object 34611 prefix: 34612 description: An optional identifier 34613 to prepend to each key in the 34614 ConfigMap. Must be a C_IDENTIFIER. 34615 type: string 34616 secretRef: 34617 description: The Secret to select 34618 from 34619 properties: 34620 name: 34621 description: 'Name of the referent. 34622 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 34623 TODO: Add other useful fields. 34624 apiVersion, kind, uid?' 34625 type: string 34626 optional: 34627 description: Specify whether 34628 the Secret must be defined 34629 type: boolean 34630 type: object 34631 type: object 34632 type: array 34633 x-kubernetes-list-type: atomic 34634 image: 34635 description: 'Image reference name to 34636 run for this Step. More info: https://kubernetes.io/docs/concepts/containers/images' 34637 type: string 34638 imagePullPolicy: 34639 description: 'Image pull policy. One of 34640 Always, Never, IfNotPresent. Defaults 34641 to Always if :latest tag is specified, 34642 or IfNotPresent otherwise. Cannot be 34643 updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 34644 type: string 34645 lifecycle: 34646 description: Deprecated. This field will 34647 be removed in a future release. Actions 34648 that the management system should take 34649 in response to container lifecycle events. 34650 Cannot be updated. 34651 properties: 34652 postStart: 34653 description: 'PostStart is called 34654 immediately after a container is 34655 created. If the handler fails, the 34656 container is terminated and restarted 34657 according to its restart policy. 34658 Other management of the container 34659 blocks until the hook completes. 34660 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 34661 properties: 34662 exec: 34663 description: Exec specifies the 34664 action to take. 34665 properties: 34666 command: 34667 description: Command is the 34668 command line to execute 34669 inside the container, the 34670 working directory for the 34671 command is root ('/') in 34672 the container's filesystem. 34673 The command is simply exec'd, 34674 it is not run inside a shell, 34675 so traditional shell instructions 34676 ('|', etc) won't work. To 34677 use a shell, you need to 34678 explicitly call out to that 34679 shell. Exit status of 0 34680 is treated as live/healthy 34681 and non-zero is unhealthy. 34682 items: 34683 type: string 34684 type: array 34685 type: object 34686 httpGet: 34687 description: HTTPGet specifies 34688 the http request to perform. 34689 properties: 34690 host: 34691 description: Host name to 34692 connect to, defaults to 34693 the pod IP. You probably 34694 want to set "Host" in httpHeaders 34695 instead. 34696 type: string 34697 httpHeaders: 34698 description: Custom headers 34699 to set in the request. HTTP 34700 allows repeated headers. 34701 items: 34702 description: HTTPHeader 34703 describes a custom header 34704 to be used in HTTP probes 34705 properties: 34706 name: 34707 description: The header 34708 field name. This will 34709 be canonicalized upon 34710 output, so case-variant 34711 names will be understood 34712 as the same header. 34713 type: string 34714 value: 34715 description: The header 34716 field value 34717 type: string 34718 required: 34719 - name 34720 - value 34721 type: object 34722 type: array 34723 path: 34724 description: Path to access 34725 on the HTTP server. 34726 type: string 34727 port: 34728 anyOf: 34729 - type: integer 34730 - type: string 34731 description: Name or number 34732 of the port to access on 34733 the container. Number must 34734 be in the range 1 to 65535. 34735 Name must be an IANA_SVC_NAME. 34736 x-kubernetes-int-or-string: true 34737 scheme: 34738 description: Scheme to use 34739 for connecting to the host. 34740 Defaults to HTTP. 34741 type: string 34742 required: 34743 - port 34744 type: object 34745 tcpSocket: 34746 description: Deprecated. TCPSocket 34747 is NOT supported as a LifecycleHandler 34748 and kept for the backward compatibility. 34749 There are no validation of this 34750 field and lifecycle hooks will 34751 fail in runtime when tcp handler 34752 is specified. 34753 properties: 34754 host: 34755 description: 'Optional: Host 34756 name to connect to, defaults 34757 to the pod IP.' 34758 type: string 34759 port: 34760 anyOf: 34761 - type: integer 34762 - type: string 34763 description: Number or name 34764 of the port to access on 34765 the container. Number must 34766 be in the range 1 to 65535. 34767 Name must be an IANA_SVC_NAME. 34768 x-kubernetes-int-or-string: true 34769 required: 34770 - port 34771 type: object 34772 type: object 34773 preStop: 34774 description: 'PreStop is called immediately 34775 before a container is terminated 34776 due to an API request or management 34777 event such as liveness/startup probe 34778 failure, preemption, resource contention, 34779 etc. The handler is not called if 34780 the container crashes or exits. 34781 The Pod''s termination grace period 34782 countdown begins before the PreStop 34783 hook is executed. Regardless of 34784 the outcome of the handler, the 34785 container will eventually terminate 34786 within the Pod''s termination grace 34787 period (unless delayed by finalizers). 34788 Other management of the container 34789 blocks until the hook completes 34790 or until the termination grace period 34791 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 34792 properties: 34793 exec: 34794 description: Exec specifies the 34795 action to take. 34796 properties: 34797 command: 34798 description: Command is the 34799 command line to execute 34800 inside the container, the 34801 working directory for the 34802 command is root ('/') in 34803 the container's filesystem. 34804 The command is simply exec'd, 34805 it is not run inside a shell, 34806 so traditional shell instructions 34807 ('|', etc) won't work. To 34808 use a shell, you need to 34809 explicitly call out to that 34810 shell. Exit status of 0 34811 is treated as live/healthy 34812 and non-zero is unhealthy. 34813 items: 34814 type: string 34815 type: array 34816 type: object 34817 httpGet: 34818 description: HTTPGet specifies 34819 the http request to perform. 34820 properties: 34821 host: 34822 description: Host name to 34823 connect to, defaults to 34824 the pod IP. You probably 34825 want to set "Host" in httpHeaders 34826 instead. 34827 type: string 34828 httpHeaders: 34829 description: Custom headers 34830 to set in the request. HTTP 34831 allows repeated headers. 34832 items: 34833 description: HTTPHeader 34834 describes a custom header 34835 to be used in HTTP probes 34836 properties: 34837 name: 34838 description: The header 34839 field name. This will 34840 be canonicalized upon 34841 output, so case-variant 34842 names will be understood 34843 as the same header. 34844 type: string 34845 value: 34846 description: The header 34847 field value 34848 type: string 34849 required: 34850 - name 34851 - value 34852 type: object 34853 type: array 34854 path: 34855 description: Path to access 34856 on the HTTP server. 34857 type: string 34858 port: 34859 anyOf: 34860 - type: integer 34861 - type: string 34862 description: Name or number 34863 of the port to access on 34864 the container. Number must 34865 be in the range 1 to 65535. 34866 Name must be an IANA_SVC_NAME. 34867 x-kubernetes-int-or-string: true 34868 scheme: 34869 description: Scheme to use 34870 for connecting to the host. 34871 Defaults to HTTP. 34872 type: string 34873 required: 34874 - port 34875 type: object 34876 tcpSocket: 34877 description: Deprecated. TCPSocket 34878 is NOT supported as a LifecycleHandler 34879 and kept for the backward compatibility. 34880 There are no validation of this 34881 field and lifecycle hooks will 34882 fail in runtime when tcp handler 34883 is specified. 34884 properties: 34885 host: 34886 description: 'Optional: Host 34887 name to connect to, defaults 34888 to the pod IP.' 34889 type: string 34890 port: 34891 anyOf: 34892 - type: integer 34893 - type: string 34894 description: Number or name 34895 of the port to access on 34896 the container. Number must 34897 be in the range 1 to 65535. 34898 Name must be an IANA_SVC_NAME. 34899 x-kubernetes-int-or-string: true 34900 required: 34901 - port 34902 type: object 34903 type: object 34904 type: object 34905 livenessProbe: 34906 description: 'Deprecated. This field will 34907 be removed in a future release. Periodic 34908 probe of container liveness. Step will 34909 be restarted if the probe fails. Cannot 34910 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 34911 properties: 34912 exec: 34913 description: Exec specifies the action 34914 to take. 34915 properties: 34916 command: 34917 description: Command is the command 34918 line to execute inside the container, 34919 the working directory for the 34920 command is root ('/') in the 34921 container's filesystem. The 34922 command is simply exec'd, it 34923 is not run inside a shell, so 34924 traditional shell instructions 34925 ('|', etc) won't work. To use 34926 a shell, you need to explicitly 34927 call out to that shell. Exit 34928 status of 0 is treated as live/healthy 34929 and non-zero is unhealthy. 34930 items: 34931 type: string 34932 type: array 34933 type: object 34934 failureThreshold: 34935 description: Minimum consecutive failures 34936 for the probe to be considered failed 34937 after having succeeded. Defaults 34938 to 3. Minimum value is 1. 34939 format: int32 34940 type: integer 34941 grpc: 34942 description: GRPC specifies an action 34943 involving a GRPC port. 34944 properties: 34945 port: 34946 description: Port number of the 34947 gRPC service. Number must be 34948 in the range 1 to 65535. 34949 format: int32 34950 type: integer 34951 service: 34952 description: "Service is the name 34953 of the service to place in the 34954 gRPC HealthCheckRequest (see 34955 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 34956 \n If this is not specified, 34957 the default behavior is defined 34958 by gRPC." 34959 type: string 34960 required: 34961 - port 34962 type: object 34963 httpGet: 34964 description: HTTPGet specifies the 34965 http request to perform. 34966 properties: 34967 host: 34968 description: Host name to connect 34969 to, defaults to the pod IP. 34970 You probably want to set "Host" 34971 in httpHeaders instead. 34972 type: string 34973 httpHeaders: 34974 description: Custom headers to 34975 set in the request. HTTP allows 34976 repeated headers. 34977 items: 34978 description: HTTPHeader describes 34979 a custom header to be used 34980 in HTTP probes 34981 properties: 34982 name: 34983 description: The header 34984 field name. This will 34985 be canonicalized upon 34986 output, so case-variant 34987 names will be understood 34988 as the same header. 34989 type: string 34990 value: 34991 description: The header 34992 field value 34993 type: string 34994 required: 34995 - name 34996 - value 34997 type: object 34998 type: array 34999 path: 35000 description: Path to access on 35001 the HTTP server. 35002 type: string 35003 port: 35004 anyOf: 35005 - type: integer 35006 - type: string 35007 description: Name or number of 35008 the port to access on the container. 35009 Number must be in the range 35010 1 to 65535. Name must be an 35011 IANA_SVC_NAME. 35012 x-kubernetes-int-or-string: true 35013 scheme: 35014 description: Scheme to use for 35015 connecting to the host. Defaults 35016 to HTTP. 35017 type: string 35018 required: 35019 - port 35020 type: object 35021 initialDelaySeconds: 35022 description: 'Number of seconds after 35023 the container has started before 35024 liveness probes are initiated. More 35025 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35026 format: int32 35027 type: integer 35028 periodSeconds: 35029 description: How often (in seconds) 35030 to perform the probe. Default to 35031 10 seconds. Minimum value is 1. 35032 format: int32 35033 type: integer 35034 successThreshold: 35035 description: Minimum consecutive successes 35036 for the probe to be considered successful 35037 after having failed. Defaults to 35038 1. Must be 1 for liveness and startup. 35039 Minimum value is 1. 35040 format: int32 35041 type: integer 35042 tcpSocket: 35043 description: TCPSocket specifies an 35044 action involving a TCP port. 35045 properties: 35046 host: 35047 description: 'Optional: Host name 35048 to connect to, defaults to the 35049 pod IP.' 35050 type: string 35051 port: 35052 anyOf: 35053 - type: integer 35054 - type: string 35055 description: Number or name of 35056 the port to access on the container. 35057 Number must be in the range 35058 1 to 65535. Name must be an 35059 IANA_SVC_NAME. 35060 x-kubernetes-int-or-string: true 35061 required: 35062 - port 35063 type: object 35064 terminationGracePeriodSeconds: 35065 description: Optional duration in 35066 seconds the pod needs to terminate 35067 gracefully upon probe failure. The 35068 grace period is the duration in 35069 seconds after the processes running 35070 in the pod are sent a termination 35071 signal and the time when the processes 35072 are forcibly halted with a kill 35073 signal. Set this value longer than 35074 the expected cleanup time for your 35075 process. If this value is nil, the 35076 pod's terminationGracePeriodSeconds 35077 will be used. Otherwise, this value 35078 overrides the value provided by 35079 the pod spec. Value must be non-negative 35080 integer. The value zero indicates 35081 stop immediately via the kill signal 35082 (no opportunity to shut down). This 35083 is a beta field and requires enabling 35084 ProbeTerminationGracePeriod feature 35085 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 35086 is used if unset. 35087 format: int64 35088 type: integer 35089 timeoutSeconds: 35090 description: 'Number of seconds after 35091 which the probe times out. Defaults 35092 to 1 second. Minimum value is 1. 35093 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35094 format: int32 35095 type: integer 35096 type: object 35097 name: 35098 description: Name of the Step specified 35099 as a DNS_LABEL. Each Step in a Task 35100 must have a unique name. 35101 type: string 35102 onError: 35103 description: OnError defines the exiting 35104 behavior of a container on error can 35105 be set to [ continue | stopAndFail ] 35106 type: string 35107 ports: 35108 description: Deprecated. This field will 35109 be removed in a future release. List 35110 of ports to expose from the Step's container. 35111 Exposing a port here gives the system 35112 additional information about the network 35113 connections a container uses, but is 35114 primarily informational. Not specifying 35115 a port here DOES NOT prevent that port 35116 from being exposed. Any port which is 35117 listening on the default "0.0.0.0" address 35118 inside a container will be accessible 35119 from the network. Cannot be updated. 35120 items: 35121 description: ContainerPort represents 35122 a network port in a single container. 35123 properties: 35124 containerPort: 35125 description: Number of port to expose 35126 on the pod's IP address. This 35127 must be a valid port number, 0 35128 < x < 65536. 35129 format: int32 35130 type: integer 35131 hostIP: 35132 description: What host IP to bind 35133 the external port to. 35134 type: string 35135 hostPort: 35136 description: Number of port to expose 35137 on the host. If specified, this 35138 must be a valid port number, 0 35139 < x < 65536. If HostNetwork is 35140 specified, this must match ContainerPort. 35141 Most containers do not need this. 35142 format: int32 35143 type: integer 35144 name: 35145 description: If specified, this 35146 must be an IANA_SVC_NAME and unique 35147 within the pod. Each named port 35148 in a pod must have a unique name. 35149 Name for the port that can be 35150 referred to by services. 35151 type: string 35152 protocol: 35153 default: TCP 35154 description: Protocol for port. 35155 Must be UDP, TCP, or SCTP. Defaults 35156 to "TCP". 35157 type: string 35158 required: 35159 - containerPort 35160 type: object 35161 type: array 35162 x-kubernetes-list-map-keys: 35163 - containerPort 35164 - protocol 35165 x-kubernetes-list-type: map 35166 readinessProbe: 35167 description: 'Deprecated. This field will 35168 be removed in a future release. Periodic 35169 probe of container service readiness. 35170 Step will be removed from service endpoints 35171 if the probe fails. Cannot be updated. 35172 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35173 properties: 35174 exec: 35175 description: Exec specifies the action 35176 to take. 35177 properties: 35178 command: 35179 description: Command is the command 35180 line to execute inside the container, 35181 the working directory for the 35182 command is root ('/') in the 35183 container's filesystem. The 35184 command is simply exec'd, it 35185 is not run inside a shell, so 35186 traditional shell instructions 35187 ('|', etc) won't work. To use 35188 a shell, you need to explicitly 35189 call out to that shell. Exit 35190 status of 0 is treated as live/healthy 35191 and non-zero is unhealthy. 35192 items: 35193 type: string 35194 type: array 35195 type: object 35196 failureThreshold: 35197 description: Minimum consecutive failures 35198 for the probe to be considered failed 35199 after having succeeded. Defaults 35200 to 3. Minimum value is 1. 35201 format: int32 35202 type: integer 35203 grpc: 35204 description: GRPC specifies an action 35205 involving a GRPC port. 35206 properties: 35207 port: 35208 description: Port number of the 35209 gRPC service. Number must be 35210 in the range 1 to 65535. 35211 format: int32 35212 type: integer 35213 service: 35214 description: "Service is the name 35215 of the service to place in the 35216 gRPC HealthCheckRequest (see 35217 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 35218 \n If this is not specified, 35219 the default behavior is defined 35220 by gRPC." 35221 type: string 35222 required: 35223 - port 35224 type: object 35225 httpGet: 35226 description: HTTPGet specifies the 35227 http request to perform. 35228 properties: 35229 host: 35230 description: Host name to connect 35231 to, defaults to the pod IP. 35232 You probably want to set "Host" 35233 in httpHeaders instead. 35234 type: string 35235 httpHeaders: 35236 description: Custom headers to 35237 set in the request. HTTP allows 35238 repeated headers. 35239 items: 35240 description: HTTPHeader describes 35241 a custom header to be used 35242 in HTTP probes 35243 properties: 35244 name: 35245 description: The header 35246 field name. This will 35247 be canonicalized upon 35248 output, so case-variant 35249 names will be understood 35250 as the same header. 35251 type: string 35252 value: 35253 description: The header 35254 field value 35255 type: string 35256 required: 35257 - name 35258 - value 35259 type: object 35260 type: array 35261 path: 35262 description: Path to access on 35263 the HTTP server. 35264 type: string 35265 port: 35266 anyOf: 35267 - type: integer 35268 - type: string 35269 description: Name or number of 35270 the port to access on the container. 35271 Number must be in the range 35272 1 to 65535. Name must be an 35273 IANA_SVC_NAME. 35274 x-kubernetes-int-or-string: true 35275 scheme: 35276 description: Scheme to use for 35277 connecting to the host. Defaults 35278 to HTTP. 35279 type: string 35280 required: 35281 - port 35282 type: object 35283 initialDelaySeconds: 35284 description: 'Number of seconds after 35285 the container has started before 35286 liveness probes are initiated. More 35287 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35288 format: int32 35289 type: integer 35290 periodSeconds: 35291 description: How often (in seconds) 35292 to perform the probe. Default to 35293 10 seconds. Minimum value is 1. 35294 format: int32 35295 type: integer 35296 successThreshold: 35297 description: Minimum consecutive successes 35298 for the probe to be considered successful 35299 after having failed. Defaults to 35300 1. Must be 1 for liveness and startup. 35301 Minimum value is 1. 35302 format: int32 35303 type: integer 35304 tcpSocket: 35305 description: TCPSocket specifies an 35306 action involving a TCP port. 35307 properties: 35308 host: 35309 description: 'Optional: Host name 35310 to connect to, defaults to the 35311 pod IP.' 35312 type: string 35313 port: 35314 anyOf: 35315 - type: integer 35316 - type: string 35317 description: Number or name of 35318 the port to access on the container. 35319 Number must be in the range 35320 1 to 65535. Name must be an 35321 IANA_SVC_NAME. 35322 x-kubernetes-int-or-string: true 35323 required: 35324 - port 35325 type: object 35326 terminationGracePeriodSeconds: 35327 description: Optional duration in 35328 seconds the pod needs to terminate 35329 gracefully upon probe failure. The 35330 grace period is the duration in 35331 seconds after the processes running 35332 in the pod are sent a termination 35333 signal and the time when the processes 35334 are forcibly halted with a kill 35335 signal. Set this value longer than 35336 the expected cleanup time for your 35337 process. If this value is nil, the 35338 pod's terminationGracePeriodSeconds 35339 will be used. Otherwise, this value 35340 overrides the value provided by 35341 the pod spec. Value must be non-negative 35342 integer. The value zero indicates 35343 stop immediately via the kill signal 35344 (no opportunity to shut down). This 35345 is a beta field and requires enabling 35346 ProbeTerminationGracePeriod feature 35347 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 35348 is used if unset. 35349 format: int64 35350 type: integer 35351 timeoutSeconds: 35352 description: 'Number of seconds after 35353 which the probe times out. Defaults 35354 to 1 second. Minimum value is 1. 35355 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35356 format: int32 35357 type: integer 35358 type: object 35359 resources: 35360 description: 'Compute Resources required 35361 by this Step. Cannot be updated. More 35362 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 35363 properties: 35364 claims: 35365 description: "Claims lists the names 35366 of resources, defined in spec.resourceClaims, 35367 that are used by this container. 35368 \n This is an alpha field and requires 35369 enabling the DynamicResourceAllocation 35370 feature gate. \n This field is immutable. 35371 It can only be set for containers." 35372 items: 35373 description: ResourceClaim references 35374 one entry in PodSpec.ResourceClaims. 35375 properties: 35376 name: 35377 description: Name must match 35378 the name of one entry in pod.spec.resourceClaims 35379 of the Pod where this field 35380 is used. It makes that resource 35381 available inside a container. 35382 type: string 35383 required: 35384 - name 35385 type: object 35386 type: array 35387 x-kubernetes-list-map-keys: 35388 - name 35389 x-kubernetes-list-type: map 35390 limits: 35391 additionalProperties: 35392 anyOf: 35393 - type: integer 35394 - type: string 35395 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 35396 x-kubernetes-int-or-string: true 35397 description: 'Limits describes the 35398 maximum amount of compute resources 35399 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 35400 type: object 35401 requests: 35402 additionalProperties: 35403 anyOf: 35404 - type: integer 35405 - type: string 35406 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 35407 x-kubernetes-int-or-string: true 35408 description: 'Requests describes the 35409 minimum amount of compute resources 35410 required. If Requests is omitted 35411 for a container, it defaults to 35412 Limits if that is explicitly specified, 35413 otherwise to an implementation-defined 35414 value. Requests cannot exceed Limits. 35415 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 35416 type: object 35417 type: object 35418 script: 35419 description: "Script is the contents of 35420 an executable file to execute. \n If 35421 Script is not empty, the Step cannot 35422 have an Command and the Args will be 35423 passed to the Script." 35424 type: string 35425 securityContext: 35426 description: 'SecurityContext defines 35427 the security options the Step should 35428 be run with. If set, the fields of SecurityContext 35429 override the equivalent fields of PodSecurityContext. 35430 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 35431 properties: 35432 allowPrivilegeEscalation: 35433 description: 'AllowPrivilegeEscalation 35434 controls whether a process can gain 35435 more privileges than its parent 35436 process. This bool directly controls 35437 if the no_new_privs flag will be 35438 set on the container process. AllowPrivilegeEscalation 35439 is true always when the container 35440 is: 1) run as Privileged 2) has 35441 CAP_SYS_ADMIN Note that this field 35442 cannot be set when spec.os.name 35443 is windows.' 35444 type: boolean 35445 capabilities: 35446 description: The capabilities to add/drop 35447 when running containers. Defaults 35448 to the default set of capabilities 35449 granted by the container runtime. 35450 Note that this field cannot be set 35451 when spec.os.name is windows. 35452 properties: 35453 add: 35454 description: Added capabilities 35455 items: 35456 description: Capability represent 35457 POSIX capabilities type 35458 type: string 35459 type: array 35460 drop: 35461 description: Removed capabilities 35462 items: 35463 description: Capability represent 35464 POSIX capabilities type 35465 type: string 35466 type: array 35467 type: object 35468 privileged: 35469 description: Run container in privileged 35470 mode. Processes in privileged containers 35471 are essentially equivalent to root 35472 on the host. Defaults to false. 35473 Note that this field cannot be set 35474 when spec.os.name is windows. 35475 type: boolean 35476 procMount: 35477 description: procMount denotes the 35478 type of proc mount to use for the 35479 containers. The default is DefaultProcMount 35480 which uses the container runtime 35481 defaults for readonly paths and 35482 masked paths. This requires the 35483 ProcMountType feature flag to be 35484 enabled. Note that this field cannot 35485 be set when spec.os.name is windows. 35486 type: string 35487 readOnlyRootFilesystem: 35488 description: Whether this container 35489 has a read-only root filesystem. 35490 Default is false. Note that this 35491 field cannot be set when spec.os.name 35492 is windows. 35493 type: boolean 35494 runAsGroup: 35495 description: The GID to run the entrypoint 35496 of the container process. Uses runtime 35497 default if unset. May also be set 35498 in PodSecurityContext. If set in 35499 both SecurityContext and PodSecurityContext, 35500 the value specified in SecurityContext 35501 takes precedence. Note that this 35502 field cannot be set when spec.os.name 35503 is windows. 35504 format: int64 35505 type: integer 35506 runAsNonRoot: 35507 description: Indicates that the container 35508 must run as a non-root user. If 35509 true, the Kubelet will validate 35510 the image at runtime to ensure that 35511 it does not run as UID 0 (root) 35512 and fail to start the container 35513 if it does. If unset or false, no 35514 such validation will be performed. 35515 May also be set in PodSecurityContext. If 35516 set in both SecurityContext and 35517 PodSecurityContext, the value specified 35518 in SecurityContext takes precedence. 35519 type: boolean 35520 runAsUser: 35521 description: The UID to run the entrypoint 35522 of the container process. Defaults 35523 to user specified in image metadata 35524 if unspecified. May also be set 35525 in PodSecurityContext. If set in 35526 both SecurityContext and PodSecurityContext, 35527 the value specified in SecurityContext 35528 takes precedence. Note that this 35529 field cannot be set when spec.os.name 35530 is windows. 35531 format: int64 35532 type: integer 35533 seLinuxOptions: 35534 description: The SELinux context to 35535 be applied to the container. If 35536 unspecified, the container runtime 35537 will allocate a random SELinux context 35538 for each container. May also be 35539 set in PodSecurityContext. If set 35540 in both SecurityContext and PodSecurityContext, 35541 the value specified in SecurityContext 35542 takes precedence. Note that this 35543 field cannot be set when spec.os.name 35544 is windows. 35545 properties: 35546 level: 35547 description: Level is SELinux 35548 level label that applies to 35549 the container. 35550 type: string 35551 role: 35552 description: Role is a SELinux 35553 role label that applies to the 35554 container. 35555 type: string 35556 type: 35557 description: Type is a SELinux 35558 type label that applies to the 35559 container. 35560 type: string 35561 user: 35562 description: User is a SELinux 35563 user label that applies to the 35564 container. 35565 type: string 35566 type: object 35567 seccompProfile: 35568 description: The seccomp options to 35569 use by this container. If seccomp 35570 options are provided at both the 35571 pod & container level, the container 35572 options override the pod options. 35573 Note that this field cannot be set 35574 when spec.os.name is windows. 35575 properties: 35576 localhostProfile: 35577 description: localhostProfile 35578 indicates a profile defined 35579 in a file on the node should 35580 be used. The profile must be 35581 preconfigured on the node to 35582 work. Must be a descending path, 35583 relative to the kubelet's configured 35584 seccomp profile location. Must 35585 be set if type is "Localhost". 35586 Must NOT be set for any other 35587 type. 35588 type: string 35589 type: 35590 description: "type indicates which 35591 kind of seccomp profile will 35592 be applied. Valid options are: 35593 \n Localhost - a profile defined 35594 in a file on the node should 35595 be used. RuntimeDefault - the 35596 container runtime default profile 35597 should be used. Unconfined - 35598 no profile should be applied." 35599 type: string 35600 required: 35601 - type 35602 type: object 35603 windowsOptions: 35604 description: The Windows specific 35605 settings applied to all containers. 35606 If unspecified, the options from 35607 the PodSecurityContext will be used. 35608 If set in both SecurityContext and 35609 PodSecurityContext, the value specified 35610 in SecurityContext takes precedence. 35611 Note that this field cannot be set 35612 when spec.os.name is linux. 35613 properties: 35614 gmsaCredentialSpec: 35615 description: GMSACredentialSpec 35616 is where the GMSA admission 35617 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 35618 inlines the contents of the 35619 GMSA credential spec named by 35620 the GMSACredentialSpecName field. 35621 type: string 35622 gmsaCredentialSpecName: 35623 description: GMSACredentialSpecName 35624 is the name of the GMSA credential 35625 spec to use. 35626 type: string 35627 hostProcess: 35628 description: HostProcess determines 35629 if a container should be run 35630 as a 'Host Process' container. 35631 All of a Pod's containers must 35632 have the same effective HostProcess 35633 value (it is not allowed to 35634 have a mix of HostProcess containers 35635 and non-HostProcess containers). 35636 In addition, if HostProcess 35637 is true then HostNetwork must 35638 also be set to true. 35639 type: boolean 35640 runAsUserName: 35641 description: The UserName in Windows 35642 to run the entrypoint of the 35643 container process. Defaults 35644 to the user specified in image 35645 metadata if unspecified. May 35646 also be set in PodSecurityContext. 35647 If set in both SecurityContext 35648 and PodSecurityContext, the 35649 value specified in SecurityContext 35650 takes precedence. 35651 type: string 35652 type: object 35653 type: object 35654 startupProbe: 35655 description: 'Deprecated. This field will 35656 be removed in a future release. DeprecatedStartupProbe 35657 indicates that the Pod this Step runs 35658 in has successfully initialized. If 35659 specified, no other probes are executed 35660 until this completes successfully. If 35661 this probe fails, the Pod will be restarted, 35662 just as if the livenessProbe failed. 35663 This can be used to provide different 35664 probe parameters at the beginning of 35665 a Pod''s lifecycle, when it might take 35666 a long time to load data or warm a cache, 35667 than during steady-state operation. 35668 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35669 properties: 35670 exec: 35671 description: Exec specifies the action 35672 to take. 35673 properties: 35674 command: 35675 description: Command is the command 35676 line to execute inside the container, 35677 the working directory for the 35678 command is root ('/') in the 35679 container's filesystem. The 35680 command is simply exec'd, it 35681 is not run inside a shell, so 35682 traditional shell instructions 35683 ('|', etc) won't work. To use 35684 a shell, you need to explicitly 35685 call out to that shell. Exit 35686 status of 0 is treated as live/healthy 35687 and non-zero is unhealthy. 35688 items: 35689 type: string 35690 type: array 35691 type: object 35692 failureThreshold: 35693 description: Minimum consecutive failures 35694 for the probe to be considered failed 35695 after having succeeded. Defaults 35696 to 3. Minimum value is 1. 35697 format: int32 35698 type: integer 35699 grpc: 35700 description: GRPC specifies an action 35701 involving a GRPC port. 35702 properties: 35703 port: 35704 description: Port number of the 35705 gRPC service. Number must be 35706 in the range 1 to 65535. 35707 format: int32 35708 type: integer 35709 service: 35710 description: "Service is the name 35711 of the service to place in the 35712 gRPC HealthCheckRequest (see 35713 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 35714 \n If this is not specified, 35715 the default behavior is defined 35716 by gRPC." 35717 type: string 35718 required: 35719 - port 35720 type: object 35721 httpGet: 35722 description: HTTPGet specifies the 35723 http request to perform. 35724 properties: 35725 host: 35726 description: Host name to connect 35727 to, defaults to the pod IP. 35728 You probably want to set "Host" 35729 in httpHeaders instead. 35730 type: string 35731 httpHeaders: 35732 description: Custom headers to 35733 set in the request. HTTP allows 35734 repeated headers. 35735 items: 35736 description: HTTPHeader describes 35737 a custom header to be used 35738 in HTTP probes 35739 properties: 35740 name: 35741 description: The header 35742 field name. This will 35743 be canonicalized upon 35744 output, so case-variant 35745 names will be understood 35746 as the same header. 35747 type: string 35748 value: 35749 description: The header 35750 field value 35751 type: string 35752 required: 35753 - name 35754 - value 35755 type: object 35756 type: array 35757 path: 35758 description: Path to access on 35759 the HTTP server. 35760 type: string 35761 port: 35762 anyOf: 35763 - type: integer 35764 - type: string 35765 description: Name or number of 35766 the port to access on the container. 35767 Number must be in the range 35768 1 to 65535. Name must be an 35769 IANA_SVC_NAME. 35770 x-kubernetes-int-or-string: true 35771 scheme: 35772 description: Scheme to use for 35773 connecting to the host. Defaults 35774 to HTTP. 35775 type: string 35776 required: 35777 - port 35778 type: object 35779 initialDelaySeconds: 35780 description: 'Number of seconds after 35781 the container has started before 35782 liveness probes are initiated. More 35783 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35784 format: int32 35785 type: integer 35786 periodSeconds: 35787 description: How often (in seconds) 35788 to perform the probe. Default to 35789 10 seconds. Minimum value is 1. 35790 format: int32 35791 type: integer 35792 successThreshold: 35793 description: Minimum consecutive successes 35794 for the probe to be considered successful 35795 after having failed. Defaults to 35796 1. Must be 1 for liveness and startup. 35797 Minimum value is 1. 35798 format: int32 35799 type: integer 35800 tcpSocket: 35801 description: TCPSocket specifies an 35802 action involving a TCP port. 35803 properties: 35804 host: 35805 description: 'Optional: Host name 35806 to connect to, defaults to the 35807 pod IP.' 35808 type: string 35809 port: 35810 anyOf: 35811 - type: integer 35812 - type: string 35813 description: Number or name of 35814 the port to access on the container. 35815 Number must be in the range 35816 1 to 65535. Name must be an 35817 IANA_SVC_NAME. 35818 x-kubernetes-int-or-string: true 35819 required: 35820 - port 35821 type: object 35822 terminationGracePeriodSeconds: 35823 description: Optional duration in 35824 seconds the pod needs to terminate 35825 gracefully upon probe failure. The 35826 grace period is the duration in 35827 seconds after the processes running 35828 in the pod are sent a termination 35829 signal and the time when the processes 35830 are forcibly halted with a kill 35831 signal. Set this value longer than 35832 the expected cleanup time for your 35833 process. If this value is nil, the 35834 pod's terminationGracePeriodSeconds 35835 will be used. Otherwise, this value 35836 overrides the value provided by 35837 the pod spec. Value must be non-negative 35838 integer. The value zero indicates 35839 stop immediately via the kill signal 35840 (no opportunity to shut down). This 35841 is a beta field and requires enabling 35842 ProbeTerminationGracePeriod feature 35843 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 35844 is used if unset. 35845 format: int64 35846 type: integer 35847 timeoutSeconds: 35848 description: 'Number of seconds after 35849 which the probe times out. Defaults 35850 to 1 second. Minimum value is 1. 35851 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 35852 format: int32 35853 type: integer 35854 type: object 35855 stderrConfig: 35856 description: Stores configuration for 35857 the stderr stream of the step. 35858 properties: 35859 path: 35860 description: Path to duplicate stdout 35861 stream to on container's local filesystem. 35862 type: string 35863 type: object 35864 stdin: 35865 description: Deprecated. This field will 35866 be removed in a future release. Whether 35867 this container should allocate a buffer 35868 for stdin in the container runtime. 35869 If this is not set, reads from stdin 35870 in the container will always result 35871 in EOF. Default is false. 35872 type: boolean 35873 stdinOnce: 35874 description: Deprecated. This field will 35875 be removed in a future release. Whether 35876 the container runtime should close the 35877 stdin channel after it has been opened 35878 by a single attach. When stdin is true 35879 the stdin stream will remain open across 35880 multiple attach sessions. If stdinOnce 35881 is set to true, stdin is opened on container 35882 start, is empty until the first client 35883 attaches to stdin, and then remains 35884 open and accepts data until the client 35885 disconnects, at which time stdin is 35886 closed and remains closed until the 35887 container is restarted. If this flag 35888 is false, a container processes that 35889 reads from stdin will never receive 35890 an EOF. Default is false 35891 type: boolean 35892 stdoutConfig: 35893 description: Stores configuration for 35894 the stdout stream of the step. 35895 properties: 35896 path: 35897 description: Path to duplicate stdout 35898 stream to on container's local filesystem. 35899 type: string 35900 type: object 35901 terminationMessagePath: 35902 description: Deprecated. This field will 35903 be removed in a future release and can't 35904 be meaningfully used. 35905 type: string 35906 terminationMessagePolicy: 35907 description: Deprecated. This field will 35908 be removed in a future release and can't 35909 be meaningfully used. 35910 type: string 35911 timeout: 35912 description: 'Timeout is the time after 35913 which the step times out. Defaults to 35914 never. Refer to Go''s ParseDuration 35915 documentation for expected format: https://golang.org/pkg/time/#ParseDuration' 35916 type: string 35917 tty: 35918 description: Deprecated. This field will 35919 be removed in a future release. Whether 35920 this container should allocate a DeprecatedTTY 35921 for itself, also requires 'stdin' to 35922 be true. Default is false. 35923 type: boolean 35924 volumeDevices: 35925 description: volumeDevices is the list 35926 of block devices to be used by the Step. 35927 items: 35928 description: volumeDevice describes 35929 a mapping of a raw block device within 35930 a container. 35931 properties: 35932 devicePath: 35933 description: devicePath is the path 35934 inside of the container that the 35935 device will be mapped to. 35936 type: string 35937 name: 35938 description: name must match the 35939 name of a persistentVolumeClaim 35940 in the pod 35941 type: string 35942 required: 35943 - devicePath 35944 - name 35945 type: object 35946 type: array 35947 x-kubernetes-list-type: atomic 35948 volumeMounts: 35949 description: Volumes to mount into the 35950 Step's filesystem. Cannot be updated. 35951 items: 35952 description: VolumeMount describes a 35953 mounting of a Volume within a container. 35954 properties: 35955 mountPath: 35956 description: Path within the container 35957 at which the volume should be 35958 mounted. Must not contain ':'. 35959 type: string 35960 mountPropagation: 35961 description: mountPropagation determines 35962 how mounts are propagated from 35963 the host to container and the 35964 other way around. When not set, 35965 MountPropagationNone is used. 35966 This field is beta in 1.10. 35967 type: string 35968 name: 35969 description: This must match the 35970 Name of a Volume. 35971 type: string 35972 readOnly: 35973 description: Mounted read-only if 35974 true, read-write otherwise (false 35975 or unspecified). Defaults to false. 35976 type: boolean 35977 subPath: 35978 description: Path within the volume 35979 from which the container's volume 35980 should be mounted. Defaults to 35981 "" (volume's root). 35982 type: string 35983 subPathExpr: 35984 description: Expanded path within 35985 the volume from which the container's 35986 volume should be mounted. Behaves 35987 similarly to SubPath but environment 35988 variable references $(VAR_NAME) 35989 are expanded using the container's 35990 environment. Defaults to "" (volume's 35991 root). SubPathExpr and SubPath 35992 are mutually exclusive. 35993 type: string 35994 required: 35995 - mountPath 35996 - name 35997 type: object 35998 type: array 35999 x-kubernetes-list-type: atomic 36000 workingDir: 36001 description: Step's working directory. 36002 If not specified, the container runtime's 36003 default will be used, which might be 36004 configured in the container image. Cannot 36005 be updated. 36006 type: string 36007 workspaces: 36008 description: "This is an alpha field. 36009 You must set the \"enable-api-fields\" 36010 feature flag to \"alpha\" for this field 36011 to be supported. \n Workspaces is a 36012 list of workspaces from the Task that 36013 this Step wants exclusive access to. 36014 Adding a workspace to this list means 36015 that any other Step or Sidecar that 36016 does not also request this Workspace 36017 will not have access to it." 36018 items: 36019 description: WorkspaceUsage is used 36020 by a Step or Sidecar to declare that 36021 it wants isolated access to a Workspace 36022 defined in a Task. 36023 properties: 36024 mountPath: 36025 description: MountPath is the path 36026 that the workspace should be mounted 36027 to inside the Step or Sidecar, 36028 overriding any MountPath specified 36029 in the Task's WorkspaceDeclaration. 36030 type: string 36031 name: 36032 description: Name is the name of 36033 the workspace this Step or Sidecar 36034 wants access to. 36035 type: string 36036 required: 36037 - mountPath 36038 - name 36039 type: object 36040 type: array 36041 x-kubernetes-list-type: atomic 36042 required: 36043 - name 36044 type: object 36045 type: array 36046 x-kubernetes-list-type: atomic 36047 volumes: 36048 description: Volumes is a collection of volumes 36049 that are available to mount into the steps 36050 of the build. 36051 items: 36052 description: Volume represents a named volume 36053 in a pod that may be accessed by any container 36054 in the pod. 36055 properties: 36056 awsElasticBlockStore: 36057 description: 'awsElasticBlockStore represents 36058 an AWS Disk resource that is attached 36059 to a kubelet''s host machine and then 36060 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 36061 properties: 36062 fsType: 36063 description: 'fsType is the filesystem 36064 type of the volume that you want 36065 to mount. Tip: Ensure that the filesystem 36066 type is supported by the host operating 36067 system. Examples: "ext4", "xfs", 36068 "ntfs". Implicitly inferred to be 36069 "ext4" if unspecified. More info: 36070 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 36071 TODO: how do we prevent errors in 36072 the filesystem from compromising 36073 the machine' 36074 type: string 36075 partition: 36076 description: 'partition is the partition 36077 in the volume that you want to mount. 36078 If omitted, the default is to mount 36079 by volume name. Examples: For volume 36080 /dev/sda1, you specify the partition 36081 as "1". Similarly, the volume partition 36082 for /dev/sda is "0" (or you can 36083 leave the property empty).' 36084 format: int32 36085 type: integer 36086 readOnly: 36087 description: 'readOnly value true 36088 will force the readOnly setting 36089 in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 36090 type: boolean 36091 volumeID: 36092 description: 'volumeID is unique ID 36093 of the persistent disk resource 36094 in AWS (Amazon EBS volume). More 36095 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 36096 type: string 36097 required: 36098 - volumeID 36099 type: object 36100 azureDisk: 36101 description: azureDisk represents an Azure 36102 Data Disk mount on the host and bind 36103 mount to the pod. 36104 properties: 36105 cachingMode: 36106 description: 'cachingMode is the Host 36107 Caching mode: None, Read Only, Read 36108 Write.' 36109 type: string 36110 diskName: 36111 description: diskName is the Name 36112 of the data disk in the blob storage 36113 type: string 36114 diskURI: 36115 description: diskURI is the URI of 36116 data disk in the blob storage 36117 type: string 36118 fsType: 36119 description: fsType is Filesystem 36120 type to mount. Must be a filesystem 36121 type supported by the host operating 36122 system. Ex. "ext4", "xfs", "ntfs". 36123 Implicitly inferred to be "ext4" 36124 if unspecified. 36125 type: string 36126 kind: 36127 description: 'kind expected values 36128 are Shared: multiple blob disks 36129 per storage account Dedicated: 36130 single blob disk per storage account Managed: 36131 azure managed data disk (only in 36132 managed availability set). defaults 36133 to shared' 36134 type: string 36135 readOnly: 36136 description: readOnly Defaults to 36137 false (read/write). ReadOnly here 36138 will force the ReadOnly setting 36139 in VolumeMounts. 36140 type: boolean 36141 required: 36142 - diskName 36143 - diskURI 36144 type: object 36145 azureFile: 36146 description: azureFile represents an Azure 36147 File Service mount on the host and bind 36148 mount to the pod. 36149 properties: 36150 readOnly: 36151 description: readOnly defaults to 36152 false (read/write). ReadOnly here 36153 will force the ReadOnly setting 36154 in VolumeMounts. 36155 type: boolean 36156 secretName: 36157 description: secretName is the name 36158 of secret that contains Azure Storage 36159 Account Name and Key 36160 type: string 36161 shareName: 36162 description: shareName is the azure 36163 share Name 36164 type: string 36165 required: 36166 - secretName 36167 - shareName 36168 type: object 36169 cephfs: 36170 description: cephFS represents a Ceph 36171 FS mount on the host that shares a pod's 36172 lifetime 36173 properties: 36174 monitors: 36175 description: 'monitors is Required: 36176 Monitors is a collection of Ceph 36177 monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 36178 items: 36179 type: string 36180 type: array 36181 path: 36182 description: 'path is Optional: Used 36183 as the mounted root, rather than 36184 the full Ceph tree, default is /' 36185 type: string 36186 readOnly: 36187 description: 'readOnly is Optional: 36188 Defaults to false (read/write). 36189 ReadOnly here will force the ReadOnly 36190 setting in VolumeMounts. More info: 36191 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 36192 type: boolean 36193 secretFile: 36194 description: 'secretFile is Optional: 36195 SecretFile is the path to key ring 36196 for User, default is /etc/ceph/user.secret 36197 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 36198 type: string 36199 secretRef: 36200 description: 'secretRef is Optional: 36201 SecretRef is reference to the authentication 36202 secret for User, default is empty. 36203 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 36204 properties: 36205 name: 36206 description: 'Name of the referent. 36207 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 36208 TODO: Add other useful fields. 36209 apiVersion, kind, uid?' 36210 type: string 36211 type: object 36212 user: 36213 description: 'user is optional: User 36214 is the rados user name, default 36215 is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 36216 type: string 36217 required: 36218 - monitors 36219 type: object 36220 cinder: 36221 description: 'cinder represents a cinder 36222 volume attached and mounted on kubelets 36223 host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 36224 properties: 36225 fsType: 36226 description: 'fsType is the filesystem 36227 type to mount. Must be a filesystem 36228 type supported by the host operating 36229 system. Examples: "ext4", "xfs", 36230 "ntfs". Implicitly inferred to be 36231 "ext4" if unspecified. More info: 36232 https://examples.k8s.io/mysql-cinder-pd/README.md' 36233 type: string 36234 readOnly: 36235 description: 'readOnly defaults to 36236 false (read/write). ReadOnly here 36237 will force the ReadOnly setting 36238 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 36239 type: boolean 36240 secretRef: 36241 description: 'secretRef is optional: 36242 points to a secret object containing 36243 parameters used to connect to OpenStack.' 36244 properties: 36245 name: 36246 description: 'Name of the referent. 36247 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 36248 TODO: Add other useful fields. 36249 apiVersion, kind, uid?' 36250 type: string 36251 type: object 36252 volumeID: 36253 description: 'volumeID used to identify 36254 the volume in cinder. More info: 36255 https://examples.k8s.io/mysql-cinder-pd/README.md' 36256 type: string 36257 required: 36258 - volumeID 36259 type: object 36260 configMap: 36261 description: configMap represents a configMap 36262 that should populate this volume 36263 properties: 36264 defaultMode: 36265 description: 'defaultMode is optional: 36266 mode bits used to set permissions 36267 on created files by default. Must 36268 be an octal value between 0000 and 36269 0777 or a decimal value between 36270 0 and 511. YAML accepts both octal 36271 and decimal values, JSON requires 36272 decimal values for mode bits. Defaults 36273 to 0644. Directories within the 36274 path are not affected by this setting. 36275 This might be in conflict with other 36276 options that affect the file mode, 36277 like fsGroup, and the result can 36278 be other mode bits set.' 36279 format: int32 36280 type: integer 36281 items: 36282 description: items if unspecified, 36283 each key-value pair in the Data 36284 field of the referenced ConfigMap 36285 will be projected into the volume 36286 as a file whose name is the key 36287 and content is the value. If specified, 36288 the listed keys will be projected 36289 into the specified paths, and unlisted 36290 keys will not be present. If a key 36291 is specified which is not present 36292 in the ConfigMap, the volume setup 36293 will error unless it is marked optional. 36294 Paths must be relative and may not 36295 contain the '..' path or start with 36296 '..'. 36297 items: 36298 description: Maps a string key to 36299 a path within a volume. 36300 properties: 36301 key: 36302 description: key is the key 36303 to project. 36304 type: string 36305 mode: 36306 description: 'mode is Optional: 36307 mode bits used to set permissions 36308 on this file. Must be an octal 36309 value between 0000 and 0777 36310 or a decimal value between 36311 0 and 511. YAML accepts both 36312 octal and decimal values, 36313 JSON requires decimal values 36314 for mode bits. If not specified, 36315 the volume defaultMode will 36316 be used. This might be in 36317 conflict with other options 36318 that affect the file mode, 36319 like fsGroup, and the result 36320 can be other mode bits set.' 36321 format: int32 36322 type: integer 36323 path: 36324 description: path is the relative 36325 path of the file to map the 36326 key to. May not be an absolute 36327 path. May not contain the 36328 path element '..'. May not 36329 start with the string '..'. 36330 type: string 36331 required: 36332 - key 36333 - path 36334 type: object 36335 type: array 36336 name: 36337 description: 'Name of the referent. 36338 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 36339 TODO: Add other useful fields. apiVersion, 36340 kind, uid?' 36341 type: string 36342 optional: 36343 description: optional specify whether 36344 the ConfigMap or its keys must be 36345 defined 36346 type: boolean 36347 type: object 36348 csi: 36349 description: csi (Container Storage Interface) 36350 represents ephemeral storage that is 36351 handled by certain external CSI drivers 36352 (Beta feature). 36353 properties: 36354 driver: 36355 description: driver is the name of 36356 the CSI driver that handles this 36357 volume. Consult with your admin 36358 for the correct name as registered 36359 in the cluster. 36360 type: string 36361 fsType: 36362 description: fsType to mount. Ex. 36363 "ext4", "xfs", "ntfs". If not provided, 36364 the empty value is passed to the 36365 associated CSI driver which will 36366 determine the default filesystem 36367 to apply. 36368 type: string 36369 nodePublishSecretRef: 36370 description: nodePublishSecretRef 36371 is a reference to the secret object 36372 containing sensitive information 36373 to pass to the CSI driver to complete 36374 the CSI NodePublishVolume and NodeUnpublishVolume 36375 calls. This field is optional, and may 36376 be empty if no secret is required. 36377 If the secret object contains more 36378 than one secret, all secret references 36379 are passed. 36380 properties: 36381 name: 36382 description: 'Name of the referent. 36383 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 36384 TODO: Add other useful fields. 36385 apiVersion, kind, uid?' 36386 type: string 36387 type: object 36388 readOnly: 36389 description: readOnly specifies a 36390 read-only configuration for the 36391 volume. Defaults to false (read/write). 36392 type: boolean 36393 volumeAttributes: 36394 additionalProperties: 36395 type: string 36396 description: volumeAttributes stores 36397 driver-specific properties that 36398 are passed to the CSI driver. Consult 36399 your driver's documentation for 36400 supported values. 36401 type: object 36402 required: 36403 - driver 36404 type: object 36405 downwardAPI: 36406 description: downwardAPI represents downward 36407 API about the pod that should populate 36408 this volume 36409 properties: 36410 defaultMode: 36411 description: 'Optional: mode bits 36412 to use on created files by default. 36413 Must be a Optional: mode bits used 36414 to set permissions on created files 36415 by default. Must be an octal value 36416 between 0000 and 0777 or a decimal 36417 value between 0 and 511. YAML accepts 36418 both octal and decimal values, JSON 36419 requires decimal values for mode 36420 bits. Defaults to 0644. Directories 36421 within the path are not affected 36422 by this setting. This might be in 36423 conflict with other options that 36424 affect the file mode, like fsGroup, 36425 and the result can be other mode 36426 bits set.' 36427 format: int32 36428 type: integer 36429 items: 36430 description: Items is a list of downward 36431 API volume file 36432 items: 36433 description: DownwardAPIVolumeFile 36434 represents information to create 36435 the file containing the pod field 36436 properties: 36437 fieldRef: 36438 description: 'Required: Selects 36439 a field of the pod: only annotations, 36440 labels, name and namespace 36441 are supported.' 36442 properties: 36443 apiVersion: 36444 description: Version of 36445 the schema the FieldPath 36446 is written in terms of, 36447 defaults to "v1". 36448 type: string 36449 fieldPath: 36450 description: Path of the 36451 field to select in the 36452 specified API version. 36453 type: string 36454 required: 36455 - fieldPath 36456 type: object 36457 mode: 36458 description: 'Optional: mode 36459 bits used to set permissions 36460 on this file, must be an octal 36461 value between 0000 and 0777 36462 or a decimal value between 36463 0 and 511. YAML accepts both 36464 octal and decimal values, 36465 JSON requires decimal values 36466 for mode bits. If not specified, 36467 the volume defaultMode will 36468 be used. This might be in 36469 conflict with other options 36470 that affect the file mode, 36471 like fsGroup, and the result 36472 can be other mode bits set.' 36473 format: int32 36474 type: integer 36475 path: 36476 description: 'Required: Path 36477 is the relative path name 36478 of the file to be created. 36479 Must not be absolute or contain 36480 the ''..'' path. Must be utf-8 36481 encoded. The first item of 36482 the relative path must not 36483 start with ''..''' 36484 type: string 36485 resourceFieldRef: 36486 description: 'Selects a resource 36487 of the container: only resources 36488 limits and requests (limits.cpu, 36489 limits.memory, requests.cpu 36490 and requests.memory) are currently 36491 supported.' 36492 properties: 36493 containerName: 36494 description: 'Container 36495 name: required for volumes, 36496 optional for env vars' 36497 type: string 36498 divisor: 36499 anyOf: 36500 - type: integer 36501 - type: string 36502 description: Specifies the 36503 output format of the exposed 36504 resources, defaults to 36505 "1" 36506 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 36507 x-kubernetes-int-or-string: true 36508 resource: 36509 description: 'Required: 36510 resource to select' 36511 type: string 36512 required: 36513 - resource 36514 type: object 36515 required: 36516 - path 36517 type: object 36518 type: array 36519 type: object 36520 emptyDir: 36521 description: 'emptyDir represents a temporary 36522 directory that shares a pod''s lifetime. 36523 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 36524 properties: 36525 medium: 36526 description: 'medium represents what 36527 type of storage medium should back 36528 this directory. The default is "" 36529 which means to use the node''s default 36530 medium. Must be an empty string 36531 (default) or Memory. More info: 36532 https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 36533 type: string 36534 sizeLimit: 36535 anyOf: 36536 - type: integer 36537 - type: string 36538 description: 'sizeLimit is the total 36539 amount of local storage required 36540 for this EmptyDir volume. The size 36541 limit is also applicable for memory 36542 medium. The maximum usage on memory 36543 medium EmptyDir would be the minimum 36544 value between the SizeLimit specified 36545 here and the sum of memory limits 36546 of all containers in a pod. The 36547 default is nil which means that 36548 the limit is undefined. More info: 36549 https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 36550 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 36551 x-kubernetes-int-or-string: true 36552 type: object 36553 ephemeral: 36554 description: "ephemeral represents a volume 36555 that is handled by a cluster storage 36556 driver. The volume's lifecycle is tied 36557 to the pod that defines it - it will 36558 be created before the pod starts, and 36559 deleted when the pod is removed. \n 36560 Use this if: a) the volume is only needed 36561 while the pod runs, b) features of normal 36562 volumes like restoring from snapshot 36563 or capacity tracking are needed, 36564 c) the storage driver is specified through 36565 a storage class, and d) the storage 36566 driver supports dynamic volume provisioning 36567 through a PersistentVolumeClaim (see 36568 EphemeralVolumeSource for more information 36569 on the connection between this volume 36570 type and PersistentVolumeClaim). 36571 \n Use PersistentVolumeClaim or one 36572 of the vendor-specific APIs for volumes 36573 that persist for longer than the lifecycle 36574 of an individual pod. \n Use CSI for 36575 light-weight local ephemeral volumes 36576 if the CSI driver is meant to be used 36577 that way - see the documentation of 36578 the driver for more information. \n 36579 A pod can use both types of ephemeral 36580 volumes and persistent volumes at the 36581 same time." 36582 properties: 36583 volumeClaimTemplate: 36584 description: "Will be used to create 36585 a stand-alone PVC to provision the 36586 volume. The pod in which this EphemeralVolumeSource 36587 is embedded will be the owner of 36588 the PVC, i.e. the PVC will be deleted 36589 together with the pod. The name 36590 of the PVC will be `<pod name>-<volume 36591 name>` where `<volume name>` is 36592 the name from the `PodSpec.Volumes` 36593 array entry. Pod validation will 36594 reject the pod if the concatenated 36595 name is not valid for a PVC (for 36596 example, too long). \n An existing 36597 PVC with that name that is not owned 36598 by the pod will *not* be used for 36599 the pod to avoid using an unrelated 36600 volume by mistake. Starting the 36601 pod is then blocked until the unrelated 36602 PVC is removed. If such a pre-created 36603 PVC is meant to be used by the pod, 36604 the PVC has to updated with an owner 36605 reference to the pod once the pod 36606 exists. Normally this should not 36607 be necessary, but it may be useful 36608 when manually reconstructing a broken 36609 cluster. \n This field is read-only 36610 and no changes will be made by Kubernetes 36611 to the PVC after it has been created. 36612 \n Required, must not be nil." 36613 properties: 36614 metadata: 36615 description: May contain labels 36616 and annotations that will be 36617 copied into the PVC when creating 36618 it. No other fields are allowed 36619 and will be rejected during 36620 validation. 36621 type: object 36622 spec: 36623 description: The specification 36624 for the PersistentVolumeClaim. 36625 The entire content is copied 36626 unchanged into the PVC that 36627 gets created from this template. 36628 The same fields as in a PersistentVolumeClaim 36629 are also valid here. 36630 properties: 36631 accessModes: 36632 description: 'accessModes 36633 contains the desired access 36634 modes the volume should 36635 have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 36636 items: 36637 type: string 36638 type: array 36639 dataSource: 36640 description: 'dataSource field 36641 can be used to specify either: 36642 * An existing VolumeSnapshot 36643 object (snapshot.storage.k8s.io/VolumeSnapshot) 36644 * An existing PVC (PersistentVolumeClaim) 36645 If the provisioner or an 36646 external controller can 36647 support the specified data 36648 source, it will create a 36649 new volume based on the 36650 contents of the specified 36651 data source. When the AnyVolumeDataSource 36652 feature gate is enabled, 36653 dataSource contents will 36654 be copied to dataSourceRef, 36655 and dataSourceRef contents 36656 will be copied to dataSource 36657 when dataSourceRef.namespace 36658 is not specified. If the 36659 namespace is specified, 36660 then dataSourceRef will 36661 not be copied to dataSource.' 36662 properties: 36663 apiGroup: 36664 description: APIGroup 36665 is the group for the 36666 resource being referenced. 36667 If APIGroup is not specified, 36668 the specified Kind must 36669 be in the core API group. 36670 For any other third-party 36671 types, APIGroup is required. 36672 type: string 36673 kind: 36674 description: Kind is the 36675 type of resource being 36676 referenced 36677 type: string 36678 name: 36679 description: Name is the 36680 name of resource being 36681 referenced 36682 type: string 36683 required: 36684 - kind 36685 - name 36686 type: object 36687 dataSourceRef: 36688 description: 'dataSourceRef 36689 specifies the object from 36690 which to populate the volume 36691 with data, if a non-empty 36692 volume is desired. This 36693 may be any object from a 36694 non-empty API group (non 36695 core object) or a PersistentVolumeClaim 36696 object. When this field 36697 is specified, volume binding 36698 will only succeed if the 36699 type of the specified object 36700 matches some installed volume 36701 populator or dynamic provisioner. 36702 This field will replace 36703 the functionality of the 36704 dataSource field and as 36705 such if both fields are 36706 non-empty, they must have 36707 the same value. For backwards 36708 compatibility, when namespace 36709 isn''t specified in dataSourceRef, 36710 both fields (dataSource 36711 and dataSourceRef) will 36712 be set to the same value 36713 automatically if one of 36714 them is empty and the other 36715 is non-empty. When namespace 36716 is specified in dataSourceRef, 36717 dataSource isn''t set to 36718 the same value and must 36719 be empty. There are three 36720 important differences between 36721 dataSource and dataSourceRef: 36722 * While dataSource only 36723 allows two specific types 36724 of objects, dataSourceRef allows 36725 any non-core object, as 36726 well as PersistentVolumeClaim 36727 objects. * While dataSource 36728 ignores disallowed values 36729 (dropping them), dataSourceRef preserves 36730 all values, and generates 36731 an error if a disallowed 36732 value is specified. * 36733 While dataSource only allows 36734 local objects, dataSourceRef 36735 allows objects in any 36736 namespaces. (Beta) Using 36737 this field requires the 36738 AnyVolumeDataSource feature 36739 gate to be enabled. (Alpha) 36740 Using the namespace field 36741 of dataSourceRef requires 36742 the CrossNamespaceVolumeDataSource 36743 feature gate to be enabled.' 36744 properties: 36745 apiGroup: 36746 description: APIGroup 36747 is the group for the 36748 resource being referenced. 36749 If APIGroup is not specified, 36750 the specified Kind must 36751 be in the core API group. 36752 For any other third-party 36753 types, APIGroup is required. 36754 type: string 36755 kind: 36756 description: Kind is the 36757 type of resource being 36758 referenced 36759 type: string 36760 name: 36761 description: Name is the 36762 name of resource being 36763 referenced 36764 type: string 36765 namespace: 36766 description: Namespace 36767 is the namespace of 36768 resource being referenced 36769 Note that when a namespace 36770 is specified, a gateway.networking.k8s.io/ReferenceGrant 36771 object is required in 36772 the referent namespace 36773 to allow that namespace's 36774 owner to accept the 36775 reference. See the ReferenceGrant 36776 documentation for details. 36777 (Alpha) This field requires 36778 the CrossNamespaceVolumeDataSource 36779 feature gate to be enabled. 36780 type: string 36781 required: 36782 - kind 36783 - name 36784 type: object 36785 resources: 36786 description: 'resources represents 36787 the minimum resources the 36788 volume should have. If RecoverVolumeExpansionFailure 36789 feature is enabled users 36790 are allowed to specify resource 36791 requirements that are lower 36792 than previous value but 36793 must still be higher than 36794 capacity recorded in the 36795 status field of the claim. 36796 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 36797 properties: 36798 claims: 36799 description: "Claims lists 36800 the names of resources, 36801 defined in spec.resourceClaims, 36802 that are used by this 36803 container. \n This is 36804 an alpha field and requires 36805 enabling the DynamicResourceAllocation 36806 feature gate. \n This 36807 field is immutable. 36808 It can only be set for 36809 containers." 36810 items: 36811 description: ResourceClaim 36812 references one entry 36813 in PodSpec.ResourceClaims. 36814 properties: 36815 name: 36816 description: Name 36817 must match the 36818 name of one entry 36819 in pod.spec.resourceClaims 36820 of the Pod where 36821 this field is 36822 used. It makes 36823 that resource 36824 available inside 36825 a container. 36826 type: string 36827 required: 36828 - name 36829 type: object 36830 type: array 36831 x-kubernetes-list-map-keys: 36832 - name 36833 x-kubernetes-list-type: map 36834 limits: 36835 additionalProperties: 36836 anyOf: 36837 - type: integer 36838 - type: string 36839 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 36840 x-kubernetes-int-or-string: true 36841 description: 'Limits describes 36842 the maximum amount of 36843 compute resources allowed. 36844 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 36845 type: object 36846 requests: 36847 additionalProperties: 36848 anyOf: 36849 - type: integer 36850 - type: string 36851 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 36852 x-kubernetes-int-or-string: true 36853 description: 'Requests 36854 describes the minimum 36855 amount of compute resources 36856 required. If Requests 36857 is omitted for a container, 36858 it defaults to Limits 36859 if that is explicitly 36860 specified, otherwise 36861 to an implementation-defined 36862 value. Requests cannot 36863 exceed Limits. More 36864 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 36865 type: object 36866 type: object 36867 selector: 36868 description: selector is a 36869 label query over volumes 36870 to consider for binding. 36871 properties: 36872 matchExpressions: 36873 description: matchExpressions 36874 is a list of label selector 36875 requirements. The requirements 36876 are ANDed. 36877 items: 36878 description: A label 36879 selector requirement 36880 is a selector that 36881 contains values, a 36882 key, and an operator 36883 that relates the key 36884 and values. 36885 properties: 36886 key: 36887 description: key 36888 is the label key 36889 that the selector 36890 applies to. 36891 type: string 36892 operator: 36893 description: operator 36894 represents a key's 36895 relationship to 36896 a set of values. 36897 Valid operators 36898 are In, NotIn, 36899 Exists and DoesNotExist. 36900 type: string 36901 values: 36902 description: values 36903 is an array of 36904 string values. 36905 If the operator 36906 is In or NotIn, 36907 the values array 36908 must be non-empty. 36909 If the operator 36910 is Exists or DoesNotExist, 36911 the values array 36912 must be empty. 36913 This array is 36914 replaced during 36915 a strategic merge 36916 patch. 36917 items: 36918 type: string 36919 type: array 36920 required: 36921 - key 36922 - operator 36923 type: object 36924 type: array 36925 matchLabels: 36926 additionalProperties: 36927 type: string 36928 description: matchLabels 36929 is a map of {key,value} 36930 pairs. A single {key,value} 36931 in the matchLabels map 36932 is equivalent to an 36933 element of matchExpressions, 36934 whose key field is "key", 36935 the operator is "In", 36936 and the values array 36937 contains only "value". 36938 The requirements are 36939 ANDed. 36940 type: object 36941 type: object 36942 storageClassName: 36943 description: 'storageClassName 36944 is the name of the StorageClass 36945 required by the claim. More 36946 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 36947 type: string 36948 volumeMode: 36949 description: volumeMode defines 36950 what type of volume is required 36951 by the claim. Value of Filesystem 36952 is implied when not included 36953 in claim spec. 36954 type: string 36955 volumeName: 36956 description: volumeName is 36957 the binding reference to 36958 the PersistentVolume backing 36959 this claim. 36960 type: string 36961 type: object 36962 required: 36963 - spec 36964 type: object 36965 type: object 36966 fc: 36967 description: fc represents a Fibre Channel 36968 resource that is attached to a kubelet's 36969 host machine and then exposed to the 36970 pod. 36971 properties: 36972 fsType: 36973 description: 'fsType is the filesystem 36974 type to mount. Must be a filesystem 36975 type supported by the host operating 36976 system. Ex. "ext4", "xfs", "ntfs". 36977 Implicitly inferred to be "ext4" 36978 if unspecified. TODO: how do we 36979 prevent errors in the filesystem 36980 from compromising the machine' 36981 type: string 36982 lun: 36983 description: 'lun is Optional: FC 36984 target lun number' 36985 format: int32 36986 type: integer 36987 readOnly: 36988 description: 'readOnly is Optional: 36989 Defaults to false (read/write). 36990 ReadOnly here will force the ReadOnly 36991 setting in VolumeMounts.' 36992 type: boolean 36993 targetWWNs: 36994 description: 'targetWWNs is Optional: 36995 FC target worldwide names (WWNs)' 36996 items: 36997 type: string 36998 type: array 36999 wwids: 37000 description: 'wwids Optional: FC volume 37001 world wide identifiers (wwids) Either 37002 wwids or combination of targetWWNs 37003 and lun must be set, but not both 37004 simultaneously.' 37005 items: 37006 type: string 37007 type: array 37008 type: object 37009 flexVolume: 37010 description: flexVolume represents a generic 37011 volume resource that is provisioned/attached 37012 using an exec based plugin. 37013 properties: 37014 driver: 37015 description: driver is the name of 37016 the driver to use for this volume. 37017 type: string 37018 fsType: 37019 description: fsType is the filesystem 37020 type to mount. Must be a filesystem 37021 type supported by the host operating 37022 system. Ex. "ext4", "xfs", "ntfs". 37023 The default filesystem depends on 37024 FlexVolume script. 37025 type: string 37026 options: 37027 additionalProperties: 37028 type: string 37029 description: 'options is Optional: 37030 this field holds extra command options 37031 if any.' 37032 type: object 37033 readOnly: 37034 description: 'readOnly is Optional: 37035 defaults to false (read/write). 37036 ReadOnly here will force the ReadOnly 37037 setting in VolumeMounts.' 37038 type: boolean 37039 secretRef: 37040 description: 'secretRef is Optional: 37041 secretRef is reference to the secret 37042 object containing sensitive information 37043 to pass to the plugin scripts. This 37044 may be empty if no secret object 37045 is specified. If the secret object 37046 contains more than one secret, all 37047 secrets are passed to the plugin 37048 scripts.' 37049 properties: 37050 name: 37051 description: 'Name of the referent. 37052 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37053 TODO: Add other useful fields. 37054 apiVersion, kind, uid?' 37055 type: string 37056 type: object 37057 required: 37058 - driver 37059 type: object 37060 flocker: 37061 description: flocker represents a Flocker 37062 volume attached to a kubelet's host 37063 machine. This depends on the Flocker 37064 control service being running 37065 properties: 37066 datasetName: 37067 description: datasetName is Name of 37068 the dataset stored as metadata -> 37069 name on the dataset for Flocker 37070 should be considered as deprecated 37071 type: string 37072 datasetUUID: 37073 description: datasetUUID is the UUID 37074 of the dataset. This is unique identifier 37075 of a Flocker dataset 37076 type: string 37077 type: object 37078 gcePersistentDisk: 37079 description: 'gcePersistentDisk represents 37080 a GCE Disk resource that is attached 37081 to a kubelet''s host machine and then 37082 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 37083 properties: 37084 fsType: 37085 description: 'fsType is filesystem 37086 type of the volume that you want 37087 to mount. Tip: Ensure that the filesystem 37088 type is supported by the host operating 37089 system. Examples: "ext4", "xfs", 37090 "ntfs". Implicitly inferred to be 37091 "ext4" if unspecified. More info: 37092 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 37093 TODO: how do we prevent errors in 37094 the filesystem from compromising 37095 the machine' 37096 type: string 37097 partition: 37098 description: 'partition is the partition 37099 in the volume that you want to mount. 37100 If omitted, the default is to mount 37101 by volume name. Examples: For volume 37102 /dev/sda1, you specify the partition 37103 as "1". Similarly, the volume partition 37104 for /dev/sda is "0" (or you can 37105 leave the property empty). More 37106 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 37107 format: int32 37108 type: integer 37109 pdName: 37110 description: 'pdName is unique name 37111 of the PD resource in GCE. Used 37112 to identify the disk in GCE. More 37113 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 37114 type: string 37115 readOnly: 37116 description: 'readOnly here will force 37117 the ReadOnly setting in VolumeMounts. 37118 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 37119 type: boolean 37120 required: 37121 - pdName 37122 type: object 37123 gitRepo: 37124 description: 'gitRepo represents a git 37125 repository at a particular revision. 37126 DEPRECATED: GitRepo is deprecated. To 37127 provision a container with a git repo, 37128 mount an EmptyDir into an InitContainer 37129 that clones the repo using git, then 37130 mount the EmptyDir into the Pod''s container.' 37131 properties: 37132 directory: 37133 description: directory is the target 37134 directory name. Must not contain 37135 or start with '..'. If '.' is supplied, 37136 the volume directory will be the 37137 git repository. Otherwise, if specified, 37138 the volume will contain the git 37139 repository in the subdirectory with 37140 the given name. 37141 type: string 37142 repository: 37143 description: repository is the URL 37144 type: string 37145 revision: 37146 description: revision is the commit 37147 hash for the specified revision. 37148 type: string 37149 required: 37150 - repository 37151 type: object 37152 glusterfs: 37153 description: 'glusterfs represents a Glusterfs 37154 mount on the host that shares a pod''s 37155 lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 37156 properties: 37157 endpoints: 37158 description: 'endpoints is the endpoint 37159 name that details Glusterfs topology. 37160 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 37161 type: string 37162 path: 37163 description: 'path is the Glusterfs 37164 volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 37165 type: string 37166 readOnly: 37167 description: 'readOnly here will force 37168 the Glusterfs volume to be mounted 37169 with read-only permissions. Defaults 37170 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 37171 type: boolean 37172 required: 37173 - endpoints 37174 - path 37175 type: object 37176 hostPath: 37177 description: 'hostPath represents a pre-existing 37178 file or directory on the host machine 37179 that is directly exposed to the container. 37180 This is generally used for system agents 37181 or other privileged things that are 37182 allowed to see the host machine. Most 37183 containers will NOT need this. More 37184 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 37185 --- TODO(jonesdl) We need to restrict 37186 who can use host directory mounts and 37187 who can/can not mount host directories 37188 as read/write.' 37189 properties: 37190 path: 37191 description: 'path of the directory 37192 on the host. If the path is a symlink, 37193 it will follow the link to the real 37194 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 37195 type: string 37196 type: 37197 description: 'type for HostPath Volume 37198 Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 37199 type: string 37200 required: 37201 - path 37202 type: object 37203 iscsi: 37204 description: 'iscsi represents an ISCSI 37205 Disk resource that is attached to a 37206 kubelet''s host machine and then exposed 37207 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 37208 properties: 37209 chapAuthDiscovery: 37210 description: chapAuthDiscovery defines 37211 whether support iSCSI Discovery 37212 CHAP authentication 37213 type: boolean 37214 chapAuthSession: 37215 description: chapAuthSession defines 37216 whether support iSCSI Session CHAP 37217 authentication 37218 type: boolean 37219 fsType: 37220 description: 'fsType is the filesystem 37221 type of the volume that you want 37222 to mount. Tip: Ensure that the filesystem 37223 type is supported by the host operating 37224 system. Examples: "ext4", "xfs", 37225 "ntfs". Implicitly inferred to be 37226 "ext4" if unspecified. More info: 37227 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 37228 TODO: how do we prevent errors in 37229 the filesystem from compromising 37230 the machine' 37231 type: string 37232 initiatorName: 37233 description: initiatorName is the 37234 custom iSCSI Initiator Name. If 37235 initiatorName is specified with 37236 iscsiInterface simultaneously, new 37237 iSCSI interface <target portal>:<volume 37238 name> will be created for the connection. 37239 type: string 37240 iqn: 37241 description: iqn is the target iSCSI 37242 Qualified Name. 37243 type: string 37244 iscsiInterface: 37245 description: iscsiInterface is the 37246 interface Name that uses an iSCSI 37247 transport. Defaults to 'default' 37248 (tcp). 37249 type: string 37250 lun: 37251 description: lun represents iSCSI 37252 Target Lun number. 37253 format: int32 37254 type: integer 37255 portals: 37256 description: portals is the iSCSI 37257 Target Portal List. The portal is 37258 either an IP or ip_addr:port if 37259 the port is other than default (typically 37260 TCP ports 860 and 3260). 37261 items: 37262 type: string 37263 type: array 37264 readOnly: 37265 description: readOnly here will force 37266 the ReadOnly setting in VolumeMounts. 37267 Defaults to false. 37268 type: boolean 37269 secretRef: 37270 description: secretRef is the CHAP 37271 Secret for iSCSI target and initiator 37272 authentication 37273 properties: 37274 name: 37275 description: 'Name of the referent. 37276 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37277 TODO: Add other useful fields. 37278 apiVersion, kind, uid?' 37279 type: string 37280 type: object 37281 targetPortal: 37282 description: targetPortal is iSCSI 37283 Target Portal. The Portal is either 37284 an IP or ip_addr:port if the port 37285 is other than default (typically 37286 TCP ports 860 and 3260). 37287 type: string 37288 required: 37289 - iqn 37290 - lun 37291 - targetPortal 37292 type: object 37293 name: 37294 description: 'name of the volume. Must 37295 be a DNS_LABEL and unique within the 37296 pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 37297 type: string 37298 nfs: 37299 description: 'nfs represents an NFS mount 37300 on the host that shares a pod''s lifetime 37301 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 37302 properties: 37303 path: 37304 description: 'path that is exported 37305 by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 37306 type: string 37307 readOnly: 37308 description: 'readOnly here will force 37309 the NFS export to be mounted with 37310 read-only permissions. Defaults 37311 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 37312 type: boolean 37313 server: 37314 description: 'server is the hostname 37315 or IP address of the NFS server. 37316 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 37317 type: string 37318 required: 37319 - path 37320 - server 37321 type: object 37322 persistentVolumeClaim: 37323 description: 'persistentVolumeClaimVolumeSource 37324 represents a reference to a PersistentVolumeClaim 37325 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 37326 properties: 37327 claimName: 37328 description: 'claimName is the name 37329 of a PersistentVolumeClaim in the 37330 same namespace as the pod using 37331 this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 37332 type: string 37333 readOnly: 37334 description: readOnly Will force the 37335 ReadOnly setting in VolumeMounts. 37336 Default false. 37337 type: boolean 37338 required: 37339 - claimName 37340 type: object 37341 photonPersistentDisk: 37342 description: photonPersistentDisk represents 37343 a PhotonController persistent disk attached 37344 and mounted on kubelets host machine 37345 properties: 37346 fsType: 37347 description: fsType is the filesystem 37348 type to mount. Must be a filesystem 37349 type supported by the host operating 37350 system. Ex. "ext4", "xfs", "ntfs". 37351 Implicitly inferred to be "ext4" 37352 if unspecified. 37353 type: string 37354 pdID: 37355 description: pdID is the ID that identifies 37356 Photon Controller persistent disk 37357 type: string 37358 required: 37359 - pdID 37360 type: object 37361 portworxVolume: 37362 description: portworxVolume represents 37363 a portworx volume attached and mounted 37364 on kubelets host machine 37365 properties: 37366 fsType: 37367 description: fSType represents the 37368 filesystem type to mount Must be 37369 a filesystem type supported by the 37370 host operating system. Ex. "ext4", 37371 "xfs". Implicitly inferred to be 37372 "ext4" if unspecified. 37373 type: string 37374 readOnly: 37375 description: readOnly defaults to 37376 false (read/write). ReadOnly here 37377 will force the ReadOnly setting 37378 in VolumeMounts. 37379 type: boolean 37380 volumeID: 37381 description: volumeID uniquely identifies 37382 a Portworx volume 37383 type: string 37384 required: 37385 - volumeID 37386 type: object 37387 projected: 37388 description: projected items for all in 37389 one resources secrets, configmaps, and 37390 downward API 37391 properties: 37392 defaultMode: 37393 description: defaultMode are the mode 37394 bits used to set permissions on 37395 created files by default. Must be 37396 an octal value between 0000 and 37397 0777 or a decimal value between 37398 0 and 511. YAML accepts both octal 37399 and decimal values, JSON requires 37400 decimal values for mode bits. Directories 37401 within the path are not affected 37402 by this setting. This might be in 37403 conflict with other options that 37404 affect the file mode, like fsGroup, 37405 and the result can be other mode 37406 bits set. 37407 format: int32 37408 type: integer 37409 sources: 37410 description: sources is the list of 37411 volume projections 37412 items: 37413 description: Projection that may 37414 be projected along with other 37415 supported volume types 37416 properties: 37417 configMap: 37418 description: configMap information 37419 about the configMap data to 37420 project 37421 properties: 37422 items: 37423 description: items if unspecified, 37424 each key-value pair in 37425 the Data field of the 37426 referenced ConfigMap will 37427 be projected into the 37428 volume as a file whose 37429 name is the key and content 37430 is the value. If specified, 37431 the listed keys will be 37432 projected into the specified 37433 paths, and unlisted keys 37434 will not be present. If 37435 a key is specified which 37436 is not present in the 37437 ConfigMap, the volume 37438 setup will error unless 37439 it is marked optional. 37440 Paths must be relative 37441 and may not contain the 37442 '..' path or start with 37443 '..'. 37444 items: 37445 description: Maps a string 37446 key to a path within 37447 a volume. 37448 properties: 37449 key: 37450 description: key is 37451 the key to project. 37452 type: string 37453 mode: 37454 description: 'mode 37455 is Optional: mode 37456 bits used to set 37457 permissions on this 37458 file. Must be an 37459 octal value between 37460 0000 and 0777 or 37461 a decimal value 37462 between 0 and 511. 37463 YAML accepts both 37464 octal and decimal 37465 values, JSON requires 37466 decimal values for 37467 mode bits. If not 37468 specified, the volume 37469 defaultMode will 37470 be used. This might 37471 be in conflict with 37472 other options that 37473 affect the file 37474 mode, like fsGroup, 37475 and the result can 37476 be other mode bits 37477 set.' 37478 format: int32 37479 type: integer 37480 path: 37481 description: path 37482 is the relative 37483 path of the file 37484 to map the key to. 37485 May not be an absolute 37486 path. May not contain 37487 the path element 37488 '..'. May not start 37489 with the string 37490 '..'. 37491 type: string 37492 required: 37493 - key 37494 - path 37495 type: object 37496 type: array 37497 name: 37498 description: 'Name of the 37499 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37500 TODO: Add other useful 37501 fields. apiVersion, kind, 37502 uid?' 37503 type: string 37504 optional: 37505 description: optional specify 37506 whether the ConfigMap 37507 or its keys must be defined 37508 type: boolean 37509 type: object 37510 downwardAPI: 37511 description: downwardAPI information 37512 about the downwardAPI data 37513 to project 37514 properties: 37515 items: 37516 description: Items is a 37517 list of DownwardAPIVolume 37518 file 37519 items: 37520 description: DownwardAPIVolumeFile 37521 represents information 37522 to create the file containing 37523 the pod field 37524 properties: 37525 fieldRef: 37526 description: 'Required: 37527 Selects a field 37528 of the pod: only 37529 annotations, labels, 37530 name and namespace 37531 are supported.' 37532 properties: 37533 apiVersion: 37534 description: Version 37535 of the schema 37536 the FieldPath 37537 is written in 37538 terms of, defaults 37539 to "v1". 37540 type: string 37541 fieldPath: 37542 description: Path 37543 of the field 37544 to select in 37545 the specified 37546 API version. 37547 type: string 37548 required: 37549 - fieldPath 37550 type: object 37551 mode: 37552 description: 'Optional: 37553 mode bits used to 37554 set permissions 37555 on this file, must 37556 be an octal value 37557 between 0000 and 37558 0777 or a decimal 37559 value between 0 37560 and 511. YAML accepts 37561 both octal and decimal 37562 values, JSON requires 37563 decimal values for 37564 mode bits. If not 37565 specified, the volume 37566 defaultMode will 37567 be used. This might 37568 be in conflict with 37569 other options that 37570 affect the file 37571 mode, like fsGroup, 37572 and the result can 37573 be other mode bits 37574 set.' 37575 format: int32 37576 type: integer 37577 path: 37578 description: 'Required: 37579 Path is the relative 37580 path name of the 37581 file to be created. 37582 Must not be absolute 37583 or contain the ''..'' 37584 path. Must be utf-8 37585 encoded. The first 37586 item of the relative 37587 path must not start 37588 with ''..''' 37589 type: string 37590 resourceFieldRef: 37591 description: 'Selects 37592 a resource of the 37593 container: only 37594 resources limits 37595 and requests (limits.cpu, 37596 limits.memory, requests.cpu 37597 and requests.memory) 37598 are currently supported.' 37599 properties: 37600 containerName: 37601 description: 'Container 37602 name: required 37603 for volumes, 37604 optional for 37605 env vars' 37606 type: string 37607 divisor: 37608 anyOf: 37609 - type: integer 37610 - type: string 37611 description: Specifies 37612 the output format 37613 of the exposed 37614 resources, defaults 37615 to "1" 37616 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 37617 x-kubernetes-int-or-string: true 37618 resource: 37619 description: 'Required: 37620 resource to 37621 select' 37622 type: string 37623 required: 37624 - resource 37625 type: object 37626 required: 37627 - path 37628 type: object 37629 type: array 37630 type: object 37631 secret: 37632 description: secret information 37633 about the secret data to project 37634 properties: 37635 items: 37636 description: items if unspecified, 37637 each key-value pair in 37638 the Data field of the 37639 referenced Secret will 37640 be projected into the 37641 volume as a file whose 37642 name is the key and content 37643 is the value. If specified, 37644 the listed keys will be 37645 projected into the specified 37646 paths, and unlisted keys 37647 will not be present. If 37648 a key is specified which 37649 is not present in the 37650 Secret, the volume setup 37651 will error unless it is 37652 marked optional. Paths 37653 must be relative and may 37654 not contain the '..' path 37655 or start with '..'. 37656 items: 37657 description: Maps a string 37658 key to a path within 37659 a volume. 37660 properties: 37661 key: 37662 description: key is 37663 the key to project. 37664 type: string 37665 mode: 37666 description: 'mode 37667 is Optional: mode 37668 bits used to set 37669 permissions on this 37670 file. Must be an 37671 octal value between 37672 0000 and 0777 or 37673 a decimal value 37674 between 0 and 511. 37675 YAML accepts both 37676 octal and decimal 37677 values, JSON requires 37678 decimal values for 37679 mode bits. If not 37680 specified, the volume 37681 defaultMode will 37682 be used. This might 37683 be in conflict with 37684 other options that 37685 affect the file 37686 mode, like fsGroup, 37687 and the result can 37688 be other mode bits 37689 set.' 37690 format: int32 37691 type: integer 37692 path: 37693 description: path 37694 is the relative 37695 path of the file 37696 to map the key to. 37697 May not be an absolute 37698 path. May not contain 37699 the path element 37700 '..'. May not start 37701 with the string 37702 '..'. 37703 type: string 37704 required: 37705 - key 37706 - path 37707 type: object 37708 type: array 37709 name: 37710 description: 'Name of the 37711 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37712 TODO: Add other useful 37713 fields. apiVersion, kind, 37714 uid?' 37715 type: string 37716 optional: 37717 description: optional field 37718 specify whether the Secret 37719 or its key must be defined 37720 type: boolean 37721 type: object 37722 serviceAccountToken: 37723 description: serviceAccountToken 37724 is information about the serviceAccountToken 37725 data to project 37726 properties: 37727 audience: 37728 description: audience is 37729 the intended audience 37730 of the token. A recipient 37731 of a token must identify 37732 itself with an identifier 37733 specified in the audience 37734 of the token, and otherwise 37735 should reject the token. 37736 The audience defaults 37737 to the identifier of the 37738 apiserver. 37739 type: string 37740 expirationSeconds: 37741 description: expirationSeconds 37742 is the requested duration 37743 of validity of the service 37744 account token. As the 37745 token approaches expiration, 37746 the kubelet volume plugin 37747 will proactively rotate 37748 the service account token. 37749 The kubelet will start 37750 trying to rotate the token 37751 if the token is older 37752 than 80 percent of its 37753 time to live or if the 37754 token is older than 24 37755 hours.Defaults to 1 hour 37756 and must be at least 10 37757 minutes. 37758 format: int64 37759 type: integer 37760 path: 37761 description: path is the 37762 path relative to the mount 37763 point of the file to project 37764 the token into. 37765 type: string 37766 required: 37767 - path 37768 type: object 37769 type: object 37770 type: array 37771 type: object 37772 quobyte: 37773 description: quobyte represents a Quobyte 37774 mount on the host that shares a pod's 37775 lifetime 37776 properties: 37777 group: 37778 description: group to map volume access 37779 to Default is no group 37780 type: string 37781 readOnly: 37782 description: readOnly here will force 37783 the Quobyte volume to be mounted 37784 with read-only permissions. Defaults 37785 to false. 37786 type: boolean 37787 registry: 37788 description: registry represents a 37789 single or multiple Quobyte Registry 37790 services specified as a string as 37791 host:port pair (multiple entries 37792 are separated with commas) which 37793 acts as the central registry for 37794 volumes 37795 type: string 37796 tenant: 37797 description: tenant owning the given 37798 Quobyte volume in the Backend Used 37799 with dynamically provisioned Quobyte 37800 volumes, value is set by the plugin 37801 type: string 37802 user: 37803 description: user to map volume access 37804 to Defaults to serivceaccount user 37805 type: string 37806 volume: 37807 description: volume is a string that 37808 references an already created Quobyte 37809 volume by name. 37810 type: string 37811 required: 37812 - registry 37813 - volume 37814 type: object 37815 rbd: 37816 description: 'rbd represents a Rados Block 37817 Device mount on the host that shares 37818 a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 37819 properties: 37820 fsType: 37821 description: 'fsType is the filesystem 37822 type of the volume that you want 37823 to mount. Tip: Ensure that the filesystem 37824 type is supported by the host operating 37825 system. Examples: "ext4", "xfs", 37826 "ntfs". Implicitly inferred to be 37827 "ext4" if unspecified. More info: 37828 https://kubernetes.io/docs/concepts/storage/volumes#rbd 37829 TODO: how do we prevent errors in 37830 the filesystem from compromising 37831 the machine' 37832 type: string 37833 image: 37834 description: 'image is the rados image 37835 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37836 type: string 37837 keyring: 37838 description: 'keyring is the path 37839 to key ring for RBDUser. Default 37840 is /etc/ceph/keyring. More info: 37841 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37842 type: string 37843 monitors: 37844 description: 'monitors is a collection 37845 of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37846 items: 37847 type: string 37848 type: array 37849 pool: 37850 description: 'pool is the rados pool 37851 name. Default is rbd. More info: 37852 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37853 type: string 37854 readOnly: 37855 description: 'readOnly here will force 37856 the ReadOnly setting in VolumeMounts. 37857 Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37858 type: boolean 37859 secretRef: 37860 description: 'secretRef is name of 37861 the authentication secret for RBDUser. 37862 If provided overrides keyring. Default 37863 is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37864 properties: 37865 name: 37866 description: 'Name of the referent. 37867 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37868 TODO: Add other useful fields. 37869 apiVersion, kind, uid?' 37870 type: string 37871 type: object 37872 user: 37873 description: 'user is the rados user 37874 name. Default is admin. More info: 37875 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 37876 type: string 37877 required: 37878 - image 37879 - monitors 37880 type: object 37881 scaleIO: 37882 description: scaleIO represents a ScaleIO 37883 persistent volume attached and mounted 37884 on Kubernetes nodes. 37885 properties: 37886 fsType: 37887 description: fsType is the filesystem 37888 type to mount. Must be a filesystem 37889 type supported by the host operating 37890 system. Ex. "ext4", "xfs", "ntfs". 37891 Default is "xfs". 37892 type: string 37893 gateway: 37894 description: gateway is the host address 37895 of the ScaleIO API Gateway. 37896 type: string 37897 protectionDomain: 37898 description: protectionDomain is the 37899 name of the ScaleIO Protection Domain 37900 for the configured storage. 37901 type: string 37902 readOnly: 37903 description: readOnly Defaults to 37904 false (read/write). ReadOnly here 37905 will force the ReadOnly setting 37906 in VolumeMounts. 37907 type: boolean 37908 secretRef: 37909 description: secretRef references 37910 to the secret for ScaleIO user and 37911 other sensitive information. If 37912 this is not provided, Login operation 37913 will fail. 37914 properties: 37915 name: 37916 description: 'Name of the referent. 37917 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 37918 TODO: Add other useful fields. 37919 apiVersion, kind, uid?' 37920 type: string 37921 type: object 37922 sslEnabled: 37923 description: sslEnabled Flag enable/disable 37924 SSL communication with Gateway, 37925 default false 37926 type: boolean 37927 storageMode: 37928 description: storageMode indicates 37929 whether the storage for a volume 37930 should be ThickProvisioned or ThinProvisioned. 37931 Default is ThinProvisioned. 37932 type: string 37933 storagePool: 37934 description: storagePool is the ScaleIO 37935 Storage Pool associated with the 37936 protection domain. 37937 type: string 37938 system: 37939 description: system is the name of 37940 the storage system as configured 37941 in ScaleIO. 37942 type: string 37943 volumeName: 37944 description: volumeName is the name 37945 of a volume already created in the 37946 ScaleIO system that is associated 37947 with this volume source. 37948 type: string 37949 required: 37950 - gateway 37951 - secretRef 37952 - system 37953 type: object 37954 secret: 37955 description: 'secret represents a secret 37956 that should populate this volume. More 37957 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 37958 properties: 37959 defaultMode: 37960 description: 'defaultMode is Optional: 37961 mode bits used to set permissions 37962 on created files by default. Must 37963 be an octal value between 0000 and 37964 0777 or a decimal value between 37965 0 and 511. YAML accepts both octal 37966 and decimal values, JSON requires 37967 decimal values for mode bits. Defaults 37968 to 0644. Directories within the 37969 path are not affected by this setting. 37970 This might be in conflict with other 37971 options that affect the file mode, 37972 like fsGroup, and the result can 37973 be other mode bits set.' 37974 format: int32 37975 type: integer 37976 items: 37977 description: items If unspecified, 37978 each key-value pair in the Data 37979 field of the referenced Secret will 37980 be projected into the volume as 37981 a file whose name is the key and 37982 content is the value. If specified, 37983 the listed keys will be projected 37984 into the specified paths, and unlisted 37985 keys will not be present. If a key 37986 is specified which is not present 37987 in the Secret, the volume setup 37988 will error unless it is marked optional. 37989 Paths must be relative and may not 37990 contain the '..' path or start with 37991 '..'. 37992 items: 37993 description: Maps a string key to 37994 a path within a volume. 37995 properties: 37996 key: 37997 description: key is the key 37998 to project. 37999 type: string 38000 mode: 38001 description: 'mode is Optional: 38002 mode bits used to set permissions 38003 on this file. Must be an octal 38004 value between 0000 and 0777 38005 or a decimal value between 38006 0 and 511. YAML accepts both 38007 octal and decimal values, 38008 JSON requires decimal values 38009 for mode bits. If not specified, 38010 the volume defaultMode will 38011 be used. This might be in 38012 conflict with other options 38013 that affect the file mode, 38014 like fsGroup, and the result 38015 can be other mode bits set.' 38016 format: int32 38017 type: integer 38018 path: 38019 description: path is the relative 38020 path of the file to map the 38021 key to. May not be an absolute 38022 path. May not contain the 38023 path element '..'. May not 38024 start with the string '..'. 38025 type: string 38026 required: 38027 - key 38028 - path 38029 type: object 38030 type: array 38031 optional: 38032 description: optional field specify 38033 whether the Secret or its keys must 38034 be defined 38035 type: boolean 38036 secretName: 38037 description: 'secretName is the name 38038 of the secret in the pod''s namespace 38039 to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 38040 type: string 38041 type: object 38042 storageos: 38043 description: storageOS represents a StorageOS 38044 volume attached and mounted on Kubernetes 38045 nodes. 38046 properties: 38047 fsType: 38048 description: fsType is the filesystem 38049 type to mount. Must be a filesystem 38050 type supported by the host operating 38051 system. Ex. "ext4", "xfs", "ntfs". 38052 Implicitly inferred to be "ext4" 38053 if unspecified. 38054 type: string 38055 readOnly: 38056 description: readOnly defaults to 38057 false (read/write). ReadOnly here 38058 will force the ReadOnly setting 38059 in VolumeMounts. 38060 type: boolean 38061 secretRef: 38062 description: secretRef specifies the 38063 secret to use for obtaining the 38064 StorageOS API credentials. If not 38065 specified, default values will be 38066 attempted. 38067 properties: 38068 name: 38069 description: 'Name of the referent. 38070 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 38071 TODO: Add other useful fields. 38072 apiVersion, kind, uid?' 38073 type: string 38074 type: object 38075 volumeName: 38076 description: volumeName is the human-readable 38077 name of the StorageOS volume. Volume 38078 names are only unique within a namespace. 38079 type: string 38080 volumeNamespace: 38081 description: volumeNamespace specifies 38082 the scope of the volume within StorageOS. If 38083 no namespace is specified then the 38084 Pod's namespace will be used. This 38085 allows the Kubernetes name scoping 38086 to be mirrored within StorageOS 38087 for tighter integration. Set VolumeName 38088 to any name to override the default 38089 behaviour. Set to "default" if you 38090 are not using namespaces within 38091 StorageOS. Namespaces that do not 38092 pre-exist within StorageOS will 38093 be created. 38094 type: string 38095 type: object 38096 vsphereVolume: 38097 description: vsphereVolume represents 38098 a vSphere volume attached and mounted 38099 on kubelets host machine 38100 properties: 38101 fsType: 38102 description: fsType is filesystem 38103 type to mount. Must be a filesystem 38104 type supported by the host operating 38105 system. Ex. "ext4", "xfs", "ntfs". 38106 Implicitly inferred to be "ext4" 38107 if unspecified. 38108 type: string 38109 storagePolicyID: 38110 description: storagePolicyID is the 38111 storage Policy Based Management 38112 (SPBM) profile ID associated with 38113 the StoragePolicyName. 38114 type: string 38115 storagePolicyName: 38116 description: storagePolicyName is 38117 the storage Policy Based Management 38118 (SPBM) profile name. 38119 type: string 38120 volumePath: 38121 description: volumePath is the path 38122 that identifies vSphere volume vmdk 38123 type: string 38124 required: 38125 - volumePath 38126 type: object 38127 required: 38128 - name 38129 type: object 38130 type: array 38131 x-kubernetes-list-type: atomic 38132 workspaces: 38133 description: Workspaces are the volumes that 38134 this Task requires. 38135 items: 38136 description: WorkspaceDeclaration is a declaration 38137 of a volume that a Task requires. 38138 properties: 38139 description: 38140 description: Description is an optional 38141 human readable description of this volume. 38142 type: string 38143 mountPath: 38144 description: MountPath overrides the directory 38145 that the volume will be made available 38146 at. 38147 type: string 38148 name: 38149 description: Name is the name by which 38150 you can bind the volume at runtime. 38151 type: string 38152 optional: 38153 description: Optional marks a Workspace 38154 as not being required in TaskRuns. By 38155 default this field is false and so declared 38156 workspaces are required. 38157 type: boolean 38158 readOnly: 38159 description: ReadOnly dictates whether 38160 a mounted volume is writable. By default 38161 this field is false and so mounted volumes 38162 are writable. 38163 type: boolean 38164 required: 38165 - name 38166 type: object 38167 type: array 38168 x-kubernetes-list-type: atomic 38169 type: object 38170 timeout: 38171 description: 'Time after which the TaskRun times 38172 out. Defaults to 1 hour. Specified TaskRun timeout 38173 should be less than 24h. Refer Go''s ParseDuration 38174 documentation for expected format: https://golang.org/pkg/time/#ParseDuration' 38175 type: string 38176 when: 38177 description: WhenExpressions is a list of when expressions 38178 that need to be true for the task to run 38179 items: 38180 description: WhenExpression allows a PipelineTask 38181 to declare expressions to be evaluated before 38182 the Task is run to determine whether the Task 38183 should be executed or skipped 38184 properties: 38185 input: 38186 description: Input is the string for guard 38187 checking which can be a static input or 38188 an output from a parent Task 38189 type: string 38190 operator: 38191 description: Operator that represents an Input's 38192 relationship to the values 38193 type: string 38194 values: 38195 description: Values is an array of strings, 38196 which is compared against the input, for 38197 guard checking It must be non-empty 38198 items: 38199 type: string 38200 type: array 38201 x-kubernetes-list-type: atomic 38202 required: 38203 - input 38204 - operator 38205 - values 38206 type: object 38207 type: array 38208 workspaces: 38209 description: Workspaces maps workspaces from the 38210 pipeline spec to the workspaces declared in the 38211 Task. 38212 items: 38213 description: WorkspacePipelineTaskBinding describes 38214 how a workspace passed into the pipeline should 38215 be mapped to a task's declared workspace. 38216 properties: 38217 name: 38218 description: Name is the name of the workspace 38219 as declared by the task 38220 type: string 38221 subPath: 38222 description: SubPath is optionally a directory 38223 on the volume which should be used for this 38224 binding (i.e. the volume will be mounted 38225 at this sub directory). 38226 type: string 38227 workspace: 38228 description: Workspace is the name of the 38229 workspace declared by the pipeline 38230 type: string 38231 required: 38232 - name 38233 type: object 38234 type: array 38235 x-kubernetes-list-type: atomic 38236 type: object 38237 type: array 38238 x-kubernetes-list-type: atomic 38239 params: 38240 description: Params declares a list of input parameters 38241 that must be supplied when this Pipeline is run. 38242 items: 38243 description: ParamSpec defines arbitrary parameters 38244 needed beyond typed inputs (such as resources). Parameter 38245 values are provided by users as inputs on a TaskRun 38246 or PipelineRun. 38247 properties: 38248 default: 38249 description: Default is the value a parameter takes 38250 if no input value is supplied. If default is set, 38251 a Task may be executed without a supplied value 38252 for the parameter. 38253 properties: 38254 arrayVal: 38255 items: 38256 type: string 38257 type: array 38258 x-kubernetes-list-type: atomic 38259 objectVal: 38260 additionalProperties: 38261 type: string 38262 type: object 38263 stringVal: 38264 type: string 38265 type: 38266 description: ParamType indicates the type of 38267 an input parameter; Used to distinguish between 38268 a single string and an array of strings. 38269 type: string 38270 required: 38271 - arrayVal 38272 - objectVal 38273 - stringVal 38274 - type 38275 type: object 38276 description: 38277 description: Description is a user-facing description 38278 of the parameter that may be used to populate 38279 a UI. 38280 type: string 38281 name: 38282 description: Name declares the name by which a parameter 38283 is referenced. 38284 type: string 38285 properties: 38286 additionalProperties: 38287 description: PropertySpec defines the struct for 38288 object keys 38289 properties: 38290 type: 38291 description: ParamType indicates the type 38292 of an input parameter; Used to distinguish 38293 between a single string and an array of 38294 strings. 38295 type: string 38296 type: object 38297 description: Properties is the JSON Schema properties 38298 to support key-value pairs parameter. 38299 type: object 38300 type: 38301 description: Type is the user-specified type of 38302 the parameter. The possible types are currently 38303 "string", "array" and "object", and "string" is 38304 the default. 38305 type: string 38306 required: 38307 - name 38308 type: object 38309 type: array 38310 x-kubernetes-list-type: atomic 38311 resources: 38312 description: Resources declares the names and types of 38313 the resources given to the Pipeline's tasks as inputs 38314 and outputs. 38315 items: 38316 description: PipelineDeclaredResource is used by a Pipeline 38317 to declare the types of the PipelineResources that 38318 it will required to run and names which can be used 38319 to refer to these PipelineResources in PipelineTaskResourceBindings. 38320 properties: 38321 name: 38322 description: Name is the name that will be used 38323 by the Pipeline to refer to this resource. It 38324 does not directly correspond to the name of any 38325 PipelineResources Task inputs or outputs, and 38326 it does not correspond to the actual names of 38327 the PipelineResources that will be bound in the 38328 PipelineRun. 38329 type: string 38330 optional: 38331 description: 'Optional declares the resource as 38332 optional. optional: true - the resource is considered 38333 optional optional: false - the resource is considered 38334 required (default/equivalent of not specifying 38335 it)' 38336 type: boolean 38337 type: 38338 description: Type is the type of the PipelineResource. 38339 type: string 38340 required: 38341 - name 38342 - type 38343 type: object 38344 type: array 38345 x-kubernetes-list-type: atomic 38346 results: 38347 description: Results are values that this pipeline can 38348 output once run 38349 items: 38350 description: PipelineResult used to describe the results 38351 of a pipeline 38352 properties: 38353 description: 38354 description: Description is a human-readable description 38355 of the result 38356 type: string 38357 name: 38358 description: Name the given name 38359 type: string 38360 type: 38361 description: Type is the user-specified type of 38362 the result. The possible types are 'string', 'array', 38363 and 'object', with 'string' as the default. 'array' 38364 and 'object' types are alpha features. 38365 type: string 38366 value: 38367 description: Value the expression used to retrieve 38368 the value 38369 properties: 38370 arrayVal: 38371 items: 38372 type: string 38373 type: array 38374 x-kubernetes-list-type: atomic 38375 objectVal: 38376 additionalProperties: 38377 type: string 38378 type: object 38379 stringVal: 38380 type: string 38381 type: 38382 description: ParamType indicates the type of 38383 an input parameter; Used to distinguish between 38384 a single string and an array of strings. 38385 type: string 38386 required: 38387 - arrayVal 38388 - objectVal 38389 - stringVal 38390 - type 38391 type: object 38392 required: 38393 - name 38394 - value 38395 type: object 38396 type: array 38397 x-kubernetes-list-type: atomic 38398 tasks: 38399 description: Tasks declares the graph of Tasks that execute 38400 when this Pipeline is run. 38401 items: 38402 description: PipelineTask defines a task in a Pipeline, 38403 passing inputs from both Params and from the output 38404 of previous tasks. 38405 properties: 38406 matrix: 38407 description: Matrix declares parameters used to 38408 fan out this task. 38409 properties: 38410 params: 38411 description: Params is a list of parameters 38412 used to fan out the pipelineTask Params takes 38413 only `Parameters` of type `"array"` Each array 38414 element is supplied to the `PipelineTask` 38415 by substituting `params` of type `"string"` 38416 in the underlying `Task`. The names of the 38417 `params` in the `Matrix` must match the names 38418 of the `params` in the underlying `Task` that 38419 they will be substituting. 38420 items: 38421 description: Param declares an ParamValues 38422 to use for the parameter called name. 38423 properties: 38424 name: 38425 type: string 38426 value: 38427 description: ParamValue is a type that 38428 can hold a single string or string array. 38429 Used in JSON unmarshalling so that a 38430 single JSON field can accept either 38431 an individual string or an array of 38432 strings. 38433 properties: 38434 arrayVal: 38435 items: 38436 type: string 38437 type: array 38438 x-kubernetes-list-type: atomic 38439 objectVal: 38440 additionalProperties: 38441 type: string 38442 type: object 38443 stringVal: 38444 type: string 38445 type: 38446 description: ParamType indicates the 38447 type of an input parameter; Used 38448 to distinguish between a single 38449 string and an array of strings. 38450 type: string 38451 required: 38452 - arrayVal 38453 - objectVal 38454 - stringVal 38455 - type 38456 type: object 38457 required: 38458 - name 38459 - value 38460 type: object 38461 type: array 38462 x-kubernetes-list-type: atomic 38463 type: object 38464 name: 38465 description: Name is the name of this task within 38466 the context of a Pipeline. Name is used as a coordinate 38467 with the `from` and `runAfter` fields to establish 38468 the execution order of tasks relative to one another. 38469 type: string 38470 params: 38471 description: Parameters declares parameters passed 38472 to this task. 38473 items: 38474 description: Param declares an ParamValues to 38475 use for the parameter called name. 38476 properties: 38477 name: 38478 type: string 38479 value: 38480 description: ParamValue is a type that can 38481 hold a single string or string array. Used 38482 in JSON unmarshalling so that a single JSON 38483 field can accept either an individual string 38484 or an array of strings. 38485 properties: 38486 arrayVal: 38487 items: 38488 type: string 38489 type: array 38490 x-kubernetes-list-type: atomic 38491 objectVal: 38492 additionalProperties: 38493 type: string 38494 type: object 38495 stringVal: 38496 type: string 38497 type: 38498 description: ParamType indicates the type 38499 of an input parameter; Used to distinguish 38500 between a single string and an array 38501 of strings. 38502 type: string 38503 required: 38504 - arrayVal 38505 - objectVal 38506 - stringVal 38507 - type 38508 type: object 38509 required: 38510 - name 38511 - value 38512 type: object 38513 type: array 38514 x-kubernetes-list-type: atomic 38515 resources: 38516 description: Resources declares the resources given 38517 to this task as inputs and outputs. 38518 properties: 38519 inputs: 38520 description: Inputs holds the mapping from the 38521 PipelineResources declared in DeclaredPipelineResources 38522 to the input PipelineResources required by 38523 the Task. 38524 items: 38525 description: PipelineTaskInputResource maps 38526 the name of a declared PipelineResource 38527 input dependency in a Task to the resource 38528 in the Pipeline's DeclaredPipelineResources 38529 that should be used. This input may come 38530 from a previous task. 38531 properties: 38532 from: 38533 description: From is the list of PipelineTask 38534 names that the resource has to come 38535 from. (Implies an ordering in the execution 38536 graph.) 38537 items: 38538 type: string 38539 type: array 38540 x-kubernetes-list-type: atomic 38541 name: 38542 description: Name is the name of the PipelineResource 38543 as declared by the Task. 38544 type: string 38545 resource: 38546 description: Resource is the name of the 38547 DeclaredPipelineResource to use. 38548 type: string 38549 required: 38550 - name 38551 - resource 38552 type: object 38553 type: array 38554 x-kubernetes-list-type: atomic 38555 outputs: 38556 description: Outputs holds the mapping from 38557 the PipelineResources declared in DeclaredPipelineResources 38558 to the input PipelineResources required by 38559 the Task. 38560 items: 38561 description: PipelineTaskOutputResource maps 38562 the name of a declared PipelineResource 38563 output dependency in a Task to the resource 38564 in the Pipeline's DeclaredPipelineResources 38565 that should be used. 38566 properties: 38567 name: 38568 description: Name is the name of the PipelineResource 38569 as declared by the Task. 38570 type: string 38571 resource: 38572 description: Resource is the name of the 38573 DeclaredPipelineResource to use. 38574 type: string 38575 required: 38576 - name 38577 - resource 38578 type: object 38579 type: array 38580 x-kubernetes-list-type: atomic 38581 type: object 38582 retries: 38583 description: 'Retries represents how many times 38584 this task should be retried in case of task failure: 38585 ConditionSucceeded set to False' 38586 type: integer 38587 runAfter: 38588 description: RunAfter is the list of PipelineTask 38589 names that should be executed before this Task 38590 executes. (Used to force a specific ordering in 38591 graph execution.) 38592 items: 38593 type: string 38594 type: array 38595 x-kubernetes-list-type: atomic 38596 taskRef: 38597 description: TaskRef is a reference to a task definition. 38598 properties: 38599 apiVersion: 38600 description: API version of the referent 38601 type: string 38602 bundle: 38603 description: 'Bundle url reference to a Tekton 38604 Bundle. Deprecated: Please use ResolverRef 38605 with the bundles resolver instead.' 38606 type: string 38607 kind: 38608 description: TaskKind indicates the kind of 38609 the task, namespaced or cluster scoped. 38610 type: string 38611 name: 38612 description: 'Name of the referent; More info: 38613 http://kubernetes.io/docs/user-guide/identifiers#names' 38614 type: string 38615 params: 38616 description: Params contains the parameters 38617 used to identify the referenced Tekton resource. 38618 Example entries might include "repo" or "path" 38619 but the set of params ultimately depends on 38620 the chosen resolver. 38621 items: 38622 description: Param declares an ParamValues 38623 to use for the parameter called name. 38624 properties: 38625 name: 38626 type: string 38627 value: 38628 description: ParamValue is a type that 38629 can hold a single string or string array. 38630 Used in JSON unmarshalling so that a 38631 single JSON field can accept either 38632 an individual string or an array of 38633 strings. 38634 properties: 38635 arrayVal: 38636 items: 38637 type: string 38638 type: array 38639 x-kubernetes-list-type: atomic 38640 objectVal: 38641 additionalProperties: 38642 type: string 38643 type: object 38644 stringVal: 38645 type: string 38646 type: 38647 description: ParamType indicates the 38648 type of an input parameter; Used 38649 to distinguish between a single 38650 string and an array of strings. 38651 type: string 38652 required: 38653 - arrayVal 38654 - objectVal 38655 - stringVal 38656 - type 38657 type: object 38658 required: 38659 - name 38660 - value 38661 type: object 38662 type: array 38663 x-kubernetes-list-type: atomic 38664 resolver: 38665 description: Resolver is the name of the resolver 38666 that should perform resolution of the referenced 38667 Tekton resource, such as "git". 38668 type: string 38669 type: object 38670 taskSpec: 38671 description: TaskSpec is a specification of a task 38672 properties: 38673 apiVersion: 38674 type: string 38675 description: 38676 description: Description is a user-facing description 38677 of the task that may be used to populate a 38678 UI. 38679 type: string 38680 kind: 38681 type: string 38682 metadata: 38683 description: PipelineTaskMetadata contains the 38684 labels or annotations for an EmbeddedTask 38685 properties: 38686 annotations: 38687 additionalProperties: 38688 type: string 38689 type: object 38690 labels: 38691 additionalProperties: 38692 type: string 38693 type: object 38694 type: object 38695 params: 38696 description: Params is a list of input parameters 38697 required to run the task. Params must be supplied 38698 as inputs in TaskRuns unless they declare 38699 a default value. 38700 items: 38701 description: ParamSpec defines arbitrary parameters 38702 needed beyond typed inputs (such as resources). 38703 Parameter values are provided by users as 38704 inputs on a TaskRun or PipelineRun. 38705 properties: 38706 default: 38707 description: Default is the value a parameter 38708 takes if no input value is supplied. 38709 If default is set, a Task may be executed 38710 without a supplied value for the parameter. 38711 properties: 38712 arrayVal: 38713 items: 38714 type: string 38715 type: array 38716 x-kubernetes-list-type: atomic 38717 objectVal: 38718 additionalProperties: 38719 type: string 38720 type: object 38721 stringVal: 38722 type: string 38723 type: 38724 description: ParamType indicates the 38725 type of an input parameter; Used 38726 to distinguish between a single 38727 string and an array of strings. 38728 type: string 38729 required: 38730 - arrayVal 38731 - objectVal 38732 - stringVal 38733 - type 38734 type: object 38735 description: 38736 description: Description is a user-facing 38737 description of the parameter that may 38738 be used to populate a UI. 38739 type: string 38740 name: 38741 description: Name declares the name by 38742 which a parameter is referenced. 38743 type: string 38744 properties: 38745 additionalProperties: 38746 description: PropertySpec defines the 38747 struct for object keys 38748 properties: 38749 type: 38750 description: ParamType indicates 38751 the type of an input parameter; 38752 Used to distinguish between a 38753 single string and an array of 38754 strings. 38755 type: string 38756 type: object 38757 description: Properties is the JSON Schema 38758 properties to support key-value pairs 38759 parameter. 38760 type: object 38761 type: 38762 description: Type is the user-specified 38763 type of the parameter. The possible 38764 types are currently "string", "array" 38765 and "object", and "string" is the default. 38766 type: string 38767 required: 38768 - name 38769 type: object 38770 type: array 38771 x-kubernetes-list-type: atomic 38772 resources: 38773 description: Resources is a list input and output 38774 resource to run the task Resources are represented 38775 in TaskRuns as bindings to instances of PipelineResources. 38776 properties: 38777 inputs: 38778 description: Inputs holds the mapping from 38779 the PipelineResources declared in DeclaredPipelineResources 38780 to the input PipelineResources required 38781 by the Task. 38782 items: 38783 description: TaskResource defines an input 38784 or output Resource declared as a requirement 38785 by a Task. The Name field will be used 38786 to refer to these Resources within the 38787 Task definition, and when provided as 38788 an Input, the Name will be the path 38789 to the volume mounted containing this 38790 Resource as an input (e.g. an input 38791 Resource named `workspace` will be mounted 38792 at `/workspace`). 38793 properties: 38794 description: 38795 description: Description is a user-facing 38796 description of the declared resource 38797 that may be used to populate a UI. 38798 type: string 38799 name: 38800 description: Name declares the name 38801 by which a resource is referenced 38802 in the definition. Resources may 38803 be referenced by name in the definition 38804 of a Task's steps. 38805 type: string 38806 optional: 38807 description: 'Optional declares the 38808 resource as optional. By default 38809 optional is set to false which makes 38810 a resource required. optional: true 38811 - the resource is considered optional 38812 optional: false - the resource is 38813 considered required (equivalent 38814 of not specifying it)' 38815 type: boolean 38816 targetPath: 38817 description: TargetPath is the path 38818 in workspace directory where the 38819 resource will be copied. 38820 type: string 38821 type: 38822 description: Type is the type of this 38823 resource; 38824 type: string 38825 required: 38826 - name 38827 - type 38828 type: object 38829 type: array 38830 x-kubernetes-list-type: atomic 38831 outputs: 38832 description: Outputs holds the mapping from 38833 the PipelineResources declared in DeclaredPipelineResources 38834 to the input PipelineResources required 38835 by the Task. 38836 items: 38837 description: TaskResource defines an input 38838 or output Resource declared as a requirement 38839 by a Task. The Name field will be used 38840 to refer to these Resources within the 38841 Task definition, and when provided as 38842 an Input, the Name will be the path 38843 to the volume mounted containing this 38844 Resource as an input (e.g. an input 38845 Resource named `workspace` will be mounted 38846 at `/workspace`). 38847 properties: 38848 description: 38849 description: Description is a user-facing 38850 description of the declared resource 38851 that may be used to populate a UI. 38852 type: string 38853 name: 38854 description: Name declares the name 38855 by which a resource is referenced 38856 in the definition. Resources may 38857 be referenced by name in the definition 38858 of a Task's steps. 38859 type: string 38860 optional: 38861 description: 'Optional declares the 38862 resource as optional. By default 38863 optional is set to false which makes 38864 a resource required. optional: true 38865 - the resource is considered optional 38866 optional: false - the resource is 38867 considered required (equivalent 38868 of not specifying it)' 38869 type: boolean 38870 targetPath: 38871 description: TargetPath is the path 38872 in workspace directory where the 38873 resource will be copied. 38874 type: string 38875 type: 38876 description: Type is the type of this 38877 resource; 38878 type: string 38879 required: 38880 - name 38881 - type 38882 type: object 38883 type: array 38884 x-kubernetes-list-type: atomic 38885 type: object 38886 results: 38887 description: Results are values that this Task 38888 can output 38889 items: 38890 description: TaskResult used to describe the 38891 results of a task 38892 properties: 38893 description: 38894 description: Description is a human-readable 38895 description of the result 38896 type: string 38897 name: 38898 description: Name the given name 38899 type: string 38900 properties: 38901 additionalProperties: 38902 description: PropertySpec defines the 38903 struct for object keys 38904 properties: 38905 type: 38906 description: ParamType indicates 38907 the type of an input parameter; 38908 Used to distinguish between a 38909 single string and an array of 38910 strings. 38911 type: string 38912 type: object 38913 description: Properties is the JSON Schema 38914 properties to support key-value pairs 38915 results. 38916 type: object 38917 type: 38918 description: Type is the user-specified 38919 type of the result. The possible type 38920 is currently "string" and will support 38921 "array" in following work. 38922 type: string 38923 required: 38924 - name 38925 type: object 38926 type: array 38927 x-kubernetes-list-type: atomic 38928 sidecars: 38929 description: Sidecars are run alongside the 38930 Task's step containers. They begin before 38931 the steps start and end after the steps complete. 38932 items: 38933 description: Sidecar has nearly the same data 38934 structure as Step but does not have the 38935 ability to timeout. 38936 properties: 38937 args: 38938 description: 'Arguments to the entrypoint. 38939 The image''s CMD is used if this is 38940 not provided. Variable references $(VAR_NAME) 38941 are expanded using the container''s 38942 environment. If a variable cannot be 38943 resolved, the reference in the input 38944 string will be unchanged. Double $$ 38945 are reduced to a single $, which allows 38946 for escaping the $(VAR_NAME) syntax: 38947 i.e. "$$(VAR_NAME)" will produce the 38948 string literal "$(VAR_NAME)". Escaped 38949 references will never be expanded, regardless 38950 of whether the variable exists or not. 38951 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 38952 items: 38953 type: string 38954 type: array 38955 x-kubernetes-list-type: atomic 38956 command: 38957 description: 'Entrypoint array. Not executed 38958 within a shell. The image''s ENTRYPOINT 38959 is used if this is not provided. Variable 38960 references $(VAR_NAME) are expanded 38961 using the Sidecar''s environment. If 38962 a variable cannot be resolved, the reference 38963 in the input string will be unchanged. 38964 Double $$ are reduced to a single $, 38965 which allows for escaping the $(VAR_NAME) 38966 syntax: i.e. "$$(VAR_NAME)" will produce 38967 the string literal "$(VAR_NAME)". Escaped 38968 references will never be expanded, regardless 38969 of whether the variable exists or not. 38970 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 38971 items: 38972 type: string 38973 type: array 38974 x-kubernetes-list-type: atomic 38975 env: 38976 description: List of environment variables 38977 to set in the Sidecar. Cannot be updated. 38978 items: 38979 description: EnvVar represents an environment 38980 variable present in a Container. 38981 properties: 38982 name: 38983 description: Name of the environment 38984 variable. Must be a C_IDENTIFIER. 38985 type: string 38986 value: 38987 description: 'Variable references 38988 $(VAR_NAME) are expanded using 38989 the previously defined environment 38990 variables in the container and 38991 any service environment variables. 38992 If a variable cannot be resolved, 38993 the reference in the input string 38994 will be unchanged. Double $$ are 38995 reduced to a single $, which allows 38996 for escaping the $(VAR_NAME) syntax: 38997 i.e. "$$(VAR_NAME)" will produce 38998 the string literal "$(VAR_NAME)". 38999 Escaped references will never 39000 be expanded, regardless of whether 39001 the variable exists or not. Defaults 39002 to "".' 39003 type: string 39004 valueFrom: 39005 description: Source for the environment 39006 variable's value. Cannot be used 39007 if value is not empty. 39008 properties: 39009 configMapKeyRef: 39010 description: Selects a key of 39011 a ConfigMap. 39012 properties: 39013 key: 39014 description: The key to 39015 select. 39016 type: string 39017 name: 39018 description: 'Name of the 39019 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 39020 TODO: Add other useful 39021 fields. apiVersion, kind, 39022 uid?' 39023 type: string 39024 optional: 39025 description: Specify whether 39026 the ConfigMap or its key 39027 must be defined 39028 type: boolean 39029 required: 39030 - key 39031 type: object 39032 fieldRef: 39033 description: 'Selects a field 39034 of the pod: supports metadata.name, 39035 metadata.namespace, `metadata.labels[''<KEY>'']`, 39036 `metadata.annotations[''<KEY>'']`, 39037 spec.nodeName, spec.serviceAccountName, 39038 status.hostIP, status.podIP, 39039 status.podIPs.' 39040 properties: 39041 apiVersion: 39042 description: Version of 39043 the schema the FieldPath 39044 is written in terms of, 39045 defaults to "v1". 39046 type: string 39047 fieldPath: 39048 description: Path of the 39049 field to select in the 39050 specified API version. 39051 type: string 39052 required: 39053 - fieldPath 39054 type: object 39055 resourceFieldRef: 39056 description: 'Selects a resource 39057 of the container: only resources 39058 limits and requests (limits.cpu, 39059 limits.memory, limits.ephemeral-storage, 39060 requests.cpu, requests.memory 39061 and requests.ephemeral-storage) 39062 are currently supported.' 39063 properties: 39064 containerName: 39065 description: 'Container 39066 name: required for volumes, 39067 optional for env vars' 39068 type: string 39069 divisor: 39070 anyOf: 39071 - type: integer 39072 - type: string 39073 description: Specifies the 39074 output format of the exposed 39075 resources, defaults to 39076 "1" 39077 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 39078 x-kubernetes-int-or-string: true 39079 resource: 39080 description: 'Required: 39081 resource to select' 39082 type: string 39083 required: 39084 - resource 39085 type: object 39086 secretKeyRef: 39087 description: Selects a key of 39088 a secret in the pod's namespace 39089 properties: 39090 key: 39091 description: The key of 39092 the secret to select from. Must 39093 be a valid secret key. 39094 type: string 39095 name: 39096 description: 'Name of the 39097 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 39098 TODO: Add other useful 39099 fields. apiVersion, kind, 39100 uid?' 39101 type: string 39102 optional: 39103 description: Specify whether 39104 the Secret or its key 39105 must be defined 39106 type: boolean 39107 required: 39108 - key 39109 type: object 39110 type: object 39111 required: 39112 - name 39113 type: object 39114 type: array 39115 x-kubernetes-list-type: atomic 39116 envFrom: 39117 description: List of sources to populate 39118 environment variables in the Sidecar. 39119 The keys defined within a source must 39120 be a C_IDENTIFIER. All invalid keys 39121 will be reported as an event when the 39122 Sidecar is starting. When a key exists 39123 in multiple sources, the value associated 39124 with the last source will take precedence. 39125 Values defined by an Env with a duplicate 39126 key will take precedence. Cannot be 39127 updated. 39128 items: 39129 description: EnvFromSource represents 39130 the source of a set of ConfigMaps 39131 properties: 39132 configMapRef: 39133 description: The ConfigMap to select 39134 from 39135 properties: 39136 name: 39137 description: 'Name of the referent. 39138 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 39139 TODO: Add other useful fields. 39140 apiVersion, kind, uid?' 39141 type: string 39142 optional: 39143 description: Specify whether 39144 the ConfigMap must be defined 39145 type: boolean 39146 type: object 39147 prefix: 39148 description: An optional identifier 39149 to prepend to each key in the 39150 ConfigMap. Must be a C_IDENTIFIER. 39151 type: string 39152 secretRef: 39153 description: The Secret to select 39154 from 39155 properties: 39156 name: 39157 description: 'Name of the referent. 39158 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 39159 TODO: Add other useful fields. 39160 apiVersion, kind, uid?' 39161 type: string 39162 optional: 39163 description: Specify whether 39164 the Secret must be defined 39165 type: boolean 39166 type: object 39167 type: object 39168 type: array 39169 x-kubernetes-list-type: atomic 39170 image: 39171 description: 'Image name to be used by 39172 the Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images' 39173 type: string 39174 imagePullPolicy: 39175 description: 'Image pull policy. One of 39176 Always, Never, IfNotPresent. Defaults 39177 to Always if :latest tag is specified, 39178 or IfNotPresent otherwise. Cannot be 39179 updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 39180 type: string 39181 lifecycle: 39182 description: Actions that the management 39183 system should take in response to Sidecar 39184 lifecycle events. Cannot be updated. 39185 properties: 39186 postStart: 39187 description: 'PostStart is called 39188 immediately after a container is 39189 created. If the handler fails, the 39190 container is terminated and restarted 39191 according to its restart policy. 39192 Other management of the container 39193 blocks until the hook completes. 39194 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 39195 properties: 39196 exec: 39197 description: Exec specifies the 39198 action to take. 39199 properties: 39200 command: 39201 description: Command is the 39202 command line to execute 39203 inside the container, the 39204 working directory for the 39205 command is root ('/') in 39206 the container's filesystem. 39207 The command is simply exec'd, 39208 it is not run inside a shell, 39209 so traditional shell instructions 39210 ('|', etc) won't work. To 39211 use a shell, you need to 39212 explicitly call out to that 39213 shell. Exit status of 0 39214 is treated as live/healthy 39215 and non-zero is unhealthy. 39216 items: 39217 type: string 39218 type: array 39219 type: object 39220 httpGet: 39221 description: HTTPGet specifies 39222 the http request to perform. 39223 properties: 39224 host: 39225 description: Host name to 39226 connect to, defaults to 39227 the pod IP. You probably 39228 want to set "Host" in httpHeaders 39229 instead. 39230 type: string 39231 httpHeaders: 39232 description: Custom headers 39233 to set in the request. HTTP 39234 allows repeated headers. 39235 items: 39236 description: HTTPHeader 39237 describes a custom header 39238 to be used in HTTP probes 39239 properties: 39240 name: 39241 description: The header 39242 field name. This will 39243 be canonicalized upon 39244 output, so case-variant 39245 names will be understood 39246 as the same header. 39247 type: string 39248 value: 39249 description: The header 39250 field value 39251 type: string 39252 required: 39253 - name 39254 - value 39255 type: object 39256 type: array 39257 path: 39258 description: Path to access 39259 on the HTTP server. 39260 type: string 39261 port: 39262 anyOf: 39263 - type: integer 39264 - type: string 39265 description: Name or number 39266 of the port to access on 39267 the container. Number must 39268 be in the range 1 to 65535. 39269 Name must be an IANA_SVC_NAME. 39270 x-kubernetes-int-or-string: true 39271 scheme: 39272 description: Scheme to use 39273 for connecting to the host. 39274 Defaults to HTTP. 39275 type: string 39276 required: 39277 - port 39278 type: object 39279 tcpSocket: 39280 description: Deprecated. TCPSocket 39281 is NOT supported as a LifecycleHandler 39282 and kept for the backward compatibility. 39283 There are no validation of this 39284 field and lifecycle hooks will 39285 fail in runtime when tcp handler 39286 is specified. 39287 properties: 39288 host: 39289 description: 'Optional: Host 39290 name to connect to, defaults 39291 to the pod IP.' 39292 type: string 39293 port: 39294 anyOf: 39295 - type: integer 39296 - type: string 39297 description: Number or name 39298 of the port to access on 39299 the container. Number must 39300 be in the range 1 to 65535. 39301 Name must be an IANA_SVC_NAME. 39302 x-kubernetes-int-or-string: true 39303 required: 39304 - port 39305 type: object 39306 type: object 39307 preStop: 39308 description: 'PreStop is called immediately 39309 before a container is terminated 39310 due to an API request or management 39311 event such as liveness/startup probe 39312 failure, preemption, resource contention, 39313 etc. The handler is not called if 39314 the container crashes or exits. 39315 The Pod''s termination grace period 39316 countdown begins before the PreStop 39317 hook is executed. Regardless of 39318 the outcome of the handler, the 39319 container will eventually terminate 39320 within the Pod''s termination grace 39321 period (unless delayed by finalizers). 39322 Other management of the container 39323 blocks until the hook completes 39324 or until the termination grace period 39325 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 39326 properties: 39327 exec: 39328 description: Exec specifies the 39329 action to take. 39330 properties: 39331 command: 39332 description: Command is the 39333 command line to execute 39334 inside the container, the 39335 working directory for the 39336 command is root ('/') in 39337 the container's filesystem. 39338 The command is simply exec'd, 39339 it is not run inside a shell, 39340 so traditional shell instructions 39341 ('|', etc) won't work. To 39342 use a shell, you need to 39343 explicitly call out to that 39344 shell. Exit status of 0 39345 is treated as live/healthy 39346 and non-zero is unhealthy. 39347 items: 39348 type: string 39349 type: array 39350 type: object 39351 httpGet: 39352 description: HTTPGet specifies 39353 the http request to perform. 39354 properties: 39355 host: 39356 description: Host name to 39357 connect to, defaults to 39358 the pod IP. You probably 39359 want to set "Host" in httpHeaders 39360 instead. 39361 type: string 39362 httpHeaders: 39363 description: Custom headers 39364 to set in the request. HTTP 39365 allows repeated headers. 39366 items: 39367 description: HTTPHeader 39368 describes a custom header 39369 to be used in HTTP probes 39370 properties: 39371 name: 39372 description: The header 39373 field name. This will 39374 be canonicalized upon 39375 output, so case-variant 39376 names will be understood 39377 as the same header. 39378 type: string 39379 value: 39380 description: The header 39381 field value 39382 type: string 39383 required: 39384 - name 39385 - value 39386 type: object 39387 type: array 39388 path: 39389 description: Path to access 39390 on the HTTP server. 39391 type: string 39392 port: 39393 anyOf: 39394 - type: integer 39395 - type: string 39396 description: Name or number 39397 of the port to access on 39398 the container. Number must 39399 be in the range 1 to 65535. 39400 Name must be an IANA_SVC_NAME. 39401 x-kubernetes-int-or-string: true 39402 scheme: 39403 description: Scheme to use 39404 for connecting to the host. 39405 Defaults to HTTP. 39406 type: string 39407 required: 39408 - port 39409 type: object 39410 tcpSocket: 39411 description: Deprecated. TCPSocket 39412 is NOT supported as a LifecycleHandler 39413 and kept for the backward compatibility. 39414 There are no validation of this 39415 field and lifecycle hooks will 39416 fail in runtime when tcp handler 39417 is specified. 39418 properties: 39419 host: 39420 description: 'Optional: Host 39421 name to connect to, defaults 39422 to the pod IP.' 39423 type: string 39424 port: 39425 anyOf: 39426 - type: integer 39427 - type: string 39428 description: Number or name 39429 of the port to access on 39430 the container. Number must 39431 be in the range 1 to 65535. 39432 Name must be an IANA_SVC_NAME. 39433 x-kubernetes-int-or-string: true 39434 required: 39435 - port 39436 type: object 39437 type: object 39438 type: object 39439 livenessProbe: 39440 description: 'Periodic probe of Sidecar 39441 liveness. Container will be restarted 39442 if the probe fails. Cannot be updated. 39443 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39444 properties: 39445 exec: 39446 description: Exec specifies the action 39447 to take. 39448 properties: 39449 command: 39450 description: Command is the command 39451 line to execute inside the container, 39452 the working directory for the 39453 command is root ('/') in the 39454 container's filesystem. The 39455 command is simply exec'd, it 39456 is not run inside a shell, so 39457 traditional shell instructions 39458 ('|', etc) won't work. To use 39459 a shell, you need to explicitly 39460 call out to that shell. Exit 39461 status of 0 is treated as live/healthy 39462 and non-zero is unhealthy. 39463 items: 39464 type: string 39465 type: array 39466 type: object 39467 failureThreshold: 39468 description: Minimum consecutive failures 39469 for the probe to be considered failed 39470 after having succeeded. Defaults 39471 to 3. Minimum value is 1. 39472 format: int32 39473 type: integer 39474 grpc: 39475 description: GRPC specifies an action 39476 involving a GRPC port. 39477 properties: 39478 port: 39479 description: Port number of the 39480 gRPC service. Number must be 39481 in the range 1 to 65535. 39482 format: int32 39483 type: integer 39484 service: 39485 description: "Service is the name 39486 of the service to place in the 39487 gRPC HealthCheckRequest (see 39488 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 39489 \n If this is not specified, 39490 the default behavior is defined 39491 by gRPC." 39492 type: string 39493 required: 39494 - port 39495 type: object 39496 httpGet: 39497 description: HTTPGet specifies the 39498 http request to perform. 39499 properties: 39500 host: 39501 description: Host name to connect 39502 to, defaults to the pod IP. 39503 You probably want to set "Host" 39504 in httpHeaders instead. 39505 type: string 39506 httpHeaders: 39507 description: Custom headers to 39508 set in the request. HTTP allows 39509 repeated headers. 39510 items: 39511 description: HTTPHeader describes 39512 a custom header to be used 39513 in HTTP probes 39514 properties: 39515 name: 39516 description: The header 39517 field name. This will 39518 be canonicalized upon 39519 output, so case-variant 39520 names will be understood 39521 as the same header. 39522 type: string 39523 value: 39524 description: The header 39525 field value 39526 type: string 39527 required: 39528 - name 39529 - value 39530 type: object 39531 type: array 39532 path: 39533 description: Path to access on 39534 the HTTP server. 39535 type: string 39536 port: 39537 anyOf: 39538 - type: integer 39539 - type: string 39540 description: Name or number of 39541 the port to access on the container. 39542 Number must be in the range 39543 1 to 65535. Name must be an 39544 IANA_SVC_NAME. 39545 x-kubernetes-int-or-string: true 39546 scheme: 39547 description: Scheme to use for 39548 connecting to the host. Defaults 39549 to HTTP. 39550 type: string 39551 required: 39552 - port 39553 type: object 39554 initialDelaySeconds: 39555 description: 'Number of seconds after 39556 the container has started before 39557 liveness probes are initiated. More 39558 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39559 format: int32 39560 type: integer 39561 periodSeconds: 39562 description: How often (in seconds) 39563 to perform the probe. Default to 39564 10 seconds. Minimum value is 1. 39565 format: int32 39566 type: integer 39567 successThreshold: 39568 description: Minimum consecutive successes 39569 for the probe to be considered successful 39570 after having failed. Defaults to 39571 1. Must be 1 for liveness and startup. 39572 Minimum value is 1. 39573 format: int32 39574 type: integer 39575 tcpSocket: 39576 description: TCPSocket specifies an 39577 action involving a TCP port. 39578 properties: 39579 host: 39580 description: 'Optional: Host name 39581 to connect to, defaults to the 39582 pod IP.' 39583 type: string 39584 port: 39585 anyOf: 39586 - type: integer 39587 - type: string 39588 description: Number or name of 39589 the port to access on the container. 39590 Number must be in the range 39591 1 to 65535. Name must be an 39592 IANA_SVC_NAME. 39593 x-kubernetes-int-or-string: true 39594 required: 39595 - port 39596 type: object 39597 terminationGracePeriodSeconds: 39598 description: Optional duration in 39599 seconds the pod needs to terminate 39600 gracefully upon probe failure. The 39601 grace period is the duration in 39602 seconds after the processes running 39603 in the pod are sent a termination 39604 signal and the time when the processes 39605 are forcibly halted with a kill 39606 signal. Set this value longer than 39607 the expected cleanup time for your 39608 process. If this value is nil, the 39609 pod's terminationGracePeriodSeconds 39610 will be used. Otherwise, this value 39611 overrides the value provided by 39612 the pod spec. Value must be non-negative 39613 integer. The value zero indicates 39614 stop immediately via the kill signal 39615 (no opportunity to shut down). This 39616 is a beta field and requires enabling 39617 ProbeTerminationGracePeriod feature 39618 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 39619 is used if unset. 39620 format: int64 39621 type: integer 39622 timeoutSeconds: 39623 description: 'Number of seconds after 39624 which the probe times out. Defaults 39625 to 1 second. Minimum value is 1. 39626 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39627 format: int32 39628 type: integer 39629 type: object 39630 name: 39631 description: Name of the Sidecar specified 39632 as a DNS_LABEL. Each Sidecar in a Task 39633 must have a unique name (DNS_LABEL). 39634 Cannot be updated. 39635 type: string 39636 ports: 39637 description: List of ports to expose from 39638 the Sidecar. Exposing a port here gives 39639 the system additional information about 39640 the network connections a container 39641 uses, but is primarily informational. 39642 Not specifying a port here DOES NOT 39643 prevent that port from being exposed. 39644 Any port which is listening on the default 39645 "0.0.0.0" address inside a container 39646 will be accessible from the network. 39647 Cannot be updated. 39648 items: 39649 description: ContainerPort represents 39650 a network port in a single container. 39651 properties: 39652 containerPort: 39653 description: Number of port to expose 39654 on the pod's IP address. This 39655 must be a valid port number, 0 39656 < x < 65536. 39657 format: int32 39658 type: integer 39659 hostIP: 39660 description: What host IP to bind 39661 the external port to. 39662 type: string 39663 hostPort: 39664 description: Number of port to expose 39665 on the host. If specified, this 39666 must be a valid port number, 0 39667 < x < 65536. If HostNetwork is 39668 specified, this must match ContainerPort. 39669 Most containers do not need this. 39670 format: int32 39671 type: integer 39672 name: 39673 description: If specified, this 39674 must be an IANA_SVC_NAME and unique 39675 within the pod. Each named port 39676 in a pod must have a unique name. 39677 Name for the port that can be 39678 referred to by services. 39679 type: string 39680 protocol: 39681 default: TCP 39682 description: Protocol for port. 39683 Must be UDP, TCP, or SCTP. Defaults 39684 to "TCP". 39685 type: string 39686 required: 39687 - containerPort 39688 type: object 39689 type: array 39690 x-kubernetes-list-map-keys: 39691 - containerPort 39692 - protocol 39693 x-kubernetes-list-type: map 39694 readinessProbe: 39695 description: 'Periodic probe of Sidecar 39696 service readiness. Container will be 39697 removed from service endpoints if the 39698 probe fails. Cannot be updated. More 39699 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39700 properties: 39701 exec: 39702 description: Exec specifies the action 39703 to take. 39704 properties: 39705 command: 39706 description: Command is the command 39707 line to execute inside the container, 39708 the working directory for the 39709 command is root ('/') in the 39710 container's filesystem. The 39711 command is simply exec'd, it 39712 is not run inside a shell, so 39713 traditional shell instructions 39714 ('|', etc) won't work. To use 39715 a shell, you need to explicitly 39716 call out to that shell. Exit 39717 status of 0 is treated as live/healthy 39718 and non-zero is unhealthy. 39719 items: 39720 type: string 39721 type: array 39722 type: object 39723 failureThreshold: 39724 description: Minimum consecutive failures 39725 for the probe to be considered failed 39726 after having succeeded. Defaults 39727 to 3. Minimum value is 1. 39728 format: int32 39729 type: integer 39730 grpc: 39731 description: GRPC specifies an action 39732 involving a GRPC port. 39733 properties: 39734 port: 39735 description: Port number of the 39736 gRPC service. Number must be 39737 in the range 1 to 65535. 39738 format: int32 39739 type: integer 39740 service: 39741 description: "Service is the name 39742 of the service to place in the 39743 gRPC HealthCheckRequest (see 39744 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 39745 \n If this is not specified, 39746 the default behavior is defined 39747 by gRPC." 39748 type: string 39749 required: 39750 - port 39751 type: object 39752 httpGet: 39753 description: HTTPGet specifies the 39754 http request to perform. 39755 properties: 39756 host: 39757 description: Host name to connect 39758 to, defaults to the pod IP. 39759 You probably want to set "Host" 39760 in httpHeaders instead. 39761 type: string 39762 httpHeaders: 39763 description: Custom headers to 39764 set in the request. HTTP allows 39765 repeated headers. 39766 items: 39767 description: HTTPHeader describes 39768 a custom header to be used 39769 in HTTP probes 39770 properties: 39771 name: 39772 description: The header 39773 field name. This will 39774 be canonicalized upon 39775 output, so case-variant 39776 names will be understood 39777 as the same header. 39778 type: string 39779 value: 39780 description: The header 39781 field value 39782 type: string 39783 required: 39784 - name 39785 - value 39786 type: object 39787 type: array 39788 path: 39789 description: Path to access on 39790 the HTTP server. 39791 type: string 39792 port: 39793 anyOf: 39794 - type: integer 39795 - type: string 39796 description: Name or number of 39797 the port to access on the container. 39798 Number must be in the range 39799 1 to 65535. Name must be an 39800 IANA_SVC_NAME. 39801 x-kubernetes-int-or-string: true 39802 scheme: 39803 description: Scheme to use for 39804 connecting to the host. Defaults 39805 to HTTP. 39806 type: string 39807 required: 39808 - port 39809 type: object 39810 initialDelaySeconds: 39811 description: 'Number of seconds after 39812 the container has started before 39813 liveness probes are initiated. More 39814 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39815 format: int32 39816 type: integer 39817 periodSeconds: 39818 description: How often (in seconds) 39819 to perform the probe. Default to 39820 10 seconds. Minimum value is 1. 39821 format: int32 39822 type: integer 39823 successThreshold: 39824 description: Minimum consecutive successes 39825 for the probe to be considered successful 39826 after having failed. Defaults to 39827 1. Must be 1 for liveness and startup. 39828 Minimum value is 1. 39829 format: int32 39830 type: integer 39831 tcpSocket: 39832 description: TCPSocket specifies an 39833 action involving a TCP port. 39834 properties: 39835 host: 39836 description: 'Optional: Host name 39837 to connect to, defaults to the 39838 pod IP.' 39839 type: string 39840 port: 39841 anyOf: 39842 - type: integer 39843 - type: string 39844 description: Number or name of 39845 the port to access on the container. 39846 Number must be in the range 39847 1 to 65535. Name must be an 39848 IANA_SVC_NAME. 39849 x-kubernetes-int-or-string: true 39850 required: 39851 - port 39852 type: object 39853 terminationGracePeriodSeconds: 39854 description: Optional duration in 39855 seconds the pod needs to terminate 39856 gracefully upon probe failure. The 39857 grace period is the duration in 39858 seconds after the processes running 39859 in the pod are sent a termination 39860 signal and the time when the processes 39861 are forcibly halted with a kill 39862 signal. Set this value longer than 39863 the expected cleanup time for your 39864 process. If this value is nil, the 39865 pod's terminationGracePeriodSeconds 39866 will be used. Otherwise, this value 39867 overrides the value provided by 39868 the pod spec. Value must be non-negative 39869 integer. The value zero indicates 39870 stop immediately via the kill signal 39871 (no opportunity to shut down). This 39872 is a beta field and requires enabling 39873 ProbeTerminationGracePeriod feature 39874 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 39875 is used if unset. 39876 format: int64 39877 type: integer 39878 timeoutSeconds: 39879 description: 'Number of seconds after 39880 which the probe times out. Defaults 39881 to 1 second. Minimum value is 1. 39882 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 39883 format: int32 39884 type: integer 39885 type: object 39886 resources: 39887 description: 'Compute Resources required 39888 by this Sidecar. Cannot be updated. 39889 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 39890 properties: 39891 claims: 39892 description: "Claims lists the names 39893 of resources, defined in spec.resourceClaims, 39894 that are used by this container. 39895 \n This is an alpha field and requires 39896 enabling the DynamicResourceAllocation 39897 feature gate. \n This field is immutable. 39898 It can only be set for containers." 39899 items: 39900 description: ResourceClaim references 39901 one entry in PodSpec.ResourceClaims. 39902 properties: 39903 name: 39904 description: Name must match 39905 the name of one entry in pod.spec.resourceClaims 39906 of the Pod where this field 39907 is used. It makes that resource 39908 available inside a container. 39909 type: string 39910 required: 39911 - name 39912 type: object 39913 type: array 39914 x-kubernetes-list-map-keys: 39915 - name 39916 x-kubernetes-list-type: map 39917 limits: 39918 additionalProperties: 39919 anyOf: 39920 - type: integer 39921 - type: string 39922 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 39923 x-kubernetes-int-or-string: true 39924 description: 'Limits describes the 39925 maximum amount of compute resources 39926 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 39927 type: object 39928 requests: 39929 additionalProperties: 39930 anyOf: 39931 - type: integer 39932 - type: string 39933 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 39934 x-kubernetes-int-or-string: true 39935 description: 'Requests describes the 39936 minimum amount of compute resources 39937 required. If Requests is omitted 39938 for a container, it defaults to 39939 Limits if that is explicitly specified, 39940 otherwise to an implementation-defined 39941 value. Requests cannot exceed Limits. 39942 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 39943 type: object 39944 type: object 39945 script: 39946 description: "Script is the contents of 39947 an executable file to execute. \n If 39948 Script is not empty, the Step cannot 39949 have an Command or Args." 39950 type: string 39951 securityContext: 39952 description: 'SecurityContext defines 39953 the security options the Sidecar should 39954 be run with. If set, the fields of SecurityContext 39955 override the equivalent fields of PodSecurityContext. 39956 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 39957 properties: 39958 allowPrivilegeEscalation: 39959 description: 'AllowPrivilegeEscalation 39960 controls whether a process can gain 39961 more privileges than its parent 39962 process. This bool directly controls 39963 if the no_new_privs flag will be 39964 set on the container process. AllowPrivilegeEscalation 39965 is true always when the container 39966 is: 1) run as Privileged 2) has 39967 CAP_SYS_ADMIN Note that this field 39968 cannot be set when spec.os.name 39969 is windows.' 39970 type: boolean 39971 capabilities: 39972 description: The capabilities to add/drop 39973 when running containers. Defaults 39974 to the default set of capabilities 39975 granted by the container runtime. 39976 Note that this field cannot be set 39977 when spec.os.name is windows. 39978 properties: 39979 add: 39980 description: Added capabilities 39981 items: 39982 description: Capability represent 39983 POSIX capabilities type 39984 type: string 39985 type: array 39986 drop: 39987 description: Removed capabilities 39988 items: 39989 description: Capability represent 39990 POSIX capabilities type 39991 type: string 39992 type: array 39993 type: object 39994 privileged: 39995 description: Run container in privileged 39996 mode. Processes in privileged containers 39997 are essentially equivalent to root 39998 on the host. Defaults to false. 39999 Note that this field cannot be set 40000 when spec.os.name is windows. 40001 type: boolean 40002 procMount: 40003 description: procMount denotes the 40004 type of proc mount to use for the 40005 containers. The default is DefaultProcMount 40006 which uses the container runtime 40007 defaults for readonly paths and 40008 masked paths. This requires the 40009 ProcMountType feature flag to be 40010 enabled. Note that this field cannot 40011 be set when spec.os.name is windows. 40012 type: string 40013 readOnlyRootFilesystem: 40014 description: Whether this container 40015 has a read-only root filesystem. 40016 Default is false. Note that this 40017 field cannot be set when spec.os.name 40018 is windows. 40019 type: boolean 40020 runAsGroup: 40021 description: The GID to run the entrypoint 40022 of the container process. Uses runtime 40023 default if unset. May also be set 40024 in PodSecurityContext. If set in 40025 both SecurityContext and PodSecurityContext, 40026 the value specified in SecurityContext 40027 takes precedence. Note that this 40028 field cannot be set when spec.os.name 40029 is windows. 40030 format: int64 40031 type: integer 40032 runAsNonRoot: 40033 description: Indicates that the container 40034 must run as a non-root user. If 40035 true, the Kubelet will validate 40036 the image at runtime to ensure that 40037 it does not run as UID 0 (root) 40038 and fail to start the container 40039 if it does. If unset or false, no 40040 such validation will be performed. 40041 May also be set in PodSecurityContext. If 40042 set in both SecurityContext and 40043 PodSecurityContext, the value specified 40044 in SecurityContext takes precedence. 40045 type: boolean 40046 runAsUser: 40047 description: The UID to run the entrypoint 40048 of the container process. Defaults 40049 to user specified in image metadata 40050 if unspecified. May also be set 40051 in PodSecurityContext. If set in 40052 both SecurityContext and PodSecurityContext, 40053 the value specified in SecurityContext 40054 takes precedence. Note that this 40055 field cannot be set when spec.os.name 40056 is windows. 40057 format: int64 40058 type: integer 40059 seLinuxOptions: 40060 description: The SELinux context to 40061 be applied to the container. If 40062 unspecified, the container runtime 40063 will allocate a random SELinux context 40064 for each container. May also be 40065 set in PodSecurityContext. If set 40066 in both SecurityContext and PodSecurityContext, 40067 the value specified in SecurityContext 40068 takes precedence. Note that this 40069 field cannot be set when spec.os.name 40070 is windows. 40071 properties: 40072 level: 40073 description: Level is SELinux 40074 level label that applies to 40075 the container. 40076 type: string 40077 role: 40078 description: Role is a SELinux 40079 role label that applies to the 40080 container. 40081 type: string 40082 type: 40083 description: Type is a SELinux 40084 type label that applies to the 40085 container. 40086 type: string 40087 user: 40088 description: User is a SELinux 40089 user label that applies to the 40090 container. 40091 type: string 40092 type: object 40093 seccompProfile: 40094 description: The seccomp options to 40095 use by this container. If seccomp 40096 options are provided at both the 40097 pod & container level, the container 40098 options override the pod options. 40099 Note that this field cannot be set 40100 when spec.os.name is windows. 40101 properties: 40102 localhostProfile: 40103 description: localhostProfile 40104 indicates a profile defined 40105 in a file on the node should 40106 be used. The profile must be 40107 preconfigured on the node to 40108 work. Must be a descending path, 40109 relative to the kubelet's configured 40110 seccomp profile location. Must 40111 be set if type is "Localhost". 40112 Must NOT be set for any other 40113 type. 40114 type: string 40115 type: 40116 description: "type indicates which 40117 kind of seccomp profile will 40118 be applied. Valid options are: 40119 \n Localhost - a profile defined 40120 in a file on the node should 40121 be used. RuntimeDefault - the 40122 container runtime default profile 40123 should be used. Unconfined - 40124 no profile should be applied." 40125 type: string 40126 required: 40127 - type 40128 type: object 40129 windowsOptions: 40130 description: The Windows specific 40131 settings applied to all containers. 40132 If unspecified, the options from 40133 the PodSecurityContext will be used. 40134 If set in both SecurityContext and 40135 PodSecurityContext, the value specified 40136 in SecurityContext takes precedence. 40137 Note that this field cannot be set 40138 when spec.os.name is linux. 40139 properties: 40140 gmsaCredentialSpec: 40141 description: GMSACredentialSpec 40142 is where the GMSA admission 40143 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 40144 inlines the contents of the 40145 GMSA credential spec named by 40146 the GMSACredentialSpecName field. 40147 type: string 40148 gmsaCredentialSpecName: 40149 description: GMSACredentialSpecName 40150 is the name of the GMSA credential 40151 spec to use. 40152 type: string 40153 hostProcess: 40154 description: HostProcess determines 40155 if a container should be run 40156 as a 'Host Process' container. 40157 All of a Pod's containers must 40158 have the same effective HostProcess 40159 value (it is not allowed to 40160 have a mix of HostProcess containers 40161 and non-HostProcess containers). 40162 In addition, if HostProcess 40163 is true then HostNetwork must 40164 also be set to true. 40165 type: boolean 40166 runAsUserName: 40167 description: The UserName in Windows 40168 to run the entrypoint of the 40169 container process. Defaults 40170 to the user specified in image 40171 metadata if unspecified. May 40172 also be set in PodSecurityContext. 40173 If set in both SecurityContext 40174 and PodSecurityContext, the 40175 value specified in SecurityContext 40176 takes precedence. 40177 type: string 40178 type: object 40179 type: object 40180 startupProbe: 40181 description: 'StartupProbe indicates that 40182 the Pod the Sidecar is running in has 40183 successfully initialized. If specified, 40184 no other probes are executed until this 40185 completes successfully. If this probe 40186 fails, the Pod will be restarted, just 40187 as if the livenessProbe failed. This 40188 can be used to provide different probe 40189 parameters at the beginning of a Pod''s 40190 lifecycle, when it might take a long 40191 time to load data or warm a cache, than 40192 during steady-state operation. This 40193 cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 40194 properties: 40195 exec: 40196 description: Exec specifies the action 40197 to take. 40198 properties: 40199 command: 40200 description: Command is the command 40201 line to execute inside the container, 40202 the working directory for the 40203 command is root ('/') in the 40204 container's filesystem. The 40205 command is simply exec'd, it 40206 is not run inside a shell, so 40207 traditional shell instructions 40208 ('|', etc) won't work. To use 40209 a shell, you need to explicitly 40210 call out to that shell. Exit 40211 status of 0 is treated as live/healthy 40212 and non-zero is unhealthy. 40213 items: 40214 type: string 40215 type: array 40216 type: object 40217 failureThreshold: 40218 description: Minimum consecutive failures 40219 for the probe to be considered failed 40220 after having succeeded. Defaults 40221 to 3. Minimum value is 1. 40222 format: int32 40223 type: integer 40224 grpc: 40225 description: GRPC specifies an action 40226 involving a GRPC port. 40227 properties: 40228 port: 40229 description: Port number of the 40230 gRPC service. Number must be 40231 in the range 1 to 65535. 40232 format: int32 40233 type: integer 40234 service: 40235 description: "Service is the name 40236 of the service to place in the 40237 gRPC HealthCheckRequest (see 40238 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 40239 \n If this is not specified, 40240 the default behavior is defined 40241 by gRPC." 40242 type: string 40243 required: 40244 - port 40245 type: object 40246 httpGet: 40247 description: HTTPGet specifies the 40248 http request to perform. 40249 properties: 40250 host: 40251 description: Host name to connect 40252 to, defaults to the pod IP. 40253 You probably want to set "Host" 40254 in httpHeaders instead. 40255 type: string 40256 httpHeaders: 40257 description: Custom headers to 40258 set in the request. HTTP allows 40259 repeated headers. 40260 items: 40261 description: HTTPHeader describes 40262 a custom header to be used 40263 in HTTP probes 40264 properties: 40265 name: 40266 description: The header 40267 field name. This will 40268 be canonicalized upon 40269 output, so case-variant 40270 names will be understood 40271 as the same header. 40272 type: string 40273 value: 40274 description: The header 40275 field value 40276 type: string 40277 required: 40278 - name 40279 - value 40280 type: object 40281 type: array 40282 path: 40283 description: Path to access on 40284 the HTTP server. 40285 type: string 40286 port: 40287 anyOf: 40288 - type: integer 40289 - type: string 40290 description: Name or number of 40291 the port to access on the container. 40292 Number must be in the range 40293 1 to 65535. Name must be an 40294 IANA_SVC_NAME. 40295 x-kubernetes-int-or-string: true 40296 scheme: 40297 description: Scheme to use for 40298 connecting to the host. Defaults 40299 to HTTP. 40300 type: string 40301 required: 40302 - port 40303 type: object 40304 initialDelaySeconds: 40305 description: 'Number of seconds after 40306 the container has started before 40307 liveness probes are initiated. More 40308 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 40309 format: int32 40310 type: integer 40311 periodSeconds: 40312 description: How often (in seconds) 40313 to perform the probe. Default to 40314 10 seconds. Minimum value is 1. 40315 format: int32 40316 type: integer 40317 successThreshold: 40318 description: Minimum consecutive successes 40319 for the probe to be considered successful 40320 after having failed. Defaults to 40321 1. Must be 1 for liveness and startup. 40322 Minimum value is 1. 40323 format: int32 40324 type: integer 40325 tcpSocket: 40326 description: TCPSocket specifies an 40327 action involving a TCP port. 40328 properties: 40329 host: 40330 description: 'Optional: Host name 40331 to connect to, defaults to the 40332 pod IP.' 40333 type: string 40334 port: 40335 anyOf: 40336 - type: integer 40337 - type: string 40338 description: Number or name of 40339 the port to access on the container. 40340 Number must be in the range 40341 1 to 65535. Name must be an 40342 IANA_SVC_NAME. 40343 x-kubernetes-int-or-string: true 40344 required: 40345 - port 40346 type: object 40347 terminationGracePeriodSeconds: 40348 description: Optional duration in 40349 seconds the pod needs to terminate 40350 gracefully upon probe failure. The 40351 grace period is the duration in 40352 seconds after the processes running 40353 in the pod are sent a termination 40354 signal and the time when the processes 40355 are forcibly halted with a kill 40356 signal. Set this value longer than 40357 the expected cleanup time for your 40358 process. If this value is nil, the 40359 pod's terminationGracePeriodSeconds 40360 will be used. Otherwise, this value 40361 overrides the value provided by 40362 the pod spec. Value must be non-negative 40363 integer. The value zero indicates 40364 stop immediately via the kill signal 40365 (no opportunity to shut down). This 40366 is a beta field and requires enabling 40367 ProbeTerminationGracePeriod feature 40368 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 40369 is used if unset. 40370 format: int64 40371 type: integer 40372 timeoutSeconds: 40373 description: 'Number of seconds after 40374 which the probe times out. Defaults 40375 to 1 second. Minimum value is 1. 40376 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 40377 format: int32 40378 type: integer 40379 type: object 40380 stdin: 40381 description: Whether this Sidecar should 40382 allocate a buffer for stdin in the container 40383 runtime. If this is not set, reads from 40384 stdin in the Sidecar will always result 40385 in EOF. Default is false. 40386 type: boolean 40387 stdinOnce: 40388 description: Whether the container runtime 40389 should close the stdin channel after 40390 it has been opened by a single attach. 40391 When stdin is true the stdin stream 40392 will remain open across multiple attach 40393 sessions. If stdinOnce is set to true, 40394 stdin is opened on Sidecar start, is 40395 empty until the first client attaches 40396 to stdin, and then remains open and 40397 accepts data until the client disconnects, 40398 at which time stdin is closed and remains 40399 closed until the Sidecar is restarted. 40400 If this flag is false, a container processes 40401 that reads from stdin will never receive 40402 an EOF. Default is false 40403 type: boolean 40404 terminationMessagePath: 40405 description: 'Optional: Path at which 40406 the file to which the Sidecar''s termination 40407 message will be written is mounted into 40408 the Sidecar''s filesystem. Message written 40409 is intended to be brief final status, 40410 such as an assertion failure message. 40411 Will be truncated by the node if greater 40412 than 4096 bytes. The total message length 40413 across all containers will be limited 40414 to 12kb. Defaults to /dev/termination-log. 40415 Cannot be updated.' 40416 type: string 40417 terminationMessagePolicy: 40418 description: Indicate how the termination 40419 message should be populated. File will 40420 use the contents of terminationMessagePath 40421 to populate the Sidecar status message 40422 on both success and failure. FallbackToLogsOnError 40423 will use the last chunk of Sidecar log 40424 output if the termination message file 40425 is empty and the Sidecar exited with 40426 an error. The log output is limited 40427 to 2048 bytes or 80 lines, whichever 40428 is smaller. Defaults to File. Cannot 40429 be updated. 40430 type: string 40431 tty: 40432 description: Whether this Sidecar should 40433 allocate a TTY for itself, also requires 40434 'stdin' to be true. Default is false. 40435 type: boolean 40436 volumeDevices: 40437 description: volumeDevices is the list 40438 of block devices to be used by the Sidecar. 40439 items: 40440 description: volumeDevice describes 40441 a mapping of a raw block device within 40442 a container. 40443 properties: 40444 devicePath: 40445 description: devicePath is the path 40446 inside of the container that the 40447 device will be mapped to. 40448 type: string 40449 name: 40450 description: name must match the 40451 name of a persistentVolumeClaim 40452 in the pod 40453 type: string 40454 required: 40455 - devicePath 40456 - name 40457 type: object 40458 type: array 40459 x-kubernetes-list-type: atomic 40460 volumeMounts: 40461 description: Volumes to mount into the 40462 Sidecar's filesystem. Cannot be updated. 40463 items: 40464 description: VolumeMount describes a 40465 mounting of a Volume within a container. 40466 properties: 40467 mountPath: 40468 description: Path within the container 40469 at which the volume should be 40470 mounted. Must not contain ':'. 40471 type: string 40472 mountPropagation: 40473 description: mountPropagation determines 40474 how mounts are propagated from 40475 the host to container and the 40476 other way around. When not set, 40477 MountPropagationNone is used. 40478 This field is beta in 1.10. 40479 type: string 40480 name: 40481 description: This must match the 40482 Name of a Volume. 40483 type: string 40484 readOnly: 40485 description: Mounted read-only if 40486 true, read-write otherwise (false 40487 or unspecified). Defaults to false. 40488 type: boolean 40489 subPath: 40490 description: Path within the volume 40491 from which the container's volume 40492 should be mounted. Defaults to 40493 "" (volume's root). 40494 type: string 40495 subPathExpr: 40496 description: Expanded path within 40497 the volume from which the container's 40498 volume should be mounted. Behaves 40499 similarly to SubPath but environment 40500 variable references $(VAR_NAME) 40501 are expanded using the container's 40502 environment. Defaults to "" (volume's 40503 root). SubPathExpr and SubPath 40504 are mutually exclusive. 40505 type: string 40506 required: 40507 - mountPath 40508 - name 40509 type: object 40510 type: array 40511 x-kubernetes-list-type: atomic 40512 workingDir: 40513 description: Sidecar's working directory. 40514 If not specified, the container runtime's 40515 default will be used, which might be 40516 configured in the container image. Cannot 40517 be updated. 40518 type: string 40519 workspaces: 40520 description: "This is an alpha field. 40521 You must set the \"enable-api-fields\" 40522 feature flag to \"alpha\" for this field 40523 to be supported. \n Workspaces is a 40524 list of workspaces from the Task that 40525 this Sidecar wants exclusive access 40526 to. Adding a workspace to this list 40527 means that any other Step or Sidecar 40528 that does not also request this Workspace 40529 will not have access to it." 40530 items: 40531 description: WorkspaceUsage is used 40532 by a Step or Sidecar to declare that 40533 it wants isolated access to a Workspace 40534 defined in a Task. 40535 properties: 40536 mountPath: 40537 description: MountPath is the path 40538 that the workspace should be mounted 40539 to inside the Step or Sidecar, 40540 overriding any MountPath specified 40541 in the Task's WorkspaceDeclaration. 40542 type: string 40543 name: 40544 description: Name is the name of 40545 the workspace this Step or Sidecar 40546 wants access to. 40547 type: string 40548 required: 40549 - mountPath 40550 - name 40551 type: object 40552 type: array 40553 x-kubernetes-list-type: atomic 40554 required: 40555 - name 40556 type: object 40557 type: array 40558 x-kubernetes-list-type: atomic 40559 spec: 40560 description: Spec is a specification of a custom 40561 task 40562 type: object 40563 stepTemplate: 40564 description: StepTemplate can be used as the 40565 basis for all step containers within the Task, 40566 so that the steps inherit settings on the 40567 base container. 40568 properties: 40569 args: 40570 description: 'Arguments to the entrypoint. 40571 The image''s CMD is used if this is not 40572 provided. Variable references $(VAR_NAME) 40573 are expanded using the Step''s environment. 40574 If a variable cannot be resolved, the 40575 reference in the input string will be 40576 unchanged. Double $$ are reduced to a 40577 single $, which allows for escaping the 40578 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 40579 will produce the string literal "$(VAR_NAME)". 40580 Escaped references will never be expanded, 40581 regardless of whether the variable exists 40582 or not. Cannot be updated. More info: 40583 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 40584 items: 40585 type: string 40586 type: array 40587 x-kubernetes-list-type: atomic 40588 command: 40589 description: 'Entrypoint array. Not executed 40590 within a shell. The docker image''s ENTRYPOINT 40591 is used if this is not provided. Variable 40592 references $(VAR_NAME) are expanded using 40593 the Step''s environment. If a variable 40594 cannot be resolved, the reference in the 40595 input string will be unchanged. Double 40596 $$ are reduced to a single $, which allows 40597 for escaping the $(VAR_NAME) syntax: i.e. 40598 "$$(VAR_NAME)" will produce the string 40599 literal "$(VAR_NAME)". Escaped references 40600 will never be expanded, regardless of 40601 whether the variable exists or not. Cannot 40602 be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 40603 items: 40604 type: string 40605 type: array 40606 x-kubernetes-list-type: atomic 40607 env: 40608 description: List of environment variables 40609 to set in the container. Cannot be updated. 40610 items: 40611 description: EnvVar represents an environment 40612 variable present in a Container. 40613 properties: 40614 name: 40615 description: Name of the environment 40616 variable. Must be a C_IDENTIFIER. 40617 type: string 40618 value: 40619 description: 'Variable references 40620 $(VAR_NAME) are expanded using the 40621 previously defined environment variables 40622 in the container and any service 40623 environment variables. If a variable 40624 cannot be resolved, the reference 40625 in the input string will be unchanged. 40626 Double $$ are reduced to a single 40627 $, which allows for escaping the 40628 $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 40629 will produce the string literal 40630 "$(VAR_NAME)". Escaped references 40631 will never be expanded, regardless 40632 of whether the variable exists or 40633 not. Defaults to "".' 40634 type: string 40635 valueFrom: 40636 description: Source for the environment 40637 variable's value. Cannot be used 40638 if value is not empty. 40639 properties: 40640 configMapKeyRef: 40641 description: Selects a key of 40642 a ConfigMap. 40643 properties: 40644 key: 40645 description: The key to select. 40646 type: string 40647 name: 40648 description: 'Name of the 40649 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 40650 TODO: Add other useful fields. 40651 apiVersion, kind, uid?' 40652 type: string 40653 optional: 40654 description: Specify whether 40655 the ConfigMap or its key 40656 must be defined 40657 type: boolean 40658 required: 40659 - key 40660 type: object 40661 fieldRef: 40662 description: 'Selects a field 40663 of the pod: supports metadata.name, 40664 metadata.namespace, `metadata.labels[''<KEY>'']`, 40665 `metadata.annotations[''<KEY>'']`, 40666 spec.nodeName, spec.serviceAccountName, 40667 status.hostIP, status.podIP, 40668 status.podIPs.' 40669 properties: 40670 apiVersion: 40671 description: Version of the 40672 schema the FieldPath is 40673 written in terms of, defaults 40674 to "v1". 40675 type: string 40676 fieldPath: 40677 description: Path of the field 40678 to select in the specified 40679 API version. 40680 type: string 40681 required: 40682 - fieldPath 40683 type: object 40684 resourceFieldRef: 40685 description: 'Selects a resource 40686 of the container: only resources 40687 limits and requests (limits.cpu, 40688 limits.memory, limits.ephemeral-storage, 40689 requests.cpu, requests.memory 40690 and requests.ephemeral-storage) 40691 are currently supported.' 40692 properties: 40693 containerName: 40694 description: 'Container name: 40695 required for volumes, optional 40696 for env vars' 40697 type: string 40698 divisor: 40699 anyOf: 40700 - type: integer 40701 - type: string 40702 description: Specifies the 40703 output format of the exposed 40704 resources, defaults to "1" 40705 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 40706 x-kubernetes-int-or-string: true 40707 resource: 40708 description: 'Required: resource 40709 to select' 40710 type: string 40711 required: 40712 - resource 40713 type: object 40714 secretKeyRef: 40715 description: Selects a key of 40716 a secret in the pod's namespace 40717 properties: 40718 key: 40719 description: The key of the 40720 secret to select from. Must 40721 be a valid secret key. 40722 type: string 40723 name: 40724 description: 'Name of the 40725 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 40726 TODO: Add other useful fields. 40727 apiVersion, kind, uid?' 40728 type: string 40729 optional: 40730 description: Specify whether 40731 the Secret or its key must 40732 be defined 40733 type: boolean 40734 required: 40735 - key 40736 type: object 40737 type: object 40738 required: 40739 - name 40740 type: object 40741 type: array 40742 x-kubernetes-list-type: atomic 40743 envFrom: 40744 description: List of sources to populate 40745 environment variables in the Step. The 40746 keys defined within a source must be a 40747 C_IDENTIFIER. All invalid keys will be 40748 reported as an event when the container 40749 is starting. When a key exists in multiple 40750 sources, the value associated with the 40751 last source will take precedence. Values 40752 defined by an Env with a duplicate key 40753 will take precedence. Cannot be updated. 40754 items: 40755 description: EnvFromSource represents 40756 the source of a set of ConfigMaps 40757 properties: 40758 configMapRef: 40759 description: The ConfigMap to select 40760 from 40761 properties: 40762 name: 40763 description: 'Name of the referent. 40764 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 40765 TODO: Add other useful fields. 40766 apiVersion, kind, uid?' 40767 type: string 40768 optional: 40769 description: Specify whether the 40770 ConfigMap must be defined 40771 type: boolean 40772 type: object 40773 prefix: 40774 description: An optional identifier 40775 to prepend to each key in the ConfigMap. 40776 Must be a C_IDENTIFIER. 40777 type: string 40778 secretRef: 40779 description: The Secret to select 40780 from 40781 properties: 40782 name: 40783 description: 'Name of the referent. 40784 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 40785 TODO: Add other useful fields. 40786 apiVersion, kind, uid?' 40787 type: string 40788 optional: 40789 description: Specify whether the 40790 Secret must be defined 40791 type: boolean 40792 type: object 40793 type: object 40794 type: array 40795 x-kubernetes-list-type: atomic 40796 image: 40797 description: 'Default image name to use 40798 for each Step. More info: https://kubernetes.io/docs/concepts/containers/images 40799 This field is optional to allow higher 40800 level config management to default or 40801 override container images in workload 40802 controllers like Deployments and StatefulSets.' 40803 type: string 40804 imagePullPolicy: 40805 description: 'Image pull policy. One of 40806 Always, Never, IfNotPresent. Defaults 40807 to Always if :latest tag is specified, 40808 or IfNotPresent otherwise. Cannot be updated. 40809 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 40810 type: string 40811 lifecycle: 40812 description: Deprecated. This field will 40813 be removed in a future release. Actions 40814 that the management system should take 40815 in response to container lifecycle events. 40816 Cannot be updated. 40817 properties: 40818 postStart: 40819 description: 'PostStart is called immediately 40820 after a container is created. If the 40821 handler fails, the container is terminated 40822 and restarted according to its restart 40823 policy. Other management of the container 40824 blocks until the hook completes. More 40825 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 40826 properties: 40827 exec: 40828 description: Exec specifies the 40829 action to take. 40830 properties: 40831 command: 40832 description: Command is the 40833 command line to execute inside 40834 the container, the working 40835 directory for the command is 40836 root ('/') in the container's 40837 filesystem. The command is 40838 simply exec'd, it is not run 40839 inside a shell, so traditional 40840 shell instructions ('|', etc) 40841 won't work. To use a shell, 40842 you need to explicitly call 40843 out to that shell. Exit status 40844 of 0 is treated as live/healthy 40845 and non-zero is unhealthy. 40846 items: 40847 type: string 40848 type: array 40849 type: object 40850 httpGet: 40851 description: HTTPGet specifies the 40852 http request to perform. 40853 properties: 40854 host: 40855 description: Host name to connect 40856 to, defaults to the pod IP. 40857 You probably want to set "Host" 40858 in httpHeaders instead. 40859 type: string 40860 httpHeaders: 40861 description: Custom headers 40862 to set in the request. HTTP 40863 allows repeated headers. 40864 items: 40865 description: HTTPHeader describes 40866 a custom header to be used 40867 in HTTP probes 40868 properties: 40869 name: 40870 description: The header 40871 field name. This will 40872 be canonicalized upon 40873 output, so case-variant 40874 names will be understood 40875 as the same header. 40876 type: string 40877 value: 40878 description: The header 40879 field value 40880 type: string 40881 required: 40882 - name 40883 - value 40884 type: object 40885 type: array 40886 path: 40887 description: Path to access 40888 on the HTTP server. 40889 type: string 40890 port: 40891 anyOf: 40892 - type: integer 40893 - type: string 40894 description: Name or number 40895 of the port to access on the 40896 container. Number must be 40897 in the range 1 to 65535. Name 40898 must be an IANA_SVC_NAME. 40899 x-kubernetes-int-or-string: true 40900 scheme: 40901 description: Scheme to use for 40902 connecting to the host. Defaults 40903 to HTTP. 40904 type: string 40905 required: 40906 - port 40907 type: object 40908 tcpSocket: 40909 description: Deprecated. TCPSocket 40910 is NOT supported as a LifecycleHandler 40911 and kept for the backward compatibility. 40912 There are no validation of this 40913 field and lifecycle hooks will 40914 fail in runtime when tcp handler 40915 is specified. 40916 properties: 40917 host: 40918 description: 'Optional: Host 40919 name to connect to, defaults 40920 to the pod IP.' 40921 type: string 40922 port: 40923 anyOf: 40924 - type: integer 40925 - type: string 40926 description: Number or name 40927 of the port to access on the 40928 container. Number must be 40929 in the range 1 to 65535. Name 40930 must be an IANA_SVC_NAME. 40931 x-kubernetes-int-or-string: true 40932 required: 40933 - port 40934 type: object 40935 type: object 40936 preStop: 40937 description: 'PreStop is called immediately 40938 before a container is terminated due 40939 to an API request or management event 40940 such as liveness/startup probe failure, 40941 preemption, resource contention, etc. 40942 The handler is not called if the container 40943 crashes or exits. The Pod''s termination 40944 grace period countdown begins before 40945 the PreStop hook is executed. Regardless 40946 of the outcome of the handler, the 40947 container will eventually terminate 40948 within the Pod''s termination grace 40949 period (unless delayed by finalizers). 40950 Other management of the container 40951 blocks until the hook completes or 40952 until the termination grace period 40953 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 40954 properties: 40955 exec: 40956 description: Exec specifies the 40957 action to take. 40958 properties: 40959 command: 40960 description: Command is the 40961 command line to execute inside 40962 the container, the working 40963 directory for the command is 40964 root ('/') in the container's 40965 filesystem. The command is 40966 simply exec'd, it is not run 40967 inside a shell, so traditional 40968 shell instructions ('|', etc) 40969 won't work. To use a shell, 40970 you need to explicitly call 40971 out to that shell. Exit status 40972 of 0 is treated as live/healthy 40973 and non-zero is unhealthy. 40974 items: 40975 type: string 40976 type: array 40977 type: object 40978 httpGet: 40979 description: HTTPGet specifies the 40980 http request to perform. 40981 properties: 40982 host: 40983 description: Host name to connect 40984 to, defaults to the pod IP. 40985 You probably want to set "Host" 40986 in httpHeaders instead. 40987 type: string 40988 httpHeaders: 40989 description: Custom headers 40990 to set in the request. HTTP 40991 allows repeated headers. 40992 items: 40993 description: HTTPHeader describes 40994 a custom header to be used 40995 in HTTP probes 40996 properties: 40997 name: 40998 description: The header 40999 field name. This will 41000 be canonicalized upon 41001 output, so case-variant 41002 names will be understood 41003 as the same header. 41004 type: string 41005 value: 41006 description: The header 41007 field value 41008 type: string 41009 required: 41010 - name 41011 - value 41012 type: object 41013 type: array 41014 path: 41015 description: Path to access 41016 on the HTTP server. 41017 type: string 41018 port: 41019 anyOf: 41020 - type: integer 41021 - type: string 41022 description: Name or number 41023 of the port to access on the 41024 container. Number must be 41025 in the range 1 to 65535. Name 41026 must be an IANA_SVC_NAME. 41027 x-kubernetes-int-or-string: true 41028 scheme: 41029 description: Scheme to use for 41030 connecting to the host. Defaults 41031 to HTTP. 41032 type: string 41033 required: 41034 - port 41035 type: object 41036 tcpSocket: 41037 description: Deprecated. TCPSocket 41038 is NOT supported as a LifecycleHandler 41039 and kept for the backward compatibility. 41040 There are no validation of this 41041 field and lifecycle hooks will 41042 fail in runtime when tcp handler 41043 is specified. 41044 properties: 41045 host: 41046 description: 'Optional: Host 41047 name to connect to, defaults 41048 to the pod IP.' 41049 type: string 41050 port: 41051 anyOf: 41052 - type: integer 41053 - type: string 41054 description: Number or name 41055 of the port to access on the 41056 container. Number must be 41057 in the range 1 to 65535. Name 41058 must be an IANA_SVC_NAME. 41059 x-kubernetes-int-or-string: true 41060 required: 41061 - port 41062 type: object 41063 type: object 41064 type: object 41065 livenessProbe: 41066 description: 'Deprecated. This field will 41067 be removed in a future release. Periodic 41068 probe of container liveness. Container 41069 will be restarted if the probe fails. 41070 Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41071 properties: 41072 exec: 41073 description: Exec specifies the action 41074 to take. 41075 properties: 41076 command: 41077 description: Command is the command 41078 line to execute inside the container, 41079 the working directory for the 41080 command is root ('/') in the 41081 container's filesystem. The command 41082 is simply exec'd, it is not run 41083 inside a shell, so traditional 41084 shell instructions ('|', etc) 41085 won't work. To use a shell, you 41086 need to explicitly call out to 41087 that shell. Exit status of 0 is 41088 treated as live/healthy and non-zero 41089 is unhealthy. 41090 items: 41091 type: string 41092 type: array 41093 type: object 41094 failureThreshold: 41095 description: Minimum consecutive failures 41096 for the probe to be considered failed 41097 after having succeeded. Defaults to 41098 3. Minimum value is 1. 41099 format: int32 41100 type: integer 41101 grpc: 41102 description: GRPC specifies an action 41103 involving a GRPC port. 41104 properties: 41105 port: 41106 description: Port number of the 41107 gRPC service. Number must be in 41108 the range 1 to 65535. 41109 format: int32 41110 type: integer 41111 service: 41112 description: "Service is the name 41113 of the service to place in the 41114 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 41115 \n If this is not specified, the 41116 default behavior is defined by 41117 gRPC." 41118 type: string 41119 required: 41120 - port 41121 type: object 41122 httpGet: 41123 description: HTTPGet specifies the http 41124 request to perform. 41125 properties: 41126 host: 41127 description: Host name to connect 41128 to, defaults to the pod IP. You 41129 probably want to set "Host" in 41130 httpHeaders instead. 41131 type: string 41132 httpHeaders: 41133 description: Custom headers to set 41134 in the request. HTTP allows repeated 41135 headers. 41136 items: 41137 description: HTTPHeader describes 41138 a custom header to be used in 41139 HTTP probes 41140 properties: 41141 name: 41142 description: The header field 41143 name. This will be canonicalized 41144 upon output, so case-variant 41145 names will be understood 41146 as the same header. 41147 type: string 41148 value: 41149 description: The header field 41150 value 41151 type: string 41152 required: 41153 - name 41154 - value 41155 type: object 41156 type: array 41157 path: 41158 description: Path to access on the 41159 HTTP server. 41160 type: string 41161 port: 41162 anyOf: 41163 - type: integer 41164 - type: string 41165 description: Name or number of the 41166 port to access on the container. 41167 Number must be in the range 1 41168 to 65535. Name must be an IANA_SVC_NAME. 41169 x-kubernetes-int-or-string: true 41170 scheme: 41171 description: Scheme to use for connecting 41172 to the host. Defaults to HTTP. 41173 type: string 41174 required: 41175 - port 41176 type: object 41177 initialDelaySeconds: 41178 description: 'Number of seconds after 41179 the container has started before liveness 41180 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41181 format: int32 41182 type: integer 41183 periodSeconds: 41184 description: How often (in seconds) 41185 to perform the probe. Default to 10 41186 seconds. Minimum value is 1. 41187 format: int32 41188 type: integer 41189 successThreshold: 41190 description: Minimum consecutive successes 41191 for the probe to be considered successful 41192 after having failed. Defaults to 1. 41193 Must be 1 for liveness and startup. 41194 Minimum value is 1. 41195 format: int32 41196 type: integer 41197 tcpSocket: 41198 description: TCPSocket specifies an 41199 action involving a TCP port. 41200 properties: 41201 host: 41202 description: 'Optional: Host name 41203 to connect to, defaults to the 41204 pod IP.' 41205 type: string 41206 port: 41207 anyOf: 41208 - type: integer 41209 - type: string 41210 description: Number or name of the 41211 port to access on the container. 41212 Number must be in the range 1 41213 to 65535. Name must be an IANA_SVC_NAME. 41214 x-kubernetes-int-or-string: true 41215 required: 41216 - port 41217 type: object 41218 terminationGracePeriodSeconds: 41219 description: Optional duration in seconds 41220 the pod needs to terminate gracefully 41221 upon probe failure. The grace period 41222 is the duration in seconds after the 41223 processes running in the pod are sent 41224 a termination signal and the time 41225 when the processes are forcibly halted 41226 with a kill signal. Set this value 41227 longer than the expected cleanup time 41228 for your process. If this value is 41229 nil, the pod's terminationGracePeriodSeconds 41230 will be used. Otherwise, this value 41231 overrides the value provided by the 41232 pod spec. Value must be non-negative 41233 integer. The value zero indicates 41234 stop immediately via the kill signal 41235 (no opportunity to shut down). This 41236 is a beta field and requires enabling 41237 ProbeTerminationGracePeriod feature 41238 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 41239 is used if unset. 41240 format: int64 41241 type: integer 41242 timeoutSeconds: 41243 description: 'Number of seconds after 41244 which the probe times out. Defaults 41245 to 1 second. Minimum value is 1. More 41246 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41247 format: int32 41248 type: integer 41249 type: object 41250 name: 41251 description: Deprecated. This field will 41252 be removed in a future release. Default 41253 name for each Step specified as a DNS_LABEL. 41254 Each Step in a Task must have a unique 41255 name. Cannot be updated. 41256 type: string 41257 ports: 41258 description: Deprecated. This field will 41259 be removed in a future release. List of 41260 ports to expose from the Step's container. 41261 Exposing a port here gives the system 41262 additional information about the network 41263 connections a container uses, but is primarily 41264 informational. Not specifying a port here 41265 DOES NOT prevent that port from being 41266 exposed. Any port which is listening on 41267 the default "0.0.0.0" address inside a 41268 container will be accessible from the 41269 network. Cannot be updated. 41270 items: 41271 description: ContainerPort represents 41272 a network port in a single container. 41273 properties: 41274 containerPort: 41275 description: Number of port to expose 41276 on the pod's IP address. This must 41277 be a valid port number, 0 < x < 41278 65536. 41279 format: int32 41280 type: integer 41281 hostIP: 41282 description: What host IP to bind 41283 the external port to. 41284 type: string 41285 hostPort: 41286 description: Number of port to expose 41287 on the host. If specified, this 41288 must be a valid port number, 0 < 41289 x < 65536. If HostNetwork is specified, 41290 this must match ContainerPort. Most 41291 containers do not need this. 41292 format: int32 41293 type: integer 41294 name: 41295 description: If specified, this must 41296 be an IANA_SVC_NAME and unique within 41297 the pod. Each named port in a pod 41298 must have a unique name. Name for 41299 the port that can be referred to 41300 by services. 41301 type: string 41302 protocol: 41303 default: TCP 41304 description: Protocol for port. Must 41305 be UDP, TCP, or SCTP. Defaults to 41306 "TCP". 41307 type: string 41308 required: 41309 - containerPort 41310 type: object 41311 type: array 41312 x-kubernetes-list-map-keys: 41313 - containerPort 41314 - protocol 41315 x-kubernetes-list-type: map 41316 readinessProbe: 41317 description: 'Deprecated. This field will 41318 be removed in a future release. Periodic 41319 probe of container service readiness. 41320 Container will be removed from service 41321 endpoints if the probe fails. Cannot be 41322 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41323 properties: 41324 exec: 41325 description: Exec specifies the action 41326 to take. 41327 properties: 41328 command: 41329 description: Command is the command 41330 line to execute inside the container, 41331 the working directory for the 41332 command is root ('/') in the 41333 container's filesystem. The command 41334 is simply exec'd, it is not run 41335 inside a shell, so traditional 41336 shell instructions ('|', etc) 41337 won't work. To use a shell, you 41338 need to explicitly call out to 41339 that shell. Exit status of 0 is 41340 treated as live/healthy and non-zero 41341 is unhealthy. 41342 items: 41343 type: string 41344 type: array 41345 type: object 41346 failureThreshold: 41347 description: Minimum consecutive failures 41348 for the probe to be considered failed 41349 after having succeeded. Defaults to 41350 3. Minimum value is 1. 41351 format: int32 41352 type: integer 41353 grpc: 41354 description: GRPC specifies an action 41355 involving a GRPC port. 41356 properties: 41357 port: 41358 description: Port number of the 41359 gRPC service. Number must be in 41360 the range 1 to 65535. 41361 format: int32 41362 type: integer 41363 service: 41364 description: "Service is the name 41365 of the service to place in the 41366 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 41367 \n If this is not specified, the 41368 default behavior is defined by 41369 gRPC." 41370 type: string 41371 required: 41372 - port 41373 type: object 41374 httpGet: 41375 description: HTTPGet specifies the http 41376 request to perform. 41377 properties: 41378 host: 41379 description: Host name to connect 41380 to, defaults to the pod IP. You 41381 probably want to set "Host" in 41382 httpHeaders instead. 41383 type: string 41384 httpHeaders: 41385 description: Custom headers to set 41386 in the request. HTTP allows repeated 41387 headers. 41388 items: 41389 description: HTTPHeader describes 41390 a custom header to be used in 41391 HTTP probes 41392 properties: 41393 name: 41394 description: The header field 41395 name. This will be canonicalized 41396 upon output, so case-variant 41397 names will be understood 41398 as the same header. 41399 type: string 41400 value: 41401 description: The header field 41402 value 41403 type: string 41404 required: 41405 - name 41406 - value 41407 type: object 41408 type: array 41409 path: 41410 description: Path to access on the 41411 HTTP server. 41412 type: string 41413 port: 41414 anyOf: 41415 - type: integer 41416 - type: string 41417 description: Name or number of the 41418 port to access on the container. 41419 Number must be in the range 1 41420 to 65535. Name must be an IANA_SVC_NAME. 41421 x-kubernetes-int-or-string: true 41422 scheme: 41423 description: Scheme to use for connecting 41424 to the host. Defaults to HTTP. 41425 type: string 41426 required: 41427 - port 41428 type: object 41429 initialDelaySeconds: 41430 description: 'Number of seconds after 41431 the container has started before liveness 41432 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41433 format: int32 41434 type: integer 41435 periodSeconds: 41436 description: How often (in seconds) 41437 to perform the probe. Default to 10 41438 seconds. Minimum value is 1. 41439 format: int32 41440 type: integer 41441 successThreshold: 41442 description: Minimum consecutive successes 41443 for the probe to be considered successful 41444 after having failed. Defaults to 1. 41445 Must be 1 for liveness and startup. 41446 Minimum value is 1. 41447 format: int32 41448 type: integer 41449 tcpSocket: 41450 description: TCPSocket specifies an 41451 action involving a TCP port. 41452 properties: 41453 host: 41454 description: 'Optional: Host name 41455 to connect to, defaults to the 41456 pod IP.' 41457 type: string 41458 port: 41459 anyOf: 41460 - type: integer 41461 - type: string 41462 description: Number or name of the 41463 port to access on the container. 41464 Number must be in the range 1 41465 to 65535. Name must be an IANA_SVC_NAME. 41466 x-kubernetes-int-or-string: true 41467 required: 41468 - port 41469 type: object 41470 terminationGracePeriodSeconds: 41471 description: Optional duration in seconds 41472 the pod needs to terminate gracefully 41473 upon probe failure. The grace period 41474 is the duration in seconds after the 41475 processes running in the pod are sent 41476 a termination signal and the time 41477 when the processes are forcibly halted 41478 with a kill signal. Set this value 41479 longer than the expected cleanup time 41480 for your process. If this value is 41481 nil, the pod's terminationGracePeriodSeconds 41482 will be used. Otherwise, this value 41483 overrides the value provided by the 41484 pod spec. Value must be non-negative 41485 integer. The value zero indicates 41486 stop immediately via the kill signal 41487 (no opportunity to shut down). This 41488 is a beta field and requires enabling 41489 ProbeTerminationGracePeriod feature 41490 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 41491 is used if unset. 41492 format: int64 41493 type: integer 41494 timeoutSeconds: 41495 description: 'Number of seconds after 41496 which the probe times out. Defaults 41497 to 1 second. Minimum value is 1. More 41498 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41499 format: int32 41500 type: integer 41501 type: object 41502 resources: 41503 description: 'Compute Resources required 41504 by this Step. Cannot be updated. More 41505 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 41506 properties: 41507 claims: 41508 description: "Claims lists the names 41509 of resources, defined in spec.resourceClaims, 41510 that are used by this container. \n 41511 This is an alpha field and requires 41512 enabling the DynamicResourceAllocation 41513 feature gate. \n This field is immutable. 41514 It can only be set for containers." 41515 items: 41516 description: ResourceClaim references 41517 one entry in PodSpec.ResourceClaims. 41518 properties: 41519 name: 41520 description: Name must match the 41521 name of one entry in pod.spec.resourceClaims 41522 of the Pod where this field 41523 is used. It makes that resource 41524 available inside a container. 41525 type: string 41526 required: 41527 - name 41528 type: object 41529 type: array 41530 x-kubernetes-list-map-keys: 41531 - name 41532 x-kubernetes-list-type: map 41533 limits: 41534 additionalProperties: 41535 anyOf: 41536 - type: integer 41537 - type: string 41538 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 41539 x-kubernetes-int-or-string: true 41540 description: 'Limits describes the maximum 41541 amount of compute resources allowed. 41542 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 41543 type: object 41544 requests: 41545 additionalProperties: 41546 anyOf: 41547 - type: integer 41548 - type: string 41549 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 41550 x-kubernetes-int-or-string: true 41551 description: 'Requests describes the 41552 minimum amount of compute resources 41553 required. If Requests is omitted for 41554 a container, it defaults to Limits 41555 if that is explicitly specified, otherwise 41556 to an implementation-defined value. 41557 Requests cannot exceed Limits. More 41558 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 41559 type: object 41560 type: object 41561 securityContext: 41562 description: 'SecurityContext defines the 41563 security options the Step should be run 41564 with. If set, the fields of SecurityContext 41565 override the equivalent fields of PodSecurityContext. 41566 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 41567 properties: 41568 allowPrivilegeEscalation: 41569 description: 'AllowPrivilegeEscalation 41570 controls whether a process can gain 41571 more privileges than its parent process. 41572 This bool directly controls if the 41573 no_new_privs flag will be set on the 41574 container process. AllowPrivilegeEscalation 41575 is true always when the container 41576 is: 1) run as Privileged 2) has CAP_SYS_ADMIN 41577 Note that this field cannot be set 41578 when spec.os.name is windows.' 41579 type: boolean 41580 capabilities: 41581 description: The capabilities to add/drop 41582 when running containers. Defaults 41583 to the default set of capabilities 41584 granted by the container runtime. 41585 Note that this field cannot be set 41586 when spec.os.name is windows. 41587 properties: 41588 add: 41589 description: Added capabilities 41590 items: 41591 description: Capability represent 41592 POSIX capabilities type 41593 type: string 41594 type: array 41595 drop: 41596 description: Removed capabilities 41597 items: 41598 description: Capability represent 41599 POSIX capabilities type 41600 type: string 41601 type: array 41602 type: object 41603 privileged: 41604 description: Run container in privileged 41605 mode. Processes in privileged containers 41606 are essentially equivalent to root 41607 on the host. Defaults to false. Note 41608 that this field cannot be set when 41609 spec.os.name is windows. 41610 type: boolean 41611 procMount: 41612 description: procMount denotes the type 41613 of proc mount to use for the containers. 41614 The default is DefaultProcMount which 41615 uses the container runtime defaults 41616 for readonly paths and masked paths. 41617 This requires the ProcMountType feature 41618 flag to be enabled. Note that this 41619 field cannot be set when spec.os.name 41620 is windows. 41621 type: string 41622 readOnlyRootFilesystem: 41623 description: Whether this container 41624 has a read-only root filesystem. Default 41625 is false. Note that this field cannot 41626 be set when spec.os.name is windows. 41627 type: boolean 41628 runAsGroup: 41629 description: The GID to run the entrypoint 41630 of the container process. Uses runtime 41631 default if unset. May also be set 41632 in PodSecurityContext. If set in 41633 both SecurityContext and PodSecurityContext, 41634 the value specified in SecurityContext 41635 takes precedence. Note that this field 41636 cannot be set when spec.os.name is 41637 windows. 41638 format: int64 41639 type: integer 41640 runAsNonRoot: 41641 description: Indicates that the container 41642 must run as a non-root user. If true, 41643 the Kubelet will validate the image 41644 at runtime to ensure that it does 41645 not run as UID 0 (root) and fail to 41646 start the container if it does. If 41647 unset or false, no such validation 41648 will be performed. May also be set 41649 in PodSecurityContext. If set in 41650 both SecurityContext and PodSecurityContext, 41651 the value specified in SecurityContext 41652 takes precedence. 41653 type: boolean 41654 runAsUser: 41655 description: The UID to run the entrypoint 41656 of the container process. Defaults 41657 to user specified in image metadata 41658 if unspecified. May also be set in 41659 PodSecurityContext. If set in both 41660 SecurityContext and PodSecurityContext, 41661 the value specified in SecurityContext 41662 takes precedence. Note that this field 41663 cannot be set when spec.os.name is 41664 windows. 41665 format: int64 41666 type: integer 41667 seLinuxOptions: 41668 description: The SELinux context to 41669 be applied to the container. If unspecified, 41670 the container runtime will allocate 41671 a random SELinux context for each 41672 container. May also be set in PodSecurityContext. If 41673 set in both SecurityContext and PodSecurityContext, 41674 the value specified in SecurityContext 41675 takes precedence. Note that this field 41676 cannot be set when spec.os.name is 41677 windows. 41678 properties: 41679 level: 41680 description: Level is SELinux level 41681 label that applies to the container. 41682 type: string 41683 role: 41684 description: Role is a SELinux role 41685 label that applies to the container. 41686 type: string 41687 type: 41688 description: Type is a SELinux type 41689 label that applies to the container. 41690 type: string 41691 user: 41692 description: User is a SELinux user 41693 label that applies to the container. 41694 type: string 41695 type: object 41696 seccompProfile: 41697 description: The seccomp options to 41698 use by this container. If seccomp 41699 options are provided at both the pod 41700 & container level, the container options 41701 override the pod options. Note that 41702 this field cannot be set when spec.os.name 41703 is windows. 41704 properties: 41705 localhostProfile: 41706 description: localhostProfile indicates 41707 a profile defined in a file on 41708 the node should be used. The profile 41709 must be preconfigured on the node 41710 to work. Must be a descending 41711 path, relative to the kubelet's 41712 configured seccomp profile location. 41713 Must be set if type is "Localhost". 41714 Must NOT be set for any other 41715 type. 41716 type: string 41717 type: 41718 description: "type indicates which 41719 kind of seccomp profile will be 41720 applied. Valid options are: \n 41721 Localhost - a profile defined 41722 in a file on the node should be 41723 used. RuntimeDefault - the container 41724 runtime default profile should 41725 be used. Unconfined - no profile 41726 should be applied." 41727 type: string 41728 required: 41729 - type 41730 type: object 41731 windowsOptions: 41732 description: The Windows specific settings 41733 applied to all containers. If unspecified, 41734 the options from the PodSecurityContext 41735 will be used. If set in both SecurityContext 41736 and PodSecurityContext, the value 41737 specified in SecurityContext takes 41738 precedence. Note that this field cannot 41739 be set when spec.os.name is linux. 41740 properties: 41741 gmsaCredentialSpec: 41742 description: GMSACredentialSpec 41743 is where the GMSA admission webhook 41744 (https://github.com/kubernetes-sigs/windows-gmsa) 41745 inlines the contents of the GMSA 41746 credential spec named by the GMSACredentialSpecName 41747 field. 41748 type: string 41749 gmsaCredentialSpecName: 41750 description: GMSACredentialSpecName 41751 is the name of the GMSA credential 41752 spec to use. 41753 type: string 41754 hostProcess: 41755 description: HostProcess determines 41756 if a container should be run as 41757 a 'Host Process' container. All 41758 of a Pod's containers must have 41759 the same effective HostProcess 41760 value (it is not allowed to have 41761 a mix of HostProcess containers 41762 and non-HostProcess containers). 41763 In addition, if HostProcess is 41764 true then HostNetwork must also 41765 be set to true. 41766 type: boolean 41767 runAsUserName: 41768 description: The UserName in Windows 41769 to run the entrypoint of the container 41770 process. Defaults to the user 41771 specified in image metadata if 41772 unspecified. May also be set in 41773 PodSecurityContext. If set in 41774 both SecurityContext and PodSecurityContext, 41775 the value specified in SecurityContext 41776 takes precedence. 41777 type: string 41778 type: object 41779 type: object 41780 startupProbe: 41781 description: 'Deprecated. This field will 41782 be removed in a future release. DeprecatedStartupProbe 41783 indicates that the Pod has successfully 41784 initialized. If specified, no other probes 41785 are executed until this completes successfully. 41786 If this probe fails, the Pod will be restarted, 41787 just as if the livenessProbe failed. This 41788 can be used to provide different probe 41789 parameters at the beginning of a Pod''s 41790 lifecycle, when it might take a long time 41791 to load data or warm a cache, than during 41792 steady-state operation. This cannot be 41793 updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41794 properties: 41795 exec: 41796 description: Exec specifies the action 41797 to take. 41798 properties: 41799 command: 41800 description: Command is the command 41801 line to execute inside the container, 41802 the working directory for the 41803 command is root ('/') in the 41804 container's filesystem. The command 41805 is simply exec'd, it is not run 41806 inside a shell, so traditional 41807 shell instructions ('|', etc) 41808 won't work. To use a shell, you 41809 need to explicitly call out to 41810 that shell. Exit status of 0 is 41811 treated as live/healthy and non-zero 41812 is unhealthy. 41813 items: 41814 type: string 41815 type: array 41816 type: object 41817 failureThreshold: 41818 description: Minimum consecutive failures 41819 for the probe to be considered failed 41820 after having succeeded. Defaults to 41821 3. Minimum value is 1. 41822 format: int32 41823 type: integer 41824 grpc: 41825 description: GRPC specifies an action 41826 involving a GRPC port. 41827 properties: 41828 port: 41829 description: Port number of the 41830 gRPC service. Number must be in 41831 the range 1 to 65535. 41832 format: int32 41833 type: integer 41834 service: 41835 description: "Service is the name 41836 of the service to place in the 41837 gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 41838 \n If this is not specified, the 41839 default behavior is defined by 41840 gRPC." 41841 type: string 41842 required: 41843 - port 41844 type: object 41845 httpGet: 41846 description: HTTPGet specifies the http 41847 request to perform. 41848 properties: 41849 host: 41850 description: Host name to connect 41851 to, defaults to the pod IP. You 41852 probably want to set "Host" in 41853 httpHeaders instead. 41854 type: string 41855 httpHeaders: 41856 description: Custom headers to set 41857 in the request. HTTP allows repeated 41858 headers. 41859 items: 41860 description: HTTPHeader describes 41861 a custom header to be used in 41862 HTTP probes 41863 properties: 41864 name: 41865 description: The header field 41866 name. This will be canonicalized 41867 upon output, so case-variant 41868 names will be understood 41869 as the same header. 41870 type: string 41871 value: 41872 description: The header field 41873 value 41874 type: string 41875 required: 41876 - name 41877 - value 41878 type: object 41879 type: array 41880 path: 41881 description: Path to access on the 41882 HTTP server. 41883 type: string 41884 port: 41885 anyOf: 41886 - type: integer 41887 - type: string 41888 description: Name or number of the 41889 port to access on the container. 41890 Number must be in the range 1 41891 to 65535. Name must be an IANA_SVC_NAME. 41892 x-kubernetes-int-or-string: true 41893 scheme: 41894 description: Scheme to use for connecting 41895 to the host. Defaults to HTTP. 41896 type: string 41897 required: 41898 - port 41899 type: object 41900 initialDelaySeconds: 41901 description: 'Number of seconds after 41902 the container has started before liveness 41903 probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41904 format: int32 41905 type: integer 41906 periodSeconds: 41907 description: How often (in seconds) 41908 to perform the probe. Default to 10 41909 seconds. Minimum value is 1. 41910 format: int32 41911 type: integer 41912 successThreshold: 41913 description: Minimum consecutive successes 41914 for the probe to be considered successful 41915 after having failed. Defaults to 1. 41916 Must be 1 for liveness and startup. 41917 Minimum value is 1. 41918 format: int32 41919 type: integer 41920 tcpSocket: 41921 description: TCPSocket specifies an 41922 action involving a TCP port. 41923 properties: 41924 host: 41925 description: 'Optional: Host name 41926 to connect to, defaults to the 41927 pod IP.' 41928 type: string 41929 port: 41930 anyOf: 41931 - type: integer 41932 - type: string 41933 description: Number or name of the 41934 port to access on the container. 41935 Number must be in the range 1 41936 to 65535. Name must be an IANA_SVC_NAME. 41937 x-kubernetes-int-or-string: true 41938 required: 41939 - port 41940 type: object 41941 terminationGracePeriodSeconds: 41942 description: Optional duration in seconds 41943 the pod needs to terminate gracefully 41944 upon probe failure. The grace period 41945 is the duration in seconds after the 41946 processes running in the pod are sent 41947 a termination signal and the time 41948 when the processes are forcibly halted 41949 with a kill signal. Set this value 41950 longer than the expected cleanup time 41951 for your process. If this value is 41952 nil, the pod's terminationGracePeriodSeconds 41953 will be used. Otherwise, this value 41954 overrides the value provided by the 41955 pod spec. Value must be non-negative 41956 integer. The value zero indicates 41957 stop immediately via the kill signal 41958 (no opportunity to shut down). This 41959 is a beta field and requires enabling 41960 ProbeTerminationGracePeriod feature 41961 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 41962 is used if unset. 41963 format: int64 41964 type: integer 41965 timeoutSeconds: 41966 description: 'Number of seconds after 41967 which the probe times out. Defaults 41968 to 1 second. Minimum value is 1. More 41969 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 41970 format: int32 41971 type: integer 41972 type: object 41973 stdin: 41974 description: Deprecated. This field will 41975 be removed in a future release. Whether 41976 this Step should allocate a buffer for 41977 stdin in the container runtime. If this 41978 is not set, reads from stdin in the Step 41979 will always result in EOF. Default is 41980 false. 41981 type: boolean 41982 stdinOnce: 41983 description: Deprecated. This field will 41984 be removed in a future release. Whether 41985 the container runtime should close the 41986 stdin channel after it has been opened 41987 by a single attach. When stdin is true 41988 the stdin stream will remain open across 41989 multiple attach sessions. If stdinOnce 41990 is set to true, stdin is opened on container 41991 start, is empty until the first client 41992 attaches to stdin, and then remains open 41993 and accepts data until the client disconnects, 41994 at which time stdin is closed and remains 41995 closed until the container is restarted. 41996 If this flag is false, a container processes 41997 that reads from stdin will never receive 41998 an EOF. Default is false 41999 type: boolean 42000 terminationMessagePath: 42001 description: Deprecated. This field will 42002 be removed in a future release and cannot 42003 be meaningfully used. 42004 type: string 42005 terminationMessagePolicy: 42006 description: Deprecated. This field will 42007 be removed in a future release and cannot 42008 be meaningfully used. 42009 type: string 42010 tty: 42011 description: Deprecated. This field will 42012 be removed in a future release. Whether 42013 this Step should allocate a DeprecatedTTY 42014 for itself, also requires 'stdin' to be 42015 true. Default is false. 42016 type: boolean 42017 volumeDevices: 42018 description: volumeDevices is the list of 42019 block devices to be used by the Step. 42020 items: 42021 description: volumeDevice describes a 42022 mapping of a raw block device within 42023 a container. 42024 properties: 42025 devicePath: 42026 description: devicePath is the path 42027 inside of the container that the 42028 device will be mapped to. 42029 type: string 42030 name: 42031 description: name must match the name 42032 of a persistentVolumeClaim in the 42033 pod 42034 type: string 42035 required: 42036 - devicePath 42037 - name 42038 type: object 42039 type: array 42040 x-kubernetes-list-type: atomic 42041 volumeMounts: 42042 description: Volumes to mount into the Step's 42043 filesystem. Cannot be updated. 42044 items: 42045 description: VolumeMount describes a mounting 42046 of a Volume within a container. 42047 properties: 42048 mountPath: 42049 description: Path within the container 42050 at which the volume should be mounted. Must 42051 not contain ':'. 42052 type: string 42053 mountPropagation: 42054 description: mountPropagation determines 42055 how mounts are propagated from the 42056 host to container and the other 42057 way around. When not set, MountPropagationNone 42058 is used. This field is beta in 1.10. 42059 type: string 42060 name: 42061 description: This must match the Name 42062 of a Volume. 42063 type: string 42064 readOnly: 42065 description: Mounted read-only if 42066 true, read-write otherwise (false 42067 or unspecified). Defaults to false. 42068 type: boolean 42069 subPath: 42070 description: Path within the volume 42071 from which the container's volume 42072 should be mounted. Defaults to "" 42073 (volume's root). 42074 type: string 42075 subPathExpr: 42076 description: Expanded path within 42077 the volume from which the container's 42078 volume should be mounted. Behaves 42079 similarly to SubPath but environment 42080 variable references $(VAR_NAME) 42081 are expanded using the container's 42082 environment. Defaults to "" (volume's 42083 root). SubPathExpr and SubPath are 42084 mutually exclusive. 42085 type: string 42086 required: 42087 - mountPath 42088 - name 42089 type: object 42090 type: array 42091 x-kubernetes-list-type: atomic 42092 workingDir: 42093 description: Step's working directory. If 42094 not specified, the container runtime's 42095 default will be used, which might be configured 42096 in the container image. Cannot be updated. 42097 type: string 42098 required: 42099 - name 42100 type: object 42101 steps: 42102 description: Steps are the steps of the build; 42103 each step is run sequentially with the source 42104 mounted into /workspace. 42105 items: 42106 description: Step runs a subcomponent of a 42107 Task 42108 properties: 42109 args: 42110 description: 'Arguments to the entrypoint. 42111 The image''s CMD is used if this is 42112 not provided. Variable references $(VAR_NAME) 42113 are expanded using the container''s 42114 environment. If a variable cannot be 42115 resolved, the reference in the input 42116 string will be unchanged. Double $$ 42117 are reduced to a single $, which allows 42118 for escaping the $(VAR_NAME) syntax: 42119 i.e. "$$(VAR_NAME)" will produce the 42120 string literal "$(VAR_NAME)". Escaped 42121 references will never be expanded, regardless 42122 of whether the variable exists or not. 42123 Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 42124 items: 42125 type: string 42126 type: array 42127 x-kubernetes-list-type: atomic 42128 command: 42129 description: 'Entrypoint array. Not executed 42130 within a shell. The image''s ENTRYPOINT 42131 is used if this is not provided. Variable 42132 references $(VAR_NAME) are expanded 42133 using the container''s environment. 42134 If a variable cannot be resolved, the 42135 reference in the input string will be 42136 unchanged. Double $$ are reduced to 42137 a single $, which allows for escaping 42138 the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 42139 will produce the string literal "$(VAR_NAME)". 42140 Escaped references will never be expanded, 42141 regardless of whether the variable exists 42142 or not. Cannot be updated. More info: 42143 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 42144 items: 42145 type: string 42146 type: array 42147 x-kubernetes-list-type: atomic 42148 env: 42149 description: List of environment variables 42150 to set in the container. Cannot be updated. 42151 items: 42152 description: EnvVar represents an environment 42153 variable present in a Container. 42154 properties: 42155 name: 42156 description: Name of the environment 42157 variable. Must be a C_IDENTIFIER. 42158 type: string 42159 value: 42160 description: 'Variable references 42161 $(VAR_NAME) are expanded using 42162 the previously defined environment 42163 variables in the container and 42164 any service environment variables. 42165 If a variable cannot be resolved, 42166 the reference in the input string 42167 will be unchanged. Double $$ are 42168 reduced to a single $, which allows 42169 for escaping the $(VAR_NAME) syntax: 42170 i.e. "$$(VAR_NAME)" will produce 42171 the string literal "$(VAR_NAME)". 42172 Escaped references will never 42173 be expanded, regardless of whether 42174 the variable exists or not. Defaults 42175 to "".' 42176 type: string 42177 valueFrom: 42178 description: Source for the environment 42179 variable's value. Cannot be used 42180 if value is not empty. 42181 properties: 42182 configMapKeyRef: 42183 description: Selects a key of 42184 a ConfigMap. 42185 properties: 42186 key: 42187 description: The key to 42188 select. 42189 type: string 42190 name: 42191 description: 'Name of the 42192 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 42193 TODO: Add other useful 42194 fields. apiVersion, kind, 42195 uid?' 42196 type: string 42197 optional: 42198 description: Specify whether 42199 the ConfigMap or its key 42200 must be defined 42201 type: boolean 42202 required: 42203 - key 42204 type: object 42205 fieldRef: 42206 description: 'Selects a field 42207 of the pod: supports metadata.name, 42208 metadata.namespace, `metadata.labels[''<KEY>'']`, 42209 `metadata.annotations[''<KEY>'']`, 42210 spec.nodeName, spec.serviceAccountName, 42211 status.hostIP, status.podIP, 42212 status.podIPs.' 42213 properties: 42214 apiVersion: 42215 description: Version of 42216 the schema the FieldPath 42217 is written in terms of, 42218 defaults to "v1". 42219 type: string 42220 fieldPath: 42221 description: Path of the 42222 field to select in the 42223 specified API version. 42224 type: string 42225 required: 42226 - fieldPath 42227 type: object 42228 resourceFieldRef: 42229 description: 'Selects a resource 42230 of the container: only resources 42231 limits and requests (limits.cpu, 42232 limits.memory, limits.ephemeral-storage, 42233 requests.cpu, requests.memory 42234 and requests.ephemeral-storage) 42235 are currently supported.' 42236 properties: 42237 containerName: 42238 description: 'Container 42239 name: required for volumes, 42240 optional for env vars' 42241 type: string 42242 divisor: 42243 anyOf: 42244 - type: integer 42245 - type: string 42246 description: Specifies the 42247 output format of the exposed 42248 resources, defaults to 42249 "1" 42250 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 42251 x-kubernetes-int-or-string: true 42252 resource: 42253 description: 'Required: 42254 resource to select' 42255 type: string 42256 required: 42257 - resource 42258 type: object 42259 secretKeyRef: 42260 description: Selects a key of 42261 a secret in the pod's namespace 42262 properties: 42263 key: 42264 description: The key of 42265 the secret to select from. Must 42266 be a valid secret key. 42267 type: string 42268 name: 42269 description: 'Name of the 42270 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 42271 TODO: Add other useful 42272 fields. apiVersion, kind, 42273 uid?' 42274 type: string 42275 optional: 42276 description: Specify whether 42277 the Secret or its key 42278 must be defined 42279 type: boolean 42280 required: 42281 - key 42282 type: object 42283 type: object 42284 required: 42285 - name 42286 type: object 42287 type: array 42288 x-kubernetes-list-type: atomic 42289 envFrom: 42290 description: List of sources to populate 42291 environment variables in the container. 42292 The keys defined within a source must 42293 be a C_IDENTIFIER. All invalid keys 42294 will be reported as an event when the 42295 container is starting. When a key exists 42296 in multiple sources, the value associated 42297 with the last source will take precedence. 42298 Values defined by an Env with a duplicate 42299 key will take precedence. Cannot be 42300 updated. 42301 items: 42302 description: EnvFromSource represents 42303 the source of a set of ConfigMaps 42304 properties: 42305 configMapRef: 42306 description: The ConfigMap to select 42307 from 42308 properties: 42309 name: 42310 description: 'Name of the referent. 42311 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 42312 TODO: Add other useful fields. 42313 apiVersion, kind, uid?' 42314 type: string 42315 optional: 42316 description: Specify whether 42317 the ConfigMap must be defined 42318 type: boolean 42319 type: object 42320 prefix: 42321 description: An optional identifier 42322 to prepend to each key in the 42323 ConfigMap. Must be a C_IDENTIFIER. 42324 type: string 42325 secretRef: 42326 description: The Secret to select 42327 from 42328 properties: 42329 name: 42330 description: 'Name of the referent. 42331 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 42332 TODO: Add other useful fields. 42333 apiVersion, kind, uid?' 42334 type: string 42335 optional: 42336 description: Specify whether 42337 the Secret must be defined 42338 type: boolean 42339 type: object 42340 type: object 42341 type: array 42342 x-kubernetes-list-type: atomic 42343 image: 42344 description: 'Image reference name to 42345 run for this Step. More info: https://kubernetes.io/docs/concepts/containers/images' 42346 type: string 42347 imagePullPolicy: 42348 description: 'Image pull policy. One of 42349 Always, Never, IfNotPresent. Defaults 42350 to Always if :latest tag is specified, 42351 or IfNotPresent otherwise. Cannot be 42352 updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 42353 type: string 42354 lifecycle: 42355 description: Deprecated. This field will 42356 be removed in a future release. Actions 42357 that the management system should take 42358 in response to container lifecycle events. 42359 Cannot be updated. 42360 properties: 42361 postStart: 42362 description: 'PostStart is called 42363 immediately after a container is 42364 created. If the handler fails, the 42365 container is terminated and restarted 42366 according to its restart policy. 42367 Other management of the container 42368 blocks until the hook completes. 42369 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 42370 properties: 42371 exec: 42372 description: Exec specifies the 42373 action to take. 42374 properties: 42375 command: 42376 description: Command is the 42377 command line to execute 42378 inside the container, the 42379 working directory for the 42380 command is root ('/') in 42381 the container's filesystem. 42382 The command is simply exec'd, 42383 it is not run inside a shell, 42384 so traditional shell instructions 42385 ('|', etc) won't work. To 42386 use a shell, you need to 42387 explicitly call out to that 42388 shell. Exit status of 0 42389 is treated as live/healthy 42390 and non-zero is unhealthy. 42391 items: 42392 type: string 42393 type: array 42394 type: object 42395 httpGet: 42396 description: HTTPGet specifies 42397 the http request to perform. 42398 properties: 42399 host: 42400 description: Host name to 42401 connect to, defaults to 42402 the pod IP. You probably 42403 want to set "Host" in httpHeaders 42404 instead. 42405 type: string 42406 httpHeaders: 42407 description: Custom headers 42408 to set in the request. HTTP 42409 allows repeated headers. 42410 items: 42411 description: HTTPHeader 42412 describes a custom header 42413 to be used in HTTP probes 42414 properties: 42415 name: 42416 description: The header 42417 field name. This will 42418 be canonicalized upon 42419 output, so case-variant 42420 names will be understood 42421 as the same header. 42422 type: string 42423 value: 42424 description: The header 42425 field value 42426 type: string 42427 required: 42428 - name 42429 - value 42430 type: object 42431 type: array 42432 path: 42433 description: Path to access 42434 on the HTTP server. 42435 type: string 42436 port: 42437 anyOf: 42438 - type: integer 42439 - type: string 42440 description: Name or number 42441 of the port to access on 42442 the container. Number must 42443 be in the range 1 to 65535. 42444 Name must be an IANA_SVC_NAME. 42445 x-kubernetes-int-or-string: true 42446 scheme: 42447 description: Scheme to use 42448 for connecting to the host. 42449 Defaults to HTTP. 42450 type: string 42451 required: 42452 - port 42453 type: object 42454 tcpSocket: 42455 description: Deprecated. TCPSocket 42456 is NOT supported as a LifecycleHandler 42457 and kept for the backward compatibility. 42458 There are no validation of this 42459 field and lifecycle hooks will 42460 fail in runtime when tcp handler 42461 is specified. 42462 properties: 42463 host: 42464 description: 'Optional: Host 42465 name to connect to, defaults 42466 to the pod IP.' 42467 type: string 42468 port: 42469 anyOf: 42470 - type: integer 42471 - type: string 42472 description: Number or name 42473 of the port to access on 42474 the container. Number must 42475 be in the range 1 to 65535. 42476 Name must be an IANA_SVC_NAME. 42477 x-kubernetes-int-or-string: true 42478 required: 42479 - port 42480 type: object 42481 type: object 42482 preStop: 42483 description: 'PreStop is called immediately 42484 before a container is terminated 42485 due to an API request or management 42486 event such as liveness/startup probe 42487 failure, preemption, resource contention, 42488 etc. The handler is not called if 42489 the container crashes or exits. 42490 The Pod''s termination grace period 42491 countdown begins before the PreStop 42492 hook is executed. Regardless of 42493 the outcome of the handler, the 42494 container will eventually terminate 42495 within the Pod''s termination grace 42496 period (unless delayed by finalizers). 42497 Other management of the container 42498 blocks until the hook completes 42499 or until the termination grace period 42500 is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 42501 properties: 42502 exec: 42503 description: Exec specifies the 42504 action to take. 42505 properties: 42506 command: 42507 description: Command is the 42508 command line to execute 42509 inside the container, the 42510 working directory for the 42511 command is root ('/') in 42512 the container's filesystem. 42513 The command is simply exec'd, 42514 it is not run inside a shell, 42515 so traditional shell instructions 42516 ('|', etc) won't work. To 42517 use a shell, you need to 42518 explicitly call out to that 42519 shell. Exit status of 0 42520 is treated as live/healthy 42521 and non-zero is unhealthy. 42522 items: 42523 type: string 42524 type: array 42525 type: object 42526 httpGet: 42527 description: HTTPGet specifies 42528 the http request to perform. 42529 properties: 42530 host: 42531 description: Host name to 42532 connect to, defaults to 42533 the pod IP. You probably 42534 want to set "Host" in httpHeaders 42535 instead. 42536 type: string 42537 httpHeaders: 42538 description: Custom headers 42539 to set in the request. HTTP 42540 allows repeated headers. 42541 items: 42542 description: HTTPHeader 42543 describes a custom header 42544 to be used in HTTP probes 42545 properties: 42546 name: 42547 description: The header 42548 field name. This will 42549 be canonicalized upon 42550 output, so case-variant 42551 names will be understood 42552 as the same header. 42553 type: string 42554 value: 42555 description: The header 42556 field value 42557 type: string 42558 required: 42559 - name 42560 - value 42561 type: object 42562 type: array 42563 path: 42564 description: Path to access 42565 on the HTTP server. 42566 type: string 42567 port: 42568 anyOf: 42569 - type: integer 42570 - type: string 42571 description: Name or number 42572 of the port to access on 42573 the container. Number must 42574 be in the range 1 to 65535. 42575 Name must be an IANA_SVC_NAME. 42576 x-kubernetes-int-or-string: true 42577 scheme: 42578 description: Scheme to use 42579 for connecting to the host. 42580 Defaults to HTTP. 42581 type: string 42582 required: 42583 - port 42584 type: object 42585 tcpSocket: 42586 description: Deprecated. TCPSocket 42587 is NOT supported as a LifecycleHandler 42588 and kept for the backward compatibility. 42589 There are no validation of this 42590 field and lifecycle hooks will 42591 fail in runtime when tcp handler 42592 is specified. 42593 properties: 42594 host: 42595 description: 'Optional: Host 42596 name to connect to, defaults 42597 to the pod IP.' 42598 type: string 42599 port: 42600 anyOf: 42601 - type: integer 42602 - type: string 42603 description: Number or name 42604 of the port to access on 42605 the container. Number must 42606 be in the range 1 to 65535. 42607 Name must be an IANA_SVC_NAME. 42608 x-kubernetes-int-or-string: true 42609 required: 42610 - port 42611 type: object 42612 type: object 42613 type: object 42614 livenessProbe: 42615 description: 'Deprecated. This field will 42616 be removed in a future release. Periodic 42617 probe of container liveness. Step will 42618 be restarted if the probe fails. Cannot 42619 be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 42620 properties: 42621 exec: 42622 description: Exec specifies the action 42623 to take. 42624 properties: 42625 command: 42626 description: Command is the command 42627 line to execute inside the container, 42628 the working directory for the 42629 command is root ('/') in the 42630 container's filesystem. The 42631 command is simply exec'd, it 42632 is not run inside a shell, so 42633 traditional shell instructions 42634 ('|', etc) won't work. To use 42635 a shell, you need to explicitly 42636 call out to that shell. Exit 42637 status of 0 is treated as live/healthy 42638 and non-zero is unhealthy. 42639 items: 42640 type: string 42641 type: array 42642 type: object 42643 failureThreshold: 42644 description: Minimum consecutive failures 42645 for the probe to be considered failed 42646 after having succeeded. Defaults 42647 to 3. Minimum value is 1. 42648 format: int32 42649 type: integer 42650 grpc: 42651 description: GRPC specifies an action 42652 involving a GRPC port. 42653 properties: 42654 port: 42655 description: Port number of the 42656 gRPC service. Number must be 42657 in the range 1 to 65535. 42658 format: int32 42659 type: integer 42660 service: 42661 description: "Service is the name 42662 of the service to place in the 42663 gRPC HealthCheckRequest (see 42664 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 42665 \n If this is not specified, 42666 the default behavior is defined 42667 by gRPC." 42668 type: string 42669 required: 42670 - port 42671 type: object 42672 httpGet: 42673 description: HTTPGet specifies the 42674 http request to perform. 42675 properties: 42676 host: 42677 description: Host name to connect 42678 to, defaults to the pod IP. 42679 You probably want to set "Host" 42680 in httpHeaders instead. 42681 type: string 42682 httpHeaders: 42683 description: Custom headers to 42684 set in the request. HTTP allows 42685 repeated headers. 42686 items: 42687 description: HTTPHeader describes 42688 a custom header to be used 42689 in HTTP probes 42690 properties: 42691 name: 42692 description: The header 42693 field name. This will 42694 be canonicalized upon 42695 output, so case-variant 42696 names will be understood 42697 as the same header. 42698 type: string 42699 value: 42700 description: The header 42701 field value 42702 type: string 42703 required: 42704 - name 42705 - value 42706 type: object 42707 type: array 42708 path: 42709 description: Path to access on 42710 the HTTP server. 42711 type: string 42712 port: 42713 anyOf: 42714 - type: integer 42715 - type: string 42716 description: Name or number of 42717 the port to access on the container. 42718 Number must be in the range 42719 1 to 65535. Name must be an 42720 IANA_SVC_NAME. 42721 x-kubernetes-int-or-string: true 42722 scheme: 42723 description: Scheme to use for 42724 connecting to the host. Defaults 42725 to HTTP. 42726 type: string 42727 required: 42728 - port 42729 type: object 42730 initialDelaySeconds: 42731 description: 'Number of seconds after 42732 the container has started before 42733 liveness probes are initiated. More 42734 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 42735 format: int32 42736 type: integer 42737 periodSeconds: 42738 description: How often (in seconds) 42739 to perform the probe. Default to 42740 10 seconds. Minimum value is 1. 42741 format: int32 42742 type: integer 42743 successThreshold: 42744 description: Minimum consecutive successes 42745 for the probe to be considered successful 42746 after having failed. Defaults to 42747 1. Must be 1 for liveness and startup. 42748 Minimum value is 1. 42749 format: int32 42750 type: integer 42751 tcpSocket: 42752 description: TCPSocket specifies an 42753 action involving a TCP port. 42754 properties: 42755 host: 42756 description: 'Optional: Host name 42757 to connect to, defaults to the 42758 pod IP.' 42759 type: string 42760 port: 42761 anyOf: 42762 - type: integer 42763 - type: string 42764 description: Number or name of 42765 the port to access on the container. 42766 Number must be in the range 42767 1 to 65535. Name must be an 42768 IANA_SVC_NAME. 42769 x-kubernetes-int-or-string: true 42770 required: 42771 - port 42772 type: object 42773 terminationGracePeriodSeconds: 42774 description: Optional duration in 42775 seconds the pod needs to terminate 42776 gracefully upon probe failure. The 42777 grace period is the duration in 42778 seconds after the processes running 42779 in the pod are sent a termination 42780 signal and the time when the processes 42781 are forcibly halted with a kill 42782 signal. Set this value longer than 42783 the expected cleanup time for your 42784 process. If this value is nil, the 42785 pod's terminationGracePeriodSeconds 42786 will be used. Otherwise, this value 42787 overrides the value provided by 42788 the pod spec. Value must be non-negative 42789 integer. The value zero indicates 42790 stop immediately via the kill signal 42791 (no opportunity to shut down). This 42792 is a beta field and requires enabling 42793 ProbeTerminationGracePeriod feature 42794 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 42795 is used if unset. 42796 format: int64 42797 type: integer 42798 timeoutSeconds: 42799 description: 'Number of seconds after 42800 which the probe times out. Defaults 42801 to 1 second. Minimum value is 1. 42802 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 42803 format: int32 42804 type: integer 42805 type: object 42806 name: 42807 description: Name of the Step specified 42808 as a DNS_LABEL. Each Step in a Task 42809 must have a unique name. 42810 type: string 42811 onError: 42812 description: OnError defines the exiting 42813 behavior of a container on error can 42814 be set to [ continue | stopAndFail ] 42815 type: string 42816 ports: 42817 description: Deprecated. This field will 42818 be removed in a future release. List 42819 of ports to expose from the Step's container. 42820 Exposing a port here gives the system 42821 additional information about the network 42822 connections a container uses, but is 42823 primarily informational. Not specifying 42824 a port here DOES NOT prevent that port 42825 from being exposed. Any port which is 42826 listening on the default "0.0.0.0" address 42827 inside a container will be accessible 42828 from the network. Cannot be updated. 42829 items: 42830 description: ContainerPort represents 42831 a network port in a single container. 42832 properties: 42833 containerPort: 42834 description: Number of port to expose 42835 on the pod's IP address. This 42836 must be a valid port number, 0 42837 < x < 65536. 42838 format: int32 42839 type: integer 42840 hostIP: 42841 description: What host IP to bind 42842 the external port to. 42843 type: string 42844 hostPort: 42845 description: Number of port to expose 42846 on the host. If specified, this 42847 must be a valid port number, 0 42848 < x < 65536. If HostNetwork is 42849 specified, this must match ContainerPort. 42850 Most containers do not need this. 42851 format: int32 42852 type: integer 42853 name: 42854 description: If specified, this 42855 must be an IANA_SVC_NAME and unique 42856 within the pod. Each named port 42857 in a pod must have a unique name. 42858 Name for the port that can be 42859 referred to by services. 42860 type: string 42861 protocol: 42862 default: TCP 42863 description: Protocol for port. 42864 Must be UDP, TCP, or SCTP. Defaults 42865 to "TCP". 42866 type: string 42867 required: 42868 - containerPort 42869 type: object 42870 type: array 42871 x-kubernetes-list-map-keys: 42872 - containerPort 42873 - protocol 42874 x-kubernetes-list-type: map 42875 readinessProbe: 42876 description: 'Deprecated. This field will 42877 be removed in a future release. Periodic 42878 probe of container service readiness. 42879 Step will be removed from service endpoints 42880 if the probe fails. Cannot be updated. 42881 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 42882 properties: 42883 exec: 42884 description: Exec specifies the action 42885 to take. 42886 properties: 42887 command: 42888 description: Command is the command 42889 line to execute inside the container, 42890 the working directory for the 42891 command is root ('/') in the 42892 container's filesystem. The 42893 command is simply exec'd, it 42894 is not run inside a shell, so 42895 traditional shell instructions 42896 ('|', etc) won't work. To use 42897 a shell, you need to explicitly 42898 call out to that shell. Exit 42899 status of 0 is treated as live/healthy 42900 and non-zero is unhealthy. 42901 items: 42902 type: string 42903 type: array 42904 type: object 42905 failureThreshold: 42906 description: Minimum consecutive failures 42907 for the probe to be considered failed 42908 after having succeeded. Defaults 42909 to 3. Minimum value is 1. 42910 format: int32 42911 type: integer 42912 grpc: 42913 description: GRPC specifies an action 42914 involving a GRPC port. 42915 properties: 42916 port: 42917 description: Port number of the 42918 gRPC service. Number must be 42919 in the range 1 to 65535. 42920 format: int32 42921 type: integer 42922 service: 42923 description: "Service is the name 42924 of the service to place in the 42925 gRPC HealthCheckRequest (see 42926 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 42927 \n If this is not specified, 42928 the default behavior is defined 42929 by gRPC." 42930 type: string 42931 required: 42932 - port 42933 type: object 42934 httpGet: 42935 description: HTTPGet specifies the 42936 http request to perform. 42937 properties: 42938 host: 42939 description: Host name to connect 42940 to, defaults to the pod IP. 42941 You probably want to set "Host" 42942 in httpHeaders instead. 42943 type: string 42944 httpHeaders: 42945 description: Custom headers to 42946 set in the request. HTTP allows 42947 repeated headers. 42948 items: 42949 description: HTTPHeader describes 42950 a custom header to be used 42951 in HTTP probes 42952 properties: 42953 name: 42954 description: The header 42955 field name. This will 42956 be canonicalized upon 42957 output, so case-variant 42958 names will be understood 42959 as the same header. 42960 type: string 42961 value: 42962 description: The header 42963 field value 42964 type: string 42965 required: 42966 - name 42967 - value 42968 type: object 42969 type: array 42970 path: 42971 description: Path to access on 42972 the HTTP server. 42973 type: string 42974 port: 42975 anyOf: 42976 - type: integer 42977 - type: string 42978 description: Name or number of 42979 the port to access on the container. 42980 Number must be in the range 42981 1 to 65535. Name must be an 42982 IANA_SVC_NAME. 42983 x-kubernetes-int-or-string: true 42984 scheme: 42985 description: Scheme to use for 42986 connecting to the host. Defaults 42987 to HTTP. 42988 type: string 42989 required: 42990 - port 42991 type: object 42992 initialDelaySeconds: 42993 description: 'Number of seconds after 42994 the container has started before 42995 liveness probes are initiated. More 42996 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 42997 format: int32 42998 type: integer 42999 periodSeconds: 43000 description: How often (in seconds) 43001 to perform the probe. Default to 43002 10 seconds. Minimum value is 1. 43003 format: int32 43004 type: integer 43005 successThreshold: 43006 description: Minimum consecutive successes 43007 for the probe to be considered successful 43008 after having failed. Defaults to 43009 1. Must be 1 for liveness and startup. 43010 Minimum value is 1. 43011 format: int32 43012 type: integer 43013 tcpSocket: 43014 description: TCPSocket specifies an 43015 action involving a TCP port. 43016 properties: 43017 host: 43018 description: 'Optional: Host name 43019 to connect to, defaults to the 43020 pod IP.' 43021 type: string 43022 port: 43023 anyOf: 43024 - type: integer 43025 - type: string 43026 description: Number or name of 43027 the port to access on the container. 43028 Number must be in the range 43029 1 to 65535. Name must be an 43030 IANA_SVC_NAME. 43031 x-kubernetes-int-or-string: true 43032 required: 43033 - port 43034 type: object 43035 terminationGracePeriodSeconds: 43036 description: Optional duration in 43037 seconds the pod needs to terminate 43038 gracefully upon probe failure. The 43039 grace period is the duration in 43040 seconds after the processes running 43041 in the pod are sent a termination 43042 signal and the time when the processes 43043 are forcibly halted with a kill 43044 signal. Set this value longer than 43045 the expected cleanup time for your 43046 process. If this value is nil, the 43047 pod's terminationGracePeriodSeconds 43048 will be used. Otherwise, this value 43049 overrides the value provided by 43050 the pod spec. Value must be non-negative 43051 integer. The value zero indicates 43052 stop immediately via the kill signal 43053 (no opportunity to shut down). This 43054 is a beta field and requires enabling 43055 ProbeTerminationGracePeriod feature 43056 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 43057 is used if unset. 43058 format: int64 43059 type: integer 43060 timeoutSeconds: 43061 description: 'Number of seconds after 43062 which the probe times out. Defaults 43063 to 1 second. Minimum value is 1. 43064 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 43065 format: int32 43066 type: integer 43067 type: object 43068 resources: 43069 description: 'Compute Resources required 43070 by this Step. Cannot be updated. More 43071 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 43072 properties: 43073 claims: 43074 description: "Claims lists the names 43075 of resources, defined in spec.resourceClaims, 43076 that are used by this container. 43077 \n This is an alpha field and requires 43078 enabling the DynamicResourceAllocation 43079 feature gate. \n This field is immutable. 43080 It can only be set for containers." 43081 items: 43082 description: ResourceClaim references 43083 one entry in PodSpec.ResourceClaims. 43084 properties: 43085 name: 43086 description: Name must match 43087 the name of one entry in pod.spec.resourceClaims 43088 of the Pod where this field 43089 is used. It makes that resource 43090 available inside a container. 43091 type: string 43092 required: 43093 - name 43094 type: object 43095 type: array 43096 x-kubernetes-list-map-keys: 43097 - name 43098 x-kubernetes-list-type: map 43099 limits: 43100 additionalProperties: 43101 anyOf: 43102 - type: integer 43103 - type: string 43104 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 43105 x-kubernetes-int-or-string: true 43106 description: 'Limits describes the 43107 maximum amount of compute resources 43108 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 43109 type: object 43110 requests: 43111 additionalProperties: 43112 anyOf: 43113 - type: integer 43114 - type: string 43115 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 43116 x-kubernetes-int-or-string: true 43117 description: 'Requests describes the 43118 minimum amount of compute resources 43119 required. If Requests is omitted 43120 for a container, it defaults to 43121 Limits if that is explicitly specified, 43122 otherwise to an implementation-defined 43123 value. Requests cannot exceed Limits. 43124 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 43125 type: object 43126 type: object 43127 script: 43128 description: "Script is the contents of 43129 an executable file to execute. \n If 43130 Script is not empty, the Step cannot 43131 have an Command and the Args will be 43132 passed to the Script." 43133 type: string 43134 securityContext: 43135 description: 'SecurityContext defines 43136 the security options the Step should 43137 be run with. If set, the fields of SecurityContext 43138 override the equivalent fields of PodSecurityContext. 43139 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 43140 properties: 43141 allowPrivilegeEscalation: 43142 description: 'AllowPrivilegeEscalation 43143 controls whether a process can gain 43144 more privileges than its parent 43145 process. This bool directly controls 43146 if the no_new_privs flag will be 43147 set on the container process. AllowPrivilegeEscalation 43148 is true always when the container 43149 is: 1) run as Privileged 2) has 43150 CAP_SYS_ADMIN Note that this field 43151 cannot be set when spec.os.name 43152 is windows.' 43153 type: boolean 43154 capabilities: 43155 description: The capabilities to add/drop 43156 when running containers. Defaults 43157 to the default set of capabilities 43158 granted by the container runtime. 43159 Note that this field cannot be set 43160 when spec.os.name is windows. 43161 properties: 43162 add: 43163 description: Added capabilities 43164 items: 43165 description: Capability represent 43166 POSIX capabilities type 43167 type: string 43168 type: array 43169 drop: 43170 description: Removed capabilities 43171 items: 43172 description: Capability represent 43173 POSIX capabilities type 43174 type: string 43175 type: array 43176 type: object 43177 privileged: 43178 description: Run container in privileged 43179 mode. Processes in privileged containers 43180 are essentially equivalent to root 43181 on the host. Defaults to false. 43182 Note that this field cannot be set 43183 when spec.os.name is windows. 43184 type: boolean 43185 procMount: 43186 description: procMount denotes the 43187 type of proc mount to use for the 43188 containers. The default is DefaultProcMount 43189 which uses the container runtime 43190 defaults for readonly paths and 43191 masked paths. This requires the 43192 ProcMountType feature flag to be 43193 enabled. Note that this field cannot 43194 be set when spec.os.name is windows. 43195 type: string 43196 readOnlyRootFilesystem: 43197 description: Whether this container 43198 has a read-only root filesystem. 43199 Default is false. Note that this 43200 field cannot be set when spec.os.name 43201 is windows. 43202 type: boolean 43203 runAsGroup: 43204 description: The GID to run the entrypoint 43205 of the container process. Uses runtime 43206 default if unset. May also be set 43207 in PodSecurityContext. If set in 43208 both SecurityContext and PodSecurityContext, 43209 the value specified in SecurityContext 43210 takes precedence. Note that this 43211 field cannot be set when spec.os.name 43212 is windows. 43213 format: int64 43214 type: integer 43215 runAsNonRoot: 43216 description: Indicates that the container 43217 must run as a non-root user. If 43218 true, the Kubelet will validate 43219 the image at runtime to ensure that 43220 it does not run as UID 0 (root) 43221 and fail to start the container 43222 if it does. If unset or false, no 43223 such validation will be performed. 43224 May also be set in PodSecurityContext. If 43225 set in both SecurityContext and 43226 PodSecurityContext, the value specified 43227 in SecurityContext takes precedence. 43228 type: boolean 43229 runAsUser: 43230 description: The UID to run the entrypoint 43231 of the container process. Defaults 43232 to user specified in image metadata 43233 if unspecified. May also be set 43234 in PodSecurityContext. If set in 43235 both SecurityContext and PodSecurityContext, 43236 the value specified in SecurityContext 43237 takes precedence. Note that this 43238 field cannot be set when spec.os.name 43239 is windows. 43240 format: int64 43241 type: integer 43242 seLinuxOptions: 43243 description: The SELinux context to 43244 be applied to the container. If 43245 unspecified, the container runtime 43246 will allocate a random SELinux context 43247 for each container. May also be 43248 set in PodSecurityContext. If set 43249 in both SecurityContext and PodSecurityContext, 43250 the value specified in SecurityContext 43251 takes precedence. Note that this 43252 field cannot be set when spec.os.name 43253 is windows. 43254 properties: 43255 level: 43256 description: Level is SELinux 43257 level label that applies to 43258 the container. 43259 type: string 43260 role: 43261 description: Role is a SELinux 43262 role label that applies to the 43263 container. 43264 type: string 43265 type: 43266 description: Type is a SELinux 43267 type label that applies to the 43268 container. 43269 type: string 43270 user: 43271 description: User is a SELinux 43272 user label that applies to the 43273 container. 43274 type: string 43275 type: object 43276 seccompProfile: 43277 description: The seccomp options to 43278 use by this container. If seccomp 43279 options are provided at both the 43280 pod & container level, the container 43281 options override the pod options. 43282 Note that this field cannot be set 43283 when spec.os.name is windows. 43284 properties: 43285 localhostProfile: 43286 description: localhostProfile 43287 indicates a profile defined 43288 in a file on the node should 43289 be used. The profile must be 43290 preconfigured on the node to 43291 work. Must be a descending path, 43292 relative to the kubelet's configured 43293 seccomp profile location. Must 43294 be set if type is "Localhost". 43295 Must NOT be set for any other 43296 type. 43297 type: string 43298 type: 43299 description: "type indicates which 43300 kind of seccomp profile will 43301 be applied. Valid options are: 43302 \n Localhost - a profile defined 43303 in a file on the node should 43304 be used. RuntimeDefault - the 43305 container runtime default profile 43306 should be used. Unconfined - 43307 no profile should be applied." 43308 type: string 43309 required: 43310 - type 43311 type: object 43312 windowsOptions: 43313 description: The Windows specific 43314 settings applied to all containers. 43315 If unspecified, the options from 43316 the PodSecurityContext will be used. 43317 If set in both SecurityContext and 43318 PodSecurityContext, the value specified 43319 in SecurityContext takes precedence. 43320 Note that this field cannot be set 43321 when spec.os.name is linux. 43322 properties: 43323 gmsaCredentialSpec: 43324 description: GMSACredentialSpec 43325 is where the GMSA admission 43326 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 43327 inlines the contents of the 43328 GMSA credential spec named by 43329 the GMSACredentialSpecName field. 43330 type: string 43331 gmsaCredentialSpecName: 43332 description: GMSACredentialSpecName 43333 is the name of the GMSA credential 43334 spec to use. 43335 type: string 43336 hostProcess: 43337 description: HostProcess determines 43338 if a container should be run 43339 as a 'Host Process' container. 43340 All of a Pod's containers must 43341 have the same effective HostProcess 43342 value (it is not allowed to 43343 have a mix of HostProcess containers 43344 and non-HostProcess containers). 43345 In addition, if HostProcess 43346 is true then HostNetwork must 43347 also be set to true. 43348 type: boolean 43349 runAsUserName: 43350 description: The UserName in Windows 43351 to run the entrypoint of the 43352 container process. Defaults 43353 to the user specified in image 43354 metadata if unspecified. May 43355 also be set in PodSecurityContext. 43356 If set in both SecurityContext 43357 and PodSecurityContext, the 43358 value specified in SecurityContext 43359 takes precedence. 43360 type: string 43361 type: object 43362 type: object 43363 startupProbe: 43364 description: 'Deprecated. This field will 43365 be removed in a future release. DeprecatedStartupProbe 43366 indicates that the Pod this Step runs 43367 in has successfully initialized. If 43368 specified, no other probes are executed 43369 until this completes successfully. If 43370 this probe fails, the Pod will be restarted, 43371 just as if the livenessProbe failed. 43372 This can be used to provide different 43373 probe parameters at the beginning of 43374 a Pod''s lifecycle, when it might take 43375 a long time to load data or warm a cache, 43376 than during steady-state operation. 43377 This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 43378 properties: 43379 exec: 43380 description: Exec specifies the action 43381 to take. 43382 properties: 43383 command: 43384 description: Command is the command 43385 line to execute inside the container, 43386 the working directory for the 43387 command is root ('/') in the 43388 container's filesystem. The 43389 command is simply exec'd, it 43390 is not run inside a shell, so 43391 traditional shell instructions 43392 ('|', etc) won't work. To use 43393 a shell, you need to explicitly 43394 call out to that shell. Exit 43395 status of 0 is treated as live/healthy 43396 and non-zero is unhealthy. 43397 items: 43398 type: string 43399 type: array 43400 type: object 43401 failureThreshold: 43402 description: Minimum consecutive failures 43403 for the probe to be considered failed 43404 after having succeeded. Defaults 43405 to 3. Minimum value is 1. 43406 format: int32 43407 type: integer 43408 grpc: 43409 description: GRPC specifies an action 43410 involving a GRPC port. 43411 properties: 43412 port: 43413 description: Port number of the 43414 gRPC service. Number must be 43415 in the range 1 to 65535. 43416 format: int32 43417 type: integer 43418 service: 43419 description: "Service is the name 43420 of the service to place in the 43421 gRPC HealthCheckRequest (see 43422 https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 43423 \n If this is not specified, 43424 the default behavior is defined 43425 by gRPC." 43426 type: string 43427 required: 43428 - port 43429 type: object 43430 httpGet: 43431 description: HTTPGet specifies the 43432 http request to perform. 43433 properties: 43434 host: 43435 description: Host name to connect 43436 to, defaults to the pod IP. 43437 You probably want to set "Host" 43438 in httpHeaders instead. 43439 type: string 43440 httpHeaders: 43441 description: Custom headers to 43442 set in the request. HTTP allows 43443 repeated headers. 43444 items: 43445 description: HTTPHeader describes 43446 a custom header to be used 43447 in HTTP probes 43448 properties: 43449 name: 43450 description: The header 43451 field name. This will 43452 be canonicalized upon 43453 output, so case-variant 43454 names will be understood 43455 as the same header. 43456 type: string 43457 value: 43458 description: The header 43459 field value 43460 type: string 43461 required: 43462 - name 43463 - value 43464 type: object 43465 type: array 43466 path: 43467 description: Path to access on 43468 the HTTP server. 43469 type: string 43470 port: 43471 anyOf: 43472 - type: integer 43473 - type: string 43474 description: Name or number of 43475 the port to access on the container. 43476 Number must be in the range 43477 1 to 65535. Name must be an 43478 IANA_SVC_NAME. 43479 x-kubernetes-int-or-string: true 43480 scheme: 43481 description: Scheme to use for 43482 connecting to the host. Defaults 43483 to HTTP. 43484 type: string 43485 required: 43486 - port 43487 type: object 43488 initialDelaySeconds: 43489 description: 'Number of seconds after 43490 the container has started before 43491 liveness probes are initiated. More 43492 info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 43493 format: int32 43494 type: integer 43495 periodSeconds: 43496 description: How often (in seconds) 43497 to perform the probe. Default to 43498 10 seconds. Minimum value is 1. 43499 format: int32 43500 type: integer 43501 successThreshold: 43502 description: Minimum consecutive successes 43503 for the probe to be considered successful 43504 after having failed. Defaults to 43505 1. Must be 1 for liveness and startup. 43506 Minimum value is 1. 43507 format: int32 43508 type: integer 43509 tcpSocket: 43510 description: TCPSocket specifies an 43511 action involving a TCP port. 43512 properties: 43513 host: 43514 description: 'Optional: Host name 43515 to connect to, defaults to the 43516 pod IP.' 43517 type: string 43518 port: 43519 anyOf: 43520 - type: integer 43521 - type: string 43522 description: Number or name of 43523 the port to access on the container. 43524 Number must be in the range 43525 1 to 65535. Name must be an 43526 IANA_SVC_NAME. 43527 x-kubernetes-int-or-string: true 43528 required: 43529 - port 43530 type: object 43531 terminationGracePeriodSeconds: 43532 description: Optional duration in 43533 seconds the pod needs to terminate 43534 gracefully upon probe failure. The 43535 grace period is the duration in 43536 seconds after the processes running 43537 in the pod are sent a termination 43538 signal and the time when the processes 43539 are forcibly halted with a kill 43540 signal. Set this value longer than 43541 the expected cleanup time for your 43542 process. If this value is nil, the 43543 pod's terminationGracePeriodSeconds 43544 will be used. Otherwise, this value 43545 overrides the value provided by 43546 the pod spec. Value must be non-negative 43547 integer. The value zero indicates 43548 stop immediately via the kill signal 43549 (no opportunity to shut down). This 43550 is a beta field and requires enabling 43551 ProbeTerminationGracePeriod feature 43552 gate. Minimum value is 1. spec.terminationGracePeriodSeconds 43553 is used if unset. 43554 format: int64 43555 type: integer 43556 timeoutSeconds: 43557 description: 'Number of seconds after 43558 which the probe times out. Defaults 43559 to 1 second. Minimum value is 1. 43560 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 43561 format: int32 43562 type: integer 43563 type: object 43564 stderrConfig: 43565 description: Stores configuration for 43566 the stderr stream of the step. 43567 properties: 43568 path: 43569 description: Path to duplicate stdout 43570 stream to on container's local filesystem. 43571 type: string 43572 type: object 43573 stdin: 43574 description: Deprecated. This field will 43575 be removed in a future release. Whether 43576 this container should allocate a buffer 43577 for stdin in the container runtime. 43578 If this is not set, reads from stdin 43579 in the container will always result 43580 in EOF. Default is false. 43581 type: boolean 43582 stdinOnce: 43583 description: Deprecated. This field will 43584 be removed in a future release. Whether 43585 the container runtime should close the 43586 stdin channel after it has been opened 43587 by a single attach. When stdin is true 43588 the stdin stream will remain open across 43589 multiple attach sessions. If stdinOnce 43590 is set to true, stdin is opened on container 43591 start, is empty until the first client 43592 attaches to stdin, and then remains 43593 open and accepts data until the client 43594 disconnects, at which time stdin is 43595 closed and remains closed until the 43596 container is restarted. If this flag 43597 is false, a container processes that 43598 reads from stdin will never receive 43599 an EOF. Default is false 43600 type: boolean 43601 stdoutConfig: 43602 description: Stores configuration for 43603 the stdout stream of the step. 43604 properties: 43605 path: 43606 description: Path to duplicate stdout 43607 stream to on container's local filesystem. 43608 type: string 43609 type: object 43610 terminationMessagePath: 43611 description: Deprecated. This field will 43612 be removed in a future release and can't 43613 be meaningfully used. 43614 type: string 43615 terminationMessagePolicy: 43616 description: Deprecated. This field will 43617 be removed in a future release and can't 43618 be meaningfully used. 43619 type: string 43620 timeout: 43621 description: 'Timeout is the time after 43622 which the step times out. Defaults to 43623 never. Refer to Go''s ParseDuration 43624 documentation for expected format: https://golang.org/pkg/time/#ParseDuration' 43625 type: string 43626 tty: 43627 description: Deprecated. This field will 43628 be removed in a future release. Whether 43629 this container should allocate a DeprecatedTTY 43630 for itself, also requires 'stdin' to 43631 be true. Default is false. 43632 type: boolean 43633 volumeDevices: 43634 description: volumeDevices is the list 43635 of block devices to be used by the Step. 43636 items: 43637 description: volumeDevice describes 43638 a mapping of a raw block device within 43639 a container. 43640 properties: 43641 devicePath: 43642 description: devicePath is the path 43643 inside of the container that the 43644 device will be mapped to. 43645 type: string 43646 name: 43647 description: name must match the 43648 name of a persistentVolumeClaim 43649 in the pod 43650 type: string 43651 required: 43652 - devicePath 43653 - name 43654 type: object 43655 type: array 43656 x-kubernetes-list-type: atomic 43657 volumeMounts: 43658 description: Volumes to mount into the 43659 Step's filesystem. Cannot be updated. 43660 items: 43661 description: VolumeMount describes a 43662 mounting of a Volume within a container. 43663 properties: 43664 mountPath: 43665 description: Path within the container 43666 at which the volume should be 43667 mounted. Must not contain ':'. 43668 type: string 43669 mountPropagation: 43670 description: mountPropagation determines 43671 how mounts are propagated from 43672 the host to container and the 43673 other way around. When not set, 43674 MountPropagationNone is used. 43675 This field is beta in 1.10. 43676 type: string 43677 name: 43678 description: This must match the 43679 Name of a Volume. 43680 type: string 43681 readOnly: 43682 description: Mounted read-only if 43683 true, read-write otherwise (false 43684 or unspecified). Defaults to false. 43685 type: boolean 43686 subPath: 43687 description: Path within the volume 43688 from which the container's volume 43689 should be mounted. Defaults to 43690 "" (volume's root). 43691 type: string 43692 subPathExpr: 43693 description: Expanded path within 43694 the volume from which the container's 43695 volume should be mounted. Behaves 43696 similarly to SubPath but environment 43697 variable references $(VAR_NAME) 43698 are expanded using the container's 43699 environment. Defaults to "" (volume's 43700 root). SubPathExpr and SubPath 43701 are mutually exclusive. 43702 type: string 43703 required: 43704 - mountPath 43705 - name 43706 type: object 43707 type: array 43708 x-kubernetes-list-type: atomic 43709 workingDir: 43710 description: Step's working directory. 43711 If not specified, the container runtime's 43712 default will be used, which might be 43713 configured in the container image. Cannot 43714 be updated. 43715 type: string 43716 workspaces: 43717 description: "This is an alpha field. 43718 You must set the \"enable-api-fields\" 43719 feature flag to \"alpha\" for this field 43720 to be supported. \n Workspaces is a 43721 list of workspaces from the Task that 43722 this Step wants exclusive access to. 43723 Adding a workspace to this list means 43724 that any other Step or Sidecar that 43725 does not also request this Workspace 43726 will not have access to it." 43727 items: 43728 description: WorkspaceUsage is used 43729 by a Step or Sidecar to declare that 43730 it wants isolated access to a Workspace 43731 defined in a Task. 43732 properties: 43733 mountPath: 43734 description: MountPath is the path 43735 that the workspace should be mounted 43736 to inside the Step or Sidecar, 43737 overriding any MountPath specified 43738 in the Task's WorkspaceDeclaration. 43739 type: string 43740 name: 43741 description: Name is the name of 43742 the workspace this Step or Sidecar 43743 wants access to. 43744 type: string 43745 required: 43746 - mountPath 43747 - name 43748 type: object 43749 type: array 43750 x-kubernetes-list-type: atomic 43751 required: 43752 - name 43753 type: object 43754 type: array 43755 x-kubernetes-list-type: atomic 43756 volumes: 43757 description: Volumes is a collection of volumes 43758 that are available to mount into the steps 43759 of the build. 43760 items: 43761 description: Volume represents a named volume 43762 in a pod that may be accessed by any container 43763 in the pod. 43764 properties: 43765 awsElasticBlockStore: 43766 description: 'awsElasticBlockStore represents 43767 an AWS Disk resource that is attached 43768 to a kubelet''s host machine and then 43769 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 43770 properties: 43771 fsType: 43772 description: 'fsType is the filesystem 43773 type of the volume that you want 43774 to mount. Tip: Ensure that the filesystem 43775 type is supported by the host operating 43776 system. Examples: "ext4", "xfs", 43777 "ntfs". Implicitly inferred to be 43778 "ext4" if unspecified. More info: 43779 https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 43780 TODO: how do we prevent errors in 43781 the filesystem from compromising 43782 the machine' 43783 type: string 43784 partition: 43785 description: 'partition is the partition 43786 in the volume that you want to mount. 43787 If omitted, the default is to mount 43788 by volume name. Examples: For volume 43789 /dev/sda1, you specify the partition 43790 as "1". Similarly, the volume partition 43791 for /dev/sda is "0" (or you can 43792 leave the property empty).' 43793 format: int32 43794 type: integer 43795 readOnly: 43796 description: 'readOnly value true 43797 will force the readOnly setting 43798 in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 43799 type: boolean 43800 volumeID: 43801 description: 'volumeID is unique ID 43802 of the persistent disk resource 43803 in AWS (Amazon EBS volume). More 43804 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 43805 type: string 43806 required: 43807 - volumeID 43808 type: object 43809 azureDisk: 43810 description: azureDisk represents an Azure 43811 Data Disk mount on the host and bind 43812 mount to the pod. 43813 properties: 43814 cachingMode: 43815 description: 'cachingMode is the Host 43816 Caching mode: None, Read Only, Read 43817 Write.' 43818 type: string 43819 diskName: 43820 description: diskName is the Name 43821 of the data disk in the blob storage 43822 type: string 43823 diskURI: 43824 description: diskURI is the URI of 43825 data disk in the blob storage 43826 type: string 43827 fsType: 43828 description: fsType is Filesystem 43829 type to mount. Must be a filesystem 43830 type supported by the host operating 43831 system. Ex. "ext4", "xfs", "ntfs". 43832 Implicitly inferred to be "ext4" 43833 if unspecified. 43834 type: string 43835 kind: 43836 description: 'kind expected values 43837 are Shared: multiple blob disks 43838 per storage account Dedicated: 43839 single blob disk per storage account Managed: 43840 azure managed data disk (only in 43841 managed availability set). defaults 43842 to shared' 43843 type: string 43844 readOnly: 43845 description: readOnly Defaults to 43846 false (read/write). ReadOnly here 43847 will force the ReadOnly setting 43848 in VolumeMounts. 43849 type: boolean 43850 required: 43851 - diskName 43852 - diskURI 43853 type: object 43854 azureFile: 43855 description: azureFile represents an Azure 43856 File Service mount on the host and bind 43857 mount to the pod. 43858 properties: 43859 readOnly: 43860 description: readOnly defaults to 43861 false (read/write). ReadOnly here 43862 will force the ReadOnly setting 43863 in VolumeMounts. 43864 type: boolean 43865 secretName: 43866 description: secretName is the name 43867 of secret that contains Azure Storage 43868 Account Name and Key 43869 type: string 43870 shareName: 43871 description: shareName is the azure 43872 share Name 43873 type: string 43874 required: 43875 - secretName 43876 - shareName 43877 type: object 43878 cephfs: 43879 description: cephFS represents a Ceph 43880 FS mount on the host that shares a pod's 43881 lifetime 43882 properties: 43883 monitors: 43884 description: 'monitors is Required: 43885 Monitors is a collection of Ceph 43886 monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 43887 items: 43888 type: string 43889 type: array 43890 path: 43891 description: 'path is Optional: Used 43892 as the mounted root, rather than 43893 the full Ceph tree, default is /' 43894 type: string 43895 readOnly: 43896 description: 'readOnly is Optional: 43897 Defaults to false (read/write). 43898 ReadOnly here will force the ReadOnly 43899 setting in VolumeMounts. More info: 43900 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 43901 type: boolean 43902 secretFile: 43903 description: 'secretFile is Optional: 43904 SecretFile is the path to key ring 43905 for User, default is /etc/ceph/user.secret 43906 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 43907 type: string 43908 secretRef: 43909 description: 'secretRef is Optional: 43910 SecretRef is reference to the authentication 43911 secret for User, default is empty. 43912 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 43913 properties: 43914 name: 43915 description: 'Name of the referent. 43916 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 43917 TODO: Add other useful fields. 43918 apiVersion, kind, uid?' 43919 type: string 43920 type: object 43921 user: 43922 description: 'user is optional: User 43923 is the rados user name, default 43924 is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 43925 type: string 43926 required: 43927 - monitors 43928 type: object 43929 cinder: 43930 description: 'cinder represents a cinder 43931 volume attached and mounted on kubelets 43932 host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 43933 properties: 43934 fsType: 43935 description: 'fsType is the filesystem 43936 type to mount. Must be a filesystem 43937 type supported by the host operating 43938 system. Examples: "ext4", "xfs", 43939 "ntfs". Implicitly inferred to be 43940 "ext4" if unspecified. More info: 43941 https://examples.k8s.io/mysql-cinder-pd/README.md' 43942 type: string 43943 readOnly: 43944 description: 'readOnly defaults to 43945 false (read/write). ReadOnly here 43946 will force the ReadOnly setting 43947 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 43948 type: boolean 43949 secretRef: 43950 description: 'secretRef is optional: 43951 points to a secret object containing 43952 parameters used to connect to OpenStack.' 43953 properties: 43954 name: 43955 description: 'Name of the referent. 43956 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 43957 TODO: Add other useful fields. 43958 apiVersion, kind, uid?' 43959 type: string 43960 type: object 43961 volumeID: 43962 description: 'volumeID used to identify 43963 the volume in cinder. More info: 43964 https://examples.k8s.io/mysql-cinder-pd/README.md' 43965 type: string 43966 required: 43967 - volumeID 43968 type: object 43969 configMap: 43970 description: configMap represents a configMap 43971 that should populate this volume 43972 properties: 43973 defaultMode: 43974 description: 'defaultMode is optional: 43975 mode bits used to set permissions 43976 on created files by default. Must 43977 be an octal value between 0000 and 43978 0777 or a decimal value between 43979 0 and 511. YAML accepts both octal 43980 and decimal values, JSON requires 43981 decimal values for mode bits. Defaults 43982 to 0644. Directories within the 43983 path are not affected by this setting. 43984 This might be in conflict with other 43985 options that affect the file mode, 43986 like fsGroup, and the result can 43987 be other mode bits set.' 43988 format: int32 43989 type: integer 43990 items: 43991 description: items if unspecified, 43992 each key-value pair in the Data 43993 field of the referenced ConfigMap 43994 will be projected into the volume 43995 as a file whose name is the key 43996 and content is the value. If specified, 43997 the listed keys will be projected 43998 into the specified paths, and unlisted 43999 keys will not be present. If a key 44000 is specified which is not present 44001 in the ConfigMap, the volume setup 44002 will error unless it is marked optional. 44003 Paths must be relative and may not 44004 contain the '..' path or start with 44005 '..'. 44006 items: 44007 description: Maps a string key to 44008 a path within a volume. 44009 properties: 44010 key: 44011 description: key is the key 44012 to project. 44013 type: string 44014 mode: 44015 description: 'mode is Optional: 44016 mode bits used to set permissions 44017 on this file. Must be an octal 44018 value between 0000 and 0777 44019 or a decimal value between 44020 0 and 511. YAML accepts both 44021 octal and decimal values, 44022 JSON requires decimal values 44023 for mode bits. If not specified, 44024 the volume defaultMode will 44025 be used. This might be in 44026 conflict with other options 44027 that affect the file mode, 44028 like fsGroup, and the result 44029 can be other mode bits set.' 44030 format: int32 44031 type: integer 44032 path: 44033 description: path is the relative 44034 path of the file to map the 44035 key to. May not be an absolute 44036 path. May not contain the 44037 path element '..'. May not 44038 start with the string '..'. 44039 type: string 44040 required: 44041 - key 44042 - path 44043 type: object 44044 type: array 44045 name: 44046 description: 'Name of the referent. 44047 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 44048 TODO: Add other useful fields. apiVersion, 44049 kind, uid?' 44050 type: string 44051 optional: 44052 description: optional specify whether 44053 the ConfigMap or its keys must be 44054 defined 44055 type: boolean 44056 type: object 44057 csi: 44058 description: csi (Container Storage Interface) 44059 represents ephemeral storage that is 44060 handled by certain external CSI drivers 44061 (Beta feature). 44062 properties: 44063 driver: 44064 description: driver is the name of 44065 the CSI driver that handles this 44066 volume. Consult with your admin 44067 for the correct name as registered 44068 in the cluster. 44069 type: string 44070 fsType: 44071 description: fsType to mount. Ex. 44072 "ext4", "xfs", "ntfs". If not provided, 44073 the empty value is passed to the 44074 associated CSI driver which will 44075 determine the default filesystem 44076 to apply. 44077 type: string 44078 nodePublishSecretRef: 44079 description: nodePublishSecretRef 44080 is a reference to the secret object 44081 containing sensitive information 44082 to pass to the CSI driver to complete 44083 the CSI NodePublishVolume and NodeUnpublishVolume 44084 calls. This field is optional, and may 44085 be empty if no secret is required. 44086 If the secret object contains more 44087 than one secret, all secret references 44088 are passed. 44089 properties: 44090 name: 44091 description: 'Name of the referent. 44092 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 44093 TODO: Add other useful fields. 44094 apiVersion, kind, uid?' 44095 type: string 44096 type: object 44097 readOnly: 44098 description: readOnly specifies a 44099 read-only configuration for the 44100 volume. Defaults to false (read/write). 44101 type: boolean 44102 volumeAttributes: 44103 additionalProperties: 44104 type: string 44105 description: volumeAttributes stores 44106 driver-specific properties that 44107 are passed to the CSI driver. Consult 44108 your driver's documentation for 44109 supported values. 44110 type: object 44111 required: 44112 - driver 44113 type: object 44114 downwardAPI: 44115 description: downwardAPI represents downward 44116 API about the pod that should populate 44117 this volume 44118 properties: 44119 defaultMode: 44120 description: 'Optional: mode bits 44121 to use on created files by default. 44122 Must be a Optional: mode bits used 44123 to set permissions on created files 44124 by default. Must be an octal value 44125 between 0000 and 0777 or a decimal 44126 value between 0 and 511. YAML accepts 44127 both octal and decimal values, JSON 44128 requires decimal values for mode 44129 bits. Defaults to 0644. Directories 44130 within the path are not affected 44131 by this setting. This might be in 44132 conflict with other options that 44133 affect the file mode, like fsGroup, 44134 and the result can be other mode 44135 bits set.' 44136 format: int32 44137 type: integer 44138 items: 44139 description: Items is a list of downward 44140 API volume file 44141 items: 44142 description: DownwardAPIVolumeFile 44143 represents information to create 44144 the file containing the pod field 44145 properties: 44146 fieldRef: 44147 description: 'Required: Selects 44148 a field of the pod: only annotations, 44149 labels, name and namespace 44150 are supported.' 44151 properties: 44152 apiVersion: 44153 description: Version of 44154 the schema the FieldPath 44155 is written in terms of, 44156 defaults to "v1". 44157 type: string 44158 fieldPath: 44159 description: Path of the 44160 field to select in the 44161 specified API version. 44162 type: string 44163 required: 44164 - fieldPath 44165 type: object 44166 mode: 44167 description: 'Optional: mode 44168 bits used to set permissions 44169 on this file, must be an octal 44170 value between 0000 and 0777 44171 or a decimal value between 44172 0 and 511. YAML accepts both 44173 octal and decimal values, 44174 JSON requires decimal values 44175 for mode bits. If not specified, 44176 the volume defaultMode will 44177 be used. This might be in 44178 conflict with other options 44179 that affect the file mode, 44180 like fsGroup, and the result 44181 can be other mode bits set.' 44182 format: int32 44183 type: integer 44184 path: 44185 description: 'Required: Path 44186 is the relative path name 44187 of the file to be created. 44188 Must not be absolute or contain 44189 the ''..'' path. Must be utf-8 44190 encoded. The first item of 44191 the relative path must not 44192 start with ''..''' 44193 type: string 44194 resourceFieldRef: 44195 description: 'Selects a resource 44196 of the container: only resources 44197 limits and requests (limits.cpu, 44198 limits.memory, requests.cpu 44199 and requests.memory) are currently 44200 supported.' 44201 properties: 44202 containerName: 44203 description: 'Container 44204 name: required for volumes, 44205 optional for env vars' 44206 type: string 44207 divisor: 44208 anyOf: 44209 - type: integer 44210 - type: string 44211 description: Specifies the 44212 output format of the exposed 44213 resources, defaults to 44214 "1" 44215 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 44216 x-kubernetes-int-or-string: true 44217 resource: 44218 description: 'Required: 44219 resource to select' 44220 type: string 44221 required: 44222 - resource 44223 type: object 44224 required: 44225 - path 44226 type: object 44227 type: array 44228 type: object 44229 emptyDir: 44230 description: 'emptyDir represents a temporary 44231 directory that shares a pod''s lifetime. 44232 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 44233 properties: 44234 medium: 44235 description: 'medium represents what 44236 type of storage medium should back 44237 this directory. The default is "" 44238 which means to use the node''s default 44239 medium. Must be an empty string 44240 (default) or Memory. More info: 44241 https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 44242 type: string 44243 sizeLimit: 44244 anyOf: 44245 - type: integer 44246 - type: string 44247 description: 'sizeLimit is the total 44248 amount of local storage required 44249 for this EmptyDir volume. The size 44250 limit is also applicable for memory 44251 medium. The maximum usage on memory 44252 medium EmptyDir would be the minimum 44253 value between the SizeLimit specified 44254 here and the sum of memory limits 44255 of all containers in a pod. The 44256 default is nil which means that 44257 the limit is undefined. More info: 44258 https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 44259 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 44260 x-kubernetes-int-or-string: true 44261 type: object 44262 ephemeral: 44263 description: "ephemeral represents a volume 44264 that is handled by a cluster storage 44265 driver. The volume's lifecycle is tied 44266 to the pod that defines it - it will 44267 be created before the pod starts, and 44268 deleted when the pod is removed. \n 44269 Use this if: a) the volume is only needed 44270 while the pod runs, b) features of normal 44271 volumes like restoring from snapshot 44272 or capacity tracking are needed, 44273 c) the storage driver is specified through 44274 a storage class, and d) the storage 44275 driver supports dynamic volume provisioning 44276 through a PersistentVolumeClaim (see 44277 EphemeralVolumeSource for more information 44278 on the connection between this volume 44279 type and PersistentVolumeClaim). 44280 \n Use PersistentVolumeClaim or one 44281 of the vendor-specific APIs for volumes 44282 that persist for longer than the lifecycle 44283 of an individual pod. \n Use CSI for 44284 light-weight local ephemeral volumes 44285 if the CSI driver is meant to be used 44286 that way - see the documentation of 44287 the driver for more information. \n 44288 A pod can use both types of ephemeral 44289 volumes and persistent volumes at the 44290 same time." 44291 properties: 44292 volumeClaimTemplate: 44293 description: "Will be used to create 44294 a stand-alone PVC to provision the 44295 volume. The pod in which this EphemeralVolumeSource 44296 is embedded will be the owner of 44297 the PVC, i.e. the PVC will be deleted 44298 together with the pod. The name 44299 of the PVC will be `<pod name>-<volume 44300 name>` where `<volume name>` is 44301 the name from the `PodSpec.Volumes` 44302 array entry. Pod validation will 44303 reject the pod if the concatenated 44304 name is not valid for a PVC (for 44305 example, too long). \n An existing 44306 PVC with that name that is not owned 44307 by the pod will *not* be used for 44308 the pod to avoid using an unrelated 44309 volume by mistake. Starting the 44310 pod is then blocked until the unrelated 44311 PVC is removed. If such a pre-created 44312 PVC is meant to be used by the pod, 44313 the PVC has to updated with an owner 44314 reference to the pod once the pod 44315 exists. Normally this should not 44316 be necessary, but it may be useful 44317 when manually reconstructing a broken 44318 cluster. \n This field is read-only 44319 and no changes will be made by Kubernetes 44320 to the PVC after it has been created. 44321 \n Required, must not be nil." 44322 properties: 44323 metadata: 44324 description: May contain labels 44325 and annotations that will be 44326 copied into the PVC when creating 44327 it. No other fields are allowed 44328 and will be rejected during 44329 validation. 44330 type: object 44331 spec: 44332 description: The specification 44333 for the PersistentVolumeClaim. 44334 The entire content is copied 44335 unchanged into the PVC that 44336 gets created from this template. 44337 The same fields as in a PersistentVolumeClaim 44338 are also valid here. 44339 properties: 44340 accessModes: 44341 description: 'accessModes 44342 contains the desired access 44343 modes the volume should 44344 have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 44345 items: 44346 type: string 44347 type: array 44348 dataSource: 44349 description: 'dataSource field 44350 can be used to specify either: 44351 * An existing VolumeSnapshot 44352 object (snapshot.storage.k8s.io/VolumeSnapshot) 44353 * An existing PVC (PersistentVolumeClaim) 44354 If the provisioner or an 44355 external controller can 44356 support the specified data 44357 source, it will create a 44358 new volume based on the 44359 contents of the specified 44360 data source. When the AnyVolumeDataSource 44361 feature gate is enabled, 44362 dataSource contents will 44363 be copied to dataSourceRef, 44364 and dataSourceRef contents 44365 will be copied to dataSource 44366 when dataSourceRef.namespace 44367 is not specified. If the 44368 namespace is specified, 44369 then dataSourceRef will 44370 not be copied to dataSource.' 44371 properties: 44372 apiGroup: 44373 description: APIGroup 44374 is the group for the 44375 resource being referenced. 44376 If APIGroup is not specified, 44377 the specified Kind must 44378 be in the core API group. 44379 For any other third-party 44380 types, APIGroup is required. 44381 type: string 44382 kind: 44383 description: Kind is the 44384 type of resource being 44385 referenced 44386 type: string 44387 name: 44388 description: Name is the 44389 name of resource being 44390 referenced 44391 type: string 44392 required: 44393 - kind 44394 - name 44395 type: object 44396 dataSourceRef: 44397 description: 'dataSourceRef 44398 specifies the object from 44399 which to populate the volume 44400 with data, if a non-empty 44401 volume is desired. This 44402 may be any object from a 44403 non-empty API group (non 44404 core object) or a PersistentVolumeClaim 44405 object. When this field 44406 is specified, volume binding 44407 will only succeed if the 44408 type of the specified object 44409 matches some installed volume 44410 populator or dynamic provisioner. 44411 This field will replace 44412 the functionality of the 44413 dataSource field and as 44414 such if both fields are 44415 non-empty, they must have 44416 the same value. For backwards 44417 compatibility, when namespace 44418 isn''t specified in dataSourceRef, 44419 both fields (dataSource 44420 and dataSourceRef) will 44421 be set to the same value 44422 automatically if one of 44423 them is empty and the other 44424 is non-empty. When namespace 44425 is specified in dataSourceRef, 44426 dataSource isn''t set to 44427 the same value and must 44428 be empty. There are three 44429 important differences between 44430 dataSource and dataSourceRef: 44431 * While dataSource only 44432 allows two specific types 44433 of objects, dataSourceRef allows 44434 any non-core object, as 44435 well as PersistentVolumeClaim 44436 objects. * While dataSource 44437 ignores disallowed values 44438 (dropping them), dataSourceRef preserves 44439 all values, and generates 44440 an error if a disallowed 44441 value is specified. * 44442 While dataSource only allows 44443 local objects, dataSourceRef 44444 allows objects in any 44445 namespaces. (Beta) Using 44446 this field requires the 44447 AnyVolumeDataSource feature 44448 gate to be enabled. (Alpha) 44449 Using the namespace field 44450 of dataSourceRef requires 44451 the CrossNamespaceVolumeDataSource 44452 feature gate to be enabled.' 44453 properties: 44454 apiGroup: 44455 description: APIGroup 44456 is the group for the 44457 resource being referenced. 44458 If APIGroup is not specified, 44459 the specified Kind must 44460 be in the core API group. 44461 For any other third-party 44462 types, APIGroup is required. 44463 type: string 44464 kind: 44465 description: Kind is the 44466 type of resource being 44467 referenced 44468 type: string 44469 name: 44470 description: Name is the 44471 name of resource being 44472 referenced 44473 type: string 44474 namespace: 44475 description: Namespace 44476 is the namespace of 44477 resource being referenced 44478 Note that when a namespace 44479 is specified, a gateway.networking.k8s.io/ReferenceGrant 44480 object is required in 44481 the referent namespace 44482 to allow that namespace's 44483 owner to accept the 44484 reference. See the ReferenceGrant 44485 documentation for details. 44486 (Alpha) This field requires 44487 the CrossNamespaceVolumeDataSource 44488 feature gate to be enabled. 44489 type: string 44490 required: 44491 - kind 44492 - name 44493 type: object 44494 resources: 44495 description: 'resources represents 44496 the minimum resources the 44497 volume should have. If RecoverVolumeExpansionFailure 44498 feature is enabled users 44499 are allowed to specify resource 44500 requirements that are lower 44501 than previous value but 44502 must still be higher than 44503 capacity recorded in the 44504 status field of the claim. 44505 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 44506 properties: 44507 claims: 44508 description: "Claims lists 44509 the names of resources, 44510 defined in spec.resourceClaims, 44511 that are used by this 44512 container. \n This is 44513 an alpha field and requires 44514 enabling the DynamicResourceAllocation 44515 feature gate. \n This 44516 field is immutable. 44517 It can only be set for 44518 containers." 44519 items: 44520 description: ResourceClaim 44521 references one entry 44522 in PodSpec.ResourceClaims. 44523 properties: 44524 name: 44525 description: Name 44526 must match the 44527 name of one entry 44528 in pod.spec.resourceClaims 44529 of the Pod where 44530 this field is 44531 used. It makes 44532 that resource 44533 available inside 44534 a container. 44535 type: string 44536 required: 44537 - name 44538 type: object 44539 type: array 44540 x-kubernetes-list-map-keys: 44541 - name 44542 x-kubernetes-list-type: map 44543 limits: 44544 additionalProperties: 44545 anyOf: 44546 - type: integer 44547 - type: string 44548 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 44549 x-kubernetes-int-or-string: true 44550 description: 'Limits describes 44551 the maximum amount of 44552 compute resources allowed. 44553 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 44554 type: object 44555 requests: 44556 additionalProperties: 44557 anyOf: 44558 - type: integer 44559 - type: string 44560 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 44561 x-kubernetes-int-or-string: true 44562 description: 'Requests 44563 describes the minimum 44564 amount of compute resources 44565 required. If Requests 44566 is omitted for a container, 44567 it defaults to Limits 44568 if that is explicitly 44569 specified, otherwise 44570 to an implementation-defined 44571 value. Requests cannot 44572 exceed Limits. More 44573 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 44574 type: object 44575 type: object 44576 selector: 44577 description: selector is a 44578 label query over volumes 44579 to consider for binding. 44580 properties: 44581 matchExpressions: 44582 description: matchExpressions 44583 is a list of label selector 44584 requirements. The requirements 44585 are ANDed. 44586 items: 44587 description: A label 44588 selector requirement 44589 is a selector that 44590 contains values, a 44591 key, and an operator 44592 that relates the key 44593 and values. 44594 properties: 44595 key: 44596 description: key 44597 is the label key 44598 that the selector 44599 applies to. 44600 type: string 44601 operator: 44602 description: operator 44603 represents a key's 44604 relationship to 44605 a set of values. 44606 Valid operators 44607 are In, NotIn, 44608 Exists and DoesNotExist. 44609 type: string 44610 values: 44611 description: values 44612 is an array of 44613 string values. 44614 If the operator 44615 is In or NotIn, 44616 the values array 44617 must be non-empty. 44618 If the operator 44619 is Exists or DoesNotExist, 44620 the values array 44621 must be empty. 44622 This array is 44623 replaced during 44624 a strategic merge 44625 patch. 44626 items: 44627 type: string 44628 type: array 44629 required: 44630 - key 44631 - operator 44632 type: object 44633 type: array 44634 matchLabels: 44635 additionalProperties: 44636 type: string 44637 description: matchLabels 44638 is a map of {key,value} 44639 pairs. A single {key,value} 44640 in the matchLabels map 44641 is equivalent to an 44642 element of matchExpressions, 44643 whose key field is "key", 44644 the operator is "In", 44645 and the values array 44646 contains only "value". 44647 The requirements are 44648 ANDed. 44649 type: object 44650 type: object 44651 storageClassName: 44652 description: 'storageClassName 44653 is the name of the StorageClass 44654 required by the claim. More 44655 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 44656 type: string 44657 volumeMode: 44658 description: volumeMode defines 44659 what type of volume is required 44660 by the claim. Value of Filesystem 44661 is implied when not included 44662 in claim spec. 44663 type: string 44664 volumeName: 44665 description: volumeName is 44666 the binding reference to 44667 the PersistentVolume backing 44668 this claim. 44669 type: string 44670 type: object 44671 required: 44672 - spec 44673 type: object 44674 type: object 44675 fc: 44676 description: fc represents a Fibre Channel 44677 resource that is attached to a kubelet's 44678 host machine and then exposed to the 44679 pod. 44680 properties: 44681 fsType: 44682 description: 'fsType is the filesystem 44683 type to mount. Must be a filesystem 44684 type supported by the host operating 44685 system. Ex. "ext4", "xfs", "ntfs". 44686 Implicitly inferred to be "ext4" 44687 if unspecified. TODO: how do we 44688 prevent errors in the filesystem 44689 from compromising the machine' 44690 type: string 44691 lun: 44692 description: 'lun is Optional: FC 44693 target lun number' 44694 format: int32 44695 type: integer 44696 readOnly: 44697 description: 'readOnly is Optional: 44698 Defaults to false (read/write). 44699 ReadOnly here will force the ReadOnly 44700 setting in VolumeMounts.' 44701 type: boolean 44702 targetWWNs: 44703 description: 'targetWWNs is Optional: 44704 FC target worldwide names (WWNs)' 44705 items: 44706 type: string 44707 type: array 44708 wwids: 44709 description: 'wwids Optional: FC volume 44710 world wide identifiers (wwids) Either 44711 wwids or combination of targetWWNs 44712 and lun must be set, but not both 44713 simultaneously.' 44714 items: 44715 type: string 44716 type: array 44717 type: object 44718 flexVolume: 44719 description: flexVolume represents a generic 44720 volume resource that is provisioned/attached 44721 using an exec based plugin. 44722 properties: 44723 driver: 44724 description: driver is the name of 44725 the driver to use for this volume. 44726 type: string 44727 fsType: 44728 description: fsType is the filesystem 44729 type to mount. Must be a filesystem 44730 type supported by the host operating 44731 system. Ex. "ext4", "xfs", "ntfs". 44732 The default filesystem depends on 44733 FlexVolume script. 44734 type: string 44735 options: 44736 additionalProperties: 44737 type: string 44738 description: 'options is Optional: 44739 this field holds extra command options 44740 if any.' 44741 type: object 44742 readOnly: 44743 description: 'readOnly is Optional: 44744 defaults to false (read/write). 44745 ReadOnly here will force the ReadOnly 44746 setting in VolumeMounts.' 44747 type: boolean 44748 secretRef: 44749 description: 'secretRef is Optional: 44750 secretRef is reference to the secret 44751 object containing sensitive information 44752 to pass to the plugin scripts. This 44753 may be empty if no secret object 44754 is specified. If the secret object 44755 contains more than one secret, all 44756 secrets are passed to the plugin 44757 scripts.' 44758 properties: 44759 name: 44760 description: 'Name of the referent. 44761 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 44762 TODO: Add other useful fields. 44763 apiVersion, kind, uid?' 44764 type: string 44765 type: object 44766 required: 44767 - driver 44768 type: object 44769 flocker: 44770 description: flocker represents a Flocker 44771 volume attached to a kubelet's host 44772 machine. This depends on the Flocker 44773 control service being running 44774 properties: 44775 datasetName: 44776 description: datasetName is Name of 44777 the dataset stored as metadata -> 44778 name on the dataset for Flocker 44779 should be considered as deprecated 44780 type: string 44781 datasetUUID: 44782 description: datasetUUID is the UUID 44783 of the dataset. This is unique identifier 44784 of a Flocker dataset 44785 type: string 44786 type: object 44787 gcePersistentDisk: 44788 description: 'gcePersistentDisk represents 44789 a GCE Disk resource that is attached 44790 to a kubelet''s host machine and then 44791 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 44792 properties: 44793 fsType: 44794 description: 'fsType is filesystem 44795 type of the volume that you want 44796 to mount. Tip: Ensure that the filesystem 44797 type is supported by the host operating 44798 system. Examples: "ext4", "xfs", 44799 "ntfs". Implicitly inferred to be 44800 "ext4" if unspecified. More info: 44801 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 44802 TODO: how do we prevent errors in 44803 the filesystem from compromising 44804 the machine' 44805 type: string 44806 partition: 44807 description: 'partition is the partition 44808 in the volume that you want to mount. 44809 If omitted, the default is to mount 44810 by volume name. Examples: For volume 44811 /dev/sda1, you specify the partition 44812 as "1". Similarly, the volume partition 44813 for /dev/sda is "0" (or you can 44814 leave the property empty). More 44815 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 44816 format: int32 44817 type: integer 44818 pdName: 44819 description: 'pdName is unique name 44820 of the PD resource in GCE. Used 44821 to identify the disk in GCE. More 44822 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 44823 type: string 44824 readOnly: 44825 description: 'readOnly here will force 44826 the ReadOnly setting in VolumeMounts. 44827 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 44828 type: boolean 44829 required: 44830 - pdName 44831 type: object 44832 gitRepo: 44833 description: 'gitRepo represents a git 44834 repository at a particular revision. 44835 DEPRECATED: GitRepo is deprecated. To 44836 provision a container with a git repo, 44837 mount an EmptyDir into an InitContainer 44838 that clones the repo using git, then 44839 mount the EmptyDir into the Pod''s container.' 44840 properties: 44841 directory: 44842 description: directory is the target 44843 directory name. Must not contain 44844 or start with '..'. If '.' is supplied, 44845 the volume directory will be the 44846 git repository. Otherwise, if specified, 44847 the volume will contain the git 44848 repository in the subdirectory with 44849 the given name. 44850 type: string 44851 repository: 44852 description: repository is the URL 44853 type: string 44854 revision: 44855 description: revision is the commit 44856 hash for the specified revision. 44857 type: string 44858 required: 44859 - repository 44860 type: object 44861 glusterfs: 44862 description: 'glusterfs represents a Glusterfs 44863 mount on the host that shares a pod''s 44864 lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 44865 properties: 44866 endpoints: 44867 description: 'endpoints is the endpoint 44868 name that details Glusterfs topology. 44869 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 44870 type: string 44871 path: 44872 description: 'path is the Glusterfs 44873 volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 44874 type: string 44875 readOnly: 44876 description: 'readOnly here will force 44877 the Glusterfs volume to be mounted 44878 with read-only permissions. Defaults 44879 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 44880 type: boolean 44881 required: 44882 - endpoints 44883 - path 44884 type: object 44885 hostPath: 44886 description: 'hostPath represents a pre-existing 44887 file or directory on the host machine 44888 that is directly exposed to the container. 44889 This is generally used for system agents 44890 or other privileged things that are 44891 allowed to see the host machine. Most 44892 containers will NOT need this. More 44893 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 44894 --- TODO(jonesdl) We need to restrict 44895 who can use host directory mounts and 44896 who can/can not mount host directories 44897 as read/write.' 44898 properties: 44899 path: 44900 description: 'path of the directory 44901 on the host. If the path is a symlink, 44902 it will follow the link to the real 44903 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 44904 type: string 44905 type: 44906 description: 'type for HostPath Volume 44907 Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 44908 type: string 44909 required: 44910 - path 44911 type: object 44912 iscsi: 44913 description: 'iscsi represents an ISCSI 44914 Disk resource that is attached to a 44915 kubelet''s host machine and then exposed 44916 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 44917 properties: 44918 chapAuthDiscovery: 44919 description: chapAuthDiscovery defines 44920 whether support iSCSI Discovery 44921 CHAP authentication 44922 type: boolean 44923 chapAuthSession: 44924 description: chapAuthSession defines 44925 whether support iSCSI Session CHAP 44926 authentication 44927 type: boolean 44928 fsType: 44929 description: 'fsType is the filesystem 44930 type of the volume that you want 44931 to mount. Tip: Ensure that the filesystem 44932 type is supported by the host operating 44933 system. Examples: "ext4", "xfs", 44934 "ntfs". Implicitly inferred to be 44935 "ext4" if unspecified. More info: 44936 https://kubernetes.io/docs/concepts/storage/volumes#iscsi 44937 TODO: how do we prevent errors in 44938 the filesystem from compromising 44939 the machine' 44940 type: string 44941 initiatorName: 44942 description: initiatorName is the 44943 custom iSCSI Initiator Name. If 44944 initiatorName is specified with 44945 iscsiInterface simultaneously, new 44946 iSCSI interface <target portal>:<volume 44947 name> will be created for the connection. 44948 type: string 44949 iqn: 44950 description: iqn is the target iSCSI 44951 Qualified Name. 44952 type: string 44953 iscsiInterface: 44954 description: iscsiInterface is the 44955 interface Name that uses an iSCSI 44956 transport. Defaults to 'default' 44957 (tcp). 44958 type: string 44959 lun: 44960 description: lun represents iSCSI 44961 Target Lun number. 44962 format: int32 44963 type: integer 44964 portals: 44965 description: portals is the iSCSI 44966 Target Portal List. The portal is 44967 either an IP or ip_addr:port if 44968 the port is other than default (typically 44969 TCP ports 860 and 3260). 44970 items: 44971 type: string 44972 type: array 44973 readOnly: 44974 description: readOnly here will force 44975 the ReadOnly setting in VolumeMounts. 44976 Defaults to false. 44977 type: boolean 44978 secretRef: 44979 description: secretRef is the CHAP 44980 Secret for iSCSI target and initiator 44981 authentication 44982 properties: 44983 name: 44984 description: 'Name of the referent. 44985 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 44986 TODO: Add other useful fields. 44987 apiVersion, kind, uid?' 44988 type: string 44989 type: object 44990 targetPortal: 44991 description: targetPortal is iSCSI 44992 Target Portal. The Portal is either 44993 an IP or ip_addr:port if the port 44994 is other than default (typically 44995 TCP ports 860 and 3260). 44996 type: string 44997 required: 44998 - iqn 44999 - lun 45000 - targetPortal 45001 type: object 45002 name: 45003 description: 'name of the volume. Must 45004 be a DNS_LABEL and unique within the 45005 pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 45006 type: string 45007 nfs: 45008 description: 'nfs represents an NFS mount 45009 on the host that shares a pod''s lifetime 45010 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 45011 properties: 45012 path: 45013 description: 'path that is exported 45014 by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 45015 type: string 45016 readOnly: 45017 description: 'readOnly here will force 45018 the NFS export to be mounted with 45019 read-only permissions. Defaults 45020 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 45021 type: boolean 45022 server: 45023 description: 'server is the hostname 45024 or IP address of the NFS server. 45025 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 45026 type: string 45027 required: 45028 - path 45029 - server 45030 type: object 45031 persistentVolumeClaim: 45032 description: 'persistentVolumeClaimVolumeSource 45033 represents a reference to a PersistentVolumeClaim 45034 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 45035 properties: 45036 claimName: 45037 description: 'claimName is the name 45038 of a PersistentVolumeClaim in the 45039 same namespace as the pod using 45040 this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 45041 type: string 45042 readOnly: 45043 description: readOnly Will force the 45044 ReadOnly setting in VolumeMounts. 45045 Default false. 45046 type: boolean 45047 required: 45048 - claimName 45049 type: object 45050 photonPersistentDisk: 45051 description: photonPersistentDisk represents 45052 a PhotonController persistent disk attached 45053 and mounted on kubelets host machine 45054 properties: 45055 fsType: 45056 description: fsType is the filesystem 45057 type to mount. Must be a filesystem 45058 type supported by the host operating 45059 system. Ex. "ext4", "xfs", "ntfs". 45060 Implicitly inferred to be "ext4" 45061 if unspecified. 45062 type: string 45063 pdID: 45064 description: pdID is the ID that identifies 45065 Photon Controller persistent disk 45066 type: string 45067 required: 45068 - pdID 45069 type: object 45070 portworxVolume: 45071 description: portworxVolume represents 45072 a portworx volume attached and mounted 45073 on kubelets host machine 45074 properties: 45075 fsType: 45076 description: fSType represents the 45077 filesystem type to mount Must be 45078 a filesystem type supported by the 45079 host operating system. Ex. "ext4", 45080 "xfs". Implicitly inferred to be 45081 "ext4" if unspecified. 45082 type: string 45083 readOnly: 45084 description: readOnly defaults to 45085 false (read/write). ReadOnly here 45086 will force the ReadOnly setting 45087 in VolumeMounts. 45088 type: boolean 45089 volumeID: 45090 description: volumeID uniquely identifies 45091 a Portworx volume 45092 type: string 45093 required: 45094 - volumeID 45095 type: object 45096 projected: 45097 description: projected items for all in 45098 one resources secrets, configmaps, and 45099 downward API 45100 properties: 45101 defaultMode: 45102 description: defaultMode are the mode 45103 bits used to set permissions on 45104 created files by default. Must be 45105 an octal value between 0000 and 45106 0777 or a decimal value between 45107 0 and 511. YAML accepts both octal 45108 and decimal values, JSON requires 45109 decimal values for mode bits. Directories 45110 within the path are not affected 45111 by this setting. This might be in 45112 conflict with other options that 45113 affect the file mode, like fsGroup, 45114 and the result can be other mode 45115 bits set. 45116 format: int32 45117 type: integer 45118 sources: 45119 description: sources is the list of 45120 volume projections 45121 items: 45122 description: Projection that may 45123 be projected along with other 45124 supported volume types 45125 properties: 45126 configMap: 45127 description: configMap information 45128 about the configMap data to 45129 project 45130 properties: 45131 items: 45132 description: items if unspecified, 45133 each key-value pair in 45134 the Data field of the 45135 referenced ConfigMap will 45136 be projected into the 45137 volume as a file whose 45138 name is the key and content 45139 is the value. If specified, 45140 the listed keys will be 45141 projected into the specified 45142 paths, and unlisted keys 45143 will not be present. If 45144 a key is specified which 45145 is not present in the 45146 ConfigMap, the volume 45147 setup will error unless 45148 it is marked optional. 45149 Paths must be relative 45150 and may not contain the 45151 '..' path or start with 45152 '..'. 45153 items: 45154 description: Maps a string 45155 key to a path within 45156 a volume. 45157 properties: 45158 key: 45159 description: key is 45160 the key to project. 45161 type: string 45162 mode: 45163 description: 'mode 45164 is Optional: mode 45165 bits used to set 45166 permissions on this 45167 file. Must be an 45168 octal value between 45169 0000 and 0777 or 45170 a decimal value 45171 between 0 and 511. 45172 YAML accepts both 45173 octal and decimal 45174 values, JSON requires 45175 decimal values for 45176 mode bits. If not 45177 specified, the volume 45178 defaultMode will 45179 be used. This might 45180 be in conflict with 45181 other options that 45182 affect the file 45183 mode, like fsGroup, 45184 and the result can 45185 be other mode bits 45186 set.' 45187 format: int32 45188 type: integer 45189 path: 45190 description: path 45191 is the relative 45192 path of the file 45193 to map the key to. 45194 May not be an absolute 45195 path. May not contain 45196 the path element 45197 '..'. May not start 45198 with the string 45199 '..'. 45200 type: string 45201 required: 45202 - key 45203 - path 45204 type: object 45205 type: array 45206 name: 45207 description: 'Name of the 45208 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 45209 TODO: Add other useful 45210 fields. apiVersion, kind, 45211 uid?' 45212 type: string 45213 optional: 45214 description: optional specify 45215 whether the ConfigMap 45216 or its keys must be defined 45217 type: boolean 45218 type: object 45219 downwardAPI: 45220 description: downwardAPI information 45221 about the downwardAPI data 45222 to project 45223 properties: 45224 items: 45225 description: Items is a 45226 list of DownwardAPIVolume 45227 file 45228 items: 45229 description: DownwardAPIVolumeFile 45230 represents information 45231 to create the file containing 45232 the pod field 45233 properties: 45234 fieldRef: 45235 description: 'Required: 45236 Selects a field 45237 of the pod: only 45238 annotations, labels, 45239 name and namespace 45240 are supported.' 45241 properties: 45242 apiVersion: 45243 description: Version 45244 of the schema 45245 the FieldPath 45246 is written in 45247 terms of, defaults 45248 to "v1". 45249 type: string 45250 fieldPath: 45251 description: Path 45252 of the field 45253 to select in 45254 the specified 45255 API version. 45256 type: string 45257 required: 45258 - fieldPath 45259 type: object 45260 mode: 45261 description: 'Optional: 45262 mode bits used to 45263 set permissions 45264 on this file, must 45265 be an octal value 45266 between 0000 and 45267 0777 or a decimal 45268 value between 0 45269 and 511. YAML accepts 45270 both octal and decimal 45271 values, JSON requires 45272 decimal values for 45273 mode bits. If not 45274 specified, the volume 45275 defaultMode will 45276 be used. This might 45277 be in conflict with 45278 other options that 45279 affect the file 45280 mode, like fsGroup, 45281 and the result can 45282 be other mode bits 45283 set.' 45284 format: int32 45285 type: integer 45286 path: 45287 description: 'Required: 45288 Path is the relative 45289 path name of the 45290 file to be created. 45291 Must not be absolute 45292 or contain the ''..'' 45293 path. Must be utf-8 45294 encoded. The first 45295 item of the relative 45296 path must not start 45297 with ''..''' 45298 type: string 45299 resourceFieldRef: 45300 description: 'Selects 45301 a resource of the 45302 container: only 45303 resources limits 45304 and requests (limits.cpu, 45305 limits.memory, requests.cpu 45306 and requests.memory) 45307 are currently supported.' 45308 properties: 45309 containerName: 45310 description: 'Container 45311 name: required 45312 for volumes, 45313 optional for 45314 env vars' 45315 type: string 45316 divisor: 45317 anyOf: 45318 - type: integer 45319 - type: string 45320 description: Specifies 45321 the output format 45322 of the exposed 45323 resources, defaults 45324 to "1" 45325 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 45326 x-kubernetes-int-or-string: true 45327 resource: 45328 description: 'Required: 45329 resource to 45330 select' 45331 type: string 45332 required: 45333 - resource 45334 type: object 45335 required: 45336 - path 45337 type: object 45338 type: array 45339 type: object 45340 secret: 45341 description: secret information 45342 about the secret data to project 45343 properties: 45344 items: 45345 description: items if unspecified, 45346 each key-value pair in 45347 the Data field of the 45348 referenced Secret will 45349 be projected into the 45350 volume as a file whose 45351 name is the key and content 45352 is the value. If specified, 45353 the listed keys will be 45354 projected into the specified 45355 paths, and unlisted keys 45356 will not be present. If 45357 a key is specified which 45358 is not present in the 45359 Secret, the volume setup 45360 will error unless it is 45361 marked optional. Paths 45362 must be relative and may 45363 not contain the '..' path 45364 or start with '..'. 45365 items: 45366 description: Maps a string 45367 key to a path within 45368 a volume. 45369 properties: 45370 key: 45371 description: key is 45372 the key to project. 45373 type: string 45374 mode: 45375 description: 'mode 45376 is Optional: mode 45377 bits used to set 45378 permissions on this 45379 file. Must be an 45380 octal value between 45381 0000 and 0777 or 45382 a decimal value 45383 between 0 and 511. 45384 YAML accepts both 45385 octal and decimal 45386 values, JSON requires 45387 decimal values for 45388 mode bits. If not 45389 specified, the volume 45390 defaultMode will 45391 be used. This might 45392 be in conflict with 45393 other options that 45394 affect the file 45395 mode, like fsGroup, 45396 and the result can 45397 be other mode bits 45398 set.' 45399 format: int32 45400 type: integer 45401 path: 45402 description: path 45403 is the relative 45404 path of the file 45405 to map the key to. 45406 May not be an absolute 45407 path. May not contain 45408 the path element 45409 '..'. May not start 45410 with the string 45411 '..'. 45412 type: string 45413 required: 45414 - key 45415 - path 45416 type: object 45417 type: array 45418 name: 45419 description: 'Name of the 45420 referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 45421 TODO: Add other useful 45422 fields. apiVersion, kind, 45423 uid?' 45424 type: string 45425 optional: 45426 description: optional field 45427 specify whether the Secret 45428 or its key must be defined 45429 type: boolean 45430 type: object 45431 serviceAccountToken: 45432 description: serviceAccountToken 45433 is information about the serviceAccountToken 45434 data to project 45435 properties: 45436 audience: 45437 description: audience is 45438 the intended audience 45439 of the token. A recipient 45440 of a token must identify 45441 itself with an identifier 45442 specified in the audience 45443 of the token, and otherwise 45444 should reject the token. 45445 The audience defaults 45446 to the identifier of the 45447 apiserver. 45448 type: string 45449 expirationSeconds: 45450 description: expirationSeconds 45451 is the requested duration 45452 of validity of the service 45453 account token. As the 45454 token approaches expiration, 45455 the kubelet volume plugin 45456 will proactively rotate 45457 the service account token. 45458 The kubelet will start 45459 trying to rotate the token 45460 if the token is older 45461 than 80 percent of its 45462 time to live or if the 45463 token is older than 24 45464 hours.Defaults to 1 hour 45465 and must be at least 10 45466 minutes. 45467 format: int64 45468 type: integer 45469 path: 45470 description: path is the 45471 path relative to the mount 45472 point of the file to project 45473 the token into. 45474 type: string 45475 required: 45476 - path 45477 type: object 45478 type: object 45479 type: array 45480 type: object 45481 quobyte: 45482 description: quobyte represents a Quobyte 45483 mount on the host that shares a pod's 45484 lifetime 45485 properties: 45486 group: 45487 description: group to map volume access 45488 to Default is no group 45489 type: string 45490 readOnly: 45491 description: readOnly here will force 45492 the Quobyte volume to be mounted 45493 with read-only permissions. Defaults 45494 to false. 45495 type: boolean 45496 registry: 45497 description: registry represents a 45498 single or multiple Quobyte Registry 45499 services specified as a string as 45500 host:port pair (multiple entries 45501 are separated with commas) which 45502 acts as the central registry for 45503 volumes 45504 type: string 45505 tenant: 45506 description: tenant owning the given 45507 Quobyte volume in the Backend Used 45508 with dynamically provisioned Quobyte 45509 volumes, value is set by the plugin 45510 type: string 45511 user: 45512 description: user to map volume access 45513 to Defaults to serivceaccount user 45514 type: string 45515 volume: 45516 description: volume is a string that 45517 references an already created Quobyte 45518 volume by name. 45519 type: string 45520 required: 45521 - registry 45522 - volume 45523 type: object 45524 rbd: 45525 description: 'rbd represents a Rados Block 45526 Device mount on the host that shares 45527 a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 45528 properties: 45529 fsType: 45530 description: 'fsType is the filesystem 45531 type of the volume that you want 45532 to mount. Tip: Ensure that the filesystem 45533 type is supported by the host operating 45534 system. Examples: "ext4", "xfs", 45535 "ntfs". Implicitly inferred to be 45536 "ext4" if unspecified. More info: 45537 https://kubernetes.io/docs/concepts/storage/volumes#rbd 45538 TODO: how do we prevent errors in 45539 the filesystem from compromising 45540 the machine' 45541 type: string 45542 image: 45543 description: 'image is the rados image 45544 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45545 type: string 45546 keyring: 45547 description: 'keyring is the path 45548 to key ring for RBDUser. Default 45549 is /etc/ceph/keyring. More info: 45550 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45551 type: string 45552 monitors: 45553 description: 'monitors is a collection 45554 of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45555 items: 45556 type: string 45557 type: array 45558 pool: 45559 description: 'pool is the rados pool 45560 name. Default is rbd. More info: 45561 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45562 type: string 45563 readOnly: 45564 description: 'readOnly here will force 45565 the ReadOnly setting in VolumeMounts. 45566 Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45567 type: boolean 45568 secretRef: 45569 description: 'secretRef is name of 45570 the authentication secret for RBDUser. 45571 If provided overrides keyring. Default 45572 is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45573 properties: 45574 name: 45575 description: 'Name of the referent. 45576 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 45577 TODO: Add other useful fields. 45578 apiVersion, kind, uid?' 45579 type: string 45580 type: object 45581 user: 45582 description: 'user is the rados user 45583 name. Default is admin. More info: 45584 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 45585 type: string 45586 required: 45587 - image 45588 - monitors 45589 type: object 45590 scaleIO: 45591 description: scaleIO represents a ScaleIO 45592 persistent volume attached and mounted 45593 on Kubernetes nodes. 45594 properties: 45595 fsType: 45596 description: fsType is the filesystem 45597 type to mount. Must be a filesystem 45598 type supported by the host operating 45599 system. Ex. "ext4", "xfs", "ntfs". 45600 Default is "xfs". 45601 type: string 45602 gateway: 45603 description: gateway is the host address 45604 of the ScaleIO API Gateway. 45605 type: string 45606 protectionDomain: 45607 description: protectionDomain is the 45608 name of the ScaleIO Protection Domain 45609 for the configured storage. 45610 type: string 45611 readOnly: 45612 description: readOnly Defaults to 45613 false (read/write). ReadOnly here 45614 will force the ReadOnly setting 45615 in VolumeMounts. 45616 type: boolean 45617 secretRef: 45618 description: secretRef references 45619 to the secret for ScaleIO user and 45620 other sensitive information. If 45621 this is not provided, Login operation 45622 will fail. 45623 properties: 45624 name: 45625 description: 'Name of the referent. 45626 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 45627 TODO: Add other useful fields. 45628 apiVersion, kind, uid?' 45629 type: string 45630 type: object 45631 sslEnabled: 45632 description: sslEnabled Flag enable/disable 45633 SSL communication with Gateway, 45634 default false 45635 type: boolean 45636 storageMode: 45637 description: storageMode indicates 45638 whether the storage for a volume 45639 should be ThickProvisioned or ThinProvisioned. 45640 Default is ThinProvisioned. 45641 type: string 45642 storagePool: 45643 description: storagePool is the ScaleIO 45644 Storage Pool associated with the 45645 protection domain. 45646 type: string 45647 system: 45648 description: system is the name of 45649 the storage system as configured 45650 in ScaleIO. 45651 type: string 45652 volumeName: 45653 description: volumeName is the name 45654 of a volume already created in the 45655 ScaleIO system that is associated 45656 with this volume source. 45657 type: string 45658 required: 45659 - gateway 45660 - secretRef 45661 - system 45662 type: object 45663 secret: 45664 description: 'secret represents a secret 45665 that should populate this volume. More 45666 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 45667 properties: 45668 defaultMode: 45669 description: 'defaultMode is Optional: 45670 mode bits used to set permissions 45671 on created files by default. Must 45672 be an octal value between 0000 and 45673 0777 or a decimal value between 45674 0 and 511. YAML accepts both octal 45675 and decimal values, JSON requires 45676 decimal values for mode bits. Defaults 45677 to 0644. Directories within the 45678 path are not affected by this setting. 45679 This might be in conflict with other 45680 options that affect the file mode, 45681 like fsGroup, and the result can 45682 be other mode bits set.' 45683 format: int32 45684 type: integer 45685 items: 45686 description: items If unspecified, 45687 each key-value pair in the Data 45688 field of the referenced Secret will 45689 be projected into the volume as 45690 a file whose name is the key and 45691 content is the value. If specified, 45692 the listed keys will be projected 45693 into the specified paths, and unlisted 45694 keys will not be present. If a key 45695 is specified which is not present 45696 in the Secret, the volume setup 45697 will error unless it is marked optional. 45698 Paths must be relative and may not 45699 contain the '..' path or start with 45700 '..'. 45701 items: 45702 description: Maps a string key to 45703 a path within a volume. 45704 properties: 45705 key: 45706 description: key is the key 45707 to project. 45708 type: string 45709 mode: 45710 description: 'mode is Optional: 45711 mode bits used to set permissions 45712 on this file. Must be an octal 45713 value between 0000 and 0777 45714 or a decimal value between 45715 0 and 511. YAML accepts both 45716 octal and decimal values, 45717 JSON requires decimal values 45718 for mode bits. If not specified, 45719 the volume defaultMode will 45720 be used. This might be in 45721 conflict with other options 45722 that affect the file mode, 45723 like fsGroup, and the result 45724 can be other mode bits set.' 45725 format: int32 45726 type: integer 45727 path: 45728 description: path is the relative 45729 path of the file to map the 45730 key to. May not be an absolute 45731 path. May not contain the 45732 path element '..'. May not 45733 start with the string '..'. 45734 type: string 45735 required: 45736 - key 45737 - path 45738 type: object 45739 type: array 45740 optional: 45741 description: optional field specify 45742 whether the Secret or its keys must 45743 be defined 45744 type: boolean 45745 secretName: 45746 description: 'secretName is the name 45747 of the secret in the pod''s namespace 45748 to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 45749 type: string 45750 type: object 45751 storageos: 45752 description: storageOS represents a StorageOS 45753 volume attached and mounted on Kubernetes 45754 nodes. 45755 properties: 45756 fsType: 45757 description: fsType is the filesystem 45758 type to mount. Must be a filesystem 45759 type supported by the host operating 45760 system. Ex. "ext4", "xfs", "ntfs". 45761 Implicitly inferred to be "ext4" 45762 if unspecified. 45763 type: string 45764 readOnly: 45765 description: readOnly defaults to 45766 false (read/write). ReadOnly here 45767 will force the ReadOnly setting 45768 in VolumeMounts. 45769 type: boolean 45770 secretRef: 45771 description: secretRef specifies the 45772 secret to use for obtaining the 45773 StorageOS API credentials. If not 45774 specified, default values will be 45775 attempted. 45776 properties: 45777 name: 45778 description: 'Name of the referent. 45779 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 45780 TODO: Add other useful fields. 45781 apiVersion, kind, uid?' 45782 type: string 45783 type: object 45784 volumeName: 45785 description: volumeName is the human-readable 45786 name of the StorageOS volume. Volume 45787 names are only unique within a namespace. 45788 type: string 45789 volumeNamespace: 45790 description: volumeNamespace specifies 45791 the scope of the volume within StorageOS. If 45792 no namespace is specified then the 45793 Pod's namespace will be used. This 45794 allows the Kubernetes name scoping 45795 to be mirrored within StorageOS 45796 for tighter integration. Set VolumeName 45797 to any name to override the default 45798 behaviour. Set to "default" if you 45799 are not using namespaces within 45800 StorageOS. Namespaces that do not 45801 pre-exist within StorageOS will 45802 be created. 45803 type: string 45804 type: object 45805 vsphereVolume: 45806 description: vsphereVolume represents 45807 a vSphere volume attached and mounted 45808 on kubelets host machine 45809 properties: 45810 fsType: 45811 description: fsType is filesystem 45812 type to mount. Must be a filesystem 45813 type supported by the host operating 45814 system. Ex. "ext4", "xfs", "ntfs". 45815 Implicitly inferred to be "ext4" 45816 if unspecified. 45817 type: string 45818 storagePolicyID: 45819 description: storagePolicyID is the 45820 storage Policy Based Management 45821 (SPBM) profile ID associated with 45822 the StoragePolicyName. 45823 type: string 45824 storagePolicyName: 45825 description: storagePolicyName is 45826 the storage Policy Based Management 45827 (SPBM) profile name. 45828 type: string 45829 volumePath: 45830 description: volumePath is the path 45831 that identifies vSphere volume vmdk 45832 type: string 45833 required: 45834 - volumePath 45835 type: object 45836 required: 45837 - name 45838 type: object 45839 type: array 45840 x-kubernetes-list-type: atomic 45841 workspaces: 45842 description: Workspaces are the volumes that 45843 this Task requires. 45844 items: 45845 description: WorkspaceDeclaration is a declaration 45846 of a volume that a Task requires. 45847 properties: 45848 description: 45849 description: Description is an optional 45850 human readable description of this volume. 45851 type: string 45852 mountPath: 45853 description: MountPath overrides the directory 45854 that the volume will be made available 45855 at. 45856 type: string 45857 name: 45858 description: Name is the name by which 45859 you can bind the volume at runtime. 45860 type: string 45861 optional: 45862 description: Optional marks a Workspace 45863 as not being required in TaskRuns. By 45864 default this field is false and so declared 45865 workspaces are required. 45866 type: boolean 45867 readOnly: 45868 description: ReadOnly dictates whether 45869 a mounted volume is writable. By default 45870 this field is false and so mounted volumes 45871 are writable. 45872 type: boolean 45873 required: 45874 - name 45875 type: object 45876 type: array 45877 x-kubernetes-list-type: atomic 45878 type: object 45879 timeout: 45880 description: 'Time after which the TaskRun times 45881 out. Defaults to 1 hour. Specified TaskRun timeout 45882 should be less than 24h. Refer Go''s ParseDuration 45883 documentation for expected format: https://golang.org/pkg/time/#ParseDuration' 45884 type: string 45885 when: 45886 description: WhenExpressions is a list of when expressions 45887 that need to be true for the task to run 45888 items: 45889 description: WhenExpression allows a PipelineTask 45890 to declare expressions to be evaluated before 45891 the Task is run to determine whether the Task 45892 should be executed or skipped 45893 properties: 45894 input: 45895 description: Input is the string for guard 45896 checking which can be a static input or 45897 an output from a parent Task 45898 type: string 45899 operator: 45900 description: Operator that represents an Input's 45901 relationship to the values 45902 type: string 45903 values: 45904 description: Values is an array of strings, 45905 which is compared against the input, for 45906 guard checking It must be non-empty 45907 items: 45908 type: string 45909 type: array 45910 x-kubernetes-list-type: atomic 45911 required: 45912 - input 45913 - operator 45914 - values 45915 type: object 45916 type: array 45917 workspaces: 45918 description: Workspaces maps workspaces from the 45919 pipeline spec to the workspaces declared in the 45920 Task. 45921 items: 45922 description: WorkspacePipelineTaskBinding describes 45923 how a workspace passed into the pipeline should 45924 be mapped to a task's declared workspace. 45925 properties: 45926 name: 45927 description: Name is the name of the workspace 45928 as declared by the task 45929 type: string 45930 subPath: 45931 description: SubPath is optionally a directory 45932 on the volume which should be used for this 45933 binding (i.e. the volume will be mounted 45934 at this sub directory). 45935 type: string 45936 workspace: 45937 description: Workspace is the name of the 45938 workspace declared by the pipeline 45939 type: string 45940 required: 45941 - name 45942 type: object 45943 type: array 45944 x-kubernetes-list-type: atomic 45945 type: object 45946 type: array 45947 x-kubernetes-list-type: atomic 45948 workspaces: 45949 description: Workspaces declares a set of named workspaces 45950 that are expected to be provided by a PipelineRun. 45951 items: 45952 description: PipelineWorkspaceDeclaration creates a 45953 named slot in a Pipeline that a PipelineRun is expected 45954 to populate with a workspace binding. 45955 properties: 45956 description: 45957 description: Description is a human readable string 45958 describing how the workspace will be used in the 45959 Pipeline. It can be useful to include a bit of 45960 detail about which tasks are intended to have 45961 access to the data on the workspace. 45962 type: string 45963 name: 45964 description: Name is the name of a workspace to 45965 be provided by a PipelineRun. 45966 type: string 45967 optional: 45968 description: Optional marks a Workspace as not being 45969 required in PipelineRuns. By default this field 45970 is false and so declared workspaces are required. 45971 type: boolean 45972 required: 45973 - name 45974 type: object 45975 type: array 45976 x-kubernetes-list-type: atomic 45977 type: object 45978 podTemplate: 45979 description: PodTemplate holds pod specific configuration 45980 properties: 45981 affinity: 45982 description: If specified, the pod's scheduling constraints 45983 properties: 45984 nodeAffinity: 45985 description: Describes node affinity scheduling rules 45986 for the pod. 45987 properties: 45988 preferredDuringSchedulingIgnoredDuringExecution: 45989 description: The scheduler will prefer to schedule 45990 pods to nodes that satisfy the affinity expressions 45991 specified by this field, but it may choose a 45992 node that violates one or more of the expressions. 45993 The node that is most preferred is the one with 45994 the greatest sum of weights, i.e. for each node 45995 that meets all of the scheduling requirements 45996 (resource request, requiredDuringScheduling 45997 affinity expressions, etc.), compute a sum by 45998 iterating through the elements of this field 45999 and adding "weight" to the sum if the node matches 46000 the corresponding matchExpressions; the node(s) 46001 with the highest sum are the most preferred. 46002 items: 46003 description: An empty preferred scheduling term 46004 matches all objects with implicit weight 0 46005 (i.e. it's a no-op). A null preferred scheduling 46006 term matches no objects (i.e. is also a no-op). 46007 properties: 46008 preference: 46009 description: A node selector term, associated 46010 with the corresponding weight. 46011 properties: 46012 matchExpressions: 46013 description: A list of node selector 46014 requirements by node's labels. 46015 items: 46016 description: A node selector requirement 46017 is a selector that contains values, 46018 a key, and an operator that relates 46019 the key and values. 46020 properties: 46021 key: 46022 description: The label key that 46023 the selector applies to. 46024 type: string 46025 operator: 46026 description: Represents a key's 46027 relationship to a set of values. 46028 Valid operators are In, NotIn, 46029 Exists, DoesNotExist. Gt, and 46030 Lt. 46031 type: string 46032 values: 46033 description: An array of string 46034 values. If the operator is In 46035 or NotIn, the values array must 46036 be non-empty. If the operator 46037 is Exists or DoesNotExist, the 46038 values array must be empty. 46039 If the operator is Gt or Lt, 46040 the values array must have a 46041 single element, which will be 46042 interpreted as an integer. This 46043 array is replaced during a strategic 46044 merge patch. 46045 items: 46046 type: string 46047 type: array 46048 required: 46049 - key 46050 - operator 46051 type: object 46052 type: array 46053 matchFields: 46054 description: A list of node selector 46055 requirements by node's fields. 46056 items: 46057 description: A node selector requirement 46058 is a selector that contains values, 46059 a key, and an operator that relates 46060 the key and values. 46061 properties: 46062 key: 46063 description: The label key that 46064 the selector applies to. 46065 type: string 46066 operator: 46067 description: Represents a key's 46068 relationship to a set of values. 46069 Valid operators are In, NotIn, 46070 Exists, DoesNotExist. Gt, and 46071 Lt. 46072 type: string 46073 values: 46074 description: An array of string 46075 values. If the operator is In 46076 or NotIn, the values array must 46077 be non-empty. If the operator 46078 is Exists or DoesNotExist, the 46079 values array must be empty. 46080 If the operator is Gt or Lt, 46081 the values array must have a 46082 single element, which will be 46083 interpreted as an integer. This 46084 array is replaced during a strategic 46085 merge patch. 46086 items: 46087 type: string 46088 type: array 46089 required: 46090 - key 46091 - operator 46092 type: object 46093 type: array 46094 type: object 46095 weight: 46096 description: Weight associated with matching 46097 the corresponding nodeSelectorTerm, in 46098 the range 1-100. 46099 format: int32 46100 type: integer 46101 required: 46102 - preference 46103 - weight 46104 type: object 46105 type: array 46106 requiredDuringSchedulingIgnoredDuringExecution: 46107 description: If the affinity requirements specified 46108 by this field are not met at scheduling time, 46109 the pod will not be scheduled onto the node. 46110 If the affinity requirements specified by this 46111 field cease to be met at some point during pod 46112 execution (e.g. due to an update), the system 46113 may or may not try to eventually evict the pod 46114 from its node. 46115 properties: 46116 nodeSelectorTerms: 46117 description: Required. A list of node selector 46118 terms. The terms are ORed. 46119 items: 46120 description: A null or empty node selector 46121 term matches no objects. The requirements 46122 of them are ANDed. The TopologySelectorTerm 46123 type implements a subset of the NodeSelectorTerm. 46124 properties: 46125 matchExpressions: 46126 description: A list of node selector 46127 requirements by node's labels. 46128 items: 46129 description: A node selector requirement 46130 is a selector that contains values, 46131 a key, and an operator that relates 46132 the key and values. 46133 properties: 46134 key: 46135 description: The label key that 46136 the selector applies to. 46137 type: string 46138 operator: 46139 description: Represents a key's 46140 relationship to a set of values. 46141 Valid operators are In, NotIn, 46142 Exists, DoesNotExist. Gt, and 46143 Lt. 46144 type: string 46145 values: 46146 description: An array of string 46147 values. If the operator is In 46148 or NotIn, the values array must 46149 be non-empty. If the operator 46150 is Exists or DoesNotExist, the 46151 values array must be empty. 46152 If the operator is Gt or Lt, 46153 the values array must have a 46154 single element, which will be 46155 interpreted as an integer. This 46156 array is replaced during a strategic 46157 merge patch. 46158 items: 46159 type: string 46160 type: array 46161 required: 46162 - key 46163 - operator 46164 type: object 46165 type: array 46166 matchFields: 46167 description: A list of node selector 46168 requirements by node's fields. 46169 items: 46170 description: A node selector requirement 46171 is a selector that contains values, 46172 a key, and an operator that relates 46173 the key and values. 46174 properties: 46175 key: 46176 description: The label key that 46177 the selector applies to. 46178 type: string 46179 operator: 46180 description: Represents a key's 46181 relationship to a set of values. 46182 Valid operators are In, NotIn, 46183 Exists, DoesNotExist. Gt, and 46184 Lt. 46185 type: string 46186 values: 46187 description: An array of string 46188 values. If the operator is In 46189 or NotIn, the values array must 46190 be non-empty. If the operator 46191 is Exists or DoesNotExist, the 46192 values array must be empty. 46193 If the operator is Gt or Lt, 46194 the values array must have a 46195 single element, which will be 46196 interpreted as an integer. This 46197 array is replaced during a strategic 46198 merge patch. 46199 items: 46200 type: string 46201 type: array 46202 required: 46203 - key 46204 - operator 46205 type: object 46206 type: array 46207 type: object 46208 type: array 46209 required: 46210 - nodeSelectorTerms 46211 type: object 46212 type: object 46213 podAffinity: 46214 description: Describes pod affinity scheduling rules 46215 (e.g. co-locate this pod in the same node, zone, 46216 etc. as some other pod(s)). 46217 properties: 46218 preferredDuringSchedulingIgnoredDuringExecution: 46219 description: The scheduler will prefer to schedule 46220 pods to nodes that satisfy the affinity expressions 46221 specified by this field, but it may choose a 46222 node that violates one or more of the expressions. 46223 The node that is most preferred is the one with 46224 the greatest sum of weights, i.e. for each node 46225 that meets all of the scheduling requirements 46226 (resource request, requiredDuringScheduling 46227 affinity expressions, etc.), compute a sum by 46228 iterating through the elements of this field 46229 and adding "weight" to the sum if the node has 46230 pods which matches the corresponding podAffinityTerm; 46231 the node(s) with the highest sum are the most 46232 preferred. 46233 items: 46234 description: The weights of all of the matched 46235 WeightedPodAffinityTerm fields are added per-node 46236 to find the most preferred node(s) 46237 properties: 46238 podAffinityTerm: 46239 description: Required. A pod affinity term, 46240 associated with the corresponding weight. 46241 properties: 46242 labelSelector: 46243 description: A label query over a set 46244 of resources, in this case pods. 46245 properties: 46246 matchExpressions: 46247 description: matchExpressions is 46248 a list of label selector requirements. 46249 The requirements are ANDed. 46250 items: 46251 description: A label selector 46252 requirement is a selector that 46253 contains values, a key, and 46254 an operator that relates the 46255 key and values. 46256 properties: 46257 key: 46258 description: key is the label 46259 key that the selector applies 46260 to. 46261 type: string 46262 operator: 46263 description: operator represents 46264 a key's relationship to 46265 a set of values. Valid operators 46266 are In, NotIn, Exists and 46267 DoesNotExist. 46268 type: string 46269 values: 46270 description: values is an 46271 array of string values. 46272 If the operator is In or 46273 NotIn, the values array 46274 must be non-empty. If the 46275 operator is Exists or DoesNotExist, 46276 the values array must be 46277 empty. This array is replaced 46278 during a strategic merge 46279 patch. 46280 items: 46281 type: string 46282 type: array 46283 required: 46284 - key 46285 - operator 46286 type: object 46287 type: array 46288 matchLabels: 46289 additionalProperties: 46290 type: string 46291 description: matchLabels is a map 46292 of {key,value} pairs. A single 46293 {key,value} in the matchLabels 46294 map is equivalent to an element 46295 of matchExpressions, whose key 46296 field is "key", the operator is 46297 "In", and the values array contains 46298 only "value". The requirements 46299 are ANDed. 46300 type: object 46301 type: object 46302 namespaceSelector: 46303 description: A label query over the 46304 set of namespaces that the term applies 46305 to. The term is applied to the union 46306 of the namespaces selected by this 46307 field and the ones listed in the namespaces 46308 field. null selector and null or empty 46309 namespaces list means "this pod's 46310 namespace". An empty selector ({}) 46311 matches all namespaces. 46312 properties: 46313 matchExpressions: 46314 description: matchExpressions is 46315 a list of label selector requirements. 46316 The requirements are ANDed. 46317 items: 46318 description: A label selector 46319 requirement is a selector that 46320 contains values, a key, and 46321 an operator that relates the 46322 key and values. 46323 properties: 46324 key: 46325 description: key is the label 46326 key that the selector applies 46327 to. 46328 type: string 46329 operator: 46330 description: operator represents 46331 a key's relationship to 46332 a set of values. Valid operators 46333 are In, NotIn, Exists and 46334 DoesNotExist. 46335 type: string 46336 values: 46337 description: values is an 46338 array of string values. 46339 If the operator is In or 46340 NotIn, the values array 46341 must be non-empty. If the 46342 operator is Exists or DoesNotExist, 46343 the values array must be 46344 empty. This array is replaced 46345 during a strategic merge 46346 patch. 46347 items: 46348 type: string 46349 type: array 46350 required: 46351 - key 46352 - operator 46353 type: object 46354 type: array 46355 matchLabels: 46356 additionalProperties: 46357 type: string 46358 description: matchLabels is a map 46359 of {key,value} pairs. A single 46360 {key,value} in the matchLabels 46361 map is equivalent to an element 46362 of matchExpressions, whose key 46363 field is "key", the operator is 46364 "In", and the values array contains 46365 only "value". The requirements 46366 are ANDed. 46367 type: object 46368 type: object 46369 namespaces: 46370 description: namespaces specifies a 46371 static list of namespace names that 46372 the term applies to. The term is applied 46373 to the union of the namespaces listed 46374 in this field and the ones selected 46375 by namespaceSelector. null or empty 46376 namespaces list and null namespaceSelector 46377 means "this pod's namespace". 46378 items: 46379 type: string 46380 type: array 46381 topologyKey: 46382 description: This pod should be co-located 46383 (affinity) or not co-located (anti-affinity) 46384 with the pods matching the labelSelector 46385 in the specified namespaces, where 46386 co-located is defined as running on 46387 a node whose value of the label with 46388 key topologyKey matches that of any 46389 node on which any of the selected 46390 pods is running. Empty topologyKey 46391 is not allowed. 46392 type: string 46393 required: 46394 - topologyKey 46395 type: object 46396 weight: 46397 description: weight associated with matching 46398 the corresponding podAffinityTerm, in 46399 the range 1-100. 46400 format: int32 46401 type: integer 46402 required: 46403 - podAffinityTerm 46404 - weight 46405 type: object 46406 type: array 46407 requiredDuringSchedulingIgnoredDuringExecution: 46408 description: If the affinity requirements specified 46409 by this field are not met at scheduling time, 46410 the pod will not be scheduled onto the node. 46411 If the affinity requirements specified by this 46412 field cease to be met at some point during pod 46413 execution (e.g. due to a pod label update), 46414 the system may or may not try to eventually 46415 evict the pod from its node. When there are 46416 multiple elements, the lists of nodes corresponding 46417 to each podAffinityTerm are intersected, i.e. 46418 all terms must be satisfied. 46419 items: 46420 description: Defines a set of pods (namely those 46421 matching the labelSelector relative to the 46422 given namespace(s)) that this pod should be 46423 co-located (affinity) or not co-located (anti-affinity) 46424 with, where co-located is defined as running 46425 on a node whose value of the label with key 46426 <topologyKey> matches that of any node on 46427 which a pod of the set of pods is running 46428 properties: 46429 labelSelector: 46430 description: A label query over a set of 46431 resources, in this case pods. 46432 properties: 46433 matchExpressions: 46434 description: matchExpressions is a list 46435 of label selector requirements. The 46436 requirements are ANDed. 46437 items: 46438 description: A label selector requirement 46439 is a selector that contains values, 46440 a key, and an operator that relates 46441 the key and values. 46442 properties: 46443 key: 46444 description: key is the label 46445 key that the selector applies 46446 to. 46447 type: string 46448 operator: 46449 description: operator represents 46450 a key's relationship to a set 46451 of values. Valid operators are 46452 In, NotIn, Exists and DoesNotExist. 46453 type: string 46454 values: 46455 description: values is an array 46456 of string values. If the operator 46457 is In or NotIn, the values array 46458 must be non-empty. If the operator 46459 is Exists or DoesNotExist, the 46460 values array must be empty. 46461 This array is replaced during 46462 a strategic merge patch. 46463 items: 46464 type: string 46465 type: array 46466 required: 46467 - key 46468 - operator 46469 type: object 46470 type: array 46471 matchLabels: 46472 additionalProperties: 46473 type: string 46474 description: matchLabels is a map of 46475 {key,value} pairs. A single {key,value} 46476 in the matchLabels map is equivalent 46477 to an element of matchExpressions, 46478 whose key field is "key", the operator 46479 is "In", and the values array contains 46480 only "value". The requirements are 46481 ANDed. 46482 type: object 46483 type: object 46484 namespaceSelector: 46485 description: A label query over the set 46486 of namespaces that the term applies to. 46487 The term is applied to the union of the 46488 namespaces selected by this field and 46489 the ones listed in the namespaces field. 46490 null selector and null or empty namespaces 46491 list means "this pod's namespace". An 46492 empty selector ({}) matches all namespaces. 46493 properties: 46494 matchExpressions: 46495 description: matchExpressions is a list 46496 of label selector requirements. The 46497 requirements are ANDed. 46498 items: 46499 description: A label selector requirement 46500 is a selector that contains values, 46501 a key, and an operator that relates 46502 the key and values. 46503 properties: 46504 key: 46505 description: key is the label 46506 key that the selector applies 46507 to. 46508 type: string 46509 operator: 46510 description: operator represents 46511 a key's relationship to a set 46512 of values. Valid operators are 46513 In, NotIn, Exists and DoesNotExist. 46514 type: string 46515 values: 46516 description: values is an array 46517 of string values. If the operator 46518 is In or NotIn, the values array 46519 must be non-empty. If the operator 46520 is Exists or DoesNotExist, the 46521 values array must be empty. 46522 This array is replaced during 46523 a strategic merge patch. 46524 items: 46525 type: string 46526 type: array 46527 required: 46528 - key 46529 - operator 46530 type: object 46531 type: array 46532 matchLabels: 46533 additionalProperties: 46534 type: string 46535 description: matchLabels is a map of 46536 {key,value} pairs. A single {key,value} 46537 in the matchLabels map is equivalent 46538 to an element of matchExpressions, 46539 whose key field is "key", the operator 46540 is "In", and the values array contains 46541 only "value". The requirements are 46542 ANDed. 46543 type: object 46544 type: object 46545 namespaces: 46546 description: namespaces specifies a static 46547 list of namespace names that the term 46548 applies to. The term is applied to the 46549 union of the namespaces listed in this 46550 field and the ones selected by namespaceSelector. 46551 null or empty namespaces list and null 46552 namespaceSelector means "this pod's namespace". 46553 items: 46554 type: string 46555 type: array 46556 topologyKey: 46557 description: This pod should be co-located 46558 (affinity) or not co-located (anti-affinity) 46559 with the pods matching the labelSelector 46560 in the specified namespaces, where co-located 46561 is defined as running on a node whose 46562 value of the label with key topologyKey 46563 matches that of any node on which any 46564 of the selected pods is running. Empty 46565 topologyKey is not allowed. 46566 type: string 46567 required: 46568 - topologyKey 46569 type: object 46570 type: array 46571 type: object 46572 podAntiAffinity: 46573 description: Describes pod anti-affinity scheduling 46574 rules (e.g. avoid putting this pod in the same node, 46575 zone, etc. as some other pod(s)). 46576 properties: 46577 preferredDuringSchedulingIgnoredDuringExecution: 46578 description: The scheduler will prefer to schedule 46579 pods to nodes that satisfy the anti-affinity 46580 expressions specified by this field, but it 46581 may choose a node that violates one or more 46582 of the expressions. The node that is most preferred 46583 is the one with the greatest sum of weights, 46584 i.e. for each node that meets all of the scheduling 46585 requirements (resource request, requiredDuringScheduling 46586 anti-affinity expressions, etc.), compute a 46587 sum by iterating through the elements of this 46588 field and adding "weight" to the sum if the 46589 node has pods which matches the corresponding 46590 podAffinityTerm; the node(s) with the highest 46591 sum are the most preferred. 46592 items: 46593 description: The weights of all of the matched 46594 WeightedPodAffinityTerm fields are added per-node 46595 to find the most preferred node(s) 46596 properties: 46597 podAffinityTerm: 46598 description: Required. A pod affinity term, 46599 associated with the corresponding weight. 46600 properties: 46601 labelSelector: 46602 description: A label query over a set 46603 of resources, in this case pods. 46604 properties: 46605 matchExpressions: 46606 description: matchExpressions is 46607 a list of label selector requirements. 46608 The requirements are ANDed. 46609 items: 46610 description: A label selector 46611 requirement is a selector that 46612 contains values, a key, and 46613 an operator that relates the 46614 key and values. 46615 properties: 46616 key: 46617 description: key is the label 46618 key that the selector applies 46619 to. 46620 type: string 46621 operator: 46622 description: operator represents 46623 a key's relationship to 46624 a set of values. Valid operators 46625 are In, NotIn, Exists and 46626 DoesNotExist. 46627 type: string 46628 values: 46629 description: values is an 46630 array of string values. 46631 If the operator is In or 46632 NotIn, the values array 46633 must be non-empty. If the 46634 operator is Exists or DoesNotExist, 46635 the values array must be 46636 empty. This array is replaced 46637 during a strategic merge 46638 patch. 46639 items: 46640 type: string 46641 type: array 46642 required: 46643 - key 46644 - operator 46645 type: object 46646 type: array 46647 matchLabels: 46648 additionalProperties: 46649 type: string 46650 description: matchLabels is a map 46651 of {key,value} pairs. A single 46652 {key,value} in the matchLabels 46653 map is equivalent to an element 46654 of matchExpressions, whose key 46655 field is "key", the operator is 46656 "In", and the values array contains 46657 only "value". The requirements 46658 are ANDed. 46659 type: object 46660 type: object 46661 namespaceSelector: 46662 description: A label query over the 46663 set of namespaces that the term applies 46664 to. The term is applied to the union 46665 of the namespaces selected by this 46666 field and the ones listed in the namespaces 46667 field. null selector and null or empty 46668 namespaces list means "this pod's 46669 namespace". An empty selector ({}) 46670 matches all namespaces. 46671 properties: 46672 matchExpressions: 46673 description: matchExpressions is 46674 a list of label selector requirements. 46675 The requirements are ANDed. 46676 items: 46677 description: A label selector 46678 requirement is a selector that 46679 contains values, a key, and 46680 an operator that relates the 46681 key and values. 46682 properties: 46683 key: 46684 description: key is the label 46685 key that the selector applies 46686 to. 46687 type: string 46688 operator: 46689 description: operator represents 46690 a key's relationship to 46691 a set of values. Valid operators 46692 are In, NotIn, Exists and 46693 DoesNotExist. 46694 type: string 46695 values: 46696 description: values is an 46697 array of string values. 46698 If the operator is In or 46699 NotIn, the values array 46700 must be non-empty. If the 46701 operator is Exists or DoesNotExist, 46702 the values array must be 46703 empty. This array is replaced 46704 during a strategic merge 46705 patch. 46706 items: 46707 type: string 46708 type: array 46709 required: 46710 - key 46711 - operator 46712 type: object 46713 type: array 46714 matchLabels: 46715 additionalProperties: 46716 type: string 46717 description: matchLabels is a map 46718 of {key,value} pairs. A single 46719 {key,value} in the matchLabels 46720 map is equivalent to an element 46721 of matchExpressions, whose key 46722 field is "key", the operator is 46723 "In", and the values array contains 46724 only "value". The requirements 46725 are ANDed. 46726 type: object 46727 type: object 46728 namespaces: 46729 description: namespaces specifies a 46730 static list of namespace names that 46731 the term applies to. The term is applied 46732 to the union of the namespaces listed 46733 in this field and the ones selected 46734 by namespaceSelector. null or empty 46735 namespaces list and null namespaceSelector 46736 means "this pod's namespace". 46737 items: 46738 type: string 46739 type: array 46740 topologyKey: 46741 description: This pod should be co-located 46742 (affinity) or not co-located (anti-affinity) 46743 with the pods matching the labelSelector 46744 in the specified namespaces, where 46745 co-located is defined as running on 46746 a node whose value of the label with 46747 key topologyKey matches that of any 46748 node on which any of the selected 46749 pods is running. Empty topologyKey 46750 is not allowed. 46751 type: string 46752 required: 46753 - topologyKey 46754 type: object 46755 weight: 46756 description: weight associated with matching 46757 the corresponding podAffinityTerm, in 46758 the range 1-100. 46759 format: int32 46760 type: integer 46761 required: 46762 - podAffinityTerm 46763 - weight 46764 type: object 46765 type: array 46766 requiredDuringSchedulingIgnoredDuringExecution: 46767 description: If the anti-affinity requirements 46768 specified by this field are not met at scheduling 46769 time, the pod will not be scheduled onto the 46770 node. If the anti-affinity requirements specified 46771 by this field cease to be met at some point 46772 during pod execution (e.g. due to a pod label 46773 update), the system may or may not try to eventually 46774 evict the pod from its node. When there are 46775 multiple elements, the lists of nodes corresponding 46776 to each podAffinityTerm are intersected, i.e. 46777 all terms must be satisfied. 46778 items: 46779 description: Defines a set of pods (namely those 46780 matching the labelSelector relative to the 46781 given namespace(s)) that this pod should be 46782 co-located (affinity) or not co-located (anti-affinity) 46783 with, where co-located is defined as running 46784 on a node whose value of the label with key 46785 <topologyKey> matches that of any node on 46786 which a pod of the set of pods is running 46787 properties: 46788 labelSelector: 46789 description: A label query over a set of 46790 resources, in this case pods. 46791 properties: 46792 matchExpressions: 46793 description: matchExpressions is a list 46794 of label selector requirements. The 46795 requirements are ANDed. 46796 items: 46797 description: A label selector requirement 46798 is a selector that contains values, 46799 a key, and an operator that relates 46800 the key and values. 46801 properties: 46802 key: 46803 description: key is the label 46804 key that the selector applies 46805 to. 46806 type: string 46807 operator: 46808 description: operator represents 46809 a key's relationship to a set 46810 of values. Valid operators are 46811 In, NotIn, Exists and DoesNotExist. 46812 type: string 46813 values: 46814 description: values is an array 46815 of string values. If the operator 46816 is In or NotIn, the values array 46817 must be non-empty. If the operator 46818 is Exists or DoesNotExist, the 46819 values array must be empty. 46820 This array is replaced during 46821 a strategic merge patch. 46822 items: 46823 type: string 46824 type: array 46825 required: 46826 - key 46827 - operator 46828 type: object 46829 type: array 46830 matchLabels: 46831 additionalProperties: 46832 type: string 46833 description: matchLabels is a map of 46834 {key,value} pairs. A single {key,value} 46835 in the matchLabels map is equivalent 46836 to an element of matchExpressions, 46837 whose key field is "key", the operator 46838 is "In", and the values array contains 46839 only "value". The requirements are 46840 ANDed. 46841 type: object 46842 type: object 46843 namespaceSelector: 46844 description: A label query over the set 46845 of namespaces that the term applies to. 46846 The term is applied to the union of the 46847 namespaces selected by this field and 46848 the ones listed in the namespaces field. 46849 null selector and null or empty namespaces 46850 list means "this pod's namespace". An 46851 empty selector ({}) matches all namespaces. 46852 properties: 46853 matchExpressions: 46854 description: matchExpressions is a list 46855 of label selector requirements. The 46856 requirements are ANDed. 46857 items: 46858 description: A label selector requirement 46859 is a selector that contains values, 46860 a key, and an operator that relates 46861 the key and values. 46862 properties: 46863 key: 46864 description: key is the label 46865 key that the selector applies 46866 to. 46867 type: string 46868 operator: 46869 description: operator represents 46870 a key's relationship to a set 46871 of values. Valid operators are 46872 In, NotIn, Exists and DoesNotExist. 46873 type: string 46874 values: 46875 description: values is an array 46876 of string values. If the operator 46877 is In or NotIn, the values array 46878 must be non-empty. If the operator 46879 is Exists or DoesNotExist, the 46880 values array must be empty. 46881 This array is replaced during 46882 a strategic merge patch. 46883 items: 46884 type: string 46885 type: array 46886 required: 46887 - key 46888 - operator 46889 type: object 46890 type: array 46891 matchLabels: 46892 additionalProperties: 46893 type: string 46894 description: matchLabels is a map of 46895 {key,value} pairs. A single {key,value} 46896 in the matchLabels map is equivalent 46897 to an element of matchExpressions, 46898 whose key field is "key", the operator 46899 is "In", and the values array contains 46900 only "value". The requirements are 46901 ANDed. 46902 type: object 46903 type: object 46904 namespaces: 46905 description: namespaces specifies a static 46906 list of namespace names that the term 46907 applies to. The term is applied to the 46908 union of the namespaces listed in this 46909 field and the ones selected by namespaceSelector. 46910 null or empty namespaces list and null 46911 namespaceSelector means "this pod's namespace". 46912 items: 46913 type: string 46914 type: array 46915 topologyKey: 46916 description: This pod should be co-located 46917 (affinity) or not co-located (anti-affinity) 46918 with the pods matching the labelSelector 46919 in the specified namespaces, where co-located 46920 is defined as running on a node whose 46921 value of the label with key topologyKey 46922 matches that of any node on which any 46923 of the selected pods is running. Empty 46924 topologyKey is not allowed. 46925 type: string 46926 required: 46927 - topologyKey 46928 type: object 46929 type: array 46930 type: object 46931 type: object 46932 automountServiceAccountToken: 46933 description: AutomountServiceAccountToken indicates whether 46934 pods running as this service account should have an 46935 API token automatically mounted. 46936 type: boolean 46937 dnsConfig: 46938 description: Specifies the DNS parameters of a pod. Parameters 46939 specified here will be merged to the generated DNS configuration 46940 based on DNSPolicy. 46941 properties: 46942 nameservers: 46943 description: A list of DNS name server IP addresses. 46944 This will be appended to the base nameservers generated 46945 from DNSPolicy. Duplicated nameservers will be removed. 46946 items: 46947 type: string 46948 type: array 46949 options: 46950 description: A list of DNS resolver options. This 46951 will be merged with the base options generated from 46952 DNSPolicy. Duplicated entries will be removed. Resolution 46953 options given in Options will override those that 46954 appear in the base DNSPolicy. 46955 items: 46956 description: PodDNSConfigOption defines DNS resolver 46957 options of a pod. 46958 properties: 46959 name: 46960 description: Required. 46961 type: string 46962 value: 46963 type: string 46964 type: object 46965 type: array 46966 searches: 46967 description: A list of DNS search domains for host-name 46968 lookup. This will be appended to the base search 46969 paths generated from DNSPolicy. Duplicated search 46970 paths will be removed. 46971 items: 46972 type: string 46973 type: array 46974 type: object 46975 dnsPolicy: 46976 description: Set DNS policy for the pod. Defaults to "ClusterFirst". 46977 Valid values are 'ClusterFirst', 'Default' or 'None'. 46978 DNS parameters given in DNSConfig will be merged with 46979 the policy selected with DNSPolicy. 46980 type: string 46981 enableServiceLinks: 46982 description: 'EnableServiceLinks indicates whether information 46983 about services should be injected into pod''s environment 46984 variables, matching the syntax of Docker links. Optional: 46985 Defaults to true.' 46986 type: boolean 46987 env: 46988 description: List of environment variables that can be 46989 provided to the containers belonging to the pod. 46990 items: 46991 description: EnvVar represents an environment variable 46992 present in a Container. 46993 properties: 46994 name: 46995 description: Name of the environment variable. Must 46996 be a C_IDENTIFIER. 46997 type: string 46998 value: 46999 description: 'Variable references $(VAR_NAME) are 47000 expanded using the previously defined environment 47001 variables in the container and any service environment 47002 variables. If a variable cannot be resolved, the 47003 reference in the input string will be unchanged. 47004 Double $$ are reduced to a single $, which allows 47005 for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" 47006 will produce the string literal "$(VAR_NAME)". 47007 Escaped references will never be expanded, regardless 47008 of whether the variable exists or not. Defaults 47009 to "".' 47010 type: string 47011 valueFrom: 47012 description: Source for the environment variable's 47013 value. Cannot be used if value is not empty. 47014 properties: 47015 configMapKeyRef: 47016 description: Selects a key of a ConfigMap. 47017 properties: 47018 key: 47019 description: The key to select. 47020 type: string 47021 name: 47022 description: 'Name of the referent. More 47023 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47024 TODO: Add other useful fields. apiVersion, 47025 kind, uid?' 47026 type: string 47027 optional: 47028 description: Specify whether the ConfigMap 47029 or its key must be defined 47030 type: boolean 47031 required: 47032 - key 47033 type: object 47034 fieldRef: 47035 description: 'Selects a field of the pod: supports 47036 metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, 47037 `metadata.annotations[''<KEY>'']`, spec.nodeName, 47038 spec.serviceAccountName, status.hostIP, status.podIP, 47039 status.podIPs.' 47040 properties: 47041 apiVersion: 47042 description: Version of the schema the FieldPath 47043 is written in terms of, defaults to "v1". 47044 type: string 47045 fieldPath: 47046 description: Path of the field to select 47047 in the specified API version. 47048 type: string 47049 required: 47050 - fieldPath 47051 type: object 47052 resourceFieldRef: 47053 description: 'Selects a resource of the container: 47054 only resources limits and requests (limits.cpu, 47055 limits.memory, limits.ephemeral-storage, requests.cpu, 47056 requests.memory and requests.ephemeral-storage) 47057 are currently supported.' 47058 properties: 47059 containerName: 47060 description: 'Container name: required for 47061 volumes, optional for env vars' 47062 type: string 47063 divisor: 47064 anyOf: 47065 - type: integer 47066 - type: string 47067 description: Specifies the output format 47068 of the exposed resources, defaults to 47069 "1" 47070 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 47071 x-kubernetes-int-or-string: true 47072 resource: 47073 description: 'Required: resource to select' 47074 type: string 47075 required: 47076 - resource 47077 type: object 47078 secretKeyRef: 47079 description: Selects a key of a secret in the 47080 pod's namespace 47081 properties: 47082 key: 47083 description: The key of the secret to select 47084 from. Must be a valid secret key. 47085 type: string 47086 name: 47087 description: 'Name of the referent. More 47088 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47089 TODO: Add other useful fields. apiVersion, 47090 kind, uid?' 47091 type: string 47092 optional: 47093 description: Specify whether the Secret 47094 or its key must be defined 47095 type: boolean 47096 required: 47097 - key 47098 type: object 47099 type: object 47100 required: 47101 - name 47102 type: object 47103 type: array 47104 x-kubernetes-list-type: atomic 47105 hostAliases: 47106 description: HostAliases is an optional list of hosts 47107 and IPs that will be injected into the pod's hosts file 47108 if specified. This is only valid for non-hostNetwork 47109 pods. 47110 items: 47111 description: HostAlias holds the mapping between IP 47112 and hostnames that will be injected as an entry in 47113 the pod's hosts file. 47114 properties: 47115 hostnames: 47116 description: Hostnames for the above IP address. 47117 items: 47118 type: string 47119 type: array 47120 ip: 47121 description: IP address of the host file entry. 47122 type: string 47123 type: object 47124 type: array 47125 x-kubernetes-list-type: atomic 47126 hostNetwork: 47127 description: HostNetwork specifies whether the pod may 47128 use the node network namespace 47129 type: boolean 47130 imagePullSecrets: 47131 description: ImagePullSecrets gives the name of the secret 47132 used by the pod to pull the image if specified 47133 items: 47134 description: LocalObjectReference contains enough information 47135 to let you locate the referenced object inside the 47136 same namespace. 47137 properties: 47138 name: 47139 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47140 TODO: Add other useful fields. apiVersion, kind, 47141 uid?' 47142 type: string 47143 type: object 47144 type: array 47145 x-kubernetes-list-type: atomic 47146 nodeSelector: 47147 additionalProperties: 47148 type: string 47149 description: 'NodeSelector is a selector which must be 47150 true for the pod to fit on a node. Selector which must 47151 match a node''s labels for the pod to be scheduled on 47152 that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 47153 type: object 47154 priorityClassName: 47155 description: If specified, indicates the pod's priority. 47156 "system-node-critical" and "system-cluster-critical" 47157 are two special keywords which indicate the highest 47158 priorities with the former being the highest priority. 47159 Any other name must be defined by creating a PriorityClass 47160 object with that name. If not specified, the pod priority 47161 will be default or zero if there is no default. 47162 type: string 47163 runtimeClassName: 47164 description: 'RuntimeClassName refers to a RuntimeClass 47165 object in the node.k8s.io group, which should be used 47166 to run this pod. If no RuntimeClass resource matches 47167 the named class, the pod will not be run. If unset or 47168 empty, the "legacy" RuntimeClass will be used, which 47169 is an implicit class with an empty definition that uses 47170 the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 47171 This is a beta feature as of Kubernetes v1.14.' 47172 type: string 47173 schedulerName: 47174 description: SchedulerName specifies the scheduler to 47175 be used to dispatch the Pod 47176 type: string 47177 securityContext: 47178 description: 'SecurityContext holds pod-level security 47179 attributes and common container settings. Optional: 47180 Defaults to empty. See type description for default 47181 values of each field.' 47182 properties: 47183 fsGroup: 47184 description: "A special supplemental group that applies 47185 to all containers in a pod. Some volume types allow 47186 the Kubelet to change the ownership of that volume 47187 to be owned by the pod: \n 1. The owning GID will 47188 be the FSGroup 2. The setgid bit is set (new files 47189 created in the volume will be owned by FSGroup) 47190 3. The permission bits are OR'd with rw-rw---- \n 47191 If unset, the Kubelet will not modify the ownership 47192 and permissions of any volume. Note that this field 47193 cannot be set when spec.os.name is windows." 47194 format: int64 47195 type: integer 47196 fsGroupChangePolicy: 47197 description: 'fsGroupChangePolicy defines behavior 47198 of changing ownership and permission of the volume 47199 before being exposed inside Pod. This field will 47200 only apply to volume types which support fsGroup 47201 based ownership(and permissions). It will have no 47202 effect on ephemeral volume types such as: secret, 47203 configmaps and emptydir. Valid values are "OnRootMismatch" 47204 and "Always". If not specified, "Always" is used. 47205 Note that this field cannot be set when spec.os.name 47206 is windows.' 47207 type: string 47208 runAsGroup: 47209 description: The GID to run the entrypoint of the 47210 container process. Uses runtime default if unset. 47211 May also be set in SecurityContext. If set in both 47212 SecurityContext and PodSecurityContext, the value 47213 specified in SecurityContext takes precedence for 47214 that container. Note that this field cannot be set 47215 when spec.os.name is windows. 47216 format: int64 47217 type: integer 47218 runAsNonRoot: 47219 description: Indicates that the container must run 47220 as a non-root user. If true, the Kubelet will validate 47221 the image at runtime to ensure that it does not 47222 run as UID 0 (root) and fail to start the container 47223 if it does. If unset or false, no such validation 47224 will be performed. May also be set in SecurityContext. If 47225 set in both SecurityContext and PodSecurityContext, 47226 the value specified in SecurityContext takes precedence. 47227 type: boolean 47228 runAsUser: 47229 description: The UID to run the entrypoint of the 47230 container process. Defaults to user specified in 47231 image metadata if unspecified. May also be set in 47232 SecurityContext. If set in both SecurityContext 47233 and PodSecurityContext, the value specified in SecurityContext 47234 takes precedence for that container. Note that this 47235 field cannot be set when spec.os.name is windows. 47236 format: int64 47237 type: integer 47238 seLinuxOptions: 47239 description: The SELinux context to be applied to 47240 all containers. If unspecified, the container runtime 47241 will allocate a random SELinux context for each 47242 container. May also be set in SecurityContext. If 47243 set in both SecurityContext and PodSecurityContext, 47244 the value specified in SecurityContext takes precedence 47245 for that container. Note that this field cannot 47246 be set when spec.os.name is windows. 47247 properties: 47248 level: 47249 description: Level is SELinux level label that 47250 applies to the container. 47251 type: string 47252 role: 47253 description: Role is a SELinux role label that 47254 applies to the container. 47255 type: string 47256 type: 47257 description: Type is a SELinux type label that 47258 applies to the container. 47259 type: string 47260 user: 47261 description: User is a SELinux user label that 47262 applies to the container. 47263 type: string 47264 type: object 47265 seccompProfile: 47266 description: The seccomp options to use by the containers 47267 in this pod. Note that this field cannot be set 47268 when spec.os.name is windows. 47269 properties: 47270 localhostProfile: 47271 description: localhostProfile indicates a profile 47272 defined in a file on the node should be used. 47273 The profile must be preconfigured on the node 47274 to work. Must be a descending path, relative 47275 to the kubelet's configured seccomp profile 47276 location. Must be set if type is "Localhost". 47277 Must NOT be set for any other type. 47278 type: string 47279 type: 47280 description: "type indicates which kind of seccomp 47281 profile will be applied. Valid options are: 47282 \n Localhost - a profile defined in a file on 47283 the node should be used. RuntimeDefault - the 47284 container runtime default profile should be 47285 used. Unconfined - no profile should be applied." 47286 type: string 47287 required: 47288 - type 47289 type: object 47290 supplementalGroups: 47291 description: A list of groups applied to the first 47292 process run in each container, in addition to the 47293 container's primary GID, the fsGroup (if specified), 47294 and group memberships defined in the container image 47295 for the uid of the container process. If unspecified, 47296 no additional groups are added to any container. 47297 Note that group memberships defined in the container 47298 image for the uid of the container process are still 47299 effective, even if they are not included in this 47300 list. Note that this field cannot be set when spec.os.name 47301 is windows. 47302 items: 47303 format: int64 47304 type: integer 47305 type: array 47306 sysctls: 47307 description: Sysctls hold a list of namespaced sysctls 47308 used for the pod. Pods with unsupported sysctls 47309 (by the container runtime) might fail to launch. 47310 Note that this field cannot be set when spec.os.name 47311 is windows. 47312 items: 47313 description: Sysctl defines a kernel parameter to 47314 be set 47315 properties: 47316 name: 47317 description: Name of a property to set 47318 type: string 47319 value: 47320 description: Value of a property to set 47321 type: string 47322 required: 47323 - name 47324 - value 47325 type: object 47326 type: array 47327 windowsOptions: 47328 description: The Windows specific settings applied 47329 to all containers. If unspecified, the options within 47330 a container's SecurityContext will be used. If set 47331 in both SecurityContext and PodSecurityContext, 47332 the value specified in SecurityContext takes precedence. 47333 Note that this field cannot be set when spec.os.name 47334 is linux. 47335 properties: 47336 gmsaCredentialSpec: 47337 description: GMSACredentialSpec is where the GMSA 47338 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 47339 inlines the contents of the GMSA credential 47340 spec named by the GMSACredentialSpecName field. 47341 type: string 47342 gmsaCredentialSpecName: 47343 description: GMSACredentialSpecName is the name 47344 of the GMSA credential spec to use. 47345 type: string 47346 hostProcess: 47347 description: HostProcess determines if a container 47348 should be run as a 'Host Process' container. 47349 All of a Pod's containers must have the same 47350 effective HostProcess value (it is not allowed 47351 to have a mix of HostProcess containers and 47352 non-HostProcess containers). In addition, if 47353 HostProcess is true then HostNetwork must also 47354 be set to true. 47355 type: boolean 47356 runAsUserName: 47357 description: The UserName in Windows to run the 47358 entrypoint of the container process. Defaults 47359 to the user specified in image metadata if unspecified. 47360 May also be set in PodSecurityContext. If set 47361 in both SecurityContext and PodSecurityContext, 47362 the value specified in SecurityContext takes 47363 precedence. 47364 type: string 47365 type: object 47366 type: object 47367 tolerations: 47368 description: If specified, the pod's tolerations. 47369 items: 47370 description: The pod this Toleration is attached to 47371 tolerates any taint that matches the triple <key,value,effect> 47372 using the matching operator <operator>. 47373 properties: 47374 effect: 47375 description: Effect indicates the taint effect to 47376 match. Empty means match all taint effects. When 47377 specified, allowed values are NoSchedule, PreferNoSchedule 47378 and NoExecute. 47379 type: string 47380 key: 47381 description: Key is the taint key that the toleration 47382 applies to. Empty means match all taint keys. 47383 If the key is empty, operator must be Exists; 47384 this combination means to match all values and 47385 all keys. 47386 type: string 47387 operator: 47388 description: Operator represents a key's relationship 47389 to the value. Valid operators are Exists and Equal. 47390 Defaults to Equal. Exists is equivalent to wildcard 47391 for value, so that a pod can tolerate all taints 47392 of a particular category. 47393 type: string 47394 tolerationSeconds: 47395 description: TolerationSeconds represents the period 47396 of time the toleration (which must be of effect 47397 NoExecute, otherwise this field is ignored) tolerates 47398 the taint. By default, it is not set, which means 47399 tolerate the taint forever (do not evict). Zero 47400 and negative values will be treated as 0 (evict 47401 immediately) by the system. 47402 format: int64 47403 type: integer 47404 value: 47405 description: Value is the taint value the toleration 47406 matches to. If the operator is Exists, the value 47407 should be empty, otherwise just a regular string. 47408 type: string 47409 type: object 47410 type: array 47411 x-kubernetes-list-type: atomic 47412 topologySpreadConstraints: 47413 description: TopologySpreadConstraints controls how Pods 47414 are spread across your cluster among failure-domains 47415 such as regions, zones, nodes, and other user-defined 47416 topology domains. 47417 items: 47418 description: TopologySpreadConstraint specifies how 47419 to spread matching pods among the given topology. 47420 properties: 47421 labelSelector: 47422 description: LabelSelector is used to find matching 47423 pods. Pods that match this label selector are 47424 counted to determine the number of pods in their 47425 corresponding topology domain. 47426 properties: 47427 matchExpressions: 47428 description: matchExpressions is a list of label 47429 selector requirements. The requirements are 47430 ANDed. 47431 items: 47432 description: A label selector requirement 47433 is a selector that contains values, a key, 47434 and an operator that relates the key and 47435 values. 47436 properties: 47437 key: 47438 description: key is the label key that 47439 the selector applies to. 47440 type: string 47441 operator: 47442 description: operator represents a key's 47443 relationship to a set of values. Valid 47444 operators are In, NotIn, Exists and 47445 DoesNotExist. 47446 type: string 47447 values: 47448 description: values is an array of string 47449 values. If the operator is In or NotIn, 47450 the values array must be non-empty. 47451 If the operator is Exists or DoesNotExist, 47452 the values array must be empty. This 47453 array is replaced during a strategic 47454 merge patch. 47455 items: 47456 type: string 47457 type: array 47458 required: 47459 - key 47460 - operator 47461 type: object 47462 type: array 47463 matchLabels: 47464 additionalProperties: 47465 type: string 47466 description: matchLabels is a map of {key,value} 47467 pairs. A single {key,value} in the matchLabels 47468 map is equivalent to an element of matchExpressions, 47469 whose key field is "key", the operator is 47470 "In", and the values array contains only "value". 47471 The requirements are ANDed. 47472 type: object 47473 type: object 47474 matchLabelKeys: 47475 description: "MatchLabelKeys is a set of pod label 47476 keys to select the pods over which spreading will 47477 be calculated. The keys are used to lookup values 47478 from the incoming pod labels, those key-value 47479 labels are ANDed with labelSelector to select 47480 the group of existing pods over which spreading 47481 will be calculated for the incoming pod. The same 47482 key is forbidden to exist in both MatchLabelKeys 47483 and LabelSelector. MatchLabelKeys cannot be set 47484 when LabelSelector isn't set. Keys that don't 47485 exist in the incoming pod labels will be ignored. 47486 A null or empty list means only match against 47487 labelSelector. \n This is a beta field and requires 47488 the MatchLabelKeysInPodTopologySpread feature 47489 gate to be enabled (enabled by default)." 47490 items: 47491 type: string 47492 type: array 47493 x-kubernetes-list-type: atomic 47494 maxSkew: 47495 description: 'MaxSkew describes the degree to which 47496 pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, 47497 it is the maximum permitted difference between 47498 the number of matching pods in the target topology 47499 and the global minimum. The global minimum is 47500 the minimum number of matching pods in an eligible 47501 domain or zero if the number of eligible domains 47502 is less than MinDomains. For example, in a 3-zone 47503 cluster, MaxSkew is set to 1, and pods with the 47504 same labelSelector spread as 2/2/1: In this case, 47505 the global minimum is 1. | zone1 | zone2 | zone3 47506 | | P P | P P | P | - if MaxSkew is 1, 47507 incoming pod can only be scheduled to zone3 to 47508 become 2/2/2; scheduling it onto zone1(zone2) 47509 would make the ActualSkew(3-1) on zone1(zone2) 47510 violate MaxSkew(1). - if MaxSkew is 2, incoming 47511 pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 47512 it is used to give higher precedence to topologies 47513 that satisfy it. It''s a required field. Default 47514 value is 1 and 0 is not allowed.' 47515 format: int32 47516 type: integer 47517 minDomains: 47518 description: "MinDomains indicates a minimum number 47519 of eligible domains. When the number of eligible 47520 domains with matching topology keys is less than 47521 minDomains, Pod Topology Spread treats \"global 47522 minimum\" as 0, and then the calculation of Skew 47523 is performed. And when the number of eligible 47524 domains with matching topology keys equals or 47525 greater than minDomains, this value has no effect 47526 on scheduling. As a result, when the number of 47527 eligible domains is less than minDomains, scheduler 47528 won't schedule more than maxSkew Pods to those 47529 domains. If value is nil, the constraint behaves 47530 as if MinDomains is equal to 1. Valid values are 47531 integers greater than 0. When value is not nil, 47532 WhenUnsatisfiable must be DoNotSchedule. \n For 47533 example, in a 3-zone cluster, MaxSkew is set to 47534 2, MinDomains is set to 5 and pods with the same 47535 labelSelector spread as 2/2/2: | zone1 | zone2 47536 | zone3 | | P P | P P | P P | The number 47537 of domains is less than 5(MinDomains), so \"global 47538 minimum\" is treated as 0. In this situation, 47539 new pod with the same labelSelector cannot be 47540 scheduled, because computed skew will be 3(3 - 47541 0) if new Pod is scheduled to any of the three 47542 zones, it will violate MaxSkew. \n This is a beta 47543 field and requires the MinDomainsInPodTopologySpread 47544 feature gate to be enabled (enabled by default)." 47545 format: int32 47546 type: integer 47547 nodeAffinityPolicy: 47548 description: "NodeAffinityPolicy indicates how we 47549 will treat Pod's nodeAffinity/nodeSelector when 47550 calculating pod topology spread skew. Options 47551 are: - Honor: only nodes matching nodeAffinity/nodeSelector 47552 are included in the calculations. - Ignore: nodeAffinity/nodeSelector 47553 are ignored. All nodes are included in the calculations. 47554 \n If this value is nil, the behavior is equivalent 47555 to the Honor policy. This is a beta-level feature 47556 default enabled by the NodeInclusionPolicyInPodTopologySpread 47557 feature flag." 47558 type: string 47559 nodeTaintsPolicy: 47560 description: "NodeTaintsPolicy indicates how we 47561 will treat node taints when calculating pod topology 47562 spread skew. Options are: - Honor: nodes without 47563 taints, along with tainted nodes for which the 47564 incoming pod has a toleration, are included. - 47565 Ignore: node taints are ignored. All nodes are 47566 included. \n If this value is nil, the behavior 47567 is equivalent to the Ignore policy. This is a 47568 beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread 47569 feature flag." 47570 type: string 47571 topologyKey: 47572 description: TopologyKey is the key of node labels. 47573 Nodes that have a label with this key and identical 47574 values are considered to be in the same topology. 47575 We consider each <key, value> as a "bucket", and 47576 try to put balanced number of pods into each bucket. 47577 We define a domain as a particular instance of 47578 a topology. Also, we define an eligible domain 47579 as a domain whose nodes meet the requirements 47580 of nodeAffinityPolicy and nodeTaintsPolicy. e.g. 47581 If TopologyKey is "kubernetes.io/hostname", each 47582 Node is a domain of that topology. And, if TopologyKey 47583 is "topology.kubernetes.io/zone", each zone is 47584 a domain of that topology. It's a required field. 47585 type: string 47586 whenUnsatisfiable: 47587 description: 'WhenUnsatisfiable indicates how to 47588 deal with a pod if it doesn''t satisfy the spread 47589 constraint. - DoNotSchedule (default) tells the 47590 scheduler not to schedule it. - ScheduleAnyway 47591 tells the scheduler to schedule the pod in any 47592 location, but giving higher precedence to topologies 47593 that would help reduce the skew. A constraint 47594 is considered "Unsatisfiable" for an incoming 47595 pod if and only if every possible node assignment 47596 for that pod would violate "MaxSkew" on some topology. 47597 For example, in a 3-zone cluster, MaxSkew is set 47598 to 1, and pods with the same labelSelector spread 47599 as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | 47600 If WhenUnsatisfiable is set to DoNotSchedule, 47601 incoming pod can only be scheduled to zone2(zone3) 47602 to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) 47603 satisfies MaxSkew(1). In other words, the cluster 47604 can still be imbalanced, but scheduler won''t 47605 make it *more* imbalanced. It''s a required field.' 47606 type: string 47607 required: 47608 - maxSkew 47609 - topologyKey 47610 - whenUnsatisfiable 47611 type: object 47612 type: array 47613 x-kubernetes-list-type: atomic 47614 volumes: 47615 description: 'List of volumes that can be mounted by containers 47616 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' 47617 items: 47618 description: Volume represents a named volume in a pod 47619 that may be accessed by any container in the pod. 47620 properties: 47621 awsElasticBlockStore: 47622 description: 'awsElasticBlockStore represents an 47623 AWS Disk resource that is attached to a kubelet''s 47624 host machine and then exposed to the pod. More 47625 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 47626 properties: 47627 fsType: 47628 description: 'fsType is the filesystem type 47629 of the volume that you want to mount. Tip: 47630 Ensure that the filesystem type is supported 47631 by the host operating system. Examples: "ext4", 47632 "xfs", "ntfs". Implicitly inferred to be "ext4" 47633 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 47634 TODO: how do we prevent errors in the filesystem 47635 from compromising the machine' 47636 type: string 47637 partition: 47638 description: 'partition is the partition in 47639 the volume that you want to mount. If omitted, 47640 the default is to mount by volume name. Examples: 47641 For volume /dev/sda1, you specify the partition 47642 as "1". Similarly, the volume partition for 47643 /dev/sda is "0" (or you can leave the property 47644 empty).' 47645 format: int32 47646 type: integer 47647 readOnly: 47648 description: 'readOnly value true will force 47649 the readOnly setting in VolumeMounts. More 47650 info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 47651 type: boolean 47652 volumeID: 47653 description: 'volumeID is unique ID of the persistent 47654 disk resource in AWS (Amazon EBS volume). 47655 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 47656 type: string 47657 required: 47658 - volumeID 47659 type: object 47660 azureDisk: 47661 description: azureDisk represents an Azure Data 47662 Disk mount on the host and bind mount to the pod. 47663 properties: 47664 cachingMode: 47665 description: 'cachingMode is the Host Caching 47666 mode: None, Read Only, Read Write.' 47667 type: string 47668 diskName: 47669 description: diskName is the Name of the data 47670 disk in the blob storage 47671 type: string 47672 diskURI: 47673 description: diskURI is the URI of data disk 47674 in the blob storage 47675 type: string 47676 fsType: 47677 description: fsType is Filesystem type to mount. 47678 Must be a filesystem type supported by the 47679 host operating system. Ex. "ext4", "xfs", 47680 "ntfs". Implicitly inferred to be "ext4" if 47681 unspecified. 47682 type: string 47683 kind: 47684 description: 'kind expected values are Shared: 47685 multiple blob disks per storage account Dedicated: 47686 single blob disk per storage account Managed: 47687 azure managed data disk (only in managed availability 47688 set). defaults to shared' 47689 type: string 47690 readOnly: 47691 description: readOnly Defaults to false (read/write). 47692 ReadOnly here will force the ReadOnly setting 47693 in VolumeMounts. 47694 type: boolean 47695 required: 47696 - diskName 47697 - diskURI 47698 type: object 47699 azureFile: 47700 description: azureFile represents an Azure File 47701 Service mount on the host and bind mount to the 47702 pod. 47703 properties: 47704 readOnly: 47705 description: readOnly defaults to false (read/write). 47706 ReadOnly here will force the ReadOnly setting 47707 in VolumeMounts. 47708 type: boolean 47709 secretName: 47710 description: secretName is the name of secret 47711 that contains Azure Storage Account Name and 47712 Key 47713 type: string 47714 shareName: 47715 description: shareName is the azure share Name 47716 type: string 47717 required: 47718 - secretName 47719 - shareName 47720 type: object 47721 cephfs: 47722 description: cephFS represents a Ceph FS mount on 47723 the host that shares a pod's lifetime 47724 properties: 47725 monitors: 47726 description: 'monitors is Required: Monitors 47727 is a collection of Ceph monitors More info: 47728 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 47729 items: 47730 type: string 47731 type: array 47732 path: 47733 description: 'path is Optional: Used as the 47734 mounted root, rather than the full Ceph tree, 47735 default is /' 47736 type: string 47737 readOnly: 47738 description: 'readOnly is Optional: Defaults 47739 to false (read/write). ReadOnly here will 47740 force the ReadOnly setting in VolumeMounts. 47741 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 47742 type: boolean 47743 secretFile: 47744 description: 'secretFile is Optional: SecretFile 47745 is the path to key ring for User, default 47746 is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 47747 type: string 47748 secretRef: 47749 description: 'secretRef is Optional: SecretRef 47750 is reference to the authentication secret 47751 for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 47752 properties: 47753 name: 47754 description: 'Name of the referent. More 47755 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47756 TODO: Add other useful fields. apiVersion, 47757 kind, uid?' 47758 type: string 47759 type: object 47760 user: 47761 description: 'user is optional: User is the 47762 rados user name, default is admin More info: 47763 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 47764 type: string 47765 required: 47766 - monitors 47767 type: object 47768 cinder: 47769 description: 'cinder represents a cinder volume 47770 attached and mounted on kubelets host machine. 47771 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 47772 properties: 47773 fsType: 47774 description: 'fsType is the filesystem type 47775 to mount. Must be a filesystem type supported 47776 by the host operating system. Examples: "ext4", 47777 "xfs", "ntfs". Implicitly inferred to be "ext4" 47778 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 47779 type: string 47780 readOnly: 47781 description: 'readOnly defaults to false (read/write). 47782 ReadOnly here will force the ReadOnly setting 47783 in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 47784 type: boolean 47785 secretRef: 47786 description: 'secretRef is optional: points 47787 to a secret object containing parameters used 47788 to connect to OpenStack.' 47789 properties: 47790 name: 47791 description: 'Name of the referent. More 47792 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47793 TODO: Add other useful fields. apiVersion, 47794 kind, uid?' 47795 type: string 47796 type: object 47797 volumeID: 47798 description: 'volumeID used to identify the 47799 volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 47800 type: string 47801 required: 47802 - volumeID 47803 type: object 47804 configMap: 47805 description: configMap represents a configMap that 47806 should populate this volume 47807 properties: 47808 defaultMode: 47809 description: 'defaultMode is optional: mode 47810 bits used to set permissions on created files 47811 by default. Must be an octal value between 47812 0000 and 0777 or a decimal value between 0 47813 and 511. YAML accepts both octal and decimal 47814 values, JSON requires decimal values for mode 47815 bits. Defaults to 0644. Directories within 47816 the path are not affected by this setting. 47817 This might be in conflict with other options 47818 that affect the file mode, like fsGroup, and 47819 the result can be other mode bits set.' 47820 format: int32 47821 type: integer 47822 items: 47823 description: items if unspecified, each key-value 47824 pair in the Data field of the referenced ConfigMap 47825 will be projected into the volume as a file 47826 whose name is the key and content is the value. 47827 If specified, the listed keys will be projected 47828 into the specified paths, and unlisted keys 47829 will not be present. If a key is specified 47830 which is not present in the ConfigMap, the 47831 volume setup will error unless it is marked 47832 optional. Paths must be relative and may not 47833 contain the '..' path or start with '..'. 47834 items: 47835 description: Maps a string key to a path within 47836 a volume. 47837 properties: 47838 key: 47839 description: key is the key to project. 47840 type: string 47841 mode: 47842 description: 'mode is Optional: mode bits 47843 used to set permissions on this file. 47844 Must be an octal value between 0000 47845 and 0777 or a decimal value between 47846 0 and 511. YAML accepts both octal and 47847 decimal values, JSON requires decimal 47848 values for mode bits. If not specified, 47849 the volume defaultMode will be used. 47850 This might be in conflict with other 47851 options that affect the file mode, like 47852 fsGroup, and the result can be other 47853 mode bits set.' 47854 format: int32 47855 type: integer 47856 path: 47857 description: path is the relative path 47858 of the file to map the key to. May not 47859 be an absolute path. May not contain 47860 the path element '..'. May not start 47861 with the string '..'. 47862 type: string 47863 required: 47864 - key 47865 - path 47866 type: object 47867 type: array 47868 name: 47869 description: 'Name of the referent. More info: 47870 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47871 TODO: Add other useful fields. apiVersion, 47872 kind, uid?' 47873 type: string 47874 optional: 47875 description: optional specify whether the ConfigMap 47876 or its keys must be defined 47877 type: boolean 47878 type: object 47879 csi: 47880 description: csi (Container Storage Interface) represents 47881 ephemeral storage that is handled by certain external 47882 CSI drivers (Beta feature). 47883 properties: 47884 driver: 47885 description: driver is the name of the CSI driver 47886 that handles this volume. Consult with your 47887 admin for the correct name as registered in 47888 the cluster. 47889 type: string 47890 fsType: 47891 description: fsType to mount. Ex. "ext4", "xfs", 47892 "ntfs". If not provided, the empty value is 47893 passed to the associated CSI driver which 47894 will determine the default filesystem to apply. 47895 type: string 47896 nodePublishSecretRef: 47897 description: nodePublishSecretRef is a reference 47898 to the secret object containing sensitive 47899 information to pass to the CSI driver to complete 47900 the CSI NodePublishVolume and NodeUnpublishVolume 47901 calls. This field is optional, and may be 47902 empty if no secret is required. If the secret 47903 object contains more than one secret, all 47904 secret references are passed. 47905 properties: 47906 name: 47907 description: 'Name of the referent. More 47908 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 47909 TODO: Add other useful fields. apiVersion, 47910 kind, uid?' 47911 type: string 47912 type: object 47913 readOnly: 47914 description: readOnly specifies a read-only 47915 configuration for the volume. Defaults to 47916 false (read/write). 47917 type: boolean 47918 volumeAttributes: 47919 additionalProperties: 47920 type: string 47921 description: volumeAttributes stores driver-specific 47922 properties that are passed to the CSI driver. 47923 Consult your driver's documentation for supported 47924 values. 47925 type: object 47926 required: 47927 - driver 47928 type: object 47929 downwardAPI: 47930 description: downwardAPI represents downward API 47931 about the pod that should populate this volume 47932 properties: 47933 defaultMode: 47934 description: 'Optional: mode bits to use on 47935 created files by default. Must be a Optional: 47936 mode bits used to set permissions on created 47937 files by default. Must be an octal value between 47938 0000 and 0777 or a decimal value between 0 47939 and 511. YAML accepts both octal and decimal 47940 values, JSON requires decimal values for mode 47941 bits. Defaults to 0644. Directories within 47942 the path are not affected by this setting. 47943 This might be in conflict with other options 47944 that affect the file mode, like fsGroup, and 47945 the result can be other mode bits set.' 47946 format: int32 47947 type: integer 47948 items: 47949 description: Items is a list of downward API 47950 volume file 47951 items: 47952 description: DownwardAPIVolumeFile represents 47953 information to create the file containing 47954 the pod field 47955 properties: 47956 fieldRef: 47957 description: 'Required: Selects a field 47958 of the pod: only annotations, labels, 47959 name and namespace are supported.' 47960 properties: 47961 apiVersion: 47962 description: Version of the schema 47963 the FieldPath is written in terms 47964 of, defaults to "v1". 47965 type: string 47966 fieldPath: 47967 description: Path of the field to 47968 select in the specified API version. 47969 type: string 47970 required: 47971 - fieldPath 47972 type: object 47973 mode: 47974 description: 'Optional: mode bits used 47975 to set permissions on this file, must 47976 be an octal value between 0000 and 0777 47977 or a decimal value between 0 and 511. 47978 YAML accepts both octal and decimal 47979 values, JSON requires decimal values 47980 for mode bits. If not specified, the 47981 volume defaultMode will be used. This 47982 might be in conflict with other options 47983 that affect the file mode, like fsGroup, 47984 and the result can be other mode bits 47985 set.' 47986 format: int32 47987 type: integer 47988 path: 47989 description: 'Required: Path is the relative 47990 path name of the file to be created. 47991 Must not be absolute or contain the 47992 ''..'' path. Must be utf-8 encoded. 47993 The first item of the relative path 47994 must not start with ''..''' 47995 type: string 47996 resourceFieldRef: 47997 description: 'Selects a resource of the 47998 container: only resources limits and 47999 requests (limits.cpu, limits.memory, 48000 requests.cpu and requests.memory) are 48001 currently supported.' 48002 properties: 48003 containerName: 48004 description: 'Container name: required 48005 for volumes, optional for env vars' 48006 type: string 48007 divisor: 48008 anyOf: 48009 - type: integer 48010 - type: string 48011 description: Specifies the output 48012 format of the exposed resources, 48013 defaults to "1" 48014 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 48015 x-kubernetes-int-or-string: true 48016 resource: 48017 description: 'Required: resource to 48018 select' 48019 type: string 48020 required: 48021 - resource 48022 type: object 48023 required: 48024 - path 48025 type: object 48026 type: array 48027 type: object 48028 emptyDir: 48029 description: 'emptyDir represents a temporary directory 48030 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 48031 properties: 48032 medium: 48033 description: 'medium represents what type of 48034 storage medium should back this directory. 48035 The default is "" which means to use the node''s 48036 default medium. Must be an empty string (default) 48037 or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 48038 type: string 48039 sizeLimit: 48040 anyOf: 48041 - type: integer 48042 - type: string 48043 description: 'sizeLimit is the total amount 48044 of local storage required for this EmptyDir 48045 volume. The size limit is also applicable 48046 for memory medium. The maximum usage on memory 48047 medium EmptyDir would be the minimum value 48048 between the SizeLimit specified here and the 48049 sum of memory limits of all containers in 48050 a pod. The default is nil which means that 48051 the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 48052 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 48053 x-kubernetes-int-or-string: true 48054 type: object 48055 ephemeral: 48056 description: "ephemeral represents a volume that 48057 is handled by a cluster storage driver. The volume's 48058 lifecycle is tied to the pod that defines it - 48059 it will be created before the pod starts, and 48060 deleted when the pod is removed. \n Use this if: 48061 a) the volume is only needed while the pod runs, 48062 b) features of normal volumes like restoring from 48063 snapshot or capacity tracking are needed, c) 48064 the storage driver is specified through a storage 48065 class, and d) the storage driver supports dynamic 48066 volume provisioning through a PersistentVolumeClaim 48067 (see EphemeralVolumeSource for more information 48068 on the connection between this volume type and 48069 PersistentVolumeClaim). \n Use PersistentVolumeClaim 48070 or one of the vendor-specific APIs for volumes 48071 that persist for longer than the lifecycle of 48072 an individual pod. \n Use CSI for light-weight 48073 local ephemeral volumes if the CSI driver is meant 48074 to be used that way - see the documentation of 48075 the driver for more information. \n A pod can 48076 use both types of ephemeral volumes and persistent 48077 volumes at the same time." 48078 properties: 48079 volumeClaimTemplate: 48080 description: "Will be used to create a stand-alone 48081 PVC to provision the volume. The pod in which 48082 this EphemeralVolumeSource is embedded will 48083 be the owner of the PVC, i.e. the PVC will 48084 be deleted together with the pod. The name 48085 of the PVC will be `<pod name>-<volume name>` 48086 where `<volume name>` is the name from the 48087 `PodSpec.Volumes` array entry. Pod validation 48088 will reject the pod if the concatenated name 48089 is not valid for a PVC (for example, too long). 48090 \n An existing PVC with that name that is 48091 not owned by the pod will *not* be used for 48092 the pod to avoid using an unrelated volume 48093 by mistake. Starting the pod is then blocked 48094 until the unrelated PVC is removed. If such 48095 a pre-created PVC is meant to be used by the 48096 pod, the PVC has to updated with an owner 48097 reference to the pod once the pod exists. 48098 Normally this should not be necessary, but 48099 it may be useful when manually reconstructing 48100 a broken cluster. \n This field is read-only 48101 and no changes will be made by Kubernetes 48102 to the PVC after it has been created. \n Required, 48103 must not be nil." 48104 properties: 48105 metadata: 48106 description: May contain labels and annotations 48107 that will be copied into the PVC when 48108 creating it. No other fields are allowed 48109 and will be rejected during validation. 48110 type: object 48111 spec: 48112 description: The specification for the PersistentVolumeClaim. 48113 The entire content is copied unchanged 48114 into the PVC that gets created from this 48115 template. The same fields as in a PersistentVolumeClaim 48116 are also valid here. 48117 properties: 48118 accessModes: 48119 description: 'accessModes contains the 48120 desired access modes the volume should 48121 have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 48122 items: 48123 type: string 48124 type: array 48125 dataSource: 48126 description: 'dataSource field can be 48127 used to specify either: * An existing 48128 VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 48129 * An existing PVC (PersistentVolumeClaim) 48130 If the provisioner or an external 48131 controller can support the specified 48132 data source, it will create a new 48133 volume based on the contents of the 48134 specified data source. When the AnyVolumeDataSource 48135 feature gate is enabled, dataSource 48136 contents will be copied to dataSourceRef, 48137 and dataSourceRef contents will be 48138 copied to dataSource when dataSourceRef.namespace 48139 is not specified. If the namespace 48140 is specified, then dataSourceRef will 48141 not be copied to dataSource.' 48142 properties: 48143 apiGroup: 48144 description: APIGroup is the group 48145 for the resource being referenced. 48146 If APIGroup is not specified, 48147 the specified Kind must be in 48148 the core API group. For any other 48149 third-party types, APIGroup is 48150 required. 48151 type: string 48152 kind: 48153 description: Kind is the type of 48154 resource being referenced 48155 type: string 48156 name: 48157 description: Name is the name of 48158 resource being referenced 48159 type: string 48160 required: 48161 - kind 48162 - name 48163 type: object 48164 dataSourceRef: 48165 description: 'dataSourceRef specifies 48166 the object from which to populate 48167 the volume with data, if a non-empty 48168 volume is desired. This may be any 48169 object from a non-empty API group 48170 (non core object) or a PersistentVolumeClaim 48171 object. When this field is specified, 48172 volume binding will only succeed if 48173 the type of the specified object matches 48174 some installed volume populator or 48175 dynamic provisioner. This field will 48176 replace the functionality of the dataSource 48177 field and as such if both fields are 48178 non-empty, they must have the same 48179 value. For backwards compatibility, 48180 when namespace isn''t specified in 48181 dataSourceRef, both fields (dataSource 48182 and dataSourceRef) will be set to 48183 the same value automatically if one 48184 of them is empty and the other is 48185 non-empty. When namespace is specified 48186 in dataSourceRef, dataSource isn''t 48187 set to the same value and must be 48188 empty. There are three important differences 48189 between dataSource and dataSourceRef: 48190 * While dataSource only allows two 48191 specific types of objects, dataSourceRef allows 48192 any non-core object, as well as PersistentVolumeClaim 48193 objects. * While dataSource ignores 48194 disallowed values (dropping them), 48195 dataSourceRef preserves all values, 48196 and generates an error if a disallowed 48197 value is specified. * While dataSource 48198 only allows local objects, dataSourceRef 48199 allows objects in any namespaces. 48200 (Beta) Using this field requires the 48201 AnyVolumeDataSource feature gate to 48202 be enabled. (Alpha) Using the namespace 48203 field of dataSourceRef requires the 48204 CrossNamespaceVolumeDataSource feature 48205 gate to be enabled.' 48206 properties: 48207 apiGroup: 48208 description: APIGroup is the group 48209 for the resource being referenced. 48210 If APIGroup is not specified, 48211 the specified Kind must be in 48212 the core API group. For any other 48213 third-party types, APIGroup is 48214 required. 48215 type: string 48216 kind: 48217 description: Kind is the type of 48218 resource being referenced 48219 type: string 48220 name: 48221 description: Name is the name of 48222 resource being referenced 48223 type: string 48224 namespace: 48225 description: Namespace is the namespace 48226 of resource being referenced Note 48227 that when a namespace is specified, 48228 a gateway.networking.k8s.io/ReferenceGrant 48229 object is required in the referent 48230 namespace to allow that namespace's 48231 owner to accept the reference. 48232 See the ReferenceGrant documentation 48233 for details. (Alpha) This field 48234 requires the CrossNamespaceVolumeDataSource 48235 feature gate to be enabled. 48236 type: string 48237 required: 48238 - kind 48239 - name 48240 type: object 48241 resources: 48242 description: 'resources represents the 48243 minimum resources the volume should 48244 have. If RecoverVolumeExpansionFailure 48245 feature is enabled users are allowed 48246 to specify resource requirements that 48247 are lower than previous value but 48248 must still be higher than capacity 48249 recorded in the status field of the 48250 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 48251 properties: 48252 claims: 48253 description: "Claims lists the names 48254 of resources, defined in spec.resourceClaims, 48255 that are used by this container. 48256 \n This is an alpha field and 48257 requires enabling the DynamicResourceAllocation 48258 feature gate. \n This field is 48259 immutable. It can only be set 48260 for containers." 48261 items: 48262 description: ResourceClaim references 48263 one entry in PodSpec.ResourceClaims. 48264 properties: 48265 name: 48266 description: Name must match 48267 the name of one entry in 48268 pod.spec.resourceClaims 48269 of the Pod where this field 48270 is used. It makes that resource 48271 available inside a container. 48272 type: string 48273 required: 48274 - name 48275 type: object 48276 type: array 48277 x-kubernetes-list-map-keys: 48278 - name 48279 x-kubernetes-list-type: map 48280 limits: 48281 additionalProperties: 48282 anyOf: 48283 - type: integer 48284 - type: string 48285 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 48286 x-kubernetes-int-or-string: true 48287 description: 'Limits describes the 48288 maximum amount of compute resources 48289 allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 48290 type: object 48291 requests: 48292 additionalProperties: 48293 anyOf: 48294 - type: integer 48295 - type: string 48296 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 48297 x-kubernetes-int-or-string: true 48298 description: 'Requests describes 48299 the minimum amount of compute 48300 resources required. If Requests 48301 is omitted for a container, it 48302 defaults to Limits if that is 48303 explicitly specified, otherwise 48304 to an implementation-defined value. 48305 Requests cannot exceed Limits. 48306 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 48307 type: object 48308 type: object 48309 selector: 48310 description: selector is a label query 48311 over volumes to consider for binding. 48312 properties: 48313 matchExpressions: 48314 description: matchExpressions is 48315 a list of label selector requirements. 48316 The requirements are ANDed. 48317 items: 48318 description: A label selector 48319 requirement is a selector that 48320 contains values, a key, and 48321 an operator that relates the 48322 key and values. 48323 properties: 48324 key: 48325 description: key is the label 48326 key that the selector applies 48327 to. 48328 type: string 48329 operator: 48330 description: operator represents 48331 a key's relationship to 48332 a set of values. Valid operators 48333 are In, NotIn, Exists and 48334 DoesNotExist. 48335 type: string 48336 values: 48337 description: values is an 48338 array of string values. 48339 If the operator is In or 48340 NotIn, the values array 48341 must be non-empty. If the 48342 operator is Exists or DoesNotExist, 48343 the values array must be 48344 empty. This array is replaced 48345 during a strategic merge 48346 patch. 48347 items: 48348 type: string 48349 type: array 48350 required: 48351 - key 48352 - operator 48353 type: object 48354 type: array 48355 matchLabels: 48356 additionalProperties: 48357 type: string 48358 description: matchLabels is a map 48359 of {key,value} pairs. A single 48360 {key,value} in the matchLabels 48361 map is equivalent to an element 48362 of matchExpressions, whose key 48363 field is "key", the operator is 48364 "In", and the values array contains 48365 only "value". The requirements 48366 are ANDed. 48367 type: object 48368 type: object 48369 storageClassName: 48370 description: 'storageClassName is the 48371 name of the StorageClass required 48372 by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 48373 type: string 48374 volumeMode: 48375 description: volumeMode defines what 48376 type of volume is required by the 48377 claim. Value of Filesystem is implied 48378 when not included in claim spec. 48379 type: string 48380 volumeName: 48381 description: volumeName is the binding 48382 reference to the PersistentVolume 48383 backing this claim. 48384 type: string 48385 type: object 48386 required: 48387 - spec 48388 type: object 48389 type: object 48390 fc: 48391 description: fc represents a Fibre Channel resource 48392 that is attached to a kubelet's host machine and 48393 then exposed to the pod. 48394 properties: 48395 fsType: 48396 description: 'fsType is the filesystem type 48397 to mount. Must be a filesystem type supported 48398 by the host operating system. Ex. "ext4", 48399 "xfs", "ntfs". Implicitly inferred to be "ext4" 48400 if unspecified. TODO: how do we prevent errors 48401 in the filesystem from compromising the machine' 48402 type: string 48403 lun: 48404 description: 'lun is Optional: FC target lun 48405 number' 48406 format: int32 48407 type: integer 48408 readOnly: 48409 description: 'readOnly is Optional: Defaults 48410 to false (read/write). ReadOnly here will 48411 force the ReadOnly setting in VolumeMounts.' 48412 type: boolean 48413 targetWWNs: 48414 description: 'targetWWNs is Optional: FC target 48415 worldwide names (WWNs)' 48416 items: 48417 type: string 48418 type: array 48419 wwids: 48420 description: 'wwids Optional: FC volume world 48421 wide identifiers (wwids) Either wwids or combination 48422 of targetWWNs and lun must be set, but not 48423 both simultaneously.' 48424 items: 48425 type: string 48426 type: array 48427 type: object 48428 flexVolume: 48429 description: flexVolume represents a generic volume 48430 resource that is provisioned/attached using an 48431 exec based plugin. 48432 properties: 48433 driver: 48434 description: driver is the name of the driver 48435 to use for this volume. 48436 type: string 48437 fsType: 48438 description: fsType is the filesystem type to 48439 mount. Must be a filesystem type supported 48440 by the host operating system. Ex. "ext4", 48441 "xfs", "ntfs". The default filesystem depends 48442 on FlexVolume script. 48443 type: string 48444 options: 48445 additionalProperties: 48446 type: string 48447 description: 'options is Optional: this field 48448 holds extra command options if any.' 48449 type: object 48450 readOnly: 48451 description: 'readOnly is Optional: defaults 48452 to false (read/write). ReadOnly here will 48453 force the ReadOnly setting in VolumeMounts.' 48454 type: boolean 48455 secretRef: 48456 description: 'secretRef is Optional: secretRef 48457 is reference to the secret object containing 48458 sensitive information to pass to the plugin 48459 scripts. This may be empty if no secret object 48460 is specified. If the secret object contains 48461 more than one secret, all secrets are passed 48462 to the plugin scripts.' 48463 properties: 48464 name: 48465 description: 'Name of the referent. More 48466 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 48467 TODO: Add other useful fields. apiVersion, 48468 kind, uid?' 48469 type: string 48470 type: object 48471 required: 48472 - driver 48473 type: object 48474 flocker: 48475 description: flocker represents a Flocker volume 48476 attached to a kubelet's host machine. This depends 48477 on the Flocker control service being running 48478 properties: 48479 datasetName: 48480 description: datasetName is Name of the dataset 48481 stored as metadata -> name on the dataset 48482 for Flocker should be considered as deprecated 48483 type: string 48484 datasetUUID: 48485 description: datasetUUID is the UUID of the 48486 dataset. This is unique identifier of a Flocker 48487 dataset 48488 type: string 48489 type: object 48490 gcePersistentDisk: 48491 description: 'gcePersistentDisk represents a GCE 48492 Disk resource that is attached to a kubelet''s 48493 host machine and then exposed to the pod. More 48494 info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 48495 properties: 48496 fsType: 48497 description: 'fsType is filesystem type of the 48498 volume that you want to mount. Tip: Ensure 48499 that the filesystem type is supported by the 48500 host operating system. Examples: "ext4", "xfs", 48501 "ntfs". Implicitly inferred to be "ext4" if 48502 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 48503 TODO: how do we prevent errors in the filesystem 48504 from compromising the machine' 48505 type: string 48506 partition: 48507 description: 'partition is the partition in 48508 the volume that you want to mount. If omitted, 48509 the default is to mount by volume name. Examples: 48510 For volume /dev/sda1, you specify the partition 48511 as "1". Similarly, the volume partition for 48512 /dev/sda is "0" (or you can leave the property 48513 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 48514 format: int32 48515 type: integer 48516 pdName: 48517 description: 'pdName is unique name of the PD 48518 resource in GCE. Used to identify the disk 48519 in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 48520 type: string 48521 readOnly: 48522 description: 'readOnly here will force the ReadOnly 48523 setting in VolumeMounts. Defaults to false. 48524 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 48525 type: boolean 48526 required: 48527 - pdName 48528 type: object 48529 gitRepo: 48530 description: 'gitRepo represents a git repository 48531 at a particular revision. DEPRECATED: GitRepo 48532 is deprecated. To provision a container with a 48533 git repo, mount an EmptyDir into an InitContainer 48534 that clones the repo using git, then mount the 48535 EmptyDir into the Pod''s container.' 48536 properties: 48537 directory: 48538 description: directory is the target directory 48539 name. Must not contain or start with '..'. If 48540 '.' is supplied, the volume directory will 48541 be the git repository. Otherwise, if specified, 48542 the volume will contain the git repository 48543 in the subdirectory with the given name. 48544 type: string 48545 repository: 48546 description: repository is the URL 48547 type: string 48548 revision: 48549 description: revision is the commit hash for 48550 the specified revision. 48551 type: string 48552 required: 48553 - repository 48554 type: object 48555 glusterfs: 48556 description: 'glusterfs represents a Glusterfs mount 48557 on the host that shares a pod''s lifetime. More 48558 info: https://examples.k8s.io/volumes/glusterfs/README.md' 48559 properties: 48560 endpoints: 48561 description: 'endpoints is the endpoint name 48562 that details Glusterfs topology. More info: 48563 https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 48564 type: string 48565 path: 48566 description: 'path is the Glusterfs volume path. 48567 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 48568 type: string 48569 readOnly: 48570 description: 'readOnly here will force the Glusterfs 48571 volume to be mounted with read-only permissions. 48572 Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 48573 type: boolean 48574 required: 48575 - endpoints 48576 - path 48577 type: object 48578 hostPath: 48579 description: 'hostPath represents a pre-existing 48580 file or directory on the host machine that is 48581 directly exposed to the container. This is generally 48582 used for system agents or other privileged things 48583 that are allowed to see the host machine. Most 48584 containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 48585 --- TODO(jonesdl) We need to restrict who can 48586 use host directory mounts and who can/can not 48587 mount host directories as read/write.' 48588 properties: 48589 path: 48590 description: 'path of the directory on the host. 48591 If the path is a symlink, it will follow the 48592 link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 48593 type: string 48594 type: 48595 description: 'type for HostPath Volume Defaults 48596 to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 48597 type: string 48598 required: 48599 - path 48600 type: object 48601 iscsi: 48602 description: 'iscsi represents an ISCSI Disk resource 48603 that is attached to a kubelet''s host machine 48604 and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 48605 properties: 48606 chapAuthDiscovery: 48607 description: chapAuthDiscovery defines whether 48608 support iSCSI Discovery CHAP authentication 48609 type: boolean 48610 chapAuthSession: 48611 description: chapAuthSession defines whether 48612 support iSCSI Session CHAP authentication 48613 type: boolean 48614 fsType: 48615 description: 'fsType is the filesystem type 48616 of the volume that you want to mount. Tip: 48617 Ensure that the filesystem type is supported 48618 by the host operating system. Examples: "ext4", 48619 "xfs", "ntfs". Implicitly inferred to be "ext4" 48620 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 48621 TODO: how do we prevent errors in the filesystem 48622 from compromising the machine' 48623 type: string 48624 initiatorName: 48625 description: initiatorName is the custom iSCSI 48626 Initiator Name. If initiatorName is specified 48627 with iscsiInterface simultaneously, new iSCSI 48628 interface <target portal>:<volume name> will 48629 be created for the connection. 48630 type: string 48631 iqn: 48632 description: iqn is the target iSCSI Qualified 48633 Name. 48634 type: string 48635 iscsiInterface: 48636 description: iscsiInterface is the interface 48637 Name that uses an iSCSI transport. Defaults 48638 to 'default' (tcp). 48639 type: string 48640 lun: 48641 description: lun represents iSCSI Target Lun 48642 number. 48643 format: int32 48644 type: integer 48645 portals: 48646 description: portals is the iSCSI Target Portal 48647 List. The portal is either an IP or ip_addr:port 48648 if the port is other than default (typically 48649 TCP ports 860 and 3260). 48650 items: 48651 type: string 48652 type: array 48653 readOnly: 48654 description: readOnly here will force the ReadOnly 48655 setting in VolumeMounts. Defaults to false. 48656 type: boolean 48657 secretRef: 48658 description: secretRef is the CHAP Secret for 48659 iSCSI target and initiator authentication 48660 properties: 48661 name: 48662 description: 'Name of the referent. More 48663 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 48664 TODO: Add other useful fields. apiVersion, 48665 kind, uid?' 48666 type: string 48667 type: object 48668 targetPortal: 48669 description: targetPortal is iSCSI Target Portal. 48670 The Portal is either an IP or ip_addr:port 48671 if the port is other than default (typically 48672 TCP ports 860 and 3260). 48673 type: string 48674 required: 48675 - iqn 48676 - lun 48677 - targetPortal 48678 type: object 48679 name: 48680 description: 'name of the volume. Must be a DNS_LABEL 48681 and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 48682 type: string 48683 nfs: 48684 description: 'nfs represents an NFS mount on the 48685 host that shares a pod''s lifetime More info: 48686 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 48687 properties: 48688 path: 48689 description: 'path that is exported by the NFS 48690 server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 48691 type: string 48692 readOnly: 48693 description: 'readOnly here will force the NFS 48694 export to be mounted with read-only permissions. 48695 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 48696 type: boolean 48697 server: 48698 description: 'server is the hostname or IP address 48699 of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 48700 type: string 48701 required: 48702 - path 48703 - server 48704 type: object 48705 persistentVolumeClaim: 48706 description: 'persistentVolumeClaimVolumeSource 48707 represents a reference to a PersistentVolumeClaim 48708 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 48709 properties: 48710 claimName: 48711 description: 'claimName is the name of a PersistentVolumeClaim 48712 in the same namespace as the pod using this 48713 volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 48714 type: string 48715 readOnly: 48716 description: readOnly Will force the ReadOnly 48717 setting in VolumeMounts. Default false. 48718 type: boolean 48719 required: 48720 - claimName 48721 type: object 48722 photonPersistentDisk: 48723 description: photonPersistentDisk represents a PhotonController 48724 persistent disk attached and mounted on kubelets 48725 host machine 48726 properties: 48727 fsType: 48728 description: fsType is the filesystem type to 48729 mount. Must be a filesystem type supported 48730 by the host operating system. Ex. "ext4", 48731 "xfs", "ntfs". Implicitly inferred to be "ext4" 48732 if unspecified. 48733 type: string 48734 pdID: 48735 description: pdID is the ID that identifies 48736 Photon Controller persistent disk 48737 type: string 48738 required: 48739 - pdID 48740 type: object 48741 portworxVolume: 48742 description: portworxVolume represents a portworx 48743 volume attached and mounted on kubelets host machine 48744 properties: 48745 fsType: 48746 description: fSType represents the filesystem 48747 type to mount Must be a filesystem type supported 48748 by the host operating system. Ex. "ext4", 48749 "xfs". Implicitly inferred to be "ext4" if 48750 unspecified. 48751 type: string 48752 readOnly: 48753 description: readOnly defaults to false (read/write). 48754 ReadOnly here will force the ReadOnly setting 48755 in VolumeMounts. 48756 type: boolean 48757 volumeID: 48758 description: volumeID uniquely identifies a 48759 Portworx volume 48760 type: string 48761 required: 48762 - volumeID 48763 type: object 48764 projected: 48765 description: projected items for all in one resources 48766 secrets, configmaps, and downward API 48767 properties: 48768 defaultMode: 48769 description: defaultMode are the mode bits used 48770 to set permissions on created files by default. 48771 Must be an octal value between 0000 and 0777 48772 or a decimal value between 0 and 511. YAML 48773 accepts both octal and decimal values, JSON 48774 requires decimal values for mode bits. Directories 48775 within the path are not affected by this setting. 48776 This might be in conflict with other options 48777 that affect the file mode, like fsGroup, and 48778 the result can be other mode bits set. 48779 format: int32 48780 type: integer 48781 sources: 48782 description: sources is the list of volume projections 48783 items: 48784 description: Projection that may be projected 48785 along with other supported volume types 48786 properties: 48787 configMap: 48788 description: configMap information about 48789 the configMap data to project 48790 properties: 48791 items: 48792 description: items if unspecified, 48793 each key-value pair in the Data 48794 field of the referenced ConfigMap 48795 will be projected into the volume 48796 as a file whose name is the key 48797 and content is the value. If specified, 48798 the listed keys will be projected 48799 into the specified paths, and unlisted 48800 keys will not be present. If a key 48801 is specified which is not present 48802 in the ConfigMap, the volume setup 48803 will error unless it is marked optional. 48804 Paths must be relative and may not 48805 contain the '..' path or start with 48806 '..'. 48807 items: 48808 description: Maps a string key to 48809 a path within a volume. 48810 properties: 48811 key: 48812 description: key is the key 48813 to project. 48814 type: string 48815 mode: 48816 description: 'mode is Optional: 48817 mode bits used to set permissions 48818 on this file. Must be an octal 48819 value between 0000 and 0777 48820 or a decimal value between 48821 0 and 511. YAML accepts both 48822 octal and decimal values, 48823 JSON requires decimal values 48824 for mode bits. If not specified, 48825 the volume defaultMode will 48826 be used. This might be in 48827 conflict with other options 48828 that affect the file mode, 48829 like fsGroup, and the result 48830 can be other mode bits set.' 48831 format: int32 48832 type: integer 48833 path: 48834 description: path is the relative 48835 path of the file to map the 48836 key to. May not be an absolute 48837 path. May not contain the 48838 path element '..'. May not 48839 start with the string '..'. 48840 type: string 48841 required: 48842 - key 48843 - path 48844 type: object 48845 type: array 48846 name: 48847 description: 'Name of the referent. 48848 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 48849 TODO: Add other useful fields. apiVersion, 48850 kind, uid?' 48851 type: string 48852 optional: 48853 description: optional specify whether 48854 the ConfigMap or its keys must be 48855 defined 48856 type: boolean 48857 type: object 48858 downwardAPI: 48859 description: downwardAPI information about 48860 the downwardAPI data to project 48861 properties: 48862 items: 48863 description: Items is a list of DownwardAPIVolume 48864 file 48865 items: 48866 description: DownwardAPIVolumeFile 48867 represents information to create 48868 the file containing the pod field 48869 properties: 48870 fieldRef: 48871 description: 'Required: Selects 48872 a field of the pod: only annotations, 48873 labels, name and namespace 48874 are supported.' 48875 properties: 48876 apiVersion: 48877 description: Version of 48878 the schema the FieldPath 48879 is written in terms of, 48880 defaults to "v1". 48881 type: string 48882 fieldPath: 48883 description: Path of the 48884 field to select in the 48885 specified API version. 48886 type: string 48887 required: 48888 - fieldPath 48889 type: object 48890 mode: 48891 description: 'Optional: mode 48892 bits used to set permissions 48893 on this file, must be an octal 48894 value between 0000 and 0777 48895 or a decimal value between 48896 0 and 511. YAML accepts both 48897 octal and decimal values, 48898 JSON requires decimal values 48899 for mode bits. If not specified, 48900 the volume defaultMode will 48901 be used. This might be in 48902 conflict with other options 48903 that affect the file mode, 48904 like fsGroup, and the result 48905 can be other mode bits set.' 48906 format: int32 48907 type: integer 48908 path: 48909 description: 'Required: Path 48910 is the relative path name 48911 of the file to be created. 48912 Must not be absolute or contain 48913 the ''..'' path. Must be utf-8 48914 encoded. The first item of 48915 the relative path must not 48916 start with ''..''' 48917 type: string 48918 resourceFieldRef: 48919 description: 'Selects a resource 48920 of the container: only resources 48921 limits and requests (limits.cpu, 48922 limits.memory, requests.cpu 48923 and requests.memory) are currently 48924 supported.' 48925 properties: 48926 containerName: 48927 description: 'Container 48928 name: required for volumes, 48929 optional for env vars' 48930 type: string 48931 divisor: 48932 anyOf: 48933 - type: integer 48934 - type: string 48935 description: Specifies the 48936 output format of the exposed 48937 resources, defaults to 48938 "1" 48939 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 48940 x-kubernetes-int-or-string: true 48941 resource: 48942 description: 'Required: 48943 resource to select' 48944 type: string 48945 required: 48946 - resource 48947 type: object 48948 required: 48949 - path 48950 type: object 48951 type: array 48952 type: object 48953 secret: 48954 description: secret information about 48955 the secret data to project 48956 properties: 48957 items: 48958 description: items if unspecified, 48959 each key-value pair in the Data 48960 field of the referenced Secret will 48961 be projected into the volume as 48962 a file whose name is the key and 48963 content is the value. If specified, 48964 the listed keys will be projected 48965 into the specified paths, and unlisted 48966 keys will not be present. If a key 48967 is specified which is not present 48968 in the Secret, the volume setup 48969 will error unless it is marked optional. 48970 Paths must be relative and may not 48971 contain the '..' path or start with 48972 '..'. 48973 items: 48974 description: Maps a string key to 48975 a path within a volume. 48976 properties: 48977 key: 48978 description: key is the key 48979 to project. 48980 type: string 48981 mode: 48982 description: 'mode is Optional: 48983 mode bits used to set permissions 48984 on this file. Must be an octal 48985 value between 0000 and 0777 48986 or a decimal value between 48987 0 and 511. YAML accepts both 48988 octal and decimal values, 48989 JSON requires decimal values 48990 for mode bits. If not specified, 48991 the volume defaultMode will 48992 be used. This might be in 48993 conflict with other options 48994 that affect the file mode, 48995 like fsGroup, and the result 48996 can be other mode bits set.' 48997 format: int32 48998 type: integer 48999 path: 49000 description: path is the relative 49001 path of the file to map the 49002 key to. May not be an absolute 49003 path. May not contain the 49004 path element '..'. May not 49005 start with the string '..'. 49006 type: string 49007 required: 49008 - key 49009 - path 49010 type: object 49011 type: array 49012 name: 49013 description: 'Name of the referent. 49014 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 49015 TODO: Add other useful fields. apiVersion, 49016 kind, uid?' 49017 type: string 49018 optional: 49019 description: optional field specify 49020 whether the Secret or its key must 49021 be defined 49022 type: boolean 49023 type: object 49024 serviceAccountToken: 49025 description: serviceAccountToken is information 49026 about the serviceAccountToken data to 49027 project 49028 properties: 49029 audience: 49030 description: audience is the intended 49031 audience of the token. A recipient 49032 of a token must identify itself 49033 with an identifier specified in 49034 the audience of the token, and otherwise 49035 should reject the token. The audience 49036 defaults to the identifier of the 49037 apiserver. 49038 type: string 49039 expirationSeconds: 49040 description: expirationSeconds is 49041 the requested duration of validity 49042 of the service account token. As 49043 the token approaches expiration, 49044 the kubelet volume plugin will proactively 49045 rotate the service account token. 49046 The kubelet will start trying to 49047 rotate the token if the token is 49048 older than 80 percent of its time 49049 to live or if the token is older 49050 than 24 hours.Defaults to 1 hour 49051 and must be at least 10 minutes. 49052 format: int64 49053 type: integer 49054 path: 49055 description: path is the path relative 49056 to the mount point of the file to 49057 project the token into. 49058 type: string 49059 required: 49060 - path 49061 type: object 49062 type: object 49063 type: array 49064 type: object 49065 quobyte: 49066 description: quobyte represents a Quobyte mount 49067 on the host that shares a pod's lifetime 49068 properties: 49069 group: 49070 description: group to map volume access to Default 49071 is no group 49072 type: string 49073 readOnly: 49074 description: readOnly here will force the Quobyte 49075 volume to be mounted with read-only permissions. 49076 Defaults to false. 49077 type: boolean 49078 registry: 49079 description: registry represents a single or 49080 multiple Quobyte Registry services specified 49081 as a string as host:port pair (multiple entries 49082 are separated with commas) which acts as the 49083 central registry for volumes 49084 type: string 49085 tenant: 49086 description: tenant owning the given Quobyte 49087 volume in the Backend Used with dynamically 49088 provisioned Quobyte volumes, value is set 49089 by the plugin 49090 type: string 49091 user: 49092 description: user to map volume access to Defaults 49093 to serivceaccount user 49094 type: string 49095 volume: 49096 description: volume is a string that references 49097 an already created Quobyte volume by name. 49098 type: string 49099 required: 49100 - registry 49101 - volume 49102 type: object 49103 rbd: 49104 description: 'rbd represents a Rados Block Device 49105 mount on the host that shares a pod''s lifetime. 49106 More info: https://examples.k8s.io/volumes/rbd/README.md' 49107 properties: 49108 fsType: 49109 description: 'fsType is the filesystem type 49110 of the volume that you want to mount. Tip: 49111 Ensure that the filesystem type is supported 49112 by the host operating system. Examples: "ext4", 49113 "xfs", "ntfs". Implicitly inferred to be "ext4" 49114 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 49115 TODO: how do we prevent errors in the filesystem 49116 from compromising the machine' 49117 type: string 49118 image: 49119 description: 'image is the rados image name. 49120 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49121 type: string 49122 keyring: 49123 description: 'keyring is the path to key ring 49124 for RBDUser. Default is /etc/ceph/keyring. 49125 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49126 type: string 49127 monitors: 49128 description: 'monitors is a collection of Ceph 49129 monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49130 items: 49131 type: string 49132 type: array 49133 pool: 49134 description: 'pool is the rados pool name. Default 49135 is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49136 type: string 49137 readOnly: 49138 description: 'readOnly here will force the ReadOnly 49139 setting in VolumeMounts. Defaults to false. 49140 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49141 type: boolean 49142 secretRef: 49143 description: 'secretRef is name of the authentication 49144 secret for RBDUser. If provided overrides 49145 keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49146 properties: 49147 name: 49148 description: 'Name of the referent. More 49149 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 49150 TODO: Add other useful fields. apiVersion, 49151 kind, uid?' 49152 type: string 49153 type: object 49154 user: 49155 description: 'user is the rados user name. Default 49156 is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 49157 type: string 49158 required: 49159 - image 49160 - monitors 49161 type: object 49162 scaleIO: 49163 description: scaleIO represents a ScaleIO persistent 49164 volume attached and mounted on Kubernetes nodes. 49165 properties: 49166 fsType: 49167 description: fsType is the filesystem type to 49168 mount. Must be a filesystem type supported 49169 by the host operating system. Ex. "ext4", 49170 "xfs", "ntfs". Default is "xfs". 49171 type: string 49172 gateway: 49173 description: gateway is the host address of 49174 the ScaleIO API Gateway. 49175 type: string 49176 protectionDomain: 49177 description: protectionDomain is the name of 49178 the ScaleIO Protection Domain for the configured 49179 storage. 49180 type: string 49181 readOnly: 49182 description: readOnly Defaults to false (read/write). 49183 ReadOnly here will force the ReadOnly setting 49184 in VolumeMounts. 49185 type: boolean 49186 secretRef: 49187 description: secretRef references to the secret 49188 for ScaleIO user and other sensitive information. 49189 If this is not provided, Login operation will 49190 fail. 49191 properties: 49192 name: 49193 description: 'Name of the referent. More 49194 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 49195 TODO: Add other useful fields. apiVersion, 49196 kind, uid?' 49197 type: string 49198 type: object 49199 sslEnabled: 49200 description: sslEnabled Flag enable/disable 49201 SSL communication with Gateway, default false 49202 type: boolean 49203 storageMode: 49204 description: storageMode indicates whether the 49205 storage for a volume should be ThickProvisioned 49206 or ThinProvisioned. Default is ThinProvisioned. 49207 type: string 49208 storagePool: 49209 description: storagePool is the ScaleIO Storage 49210 Pool associated with the protection domain. 49211 type: string 49212 system: 49213 description: system is the name of the storage 49214 system as configured in ScaleIO. 49215 type: string 49216 volumeName: 49217 description: volumeName is the name of a volume 49218 already created in the ScaleIO system that 49219 is associated with this volume source. 49220 type: string 49221 required: 49222 - gateway 49223 - secretRef 49224 - system 49225 type: object 49226 secret: 49227 description: 'secret represents a secret that should 49228 populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 49229 properties: 49230 defaultMode: 49231 description: 'defaultMode is Optional: mode 49232 bits used to set permissions on created files 49233 by default. Must be an octal value between 49234 0000 and 0777 or a decimal value between 0 49235 and 511. YAML accepts both octal and decimal 49236 values, JSON requires decimal values for mode 49237 bits. Defaults to 0644. Directories within 49238 the path are not affected by this setting. 49239 This might be in conflict with other options 49240 that affect the file mode, like fsGroup, and 49241 the result can be other mode bits set.' 49242 format: int32 49243 type: integer 49244 items: 49245 description: items If unspecified, each key-value 49246 pair in the Data field of the referenced Secret 49247 will be projected into the volume as a file 49248 whose name is the key and content is the value. 49249 If specified, the listed keys will be projected 49250 into the specified paths, and unlisted keys 49251 will not be present. If a key is specified 49252 which is not present in the Secret, the volume 49253 setup will error unless it is marked optional. 49254 Paths must be relative and may not contain 49255 the '..' path or start with '..'. 49256 items: 49257 description: Maps a string key to a path within 49258 a volume. 49259 properties: 49260 key: 49261 description: key is the key to project. 49262 type: string 49263 mode: 49264 description: 'mode is Optional: mode bits 49265 used to set permissions on this file. 49266 Must be an octal value between 0000 49267 and 0777 or a decimal value between 49268 0 and 511. YAML accepts both octal and 49269 decimal values, JSON requires decimal 49270 values for mode bits. If not specified, 49271 the volume defaultMode will be used. 49272 This might be in conflict with other 49273 options that affect the file mode, like 49274 fsGroup, and the result can be other 49275 mode bits set.' 49276 format: int32 49277 type: integer 49278 path: 49279 description: path is the relative path 49280 of the file to map the key to. May not 49281 be an absolute path. May not contain 49282 the path element '..'. May not start 49283 with the string '..'. 49284 type: string 49285 required: 49286 - key 49287 - path 49288 type: object 49289 type: array 49290 optional: 49291 description: optional field specify whether 49292 the Secret or its keys must be defined 49293 type: boolean 49294 secretName: 49295 description: 'secretName is the name of the 49296 secret in the pod''s namespace to use. More 49297 info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 49298 type: string 49299 type: object 49300 storageos: 49301 description: storageOS represents a StorageOS volume 49302 attached and mounted on Kubernetes nodes. 49303 properties: 49304 fsType: 49305 description: fsType is the filesystem type to 49306 mount. Must be a filesystem type supported 49307 by the host operating system. Ex. "ext4", 49308 "xfs", "ntfs". Implicitly inferred to be "ext4" 49309 if unspecified. 49310 type: string 49311 readOnly: 49312 description: readOnly defaults to false (read/write). 49313 ReadOnly here will force the ReadOnly setting 49314 in VolumeMounts. 49315 type: boolean 49316 secretRef: 49317 description: secretRef specifies the secret 49318 to use for obtaining the StorageOS API credentials. If 49319 not specified, default values will be attempted. 49320 properties: 49321 name: 49322 description: 'Name of the referent. More 49323 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 49324 TODO: Add other useful fields. apiVersion, 49325 kind, uid?' 49326 type: string 49327 type: object 49328 volumeName: 49329 description: volumeName is the human-readable 49330 name of the StorageOS volume. Volume names 49331 are only unique within a namespace. 49332 type: string 49333 volumeNamespace: 49334 description: volumeNamespace specifies the scope 49335 of the volume within StorageOS. If no namespace 49336 is specified then the Pod's namespace will 49337 be used. This allows the Kubernetes name 49338 scoping to be mirrored within StorageOS for 49339 tighter integration. Set VolumeName to any 49340 name to override the default behaviour. Set 49341 to "default" if you are not using namespaces 49342 within StorageOS. Namespaces that do not pre-exist 49343 within StorageOS will be created. 49344 type: string 49345 type: object 49346 vsphereVolume: 49347 description: vsphereVolume represents a vSphere 49348 volume attached and mounted on kubelets host machine 49349 properties: 49350 fsType: 49351 description: fsType is filesystem type to mount. 49352 Must be a filesystem type supported by the 49353 host operating system. Ex. "ext4", "xfs", 49354 "ntfs". Implicitly inferred to be "ext4" if 49355 unspecified. 49356 type: string 49357 storagePolicyID: 49358 description: storagePolicyID is the storage 49359 Policy Based Management (SPBM) profile ID 49360 associated with the StoragePolicyName. 49361 type: string 49362 storagePolicyName: 49363 description: storagePolicyName is the storage 49364 Policy Based Management (SPBM) profile name. 49365 type: string 49366 volumePath: 49367 description: volumePath is the path that identifies 49368 vSphere volume vmdk 49369 type: string 49370 required: 49371 - volumePath 49372 type: object 49373 required: 49374 - name 49375 type: object 49376 type: array 49377 x-kubernetes-list-type: atomic 49378 type: object 49379 resources: 49380 description: Resources is a list of bindings specifying which 49381 actual instances of PipelineResources to use for the resources 49382 the Pipeline has declared it needs. 49383 items: 49384 description: PipelineResourceBinding connects a reference 49385 to an instance of a PipelineResource with a PipelineResource 49386 dependency that the Pipeline has declared 49387 properties: 49388 name: 49389 description: Name is the name of the PipelineResource 49390 in the Pipeline's declaration 49391 type: string 49392 resourceRef: 49393 description: ResourceRef is a reference to the instance 49394 of the actual PipelineResource that should be used 49395 properties: 49396 apiVersion: 49397 description: API version of the referent 49398 type: string 49399 name: 49400 description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 49401 type: string 49402 type: object 49403 resourceSpec: 49404 description: ResourceSpec is specification of a resource 49405 that should be created and consumed by the task 49406 properties: 49407 description: 49408 description: Description is a user-facing description 49409 of the resource that may be used to populate a 49410 UI. 49411 type: string 49412 params: 49413 items: 49414 description: ResourceParam declares a string value 49415 to use for the parameter called Name, and is 49416 used in the specific context of PipelineResources. 49417 properties: 49418 name: 49419 type: string 49420 value: 49421 type: string 49422 required: 49423 - name 49424 - value 49425 type: object 49426 type: array 49427 x-kubernetes-list-type: atomic 49428 secrets: 49429 description: Secrets to fetch to populate some of 49430 resource fields 49431 items: 49432 description: SecretParam indicates which secret 49433 can be used to populate a field of the resource 49434 properties: 49435 fieldName: 49436 type: string 49437 secretKey: 49438 type: string 49439 secretName: 49440 type: string 49441 required: 49442 - fieldName 49443 - secretKey 49444 - secretName 49445 type: object 49446 type: array 49447 x-kubernetes-list-type: atomic 49448 type: 49449 type: string 49450 required: 49451 - params 49452 - type 49453 type: object 49454 type: object 49455 type: array 49456 x-kubernetes-list-type: atomic 49457 serviceAccountName: 49458 type: string 49459 status: 49460 description: Used for cancelling a pipelinerun (and maybe 49461 more later on) 49462 type: string 49463 taskRunSpecs: 49464 description: TaskRunSpecs holds a set of runtime specs 49465 items: 49466 description: PipelineTaskRunSpec can be used to configure 49467 specific specs for a concrete Task 49468 properties: 49469 computeResources: 49470 description: Compute resources to use for this TaskRun 49471 properties: 49472 claims: 49473 description: "Claims lists the names of resources, 49474 defined in spec.resourceClaims, that are used 49475 by this container. \n This is an alpha field and 49476 requires enabling the DynamicResourceAllocation 49477 feature gate. \n This field is immutable. It can 49478 only be set for containers." 49479 items: 49480 description: ResourceClaim references one entry 49481 in PodSpec.ResourceClaims. 49482 properties: 49483 name: 49484 description: Name must match the name of one 49485 entry in pod.spec.resourceClaims of the 49486 Pod where this field is used. It makes that 49487 resource available inside a container. 49488 type: string 49489 required: 49490 - name 49491 type: object 49492 type: array 49493 x-kubernetes-list-map-keys: 49494 - name 49495 x-kubernetes-list-type: map 49496 limits: 49497 additionalProperties: 49498 anyOf: 49499 - type: integer 49500 - type: string 49501 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49502 x-kubernetes-int-or-string: true 49503 description: 'Limits describes the maximum amount 49504 of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49505 type: object 49506 requests: 49507 additionalProperties: 49508 anyOf: 49509 - type: integer 49510 - type: string 49511 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49512 x-kubernetes-int-or-string: true 49513 description: 'Requests describes the minimum amount 49514 of compute resources required. If Requests is 49515 omitted for a container, it defaults to Limits 49516 if that is explicitly specified, otherwise to 49517 an implementation-defined value. Requests cannot 49518 exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49519 type: object 49520 type: object 49521 metadata: 49522 description: PipelineTaskMetadata contains the labels 49523 or annotations for an EmbeddedTask 49524 properties: 49525 annotations: 49526 additionalProperties: 49527 type: string 49528 type: object 49529 labels: 49530 additionalProperties: 49531 type: string 49532 type: object 49533 type: object 49534 pipelineTaskName: 49535 type: string 49536 sidecarOverrides: 49537 items: 49538 description: TaskRunSidecarOverride is used to override 49539 the values of a Sidecar in the corresponding Task. 49540 properties: 49541 name: 49542 description: The name of the Sidecar to override. 49543 type: string 49544 resources: 49545 description: The resource requirements to apply 49546 to the Sidecar. 49547 properties: 49548 claims: 49549 description: "Claims lists the names of resources, 49550 defined in spec.resourceClaims, that are 49551 used by this container. \n This is an alpha 49552 field and requires enabling the DynamicResourceAllocation 49553 feature gate. \n This field is immutable. 49554 It can only be set for containers." 49555 items: 49556 description: ResourceClaim references one 49557 entry in PodSpec.ResourceClaims. 49558 properties: 49559 name: 49560 description: Name must match the name 49561 of one entry in pod.spec.resourceClaims 49562 of the Pod where this field is used. 49563 It makes that resource available inside 49564 a container. 49565 type: string 49566 required: 49567 - name 49568 type: object 49569 type: array 49570 x-kubernetes-list-map-keys: 49571 - name 49572 x-kubernetes-list-type: map 49573 limits: 49574 additionalProperties: 49575 anyOf: 49576 - type: integer 49577 - type: string 49578 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49579 x-kubernetes-int-or-string: true 49580 description: 'Limits describes the maximum 49581 amount of compute resources allowed. More 49582 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49583 type: object 49584 requests: 49585 additionalProperties: 49586 anyOf: 49587 - type: integer 49588 - type: string 49589 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49590 x-kubernetes-int-or-string: true 49591 description: 'Requests describes the minimum 49592 amount of compute resources required. If 49593 Requests is omitted for a container, it 49594 defaults to Limits if that is explicitly 49595 specified, otherwise to an implementation-defined 49596 value. Requests cannot exceed Limits. More 49597 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49598 type: object 49599 type: object 49600 required: 49601 - name 49602 - resources 49603 type: object 49604 type: array 49605 x-kubernetes-list-type: atomic 49606 stepOverrides: 49607 items: 49608 description: TaskRunStepOverride is used to override 49609 the values of a Step in the corresponding Task. 49610 properties: 49611 name: 49612 description: The name of the Step to override. 49613 type: string 49614 resources: 49615 description: The resource requirements to apply 49616 to the Step. 49617 properties: 49618 claims: 49619 description: "Claims lists the names of resources, 49620 defined in spec.resourceClaims, that are 49621 used by this container. \n This is an alpha 49622 field and requires enabling the DynamicResourceAllocation 49623 feature gate. \n This field is immutable. 49624 It can only be set for containers." 49625 items: 49626 description: ResourceClaim references one 49627 entry in PodSpec.ResourceClaims. 49628 properties: 49629 name: 49630 description: Name must match the name 49631 of one entry in pod.spec.resourceClaims 49632 of the Pod where this field is used. 49633 It makes that resource available inside 49634 a container. 49635 type: string 49636 required: 49637 - name 49638 type: object 49639 type: array 49640 x-kubernetes-list-map-keys: 49641 - name 49642 x-kubernetes-list-type: map 49643 limits: 49644 additionalProperties: 49645 anyOf: 49646 - type: integer 49647 - type: string 49648 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49649 x-kubernetes-int-or-string: true 49650 description: 'Limits describes the maximum 49651 amount of compute resources allowed. More 49652 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49653 type: object 49654 requests: 49655 additionalProperties: 49656 anyOf: 49657 - type: integer 49658 - type: string 49659 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 49660 x-kubernetes-int-or-string: true 49661 description: 'Requests describes the minimum 49662 amount of compute resources required. If 49663 Requests is omitted for a container, it 49664 defaults to Limits if that is explicitly 49665 specified, otherwise to an implementation-defined 49666 value. Requests cannot exceed Limits. More 49667 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 49668 type: object 49669 type: object 49670 required: 49671 - name 49672 - resources 49673 type: object 49674 type: array 49675 x-kubernetes-list-type: atomic 49676 taskPodTemplate: 49677 description: Template holds pod specific configuration 49678 properties: 49679 affinity: 49680 description: If specified, the pod's scheduling 49681 constraints 49682 properties: 49683 nodeAffinity: 49684 description: Describes node affinity scheduling 49685 rules for the pod. 49686 properties: 49687 preferredDuringSchedulingIgnoredDuringExecution: 49688 description: The scheduler will prefer to 49689 schedule pods to nodes that satisfy the 49690 affinity expressions specified by this 49691 field, but it may choose a node that violates 49692 one or more of the expressions. The node 49693 that is most preferred is the one with 49694 the greatest sum of weights, i.e. for 49695 each node that meets all of the scheduling 49696 requirements (resource request, requiredDuringScheduling 49697 affinity expressions, etc.), compute a 49698 sum by iterating through the elements 49699 of this field and adding "weight" to the 49700 sum if the node matches the corresponding 49701 matchExpressions; the node(s) with the 49702 highest sum are the most preferred. 49703 items: 49704 description: An empty preferred scheduling 49705 term matches all objects with implicit 49706 weight 0 (i.e. it's a no-op). A null 49707 preferred scheduling term matches no 49708 objects (i.e. is also a no-op). 49709 properties: 49710 preference: 49711 description: A node selector term, 49712 associated with the corresponding 49713 weight. 49714 properties: 49715 matchExpressions: 49716 description: A list of node selector 49717 requirements by node's labels. 49718 items: 49719 description: A node selector 49720 requirement is a selector 49721 that contains values, a key, 49722 and an operator that relates 49723 the key and values. 49724 properties: 49725 key: 49726 description: The label key 49727 that the selector applies 49728 to. 49729 type: string 49730 operator: 49731 description: Represents 49732 a key's relationship to 49733 a set of values. Valid 49734 operators are In, NotIn, 49735 Exists, DoesNotExist. 49736 Gt, and Lt. 49737 type: string 49738 values: 49739 description: An array of 49740 string values. If the 49741 operator is In or NotIn, 49742 the values array must 49743 be non-empty. If the operator 49744 is Exists or DoesNotExist, 49745 the values array must 49746 be empty. If the operator 49747 is Gt or Lt, the values 49748 array must have a single 49749 element, which will be 49750 interpreted as an integer. 49751 This array is replaced 49752 during a strategic merge 49753 patch. 49754 items: 49755 type: string 49756 type: array 49757 required: 49758 - key 49759 - operator 49760 type: object 49761 type: array 49762 matchFields: 49763 description: A list of node selector 49764 requirements by node's fields. 49765 items: 49766 description: A node selector 49767 requirement is a selector 49768 that contains values, a key, 49769 and an operator that relates 49770 the key and values. 49771 properties: 49772 key: 49773 description: The label key 49774 that the selector applies 49775 to. 49776 type: string 49777 operator: 49778 description: Represents 49779 a key's relationship to 49780 a set of values. Valid 49781 operators are In, NotIn, 49782 Exists, DoesNotExist. 49783 Gt, and Lt. 49784 type: string 49785 values: 49786 description: An array of 49787 string values. If the 49788 operator is In or NotIn, 49789 the values array must 49790 be non-empty. If the operator 49791 is Exists or DoesNotExist, 49792 the values array must 49793 be empty. If the operator 49794 is Gt or Lt, the values 49795 array must have a single 49796 element, which will be 49797 interpreted as an integer. 49798 This array is replaced 49799 during a strategic merge 49800 patch. 49801 items: 49802 type: string 49803 type: array 49804 required: 49805 - key 49806 - operator 49807 type: object 49808 type: array 49809 type: object 49810 weight: 49811 description: Weight associated with 49812 matching the corresponding nodeSelectorTerm, 49813 in the range 1-100. 49814 format: int32 49815 type: integer 49816 required: 49817 - preference 49818 - weight 49819 type: object 49820 type: array 49821 requiredDuringSchedulingIgnoredDuringExecution: 49822 description: If the affinity requirements 49823 specified by this field are not met at 49824 scheduling time, the pod will not be scheduled 49825 onto the node. If the affinity requirements 49826 specified by this field cease to be met 49827 at some point during pod execution (e.g. 49828 due to an update), the system may or may 49829 not try to eventually evict the pod from 49830 its node. 49831 properties: 49832 nodeSelectorTerms: 49833 description: Required. A list of node 49834 selector terms. The terms are ORed. 49835 items: 49836 description: A null or empty node 49837 selector term matches no objects. 49838 The requirements of them are ANDed. 49839 The TopologySelectorTerm type implements 49840 a subset of the NodeSelectorTerm. 49841 properties: 49842 matchExpressions: 49843 description: A list of node selector 49844 requirements by node's labels. 49845 items: 49846 description: A node selector 49847 requirement is a selector 49848 that contains values, a key, 49849 and an operator that relates 49850 the key and values. 49851 properties: 49852 key: 49853 description: The label key 49854 that the selector applies 49855 to. 49856 type: string 49857 operator: 49858 description: Represents 49859 a key's relationship to 49860 a set of values. Valid 49861 operators are In, NotIn, 49862 Exists, DoesNotExist. 49863 Gt, and Lt. 49864 type: string 49865 values: 49866 description: An array of 49867 string values. If the 49868 operator is In or NotIn, 49869 the values array must 49870 be non-empty. If the operator 49871 is Exists or DoesNotExist, 49872 the values array must 49873 be empty. If the operator 49874 is Gt or Lt, the values 49875 array must have a single 49876 element, which will be 49877 interpreted as an integer. 49878 This array is replaced 49879 during a strategic merge 49880 patch. 49881 items: 49882 type: string 49883 type: array 49884 required: 49885 - key 49886 - operator 49887 type: object 49888 type: array 49889 matchFields: 49890 description: A list of node selector 49891 requirements by node's fields. 49892 items: 49893 description: A node selector 49894 requirement is a selector 49895 that contains values, a key, 49896 and an operator that relates 49897 the key and values. 49898 properties: 49899 key: 49900 description: The label key 49901 that the selector applies 49902 to. 49903 type: string 49904 operator: 49905 description: Represents 49906 a key's relationship to 49907 a set of values. Valid 49908 operators are In, NotIn, 49909 Exists, DoesNotExist. 49910 Gt, and Lt. 49911 type: string 49912 values: 49913 description: An array of 49914 string values. If the 49915 operator is In or NotIn, 49916 the values array must 49917 be non-empty. If the operator 49918 is Exists or DoesNotExist, 49919 the values array must 49920 be empty. If the operator 49921 is Gt or Lt, the values 49922 array must have a single 49923 element, which will be 49924 interpreted as an integer. 49925 This array is replaced 49926 during a strategic merge 49927 patch. 49928 items: 49929 type: string 49930 type: array 49931 required: 49932 - key 49933 - operator 49934 type: object 49935 type: array 49936 type: object 49937 type: array 49938 required: 49939 - nodeSelectorTerms 49940 type: object 49941 type: object 49942 podAffinity: 49943 description: Describes pod affinity scheduling 49944 rules (e.g. co-locate this pod in the same 49945 node, zone, etc. as some other pod(s)). 49946 properties: 49947 preferredDuringSchedulingIgnoredDuringExecution: 49948 description: The scheduler will prefer to 49949 schedule pods to nodes that satisfy the 49950 affinity expressions specified by this 49951 field, but it may choose a node that violates 49952 one or more of the expressions. The node 49953 that is most preferred is the one with 49954 the greatest sum of weights, i.e. for 49955 each node that meets all of the scheduling 49956 requirements (resource request, requiredDuringScheduling 49957 affinity expressions, etc.), compute a 49958 sum by iterating through the elements 49959 of this field and adding "weight" to the 49960 sum if the node has pods which matches 49961 the corresponding podAffinityTerm; the 49962 node(s) with the highest sum are the most 49963 preferred. 49964 items: 49965 description: The weights of all of the 49966 matched WeightedPodAffinityTerm fields 49967 are added per-node to find the most 49968 preferred node(s) 49969 properties: 49970 podAffinityTerm: 49971 description: Required. A pod affinity 49972 term, associated with the corresponding 49973 weight. 49974 properties: 49975 labelSelector: 49976 description: A label query over 49977 a set of resources, in this 49978 case pods. 49979 properties: 49980 matchExpressions: 49981 description: matchExpressions 49982 is a list of label selector 49983 requirements. The requirements 49984 are ANDed. 49985 items: 49986 description: A label selector 49987 requirement is a selector 49988 that contains values, 49989 a key, and an operator 49990 that relates the key and 49991 values. 49992 properties: 49993 key: 49994 description: key is 49995 the label key that 49996 the selector applies 49997 to. 49998 type: string 49999 operator: 50000 description: operator 50001 represents a key's 50002 relationship to a 50003 set of values. Valid 50004 operators are In, 50005 NotIn, Exists and 50006 DoesNotExist. 50007 type: string 50008 values: 50009 description: values 50010 is an array of string 50011 values. If the operator 50012 is In or NotIn, the 50013 values array must 50014 be non-empty. If the 50015 operator is Exists 50016 or DoesNotExist, the 50017 values array must 50018 be empty. This array 50019 is replaced during 50020 a strategic merge 50021 patch. 50022 items: 50023 type: string 50024 type: array 50025 required: 50026 - key 50027 - operator 50028 type: object 50029 type: array 50030 matchLabels: 50031 additionalProperties: 50032 type: string 50033 description: matchLabels is 50034 a map of {key,value} pairs. 50035 A single {key,value} in 50036 the matchLabels map is equivalent 50037 to an element of matchExpressions, 50038 whose key field is "key", 50039 the operator is "In", and 50040 the values array contains 50041 only "value". The requirements 50042 are ANDed. 50043 type: object 50044 type: object 50045 namespaceSelector: 50046 description: A label query over 50047 the set of namespaces that the 50048 term applies to. The term is 50049 applied to the union of the 50050 namespaces selected by this 50051 field and the ones listed in 50052 the namespaces field. null selector 50053 and null or empty namespaces 50054 list means "this pod's namespace". 50055 An empty selector ({}) matches 50056 all namespaces. 50057 properties: 50058 matchExpressions: 50059 description: matchExpressions 50060 is a list of label selector 50061 requirements. The requirements 50062 are ANDed. 50063 items: 50064 description: A label selector 50065 requirement is a selector 50066 that contains values, 50067 a key, and an operator 50068 that relates the key and 50069 values. 50070 properties: 50071 key: 50072 description: key is 50073 the label key that 50074 the selector applies 50075 to. 50076 type: string 50077 operator: 50078 description: operator 50079 represents a key's 50080 relationship to a 50081 set of values. Valid 50082 operators are In, 50083 NotIn, Exists and 50084 DoesNotExist. 50085 type: string 50086 values: 50087 description: values 50088 is an array of string 50089 values. If the operator 50090 is In or NotIn, the 50091 values array must 50092 be non-empty. If the 50093 operator is Exists 50094 or DoesNotExist, the 50095 values array must 50096 be empty. This array 50097 is replaced during 50098 a strategic merge 50099 patch. 50100 items: 50101 type: string 50102 type: array 50103 required: 50104 - key 50105 - operator 50106 type: object 50107 type: array 50108 matchLabels: 50109 additionalProperties: 50110 type: string 50111 description: matchLabels is 50112 a map of {key,value} pairs. 50113 A single {key,value} in 50114 the matchLabels map is equivalent 50115 to an element of matchExpressions, 50116 whose key field is "key", 50117 the operator is "In", and 50118 the values array contains 50119 only "value". The requirements 50120 are ANDed. 50121 type: object 50122 type: object 50123 namespaces: 50124 description: namespaces specifies 50125 a static list of namespace names 50126 that the term applies to. The 50127 term is applied to the union 50128 of the namespaces listed in 50129 this field and the ones selected 50130 by namespaceSelector. null or 50131 empty namespaces list and null 50132 namespaceSelector means "this 50133 pod's namespace". 50134 items: 50135 type: string 50136 type: array 50137 topologyKey: 50138 description: This pod should be 50139 co-located (affinity) or not 50140 co-located (anti-affinity) with 50141 the pods matching the labelSelector 50142 in the specified namespaces, 50143 where co-located is defined 50144 as running on a node whose value 50145 of the label with key topologyKey 50146 matches that of any node on 50147 which any of the selected pods 50148 is running. Empty topologyKey 50149 is not allowed. 50150 type: string 50151 required: 50152 - topologyKey 50153 type: object 50154 weight: 50155 description: weight associated with 50156 matching the corresponding podAffinityTerm, 50157 in the range 1-100. 50158 format: int32 50159 type: integer 50160 required: 50161 - podAffinityTerm 50162 - weight 50163 type: object 50164 type: array 50165 requiredDuringSchedulingIgnoredDuringExecution: 50166 description: If the affinity requirements 50167 specified by this field are not met at 50168 scheduling time, the pod will not be scheduled 50169 onto the node. If the affinity requirements 50170 specified by this field cease to be met 50171 at some point during pod execution (e.g. 50172 due to a pod label update), the system 50173 may or may not try to eventually evict 50174 the pod from its node. When there are 50175 multiple elements, the lists of nodes 50176 corresponding to each podAffinityTerm 50177 are intersected, i.e. all terms must be 50178 satisfied. 50179 items: 50180 description: Defines a set of pods (namely 50181 those matching the labelSelector relative 50182 to the given namespace(s)) that this 50183 pod should be co-located (affinity) 50184 or not co-located (anti-affinity) with, 50185 where co-located is defined as running 50186 on a node whose value of the label with 50187 key <topologyKey> matches that of any 50188 node on which a pod of the set of pods 50189 is running 50190 properties: 50191 labelSelector: 50192 description: A label query over a 50193 set of resources, in this case pods. 50194 properties: 50195 matchExpressions: 50196 description: matchExpressions 50197 is a list of label selector 50198 requirements. The requirements 50199 are ANDed. 50200 items: 50201 description: A label selector 50202 requirement is a selector 50203 that contains values, a key, 50204 and an operator that relates 50205 the key and values. 50206 properties: 50207 key: 50208 description: key is the 50209 label key that the selector 50210 applies to. 50211 type: string 50212 operator: 50213 description: operator represents 50214 a key's relationship to 50215 a set of values. Valid 50216 operators are In, NotIn, 50217 Exists and DoesNotExist. 50218 type: string 50219 values: 50220 description: values is an 50221 array of string values. 50222 If the operator is In 50223 or NotIn, the values array 50224 must be non-empty. If 50225 the operator is Exists 50226 or DoesNotExist, the values 50227 array must be empty. This 50228 array is replaced during 50229 a strategic merge patch. 50230 items: 50231 type: string 50232 type: array 50233 required: 50234 - key 50235 - operator 50236 type: object 50237 type: array 50238 matchLabels: 50239 additionalProperties: 50240 type: string 50241 description: matchLabels is a 50242 map of {key,value} pairs. A 50243 single {key,value} in the matchLabels 50244 map is equivalent to an element 50245 of matchExpressions, whose key 50246 field is "key", the operator 50247 is "In", and the values array 50248 contains only "value". The requirements 50249 are ANDed. 50250 type: object 50251 type: object 50252 namespaceSelector: 50253 description: A label query over the 50254 set of namespaces that the term 50255 applies to. The term is applied 50256 to the union of the namespaces selected 50257 by this field and the ones listed 50258 in the namespaces field. null selector 50259 and null or empty namespaces list 50260 means "this pod's namespace". An 50261 empty selector ({}) matches all 50262 namespaces. 50263 properties: 50264 matchExpressions: 50265 description: matchExpressions 50266 is a list of label selector 50267 requirements. The requirements 50268 are ANDed. 50269 items: 50270 description: A label selector 50271 requirement is a selector 50272 that contains values, a key, 50273 and an operator that relates 50274 the key and values. 50275 properties: 50276 key: 50277 description: key is the 50278 label key that the selector 50279 applies to. 50280 type: string 50281 operator: 50282 description: operator represents 50283 a key's relationship to 50284 a set of values. Valid 50285 operators are In, NotIn, 50286 Exists and DoesNotExist. 50287 type: string 50288 values: 50289 description: values is an 50290 array of string values. 50291 If the operator is In 50292 or NotIn, the values array 50293 must be non-empty. If 50294 the operator is Exists 50295 or DoesNotExist, the values 50296 array must be empty. This 50297 array is replaced during 50298 a strategic merge patch. 50299 items: 50300 type: string 50301 type: array 50302 required: 50303 - key 50304 - operator 50305 type: object 50306 type: array 50307 matchLabels: 50308 additionalProperties: 50309 type: string 50310 description: matchLabels is a 50311 map of {key,value} pairs. A 50312 single {key,value} in the matchLabels 50313 map is equivalent to an element 50314 of matchExpressions, whose key 50315 field is "key", the operator 50316 is "In", and the values array 50317 contains only "value". The requirements 50318 are ANDed. 50319 type: object 50320 type: object 50321 namespaces: 50322 description: namespaces specifies 50323 a static list of namespace names 50324 that the term applies to. The term 50325 is applied to the union of the namespaces 50326 listed in this field and the ones 50327 selected by namespaceSelector. null 50328 or empty namespaces list and null 50329 namespaceSelector means "this pod's 50330 namespace". 50331 items: 50332 type: string 50333 type: array 50334 topologyKey: 50335 description: This pod should be co-located 50336 (affinity) or not co-located (anti-affinity) 50337 with the pods matching the labelSelector 50338 in the specified namespaces, where 50339 co-located is defined as running 50340 on a node whose value of the label 50341 with key topologyKey matches that 50342 of any node on which any of the 50343 selected pods is running. Empty 50344 topologyKey is not allowed. 50345 type: string 50346 required: 50347 - topologyKey 50348 type: object 50349 type: array 50350 type: object 50351 podAntiAffinity: 50352 description: Describes pod anti-affinity scheduling 50353 rules (e.g. avoid putting this pod in the 50354 same node, zone, etc. as some other pod(s)). 50355 properties: 50356 preferredDuringSchedulingIgnoredDuringExecution: 50357 description: The scheduler will prefer to 50358 schedule pods to nodes that satisfy the 50359 anti-affinity expressions specified by 50360 this field, but it may choose a node that 50361 violates one or more of the expressions. 50362 The node that is most preferred is the 50363 one with the greatest sum of weights, 50364 i.e. for each node that meets all of the 50365 scheduling requirements (resource request, 50366 requiredDuringScheduling anti-affinity 50367 expressions, etc.), compute a sum by iterating 50368 through the elements of this field and 50369 adding "weight" to the sum if the node 50370 has pods which matches the corresponding 50371 podAffinityTerm; the node(s) with the 50372 highest sum are the most preferred. 50373 items: 50374 description: The weights of all of the 50375 matched WeightedPodAffinityTerm fields 50376 are added per-node to find the most 50377 preferred node(s) 50378 properties: 50379 podAffinityTerm: 50380 description: Required. A pod affinity 50381 term, associated with the corresponding 50382 weight. 50383 properties: 50384 labelSelector: 50385 description: A label query over 50386 a set of resources, in this 50387 case pods. 50388 properties: 50389 matchExpressions: 50390 description: matchExpressions 50391 is a list of label selector 50392 requirements. The requirements 50393 are ANDed. 50394 items: 50395 description: A label selector 50396 requirement is a selector 50397 that contains values, 50398 a key, and an operator 50399 that relates the key and 50400 values. 50401 properties: 50402 key: 50403 description: key is 50404 the label key that 50405 the selector applies 50406 to. 50407 type: string 50408 operator: 50409 description: operator 50410 represents a key's 50411 relationship to a 50412 set of values. Valid 50413 operators are In, 50414 NotIn, Exists and 50415 DoesNotExist. 50416 type: string 50417 values: 50418 description: values 50419 is an array of string 50420 values. If the operator 50421 is In or NotIn, the 50422 values array must 50423 be non-empty. If the 50424 operator is Exists 50425 or DoesNotExist, the 50426 values array must 50427 be empty. This array 50428 is replaced during 50429 a strategic merge 50430 patch. 50431 items: 50432 type: string 50433 type: array 50434 required: 50435 - key 50436 - operator 50437 type: object 50438 type: array 50439 matchLabels: 50440 additionalProperties: 50441 type: string 50442 description: matchLabels is 50443 a map of {key,value} pairs. 50444 A single {key,value} in 50445 the matchLabels map is equivalent 50446 to an element of matchExpressions, 50447 whose key field is "key", 50448 the operator is "In", and 50449 the values array contains 50450 only "value". The requirements 50451 are ANDed. 50452 type: object 50453 type: object 50454 namespaceSelector: 50455 description: A label query over 50456 the set of namespaces that the 50457 term applies to. The term is 50458 applied to the union of the 50459 namespaces selected by this 50460 field and the ones listed in 50461 the namespaces field. null selector 50462 and null or empty namespaces 50463 list means "this pod's namespace". 50464 An empty selector ({}) matches 50465 all namespaces. 50466 properties: 50467 matchExpressions: 50468 description: matchExpressions 50469 is a list of label selector 50470 requirements. The requirements 50471 are ANDed. 50472 items: 50473 description: A label selector 50474 requirement is a selector 50475 that contains values, 50476 a key, and an operator 50477 that relates the key and 50478 values. 50479 properties: 50480 key: 50481 description: key is 50482 the label key that 50483 the selector applies 50484 to. 50485 type: string 50486 operator: 50487 description: operator 50488 represents a key's 50489 relationship to a 50490 set of values. Valid 50491 operators are In, 50492 NotIn, Exists and 50493 DoesNotExist. 50494 type: string 50495 values: 50496 description: values 50497 is an array of string 50498 values. If the operator 50499 is In or NotIn, the 50500 values array must 50501 be non-empty. If the 50502 operator is Exists 50503 or DoesNotExist, the 50504 values array must 50505 be empty. This array 50506 is replaced during 50507 a strategic merge 50508 patch. 50509 items: 50510 type: string 50511 type: array 50512 required: 50513 - key 50514 - operator 50515 type: object 50516 type: array 50517 matchLabels: 50518 additionalProperties: 50519 type: string 50520 description: matchLabels is 50521 a map of {key,value} pairs. 50522 A single {key,value} in 50523 the matchLabels map is equivalent 50524 to an element of matchExpressions, 50525 whose key field is "key", 50526 the operator is "In", and 50527 the values array contains 50528 only "value". The requirements 50529 are ANDed. 50530 type: object 50531 type: object 50532 namespaces: 50533 description: namespaces specifies 50534 a static list of namespace names 50535 that the term applies to. The 50536 term is applied to the union 50537 of the namespaces listed in 50538 this field and the ones selected 50539 by namespaceSelector. null or 50540 empty namespaces list and null 50541 namespaceSelector means "this 50542 pod's namespace". 50543 items: 50544 type: string 50545 type: array 50546 topologyKey: 50547 description: This pod should be 50548 co-located (affinity) or not 50549 co-located (anti-affinity) with 50550 the pods matching the labelSelector 50551 in the specified namespaces, 50552 where co-located is defined 50553 as running on a node whose value 50554 of the label with key topologyKey 50555 matches that of any node on 50556 which any of the selected pods 50557 is running. Empty topologyKey 50558 is not allowed. 50559 type: string 50560 required: 50561 - topologyKey 50562 type: object 50563 weight: 50564 description: weight associated with 50565 matching the corresponding podAffinityTerm, 50566 in the range 1-100. 50567 format: int32 50568 type: integer 50569 required: 50570 - podAffinityTerm 50571 - weight 50572 type: object 50573 type: array 50574 requiredDuringSchedulingIgnoredDuringExecution: 50575 description: If the anti-affinity requirements 50576 specified by this field are not met at 50577 scheduling time, the pod will not be scheduled 50578 onto the node. If the anti-affinity requirements 50579 specified by this field cease to be met 50580 at some point during pod execution (e.g. 50581 due to a pod label update), the system 50582 may or may not try to eventually evict 50583 the pod from its node. When there are 50584 multiple elements, the lists of nodes 50585 corresponding to each podAffinityTerm 50586 are intersected, i.e. all terms must be 50587 satisfied. 50588 items: 50589 description: Defines a set of pods (namely 50590 those matching the labelSelector relative 50591 to the given namespace(s)) that this 50592 pod should be co-located (affinity) 50593 or not co-located (anti-affinity) with, 50594 where co-located is defined as running 50595 on a node whose value of the label with 50596 key <topologyKey> matches that of any 50597 node on which a pod of the set of pods 50598 is running 50599 properties: 50600 labelSelector: 50601 description: A label query over a 50602 set of resources, in this case pods. 50603 properties: 50604 matchExpressions: 50605 description: matchExpressions 50606 is a list of label selector 50607 requirements. The requirements 50608 are ANDed. 50609 items: 50610 description: A label selector 50611 requirement is a selector 50612 that contains values, a key, 50613 and an operator that relates 50614 the key and values. 50615 properties: 50616 key: 50617 description: key is the 50618 label key that the selector 50619 applies to. 50620 type: string 50621 operator: 50622 description: operator represents 50623 a key's relationship to 50624 a set of values. Valid 50625 operators are In, NotIn, 50626 Exists and DoesNotExist. 50627 type: string 50628 values: 50629 description: values is an 50630 array of string values. 50631 If the operator is In 50632 or NotIn, the values array 50633 must be non-empty. If 50634 the operator is Exists 50635 or DoesNotExist, the values 50636 array must be empty. This 50637 array is replaced during 50638 a strategic merge patch. 50639 items: 50640 type: string 50641 type: array 50642 required: 50643 - key 50644 - operator 50645 type: object 50646 type: array 50647 matchLabels: 50648 additionalProperties: 50649 type: string 50650 description: matchLabels is a 50651 map of {key,value} pairs. A 50652 single {key,value} in the matchLabels 50653 map is equivalent to an element 50654 of matchExpressions, whose key 50655 field is "key", the operator 50656 is "In", and the values array 50657 contains only "value". The requirements 50658 are ANDed. 50659 type: object 50660 type: object 50661 namespaceSelector: 50662 description: A label query over the 50663 set of namespaces that the term 50664 applies to. The term is applied 50665 to the union of the namespaces selected 50666 by this field and the ones listed 50667 in the namespaces field. null selector 50668 and null or empty namespaces list 50669 means "this pod's namespace". An 50670 empty selector ({}) matches all 50671 namespaces. 50672 properties: 50673 matchExpressions: 50674 description: matchExpressions 50675 is a list of label selector 50676 requirements. The requirements 50677 are ANDed. 50678 items: 50679 description: A label selector 50680 requirement is a selector 50681 that contains values, a key, 50682 and an operator that relates 50683 the key and values. 50684 properties: 50685 key: 50686 description: key is the 50687 label key that the selector 50688 applies to. 50689 type: string 50690 operator: 50691 description: operator represents 50692 a key's relationship to 50693 a set of values. Valid 50694 operators are In, NotIn, 50695 Exists and DoesNotExist. 50696 type: string 50697 values: 50698 description: values is an 50699 array of string values. 50700 If the operator is In 50701 or NotIn, the values array 50702 must be non-empty. If 50703 the operator is Exists 50704 or DoesNotExist, the values 50705 array must be empty. This 50706 array is replaced during 50707 a strategic merge patch. 50708 items: 50709 type: string 50710 type: array 50711 required: 50712 - key 50713 - operator 50714 type: object 50715 type: array 50716 matchLabels: 50717 additionalProperties: 50718 type: string 50719 description: matchLabels is a 50720 map of {key,value} pairs. A 50721 single {key,value} in the matchLabels 50722 map is equivalent to an element 50723 of matchExpressions, whose key 50724 field is "key", the operator 50725 is "In", and the values array 50726 contains only "value". The requirements 50727 are ANDed. 50728 type: object 50729 type: object 50730 namespaces: 50731 description: namespaces specifies 50732 a static list of namespace names 50733 that the term applies to. The term 50734 is applied to the union of the namespaces 50735 listed in this field and the ones 50736 selected by namespaceSelector. null 50737 or empty namespaces list and null 50738 namespaceSelector means "this pod's 50739 namespace". 50740 items: 50741 type: string 50742 type: array 50743 topologyKey: 50744 description: This pod should be co-located 50745 (affinity) or not co-located (anti-affinity) 50746 with the pods matching the labelSelector 50747 in the specified namespaces, where 50748 co-located is defined as running 50749 on a node whose value of the label 50750 with key topologyKey matches that 50751 of any node on which any of the 50752 selected pods is running. Empty 50753 topologyKey is not allowed. 50754 type: string 50755 required: 50756 - topologyKey 50757 type: object 50758 type: array 50759 type: object 50760 type: object 50761 automountServiceAccountToken: 50762 description: AutomountServiceAccountToken indicates 50763 whether pods running as this service account should 50764 have an API token automatically mounted. 50765 type: boolean 50766 dnsConfig: 50767 description: Specifies the DNS parameters of a pod. 50768 Parameters specified here will be merged to the 50769 generated DNS configuration based on DNSPolicy. 50770 properties: 50771 nameservers: 50772 description: A list of DNS name server IP addresses. 50773 This will be appended to the base nameservers 50774 generated from DNSPolicy. Duplicated nameservers 50775 will be removed. 50776 items: 50777 type: string 50778 type: array 50779 options: 50780 description: A list of DNS resolver options. 50781 This will be merged with the base options 50782 generated from DNSPolicy. Duplicated entries 50783 will be removed. Resolution options given 50784 in Options will override those that appear 50785 in the base DNSPolicy. 50786 items: 50787 description: PodDNSConfigOption defines DNS 50788 resolver options of a pod. 50789 properties: 50790 name: 50791 description: Required. 50792 type: string 50793 value: 50794 type: string 50795 type: object 50796 type: array 50797 searches: 50798 description: A list of DNS search domains for 50799 host-name lookup. This will be appended to 50800 the base search paths generated from DNSPolicy. 50801 Duplicated search paths will be removed. 50802 items: 50803 type: string 50804 type: array 50805 type: object 50806 dnsPolicy: 50807 description: Set DNS policy for the pod. Defaults 50808 to "ClusterFirst". Valid values are 'ClusterFirst', 50809 'Default' or 'None'. DNS parameters given in DNSConfig 50810 will be merged with the policy selected with DNSPolicy. 50811 type: string 50812 enableServiceLinks: 50813 description: 'EnableServiceLinks indicates whether 50814 information about services should be injected 50815 into pod''s environment variables, matching the 50816 syntax of Docker links. Optional: Defaults to 50817 true.' 50818 type: boolean 50819 env: 50820 description: List of environment variables that 50821 can be provided to the containers belonging to 50822 the pod. 50823 items: 50824 description: EnvVar represents an environment 50825 variable present in a Container. 50826 properties: 50827 name: 50828 description: Name of the environment variable. 50829 Must be a C_IDENTIFIER. 50830 type: string 50831 value: 50832 description: 'Variable references $(VAR_NAME) 50833 are expanded using the previously defined 50834 environment variables in the container and 50835 any service environment variables. If a 50836 variable cannot be resolved, the reference 50837 in the input string will be unchanged. Double 50838 $$ are reduced to a single $, which allows 50839 for escaping the $(VAR_NAME) syntax: i.e. 50840 "$$(VAR_NAME)" will produce the string literal 50841 "$(VAR_NAME)". Escaped references will never 50842 be expanded, regardless of whether the variable 50843 exists or not. Defaults to "".' 50844 type: string 50845 valueFrom: 50846 description: Source for the environment variable's 50847 value. Cannot be used if value is not empty. 50848 properties: 50849 configMapKeyRef: 50850 description: Selects a key of a ConfigMap. 50851 properties: 50852 key: 50853 description: The key to select. 50854 type: string 50855 name: 50856 description: 'Name of the referent. 50857 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 50858 TODO: Add other useful fields. apiVersion, 50859 kind, uid?' 50860 type: string 50861 optional: 50862 description: Specify whether the ConfigMap 50863 or its key must be defined 50864 type: boolean 50865 required: 50866 - key 50867 type: object 50868 fieldRef: 50869 description: 'Selects a field of the pod: 50870 supports metadata.name, metadata.namespace, 50871 `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, 50872 spec.nodeName, spec.serviceAccountName, 50873 status.hostIP, status.podIP, status.podIPs.' 50874 properties: 50875 apiVersion: 50876 description: Version of the schema 50877 the FieldPath is written in terms 50878 of, defaults to "v1". 50879 type: string 50880 fieldPath: 50881 description: Path of the field to 50882 select in the specified API version. 50883 type: string 50884 required: 50885 - fieldPath 50886 type: object 50887 resourceFieldRef: 50888 description: 'Selects a resource of the 50889 container: only resources limits and 50890 requests (limits.cpu, limits.memory, 50891 limits.ephemeral-storage, requests.cpu, 50892 requests.memory and requests.ephemeral-storage) 50893 are currently supported.' 50894 properties: 50895 containerName: 50896 description: 'Container name: required 50897 for volumes, optional for env vars' 50898 type: string 50899 divisor: 50900 anyOf: 50901 - type: integer 50902 - type: string 50903 description: Specifies the output 50904 format of the exposed resources, 50905 defaults to "1" 50906 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 50907 x-kubernetes-int-or-string: true 50908 resource: 50909 description: 'Required: resource to 50910 select' 50911 type: string 50912 required: 50913 - resource 50914 type: object 50915 secretKeyRef: 50916 description: Selects a key of a secret 50917 in the pod's namespace 50918 properties: 50919 key: 50920 description: The key of the secret 50921 to select from. Must be a valid 50922 secret key. 50923 type: string 50924 name: 50925 description: 'Name of the referent. 50926 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 50927 TODO: Add other useful fields. apiVersion, 50928 kind, uid?' 50929 type: string 50930 optional: 50931 description: Specify whether the Secret 50932 or its key must be defined 50933 type: boolean 50934 required: 50935 - key 50936 type: object 50937 type: object 50938 required: 50939 - name 50940 type: object 50941 type: array 50942 x-kubernetes-list-type: atomic 50943 hostAliases: 50944 description: HostAliases is an optional list of 50945 hosts and IPs that will be injected into the pod's 50946 hosts file if specified. This is only valid for 50947 non-hostNetwork pods. 50948 items: 50949 description: HostAlias holds the mapping between 50950 IP and hostnames that will be injected as an 50951 entry in the pod's hosts file. 50952 properties: 50953 hostnames: 50954 description: Hostnames for the above IP address. 50955 items: 50956 type: string 50957 type: array 50958 ip: 50959 description: IP address of the host file entry. 50960 type: string 50961 type: object 50962 type: array 50963 x-kubernetes-list-type: atomic 50964 hostNetwork: 50965 description: HostNetwork specifies whether the pod 50966 may use the node network namespace 50967 type: boolean 50968 imagePullSecrets: 50969 description: ImagePullSecrets gives the name of 50970 the secret used by the pod to pull the image if 50971 specified 50972 items: 50973 description: LocalObjectReference contains enough 50974 information to let you locate the referenced 50975 object inside the same namespace. 50976 properties: 50977 name: 50978 description: 'Name of the referent. More info: 50979 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 50980 TODO: Add other useful fields. apiVersion, 50981 kind, uid?' 50982 type: string 50983 type: object 50984 type: array 50985 x-kubernetes-list-type: atomic 50986 nodeSelector: 50987 additionalProperties: 50988 type: string 50989 description: 'NodeSelector is a selector which must 50990 be true for the pod to fit on a node. Selector 50991 which must match a node''s labels for the pod 50992 to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' 50993 type: object 50994 priorityClassName: 50995 description: If specified, indicates the pod's priority. 50996 "system-node-critical" and "system-cluster-critical" 50997 are two special keywords which indicate the highest 50998 priorities with the former being the highest priority. 50999 Any other name must be defined by creating a PriorityClass 51000 object with that name. If not specified, the pod 51001 priority will be default or zero if there is no 51002 default. 51003 type: string 51004 runtimeClassName: 51005 description: 'RuntimeClassName refers to a RuntimeClass 51006 object in the node.k8s.io group, which should 51007 be used to run this pod. If no RuntimeClass resource 51008 matches the named class, the pod will not be run. 51009 If unset or empty, the "legacy" RuntimeClass will 51010 be used, which is an implicit class with an empty 51011 definition that uses the default runtime handler. 51012 More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md 51013 This is a beta feature as of Kubernetes v1.14.' 51014 type: string 51015 schedulerName: 51016 description: SchedulerName specifies the scheduler 51017 to be used to dispatch the Pod 51018 type: string 51019 securityContext: 51020 description: 'SecurityContext holds pod-level security 51021 attributes and common container settings. Optional: 51022 Defaults to empty. See type description for default 51023 values of each field.' 51024 properties: 51025 fsGroup: 51026 description: "A special supplemental group that 51027 applies to all containers in a pod. Some volume 51028 types allow the Kubelet to change the ownership 51029 of that volume to be owned by the pod: \n 51030 1. The owning GID will be the FSGroup 2. The 51031 setgid bit is set (new files created in the 51032 volume will be owned by FSGroup) 3. The permission 51033 bits are OR'd with rw-rw---- \n If unset, 51034 the Kubelet will not modify the ownership 51035 and permissions of any volume. Note that this 51036 field cannot be set when spec.os.name is windows." 51037 format: int64 51038 type: integer 51039 fsGroupChangePolicy: 51040 description: 'fsGroupChangePolicy defines behavior 51041 of changing ownership and permission of the 51042 volume before being exposed inside Pod. This 51043 field will only apply to volume types which 51044 support fsGroup based ownership(and permissions). 51045 It will have no effect on ephemeral volume 51046 types such as: secret, configmaps and emptydir. 51047 Valid values are "OnRootMismatch" and "Always". 51048 If not specified, "Always" is used. Note that 51049 this field cannot be set when spec.os.name 51050 is windows.' 51051 type: string 51052 runAsGroup: 51053 description: The GID to run the entrypoint of 51054 the container process. Uses runtime default 51055 if unset. May also be set in SecurityContext. If 51056 set in both SecurityContext and PodSecurityContext, 51057 the value specified in SecurityContext takes 51058 precedence for that container. Note that this 51059 field cannot be set when spec.os.name is windows. 51060 format: int64 51061 type: integer 51062 runAsNonRoot: 51063 description: Indicates that the container must 51064 run as a non-root user. If true, the Kubelet 51065 will validate the image at runtime to ensure 51066 that it does not run as UID 0 (root) and fail 51067 to start the container if it does. If unset 51068 or false, no such validation will be performed. 51069 May also be set in SecurityContext. If set 51070 in both SecurityContext and PodSecurityContext, 51071 the value specified in SecurityContext takes 51072 precedence. 51073 type: boolean 51074 runAsUser: 51075 description: The UID to run the entrypoint of 51076 the container process. Defaults to user specified 51077 in image metadata if unspecified. May also 51078 be set in SecurityContext. If set in both 51079 SecurityContext and PodSecurityContext, the 51080 value specified in SecurityContext takes precedence 51081 for that container. Note that this field cannot 51082 be set when spec.os.name is windows. 51083 format: int64 51084 type: integer 51085 seLinuxOptions: 51086 description: The SELinux context to be applied 51087 to all containers. If unspecified, the container 51088 runtime will allocate a random SELinux context 51089 for each container. May also be set in SecurityContext. If 51090 set in both SecurityContext and PodSecurityContext, 51091 the value specified in SecurityContext takes 51092 precedence for that container. Note that this 51093 field cannot be set when spec.os.name is windows. 51094 properties: 51095 level: 51096 description: Level is SELinux level label 51097 that applies to the container. 51098 type: string 51099 role: 51100 description: Role is a SELinux role label 51101 that applies to the container. 51102 type: string 51103 type: 51104 description: Type is a SELinux type label 51105 that applies to the container. 51106 type: string 51107 user: 51108 description: User is a SELinux user label 51109 that applies to the container. 51110 type: string 51111 type: object 51112 seccompProfile: 51113 description: The seccomp options to use by the 51114 containers in this pod. Note that this field 51115 cannot be set when spec.os.name is windows. 51116 properties: 51117 localhostProfile: 51118 description: localhostProfile indicates 51119 a profile defined in a file on the node 51120 should be used. The profile must be preconfigured 51121 on the node to work. Must be a descending 51122 path, relative to the kubelet's configured 51123 seccomp profile location. Must be set 51124 if type is "Localhost". Must NOT be set 51125 for any other type. 51126 type: string 51127 type: 51128 description: "type indicates which kind 51129 of seccomp profile will be applied. Valid 51130 options are: \n Localhost - a profile 51131 defined in a file on the node should be 51132 used. RuntimeDefault - the container runtime 51133 default profile should be used. Unconfined 51134 - no profile should be applied." 51135 type: string 51136 required: 51137 - type 51138 type: object 51139 supplementalGroups: 51140 description: A list of groups applied to the 51141 first process run in each container, in addition 51142 to the container's primary GID, the fsGroup 51143 (if specified), and group memberships defined 51144 in the container image for the uid of the 51145 container process. If unspecified, no additional 51146 groups are added to any container. Note that 51147 group memberships defined in the container 51148 image for the uid of the container process 51149 are still effective, even if they are not 51150 included in this list. Note that this field 51151 cannot be set when spec.os.name is windows. 51152 items: 51153 format: int64 51154 type: integer 51155 type: array 51156 sysctls: 51157 description: Sysctls hold a list of namespaced 51158 sysctls used for the pod. Pods with unsupported 51159 sysctls (by the container runtime) might fail 51160 to launch. Note that this field cannot be 51161 set when spec.os.name is windows. 51162 items: 51163 description: Sysctl defines a kernel parameter 51164 to be set 51165 properties: 51166 name: 51167 description: Name of a property to set 51168 type: string 51169 value: 51170 description: Value of a property to set 51171 type: string 51172 required: 51173 - name 51174 - value 51175 type: object 51176 type: array 51177 windowsOptions: 51178 description: The Windows specific settings applied 51179 to all containers. If unspecified, the options 51180 within a container's SecurityContext will 51181 be used. If set in both SecurityContext and 51182 PodSecurityContext, the value specified in 51183 SecurityContext takes precedence. Note that 51184 this field cannot be set when spec.os.name 51185 is linux. 51186 properties: 51187 gmsaCredentialSpec: 51188 description: GMSACredentialSpec is where 51189 the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) 51190 inlines the contents of the GMSA credential 51191 spec named by the GMSACredentialSpecName 51192 field. 51193 type: string 51194 gmsaCredentialSpecName: 51195 description: GMSACredentialSpecName is the 51196 name of the GMSA credential spec to use. 51197 type: string 51198 hostProcess: 51199 description: HostProcess determines if a 51200 container should be run as a 'Host Process' 51201 container. All of a Pod's containers must 51202 have the same effective HostProcess value 51203 (it is not allowed to have a mix of HostProcess 51204 containers and non-HostProcess containers). 51205 In addition, if HostProcess is true then 51206 HostNetwork must also be set to true. 51207 type: boolean 51208 runAsUserName: 51209 description: The UserName in Windows to 51210 run the entrypoint of the container process. 51211 Defaults to the user specified in image 51212 metadata if unspecified. May also be set 51213 in PodSecurityContext. If set in both 51214 SecurityContext and PodSecurityContext, 51215 the value specified in SecurityContext 51216 takes precedence. 51217 type: string 51218 type: object 51219 type: object 51220 tolerations: 51221 description: If specified, the pod's tolerations. 51222 items: 51223 description: The pod this Toleration is attached 51224 to tolerates any taint that matches the triple 51225 <key,value,effect> using the matching operator 51226 <operator>. 51227 properties: 51228 effect: 51229 description: Effect indicates the taint effect 51230 to match. Empty means match all taint effects. 51231 When specified, allowed values are NoSchedule, 51232 PreferNoSchedule and NoExecute. 51233 type: string 51234 key: 51235 description: Key is the taint key that the 51236 toleration applies to. Empty means match 51237 all taint keys. If the key is empty, operator 51238 must be Exists; this combination means to 51239 match all values and all keys. 51240 type: string 51241 operator: 51242 description: Operator represents a key's relationship 51243 to the value. Valid operators are Exists 51244 and Equal. Defaults to Equal. Exists is 51245 equivalent to wildcard for value, so that 51246 a pod can tolerate all taints of a particular 51247 category. 51248 type: string 51249 tolerationSeconds: 51250 description: TolerationSeconds represents 51251 the period of time the toleration (which 51252 must be of effect NoExecute, otherwise this 51253 field is ignored) tolerates the taint. By 51254 default, it is not set, which means tolerate 51255 the taint forever (do not evict). Zero and 51256 negative values will be treated as 0 (evict 51257 immediately) by the system. 51258 format: int64 51259 type: integer 51260 value: 51261 description: Value is the taint value the 51262 toleration matches to. If the operator is 51263 Exists, the value should be empty, otherwise 51264 just a regular string. 51265 type: string 51266 type: object 51267 type: array 51268 x-kubernetes-list-type: atomic 51269 topologySpreadConstraints: 51270 description: TopologySpreadConstraints controls 51271 how Pods are spread across your cluster among 51272 failure-domains such as regions, zones, nodes, 51273 and other user-defined topology domains. 51274 items: 51275 description: TopologySpreadConstraint specifies 51276 how to spread matching pods among the given 51277 topology. 51278 properties: 51279 labelSelector: 51280 description: LabelSelector is used to find 51281 matching pods. Pods that match this label 51282 selector are counted to determine the number 51283 of pods in their corresponding topology 51284 domain. 51285 properties: 51286 matchExpressions: 51287 description: matchExpressions is a list 51288 of label selector requirements. The 51289 requirements are ANDed. 51290 items: 51291 description: A label selector requirement 51292 is a selector that contains values, 51293 a key, and an operator that relates 51294 the key and values. 51295 properties: 51296 key: 51297 description: key is the label key 51298 that the selector applies to. 51299 type: string 51300 operator: 51301 description: operator represents 51302 a key's relationship to a set 51303 of values. Valid operators are 51304 In, NotIn, Exists and DoesNotExist. 51305 type: string 51306 values: 51307 description: values is an array 51308 of string values. If the operator 51309 is In or NotIn, the values array 51310 must be non-empty. If the operator 51311 is Exists or DoesNotExist, the 51312 values array must be empty. This 51313 array is replaced during a strategic 51314 merge patch. 51315 items: 51316 type: string 51317 type: array 51318 required: 51319 - key 51320 - operator 51321 type: object 51322 type: array 51323 matchLabels: 51324 additionalProperties: 51325 type: string 51326 description: matchLabels is a map of {key,value} 51327 pairs. A single {key,value} in the matchLabels 51328 map is equivalent to an element of matchExpressions, 51329 whose key field is "key", the operator 51330 is "In", and the values array contains 51331 only "value". The requirements are ANDed. 51332 type: object 51333 type: object 51334 matchLabelKeys: 51335 description: "MatchLabelKeys is a set of pod 51336 label keys to select the pods over which 51337 spreading will be calculated. The keys are 51338 used to lookup values from the incoming 51339 pod labels, those key-value labels are ANDed 51340 with labelSelector to select the group of 51341 existing pods over which spreading will 51342 be calculated for the incoming pod. The 51343 same key is forbidden to exist in both MatchLabelKeys 51344 and LabelSelector. MatchLabelKeys cannot 51345 be set when LabelSelector isn't set. Keys 51346 that don't exist in the incoming pod labels 51347 will be ignored. A null or empty list means 51348 only match against labelSelector. \n This 51349 is a beta field and requires the MatchLabelKeysInPodTopologySpread 51350 feature gate to be enabled (enabled by default)." 51351 items: 51352 type: string 51353 type: array 51354 x-kubernetes-list-type: atomic 51355 maxSkew: 51356 description: 'MaxSkew describes the degree 51357 to which pods may be unevenly distributed. 51358 When `whenUnsatisfiable=DoNotSchedule`, 51359 it is the maximum permitted difference between 51360 the number of matching pods in the target 51361 topology and the global minimum. The global 51362 minimum is the minimum number of matching 51363 pods in an eligible domain or zero if the 51364 number of eligible domains is less than 51365 MinDomains. For example, in a 3-zone cluster, 51366 MaxSkew is set to 1, and pods with the same 51367 labelSelector spread as 2/2/1: In this case, 51368 the global minimum is 1. | zone1 | zone2 51369 | zone3 | | P P | P P | P | - if 51370 MaxSkew is 1, incoming pod can only be scheduled 51371 to zone3 to become 2/2/2; scheduling it 51372 onto zone1(zone2) would make the ActualSkew(3-1) 51373 on zone1(zone2) violate MaxSkew(1). - if 51374 MaxSkew is 2, incoming pod can be scheduled 51375 onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, 51376 it is used to give higher precedence to 51377 topologies that satisfy it. It''s a required 51378 field. Default value is 1 and 0 is not allowed.' 51379 format: int32 51380 type: integer 51381 minDomains: 51382 description: "MinDomains indicates a minimum 51383 number of eligible domains. When the number 51384 of eligible domains with matching topology 51385 keys is less than minDomains, Pod Topology 51386 Spread treats \"global minimum\" as 0, and 51387 then the calculation of Skew is performed. 51388 And when the number of eligible domains 51389 with matching topology keys equals or greater 51390 than minDomains, this value has no effect 51391 on scheduling. As a result, when the number 51392 of eligible domains is less than minDomains, 51393 scheduler won't schedule more than maxSkew 51394 Pods to those domains. If value is nil, 51395 the constraint behaves as if MinDomains 51396 is equal to 1. Valid values are integers 51397 greater than 0. When value is not nil, WhenUnsatisfiable 51398 must be DoNotSchedule. \n For example, in 51399 a 3-zone cluster, MaxSkew is set to 2, MinDomains 51400 is set to 5 and pods with the same labelSelector 51401 spread as 2/2/2: | zone1 | zone2 | zone3 51402 | | P P | P P | P P | The number of 51403 domains is less than 5(MinDomains), so \"global 51404 minimum\" is treated as 0. In this situation, 51405 new pod with the same labelSelector cannot 51406 be scheduled, because computed skew will 51407 be 3(3 - 0) if new Pod is scheduled to any 51408 of the three zones, it will violate MaxSkew. 51409 \n This is a beta field and requires the 51410 MinDomainsInPodTopologySpread feature gate 51411 to be enabled (enabled by default)." 51412 format: int32 51413 type: integer 51414 nodeAffinityPolicy: 51415 description: "NodeAffinityPolicy indicates 51416 how we will treat Pod's nodeAffinity/nodeSelector 51417 when calculating pod topology spread skew. 51418 Options are: - Honor: only nodes matching 51419 nodeAffinity/nodeSelector are included in 51420 the calculations. - Ignore: nodeAffinity/nodeSelector 51421 are ignored. All nodes are included in the 51422 calculations. \n If this value is nil, the 51423 behavior is equivalent to the Honor policy. 51424 This is a beta-level feature default enabled 51425 by the NodeInclusionPolicyInPodTopologySpread 51426 feature flag." 51427 type: string 51428 nodeTaintsPolicy: 51429 description: "NodeTaintsPolicy indicates how 51430 we will treat node taints when calculating 51431 pod topology spread skew. Options are: - 51432 Honor: nodes without taints, along with 51433 tainted nodes for which the incoming pod 51434 has a toleration, are included. - Ignore: 51435 node taints are ignored. All nodes are included. 51436 \n If this value is nil, the behavior is 51437 equivalent to the Ignore policy. This is 51438 a beta-level feature default enabled by 51439 the NodeInclusionPolicyInPodTopologySpread 51440 feature flag." 51441 type: string 51442 topologyKey: 51443 description: TopologyKey is the key of node 51444 labels. Nodes that have a label with this 51445 key and identical values are considered 51446 to be in the same topology. We consider 51447 each <key, value> as a "bucket", and try 51448 to put balanced number of pods into each 51449 bucket. We define a domain as a particular 51450 instance of a topology. Also, we define 51451 an eligible domain as a domain whose nodes 51452 meet the requirements of nodeAffinityPolicy 51453 and nodeTaintsPolicy. e.g. If TopologyKey 51454 is "kubernetes.io/hostname", each Node is 51455 a domain of that topology. And, if TopologyKey 51456 is "topology.kubernetes.io/zone", each zone 51457 is a domain of that topology. It's a required 51458 field. 51459 type: string 51460 whenUnsatisfiable: 51461 description: 'WhenUnsatisfiable indicates 51462 how to deal with a pod if it doesn''t satisfy 51463 the spread constraint. - DoNotSchedule (default) 51464 tells the scheduler not to schedule it. 51465 - ScheduleAnyway tells the scheduler to 51466 schedule the pod in any location, but 51467 giving higher precedence to topologies that 51468 would help reduce the skew. A constraint 51469 is considered "Unsatisfiable" for an incoming 51470 pod if and only if every possible node assignment 51471 for that pod would violate "MaxSkew" on 51472 some topology. For example, in a 3-zone 51473 cluster, MaxSkew is set to 1, and pods with 51474 the same labelSelector spread as 3/1/1: 51475 | zone1 | zone2 | zone3 | | P P P | P | P | 51476 If WhenUnsatisfiable is set to DoNotSchedule, 51477 incoming pod can only be scheduled to zone2(zone3) 51478 to become 3/2/1(3/1/2) as ActualSkew(2-1) 51479 on zone2(zone3) satisfies MaxSkew(1). In 51480 other words, the cluster can still be imbalanced, 51481 but scheduler won''t make it *more* imbalanced. 51482 It''s a required field.' 51483 type: string 51484 required: 51485 - maxSkew 51486 - topologyKey 51487 - whenUnsatisfiable 51488 type: object 51489 type: array 51490 x-kubernetes-list-type: atomic 51491 volumes: 51492 description: 'List of volumes that can be mounted 51493 by containers belonging to the pod. More info: 51494 https://kubernetes.io/docs/concepts/storage/volumes' 51495 items: 51496 description: Volume represents a named volume 51497 in a pod that may be accessed by any container 51498 in the pod. 51499 properties: 51500 awsElasticBlockStore: 51501 description: 'awsElasticBlockStore represents 51502 an AWS Disk resource that is attached to 51503 a kubelet''s host machine and then exposed 51504 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 51505 properties: 51506 fsType: 51507 description: 'fsType is the filesystem 51508 type of the volume that you want to 51509 mount. Tip: Ensure that the filesystem 51510 type is supported by the host operating 51511 system. Examples: "ext4", "xfs", "ntfs". 51512 Implicitly inferred to be "ext4" if 51513 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 51514 TODO: how do we prevent errors in the 51515 filesystem from compromising the machine' 51516 type: string 51517 partition: 51518 description: 'partition is the partition 51519 in the volume that you want to mount. 51520 If omitted, the default is to mount 51521 by volume name. Examples: For volume 51522 /dev/sda1, you specify the partition 51523 as "1". Similarly, the volume partition 51524 for /dev/sda is "0" (or you can leave 51525 the property empty).' 51526 format: int32 51527 type: integer 51528 readOnly: 51529 description: 'readOnly value true will 51530 force the readOnly setting in VolumeMounts. 51531 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 51532 type: boolean 51533 volumeID: 51534 description: 'volumeID is unique ID of 51535 the persistent disk resource in AWS 51536 (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 51537 type: string 51538 required: 51539 - volumeID 51540 type: object 51541 azureDisk: 51542 description: azureDisk represents an Azure 51543 Data Disk mount on the host and bind mount 51544 to the pod. 51545 properties: 51546 cachingMode: 51547 description: 'cachingMode is the Host 51548 Caching mode: None, Read Only, Read 51549 Write.' 51550 type: string 51551 diskName: 51552 description: diskName is the Name of the 51553 data disk in the blob storage 51554 type: string 51555 diskURI: 51556 description: diskURI is the URI of data 51557 disk in the blob storage 51558 type: string 51559 fsType: 51560 description: fsType is Filesystem type 51561 to mount. Must be a filesystem type 51562 supported by the host operating system. 51563 Ex. "ext4", "xfs", "ntfs". Implicitly 51564 inferred to be "ext4" if unspecified. 51565 type: string 51566 kind: 51567 description: 'kind expected values are 51568 Shared: multiple blob disks per storage 51569 account Dedicated: single blob disk 51570 per storage account Managed: azure 51571 managed data disk (only in managed availability 51572 set). defaults to shared' 51573 type: string 51574 readOnly: 51575 description: readOnly Defaults to false 51576 (read/write). ReadOnly here will force 51577 the ReadOnly setting in VolumeMounts. 51578 type: boolean 51579 required: 51580 - diskName 51581 - diskURI 51582 type: object 51583 azureFile: 51584 description: azureFile represents an Azure 51585 File Service mount on the host and bind 51586 mount to the pod. 51587 properties: 51588 readOnly: 51589 description: readOnly defaults to false 51590 (read/write). ReadOnly here will force 51591 the ReadOnly setting in VolumeMounts. 51592 type: boolean 51593 secretName: 51594 description: secretName is the name of 51595 secret that contains Azure Storage Account 51596 Name and Key 51597 type: string 51598 shareName: 51599 description: shareName is the azure share 51600 Name 51601 type: string 51602 required: 51603 - secretName 51604 - shareName 51605 type: object 51606 cephfs: 51607 description: cephFS represents a Ceph FS mount 51608 on the host that shares a pod's lifetime 51609 properties: 51610 monitors: 51611 description: 'monitors is Required: Monitors 51612 is a collection of Ceph monitors More 51613 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 51614 items: 51615 type: string 51616 type: array 51617 path: 51618 description: 'path is Optional: Used as 51619 the mounted root, rather than the full 51620 Ceph tree, default is /' 51621 type: string 51622 readOnly: 51623 description: 'readOnly is Optional: Defaults 51624 to false (read/write). ReadOnly here 51625 will force the ReadOnly setting in VolumeMounts. 51626 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 51627 type: boolean 51628 secretFile: 51629 description: 'secretFile is Optional: 51630 SecretFile is the path to key ring for 51631 User, default is /etc/ceph/user.secret 51632 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 51633 type: string 51634 secretRef: 51635 description: 'secretRef is Optional: SecretRef 51636 is reference to the authentication secret 51637 for User, default is empty. More info: 51638 https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 51639 properties: 51640 name: 51641 description: 'Name of the referent. 51642 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 51643 TODO: Add other useful fields. apiVersion, 51644 kind, uid?' 51645 type: string 51646 type: object 51647 user: 51648 description: 'user is optional: User is 51649 the rados user name, default is admin 51650 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 51651 type: string 51652 required: 51653 - monitors 51654 type: object 51655 cinder: 51656 description: 'cinder represents a cinder volume 51657 attached and mounted on kubelets host machine. 51658 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 51659 properties: 51660 fsType: 51661 description: 'fsType is the filesystem 51662 type to mount. Must be a filesystem 51663 type supported by the host operating 51664 system. Examples: "ext4", "xfs", "ntfs". 51665 Implicitly inferred to be "ext4" if 51666 unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 51667 type: string 51668 readOnly: 51669 description: 'readOnly defaults to false 51670 (read/write). ReadOnly here will force 51671 the ReadOnly setting in VolumeMounts. 51672 More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 51673 type: boolean 51674 secretRef: 51675 description: 'secretRef is optional: points 51676 to a secret object containing parameters 51677 used to connect to OpenStack.' 51678 properties: 51679 name: 51680 description: 'Name of the referent. 51681 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 51682 TODO: Add other useful fields. apiVersion, 51683 kind, uid?' 51684 type: string 51685 type: object 51686 volumeID: 51687 description: 'volumeID used to identify 51688 the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 51689 type: string 51690 required: 51691 - volumeID 51692 type: object 51693 configMap: 51694 description: configMap represents a configMap 51695 that should populate this volume 51696 properties: 51697 defaultMode: 51698 description: 'defaultMode is optional: 51699 mode bits used to set permissions on 51700 created files by default. Must be an 51701 octal value between 0000 and 0777 or 51702 a decimal value between 0 and 511. YAML 51703 accepts both octal and decimal values, 51704 JSON requires decimal values for mode 51705 bits. Defaults to 0644. Directories 51706 within the path are not affected by 51707 this setting. This might be in conflict 51708 with other options that affect the file 51709 mode, like fsGroup, and the result can 51710 be other mode bits set.' 51711 format: int32 51712 type: integer 51713 items: 51714 description: items if unspecified, each 51715 key-value pair in the Data field of 51716 the referenced ConfigMap will be projected 51717 into the volume as a file whose name 51718 is the key and content is the value. 51719 If specified, the listed keys will be 51720 projected into the specified paths, 51721 and unlisted keys will not be present. 51722 If a key is specified which is not present 51723 in the ConfigMap, the volume setup will 51724 error unless it is marked optional. 51725 Paths must be relative and may not contain 51726 the '..' path or start with '..'. 51727 items: 51728 description: Maps a string key to a 51729 path within a volume. 51730 properties: 51731 key: 51732 description: key is the key to project. 51733 type: string 51734 mode: 51735 description: 'mode is Optional: 51736 mode bits used to set permissions 51737 on this file. Must be an octal 51738 value between 0000 and 0777 or 51739 a decimal value between 0 and 51740 511. YAML accepts both octal and 51741 decimal values, JSON requires 51742 decimal values for mode bits. 51743 If not specified, the volume defaultMode 51744 will be used. This might be in 51745 conflict with other options that 51746 affect the file mode, like fsGroup, 51747 and the result can be other mode 51748 bits set.' 51749 format: int32 51750 type: integer 51751 path: 51752 description: path is the relative 51753 path of the file to map the key 51754 to. May not be an absolute path. 51755 May not contain the path element 51756 '..'. May not start with the string 51757 '..'. 51758 type: string 51759 required: 51760 - key 51761 - path 51762 type: object 51763 type: array 51764 name: 51765 description: 'Name of the referent. More 51766 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 51767 TODO: Add other useful fields. apiVersion, 51768 kind, uid?' 51769 type: string 51770 optional: 51771 description: optional specify whether 51772 the ConfigMap or its keys must be defined 51773 type: boolean 51774 type: object 51775 csi: 51776 description: csi (Container Storage Interface) 51777 represents ephemeral storage that is handled 51778 by certain external CSI drivers (Beta feature). 51779 properties: 51780 driver: 51781 description: driver is the name of the 51782 CSI driver that handles this volume. 51783 Consult with your admin for the correct 51784 name as registered in the cluster. 51785 type: string 51786 fsType: 51787 description: fsType to mount. Ex. "ext4", 51788 "xfs", "ntfs". If not provided, the 51789 empty value is passed to the associated 51790 CSI driver which will determine the 51791 default filesystem to apply. 51792 type: string 51793 nodePublishSecretRef: 51794 description: nodePublishSecretRef is a 51795 reference to the secret object containing 51796 sensitive information to pass to the 51797 CSI driver to complete the CSI NodePublishVolume 51798 and NodeUnpublishVolume calls. This 51799 field is optional, and may be empty 51800 if no secret is required. If the secret 51801 object contains more than one secret, 51802 all secret references are passed. 51803 properties: 51804 name: 51805 description: 'Name of the referent. 51806 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 51807 TODO: Add other useful fields. apiVersion, 51808 kind, uid?' 51809 type: string 51810 type: object 51811 readOnly: 51812 description: readOnly specifies a read-only 51813 configuration for the volume. Defaults 51814 to false (read/write). 51815 type: boolean 51816 volumeAttributes: 51817 additionalProperties: 51818 type: string 51819 description: volumeAttributes stores driver-specific 51820 properties that are passed to the CSI 51821 driver. Consult your driver's documentation 51822 for supported values. 51823 type: object 51824 required: 51825 - driver 51826 type: object 51827 downwardAPI: 51828 description: downwardAPI represents downward 51829 API about the pod that should populate this 51830 volume 51831 properties: 51832 defaultMode: 51833 description: 'Optional: mode bits to use 51834 on created files by default. Must be 51835 a Optional: mode bits used to set permissions 51836 on created files by default. Must be 51837 an octal value between 0000 and 0777 51838 or a decimal value between 0 and 511. 51839 YAML accepts both octal and decimal 51840 values, JSON requires decimal values 51841 for mode bits. Defaults to 0644. Directories 51842 within the path are not affected by 51843 this setting. This might be in conflict 51844 with other options that affect the file 51845 mode, like fsGroup, and the result can 51846 be other mode bits set.' 51847 format: int32 51848 type: integer 51849 items: 51850 description: Items is a list of downward 51851 API volume file 51852 items: 51853 description: DownwardAPIVolumeFile represents 51854 information to create the file containing 51855 the pod field 51856 properties: 51857 fieldRef: 51858 description: 'Required: Selects 51859 a field of the pod: only annotations, 51860 labels, name and namespace are 51861 supported.' 51862 properties: 51863 apiVersion: 51864 description: Version of the 51865 schema the FieldPath is written 51866 in terms of, defaults to "v1". 51867 type: string 51868 fieldPath: 51869 description: Path of the field 51870 to select in the specified 51871 API version. 51872 type: string 51873 required: 51874 - fieldPath 51875 type: object 51876 mode: 51877 description: 'Optional: mode bits 51878 used to set permissions on this 51879 file, must be an octal value between 51880 0000 and 0777 or a decimal value 51881 between 0 and 511. YAML accepts 51882 both octal and decimal values, 51883 JSON requires decimal values for 51884 mode bits. If not specified, the 51885 volume defaultMode will be used. 51886 This might be in conflict with 51887 other options that affect the 51888 file mode, like fsGroup, and the 51889 result can be other mode bits 51890 set.' 51891 format: int32 51892 type: integer 51893 path: 51894 description: 'Required: Path is the 51895 relative path name of the file 51896 to be created. Must not be absolute 51897 or contain the ''..'' path. Must 51898 be utf-8 encoded. The first item 51899 of the relative path must not 51900 start with ''..''' 51901 type: string 51902 resourceFieldRef: 51903 description: 'Selects a resource 51904 of the container: only resources 51905 limits and requests (limits.cpu, 51906 limits.memory, requests.cpu and 51907 requests.memory) are currently 51908 supported.' 51909 properties: 51910 containerName: 51911 description: 'Container name: 51912 required for volumes, optional 51913 for env vars' 51914 type: string 51915 divisor: 51916 anyOf: 51917 - type: integer 51918 - type: string 51919 description: Specifies the output 51920 format of the exposed resources, 51921 defaults to "1" 51922 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 51923 x-kubernetes-int-or-string: true 51924 resource: 51925 description: 'Required: resource 51926 to select' 51927 type: string 51928 required: 51929 - resource 51930 type: object 51931 required: 51932 - path 51933 type: object 51934 type: array 51935 type: object 51936 emptyDir: 51937 description: 'emptyDir represents a temporary 51938 directory that shares a pod''s lifetime. 51939 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 51940 properties: 51941 medium: 51942 description: 'medium represents what type 51943 of storage medium should back this directory. 51944 The default is "" which means to use 51945 the node''s default medium. Must be 51946 an empty string (default) or Memory. 51947 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 51948 type: string 51949 sizeLimit: 51950 anyOf: 51951 - type: integer 51952 - type: string 51953 description: 'sizeLimit is the total amount 51954 of local storage required for this EmptyDir 51955 volume. The size limit is also applicable 51956 for memory medium. The maximum usage 51957 on memory medium EmptyDir would be the 51958 minimum value between the SizeLimit 51959 specified here and the sum of memory 51960 limits of all containers in a pod. The 51961 default is nil which means that the 51962 limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 51963 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 51964 x-kubernetes-int-or-string: true 51965 type: object 51966 ephemeral: 51967 description: "ephemeral represents a volume 51968 that is handled by a cluster storage driver. 51969 The volume's lifecycle is tied to the pod 51970 that defines it - it will be created before 51971 the pod starts, and deleted when the pod 51972 is removed. \n Use this if: a) the volume 51973 is only needed while the pod runs, b) features 51974 of normal volumes like restoring from snapshot 51975 or capacity tracking are needed, c) the 51976 storage driver is specified through a storage 51977 class, and d) the storage driver supports 51978 dynamic volume provisioning through a 51979 PersistentVolumeClaim (see EphemeralVolumeSource 51980 for more information on the connection 51981 between this volume type and PersistentVolumeClaim). 51982 \n Use PersistentVolumeClaim or one of the 51983 vendor-specific APIs for volumes that persist 51984 for longer than the lifecycle of an individual 51985 pod. \n Use CSI for light-weight local ephemeral 51986 volumes if the CSI driver is meant to be 51987 used that way - see the documentation of 51988 the driver for more information. \n A pod 51989 can use both types of ephemeral volumes 51990 and persistent volumes at the same time." 51991 properties: 51992 volumeClaimTemplate: 51993 description: "Will be used to create a 51994 stand-alone PVC to provision the volume. 51995 The pod in which this EphemeralVolumeSource 51996 is embedded will be the owner of the 51997 PVC, i.e. the PVC will be deleted together 51998 with the pod. The name of the PVC will 51999 be `<pod name>-<volume name>` where 52000 `<volume name>` is the name from the 52001 `PodSpec.Volumes` array entry. Pod validation 52002 will reject the pod if the concatenated 52003 name is not valid for a PVC (for example, 52004 too long). \n An existing PVC with that 52005 name that is not owned by the pod will 52006 *not* be used for the pod to avoid using 52007 an unrelated volume by mistake. Starting 52008 the pod is then blocked until the unrelated 52009 PVC is removed. If such a pre-created 52010 PVC is meant to be used by the pod, 52011 the PVC has to updated with an owner 52012 reference to the pod once the pod exists. 52013 Normally this should not be necessary, 52014 but it may be useful when manually reconstructing 52015 a broken cluster. \n This field is read-only 52016 and no changes will be made by Kubernetes 52017 to the PVC after it has been created. 52018 \n Required, must not be nil." 52019 properties: 52020 metadata: 52021 description: May contain labels and 52022 annotations that will be copied 52023 into the PVC when creating it. No 52024 other fields are allowed and will 52025 be rejected during validation. 52026 type: object 52027 spec: 52028 description: The specification for 52029 the PersistentVolumeClaim. The entire 52030 content is copied unchanged into 52031 the PVC that gets created from this 52032 template. The same fields as in 52033 a PersistentVolumeClaim are also 52034 valid here. 52035 properties: 52036 accessModes: 52037 description: 'accessModes contains 52038 the desired access modes the 52039 volume should have. More info: 52040 https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 52041 items: 52042 type: string 52043 type: array 52044 dataSource: 52045 description: 'dataSource field 52046 can be used to specify either: 52047 * An existing VolumeSnapshot 52048 object (snapshot.storage.k8s.io/VolumeSnapshot) 52049 * An existing PVC (PersistentVolumeClaim) 52050 If the provisioner or an external 52051 controller can support the specified 52052 data source, it will create 52053 a new volume based on the contents 52054 of the specified data source. 52055 When the AnyVolumeDataSource 52056 feature gate is enabled, dataSource 52057 contents will be copied to dataSourceRef, 52058 and dataSourceRef contents will 52059 be copied to dataSource when 52060 dataSourceRef.namespace is not 52061 specified. If the namespace 52062 is specified, then dataSourceRef 52063 will not be copied to dataSource.' 52064 properties: 52065 apiGroup: 52066 description: APIGroup is the 52067 group for the resource being 52068 referenced. If APIGroup 52069 is not specified, the specified 52070 Kind must be in the core 52071 API group. For any other 52072 third-party types, APIGroup 52073 is required. 52074 type: string 52075 kind: 52076 description: Kind is the type 52077 of resource being referenced 52078 type: string 52079 name: 52080 description: Name is the name 52081 of resource being referenced 52082 type: string 52083 required: 52084 - kind 52085 - name 52086 type: object 52087 dataSourceRef: 52088 description: 'dataSourceRef specifies 52089 the object from which to populate 52090 the volume with data, if a non-empty 52091 volume is desired. This may 52092 be any object from a non-empty 52093 API group (non core object) 52094 or a PersistentVolumeClaim object. 52095 When this field is specified, 52096 volume binding will only succeed 52097 if the type of the specified 52098 object matches some installed 52099 volume populator or dynamic 52100 provisioner. This field will 52101 replace the functionality of 52102 the dataSource field and as 52103 such if both fields are non-empty, 52104 they must have the same value. 52105 For backwards compatibility, 52106 when namespace isn''t specified 52107 in dataSourceRef, both fields 52108 (dataSource and dataSourceRef) 52109 will be set to the same value 52110 automatically if one of them 52111 is empty and the other is non-empty. 52112 When namespace is specified 52113 in dataSourceRef, dataSource 52114 isn''t set to the same value 52115 and must be empty. There are 52116 three important differences 52117 between dataSource and dataSourceRef: 52118 * While dataSource only allows 52119 two specific types of objects, 52120 dataSourceRef allows any non-core 52121 object, as well as PersistentVolumeClaim 52122 objects. * While dataSource 52123 ignores disallowed values (dropping 52124 them), dataSourceRef preserves 52125 all values, and generates an 52126 error if a disallowed value 52127 is specified. * While dataSource 52128 only allows local objects, dataSourceRef 52129 allows objects in any namespaces. 52130 (Beta) Using this field requires 52131 the AnyVolumeDataSource feature 52132 gate to be enabled. (Alpha) 52133 Using the namespace field of 52134 dataSourceRef requires the CrossNamespaceVolumeDataSource 52135 feature gate to be enabled.' 52136 properties: 52137 apiGroup: 52138 description: APIGroup is the 52139 group for the resource being 52140 referenced. If APIGroup 52141 is not specified, the specified 52142 Kind must be in the core 52143 API group. For any other 52144 third-party types, APIGroup 52145 is required. 52146 type: string 52147 kind: 52148 description: Kind is the type 52149 of resource being referenced 52150 type: string 52151 name: 52152 description: Name is the name 52153 of resource being referenced 52154 type: string 52155 namespace: 52156 description: Namespace is 52157 the namespace of resource 52158 being referenced Note that 52159 when a namespace is specified, 52160 a gateway.networking.k8s.io/ReferenceGrant 52161 object is required in the 52162 referent namespace to allow 52163 that namespace's owner to 52164 accept the reference. See 52165 the ReferenceGrant documentation 52166 for details. (Alpha) This 52167 field requires the CrossNamespaceVolumeDataSource 52168 feature gate to be enabled. 52169 type: string 52170 required: 52171 - kind 52172 - name 52173 type: object 52174 resources: 52175 description: 'resources represents 52176 the minimum resources the volume 52177 should have. If RecoverVolumeExpansionFailure 52178 feature is enabled users are 52179 allowed to specify resource 52180 requirements that are lower 52181 than previous value but must 52182 still be higher than capacity 52183 recorded in the status field 52184 of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 52185 properties: 52186 claims: 52187 description: "Claims lists 52188 the names of resources, 52189 defined in spec.resourceClaims, 52190 that are used by this container. 52191 \n This is an alpha field 52192 and requires enabling the 52193 DynamicResourceAllocation 52194 feature gate. \n This field 52195 is immutable. It can only 52196 be set for containers." 52197 items: 52198 description: ResourceClaim 52199 references one entry in 52200 PodSpec.ResourceClaims. 52201 properties: 52202 name: 52203 description: Name must 52204 match the name of 52205 one entry in pod.spec.resourceClaims 52206 of the Pod where this 52207 field is used. It 52208 makes that resource 52209 available inside a 52210 container. 52211 type: string 52212 required: 52213 - name 52214 type: object 52215 type: array 52216 x-kubernetes-list-map-keys: 52217 - name 52218 x-kubernetes-list-type: map 52219 limits: 52220 additionalProperties: 52221 anyOf: 52222 - type: integer 52223 - type: string 52224 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 52225 x-kubernetes-int-or-string: true 52226 description: 'Limits describes 52227 the maximum amount of compute 52228 resources allowed. More 52229 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 52230 type: object 52231 requests: 52232 additionalProperties: 52233 anyOf: 52234 - type: integer 52235 - type: string 52236 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 52237 x-kubernetes-int-or-string: true 52238 description: 'Requests describes 52239 the minimum amount of compute 52240 resources required. If Requests 52241 is omitted for a container, 52242 it defaults to Limits if 52243 that is explicitly specified, 52244 otherwise to an implementation-defined 52245 value. Requests cannot exceed 52246 Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 52247 type: object 52248 type: object 52249 selector: 52250 description: selector is a label 52251 query over volumes to consider 52252 for binding. 52253 properties: 52254 matchExpressions: 52255 description: matchExpressions 52256 is a list of label selector 52257 requirements. The requirements 52258 are ANDed. 52259 items: 52260 description: A label selector 52261 requirement is a selector 52262 that contains values, 52263 a key, and an operator 52264 that relates the key and 52265 values. 52266 properties: 52267 key: 52268 description: key is 52269 the label key that 52270 the selector applies 52271 to. 52272 type: string 52273 operator: 52274 description: operator 52275 represents a key's 52276 relationship to a 52277 set of values. Valid 52278 operators are In, 52279 NotIn, Exists and 52280 DoesNotExist. 52281 type: string 52282 values: 52283 description: values 52284 is an array of string 52285 values. If the operator 52286 is In or NotIn, the 52287 values array must 52288 be non-empty. If the 52289 operator is Exists 52290 or DoesNotExist, the 52291 values array must 52292 be empty. This array 52293 is replaced during 52294 a strategic merge 52295 patch. 52296 items: 52297 type: string 52298 type: array 52299 required: 52300 - key 52301 - operator 52302 type: object 52303 type: array 52304 matchLabels: 52305 additionalProperties: 52306 type: string 52307 description: matchLabels is 52308 a map of {key,value} pairs. 52309 A single {key,value} in 52310 the matchLabels map is equivalent 52311 to an element of matchExpressions, 52312 whose key field is "key", 52313 the operator is "In", and 52314 the values array contains 52315 only "value". The requirements 52316 are ANDed. 52317 type: object 52318 type: object 52319 storageClassName: 52320 description: 'storageClassName 52321 is the name of the StorageClass 52322 required by the claim. More 52323 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 52324 type: string 52325 volumeMode: 52326 description: volumeMode defines 52327 what type of volume is required 52328 by the claim. Value of Filesystem 52329 is implied when not included 52330 in claim spec. 52331 type: string 52332 volumeName: 52333 description: volumeName is the 52334 binding reference to the PersistentVolume 52335 backing this claim. 52336 type: string 52337 type: object 52338 required: 52339 - spec 52340 type: object 52341 type: object 52342 fc: 52343 description: fc represents a Fibre Channel 52344 resource that is attached to a kubelet's 52345 host machine and then exposed to the pod. 52346 properties: 52347 fsType: 52348 description: 'fsType is the filesystem 52349 type to mount. Must be a filesystem 52350 type supported by the host operating 52351 system. Ex. "ext4", "xfs", "ntfs". Implicitly 52352 inferred to be "ext4" if unspecified. 52353 TODO: how do we prevent errors in the 52354 filesystem from compromising the machine' 52355 type: string 52356 lun: 52357 description: 'lun is Optional: FC target 52358 lun number' 52359 format: int32 52360 type: integer 52361 readOnly: 52362 description: 'readOnly is Optional: Defaults 52363 to false (read/write). ReadOnly here 52364 will force the ReadOnly setting in VolumeMounts.' 52365 type: boolean 52366 targetWWNs: 52367 description: 'targetWWNs is Optional: 52368 FC target worldwide names (WWNs)' 52369 items: 52370 type: string 52371 type: array 52372 wwids: 52373 description: 'wwids Optional: FC volume 52374 world wide identifiers (wwids) Either 52375 wwids or combination of targetWWNs and 52376 lun must be set, but not both simultaneously.' 52377 items: 52378 type: string 52379 type: array 52380 type: object 52381 flexVolume: 52382 description: flexVolume represents a generic 52383 volume resource that is provisioned/attached 52384 using an exec based plugin. 52385 properties: 52386 driver: 52387 description: driver is the name of the 52388 driver to use for this volume. 52389 type: string 52390 fsType: 52391 description: fsType is the filesystem 52392 type to mount. Must be a filesystem 52393 type supported by the host operating 52394 system. Ex. "ext4", "xfs", "ntfs". The 52395 default filesystem depends on FlexVolume 52396 script. 52397 type: string 52398 options: 52399 additionalProperties: 52400 type: string 52401 description: 'options is Optional: this 52402 field holds extra command options if 52403 any.' 52404 type: object 52405 readOnly: 52406 description: 'readOnly is Optional: defaults 52407 to false (read/write). ReadOnly here 52408 will force the ReadOnly setting in VolumeMounts.' 52409 type: boolean 52410 secretRef: 52411 description: 'secretRef is Optional: secretRef 52412 is reference to the secret object containing 52413 sensitive information to pass to the 52414 plugin scripts. This may be empty if 52415 no secret object is specified. If the 52416 secret object contains more than one 52417 secret, all secrets are passed to the 52418 plugin scripts.' 52419 properties: 52420 name: 52421 description: 'Name of the referent. 52422 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 52423 TODO: Add other useful fields. apiVersion, 52424 kind, uid?' 52425 type: string 52426 type: object 52427 required: 52428 - driver 52429 type: object 52430 flocker: 52431 description: flocker represents a Flocker 52432 volume attached to a kubelet's host machine. 52433 This depends on the Flocker control service 52434 being running 52435 properties: 52436 datasetName: 52437 description: datasetName is Name of the 52438 dataset stored as metadata -> name on 52439 the dataset for Flocker should be considered 52440 as deprecated 52441 type: string 52442 datasetUUID: 52443 description: datasetUUID is the UUID of 52444 the dataset. This is unique identifier 52445 of a Flocker dataset 52446 type: string 52447 type: object 52448 gcePersistentDisk: 52449 description: 'gcePersistentDisk represents 52450 a GCE Disk resource that is attached to 52451 a kubelet''s host machine and then exposed 52452 to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 52453 properties: 52454 fsType: 52455 description: 'fsType is filesystem type 52456 of the volume that you want to mount. 52457 Tip: Ensure that the filesystem type 52458 is supported by the host operating system. 52459 Examples: "ext4", "xfs", "ntfs". Implicitly 52460 inferred to be "ext4" if unspecified. 52461 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 52462 TODO: how do we prevent errors in the 52463 filesystem from compromising the machine' 52464 type: string 52465 partition: 52466 description: 'partition is the partition 52467 in the volume that you want to mount. 52468 If omitted, the default is to mount 52469 by volume name. Examples: For volume 52470 /dev/sda1, you specify the partition 52471 as "1". Similarly, the volume partition 52472 for /dev/sda is "0" (or you can leave 52473 the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 52474 format: int32 52475 type: integer 52476 pdName: 52477 description: 'pdName is unique name of 52478 the PD resource in GCE. Used to identify 52479 the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 52480 type: string 52481 readOnly: 52482 description: 'readOnly here will force 52483 the ReadOnly setting in VolumeMounts. 52484 Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 52485 type: boolean 52486 required: 52487 - pdName 52488 type: object 52489 gitRepo: 52490 description: 'gitRepo represents a git repository 52491 at a particular revision. DEPRECATED: GitRepo 52492 is deprecated. To provision a container 52493 with a git repo, mount an EmptyDir into 52494 an InitContainer that clones the repo using 52495 git, then mount the EmptyDir into the Pod''s 52496 container.' 52497 properties: 52498 directory: 52499 description: directory is the target directory 52500 name. Must not contain or start with 52501 '..'. If '.' is supplied, the volume 52502 directory will be the git repository. Otherwise, 52503 if specified, the volume will contain 52504 the git repository in the subdirectory 52505 with the given name. 52506 type: string 52507 repository: 52508 description: repository is the URL 52509 type: string 52510 revision: 52511 description: revision is the commit hash 52512 for the specified revision. 52513 type: string 52514 required: 52515 - repository 52516 type: object 52517 glusterfs: 52518 description: 'glusterfs represents a Glusterfs 52519 mount on the host that shares a pod''s lifetime. 52520 More info: https://examples.k8s.io/volumes/glusterfs/README.md' 52521 properties: 52522 endpoints: 52523 description: 'endpoints is the endpoint 52524 name that details Glusterfs topology. 52525 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 52526 type: string 52527 path: 52528 description: 'path is the Glusterfs volume 52529 path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 52530 type: string 52531 readOnly: 52532 description: 'readOnly here will force 52533 the Glusterfs volume to be mounted with 52534 read-only permissions. Defaults to false. 52535 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 52536 type: boolean 52537 required: 52538 - endpoints 52539 - path 52540 type: object 52541 hostPath: 52542 description: 'hostPath represents a pre-existing 52543 file or directory on the host machine that 52544 is directly exposed to the container. This 52545 is generally used for system agents or other 52546 privileged things that are allowed to see 52547 the host machine. Most containers will NOT 52548 need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 52549 --- TODO(jonesdl) We need to restrict who 52550 can use host directory mounts and who can/can 52551 not mount host directories as read/write.' 52552 properties: 52553 path: 52554 description: 'path of the directory on 52555 the host. If the path is a symlink, 52556 it will follow the link to the real 52557 path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 52558 type: string 52559 type: 52560 description: 'type for HostPath Volume 52561 Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 52562 type: string 52563 required: 52564 - path 52565 type: object 52566 iscsi: 52567 description: 'iscsi represents an ISCSI Disk 52568 resource that is attached to a kubelet''s 52569 host machine and then exposed to the pod. 52570 More info: https://examples.k8s.io/volumes/iscsi/README.md' 52571 properties: 52572 chapAuthDiscovery: 52573 description: chapAuthDiscovery defines 52574 whether support iSCSI Discovery CHAP 52575 authentication 52576 type: boolean 52577 chapAuthSession: 52578 description: chapAuthSession defines whether 52579 support iSCSI Session CHAP authentication 52580 type: boolean 52581 fsType: 52582 description: 'fsType is the filesystem 52583 type of the volume that you want to 52584 mount. Tip: Ensure that the filesystem 52585 type is supported by the host operating 52586 system. Examples: "ext4", "xfs", "ntfs". 52587 Implicitly inferred to be "ext4" if 52588 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 52589 TODO: how do we prevent errors in the 52590 filesystem from compromising the machine' 52591 type: string 52592 initiatorName: 52593 description: initiatorName is the custom 52594 iSCSI Initiator Name. If initiatorName 52595 is specified with iscsiInterface simultaneously, 52596 new iSCSI interface <target portal>:<volume 52597 name> will be created for the connection. 52598 type: string 52599 iqn: 52600 description: iqn is the target iSCSI Qualified 52601 Name. 52602 type: string 52603 iscsiInterface: 52604 description: iscsiInterface is the interface 52605 Name that uses an iSCSI transport. Defaults 52606 to 'default' (tcp). 52607 type: string 52608 lun: 52609 description: lun represents iSCSI Target 52610 Lun number. 52611 format: int32 52612 type: integer 52613 portals: 52614 description: portals is the iSCSI Target 52615 Portal List. The portal is either an 52616 IP or ip_addr:port if the port is other 52617 than default (typically TCP ports 860 52618 and 3260). 52619 items: 52620 type: string 52621 type: array 52622 readOnly: 52623 description: readOnly here will force 52624 the ReadOnly setting in VolumeMounts. 52625 Defaults to false. 52626 type: boolean 52627 secretRef: 52628 description: secretRef is the CHAP Secret 52629 for iSCSI target and initiator authentication 52630 properties: 52631 name: 52632 description: 'Name of the referent. 52633 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 52634 TODO: Add other useful fields. apiVersion, 52635 kind, uid?' 52636 type: string 52637 type: object 52638 targetPortal: 52639 description: targetPortal is iSCSI Target 52640 Portal. The Portal is either an IP or 52641 ip_addr:port if the port is other than 52642 default (typically TCP ports 860 and 52643 3260). 52644 type: string 52645 required: 52646 - iqn 52647 - lun 52648 - targetPortal 52649 type: object 52650 name: 52651 description: 'name of the volume. Must be 52652 a DNS_LABEL and unique within the pod. More 52653 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 52654 type: string 52655 nfs: 52656 description: 'nfs represents an NFS mount 52657 on the host that shares a pod''s lifetime 52658 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 52659 properties: 52660 path: 52661 description: 'path that is exported by 52662 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 52663 type: string 52664 readOnly: 52665 description: 'readOnly here will force 52666 the NFS export to be mounted with read-only 52667 permissions. Defaults to false. More 52668 info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 52669 type: boolean 52670 server: 52671 description: 'server is the hostname or 52672 IP address of the NFS server. More info: 52673 https://kubernetes.io/docs/concepts/storage/volumes#nfs' 52674 type: string 52675 required: 52676 - path 52677 - server 52678 type: object 52679 persistentVolumeClaim: 52680 description: 'persistentVolumeClaimVolumeSource 52681 represents a reference to a PersistentVolumeClaim 52682 in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 52683 properties: 52684 claimName: 52685 description: 'claimName is the name of 52686 a PersistentVolumeClaim in the same 52687 namespace as the pod using this volume. 52688 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 52689 type: string 52690 readOnly: 52691 description: readOnly Will force the ReadOnly 52692 setting in VolumeMounts. Default false. 52693 type: boolean 52694 required: 52695 - claimName 52696 type: object 52697 photonPersistentDisk: 52698 description: photonPersistentDisk represents 52699 a PhotonController persistent disk attached 52700 and mounted on kubelets host machine 52701 properties: 52702 fsType: 52703 description: fsType is the filesystem 52704 type to mount. Must be a filesystem 52705 type supported by the host operating 52706 system. Ex. "ext4", "xfs", "ntfs". Implicitly 52707 inferred to be "ext4" if unspecified. 52708 type: string 52709 pdID: 52710 description: pdID is the ID that identifies 52711 Photon Controller persistent disk 52712 type: string 52713 required: 52714 - pdID 52715 type: object 52716 portworxVolume: 52717 description: portworxVolume represents a portworx 52718 volume attached and mounted on kubelets 52719 host machine 52720 properties: 52721 fsType: 52722 description: fSType represents the filesystem 52723 type to mount Must be a filesystem type 52724 supported by the host operating system. 52725 Ex. "ext4", "xfs". Implicitly inferred 52726 to be "ext4" if unspecified. 52727 type: string 52728 readOnly: 52729 description: readOnly defaults to false 52730 (read/write). ReadOnly here will force 52731 the ReadOnly setting in VolumeMounts. 52732 type: boolean 52733 volumeID: 52734 description: volumeID uniquely identifies 52735 a Portworx volume 52736 type: string 52737 required: 52738 - volumeID 52739 type: object 52740 projected: 52741 description: projected items for all in one 52742 resources secrets, configmaps, and downward 52743 API 52744 properties: 52745 defaultMode: 52746 description: defaultMode are the mode 52747 bits used to set permissions on created 52748 files by default. Must be an octal value 52749 between 0000 and 0777 or a decimal value 52750 between 0 and 511. YAML accepts both 52751 octal and decimal values, JSON requires 52752 decimal values for mode bits. Directories 52753 within the path are not affected by 52754 this setting. This might be in conflict 52755 with other options that affect the file 52756 mode, like fsGroup, and the result can 52757 be other mode bits set. 52758 format: int32 52759 type: integer 52760 sources: 52761 description: sources is the list of volume 52762 projections 52763 items: 52764 description: Projection that may be 52765 projected along with other supported 52766 volume types 52767 properties: 52768 configMap: 52769 description: configMap information 52770 about the configMap data to project 52771 properties: 52772 items: 52773 description: items if unspecified, 52774 each key-value pair in the 52775 Data field of the referenced 52776 ConfigMap will be projected 52777 into the volume as a file 52778 whose name is the key and 52779 content is the value. If specified, 52780 the listed keys will be projected 52781 into the specified paths, 52782 and unlisted keys will not 52783 be present. If a key is specified 52784 which is not present in the 52785 ConfigMap, the volume setup 52786 will error unless it is marked 52787 optional. Paths must be relative 52788 and may not contain the '..' 52789 path or start with '..'. 52790 items: 52791 description: Maps a string 52792 key to a path within a volume. 52793 properties: 52794 key: 52795 description: key is the 52796 key to project. 52797 type: string 52798 mode: 52799 description: 'mode is 52800 Optional: mode bits 52801 used to set permissions 52802 on this file. Must be 52803 an octal value between 52804 0000 and 0777 or a decimal 52805 value between 0 and 52806 511. YAML accepts both 52807 octal and decimal values, 52808 JSON requires decimal 52809 values for mode bits. 52810 If not specified, the 52811 volume defaultMode will 52812 be used. This might 52813 be in conflict with 52814 other options that affect 52815 the file mode, like 52816 fsGroup, and the result 52817 can be other mode bits 52818 set.' 52819 format: int32 52820 type: integer 52821 path: 52822 description: path is the 52823 relative path of the 52824 file to map the key 52825 to. May not be an absolute 52826 path. May not contain 52827 the path element '..'. 52828 May not start with the 52829 string '..'. 52830 type: string 52831 required: 52832 - key 52833 - path 52834 type: object 52835 type: array 52836 name: 52837 description: 'Name of the referent. 52838 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 52839 TODO: Add other useful fields. 52840 apiVersion, kind, uid?' 52841 type: string 52842 optional: 52843 description: optional specify 52844 whether the ConfigMap or its 52845 keys must be defined 52846 type: boolean 52847 type: object 52848 downwardAPI: 52849 description: downwardAPI information 52850 about the downwardAPI data to 52851 project 52852 properties: 52853 items: 52854 description: Items is a list 52855 of DownwardAPIVolume file 52856 items: 52857 description: DownwardAPIVolumeFile 52858 represents information to 52859 create the file containing 52860 the pod field 52861 properties: 52862 fieldRef: 52863 description: 'Required: 52864 Selects a field of the 52865 pod: only annotations, 52866 labels, name and namespace 52867 are supported.' 52868 properties: 52869 apiVersion: 52870 description: Version 52871 of the schema the 52872 FieldPath is written 52873 in terms of, defaults 52874 to "v1". 52875 type: string 52876 fieldPath: 52877 description: Path 52878 of the field to 52879 select in the specified 52880 API version. 52881 type: string 52882 required: 52883 - fieldPath 52884 type: object 52885 mode: 52886 description: 'Optional: 52887 mode bits used to set 52888 permissions on this 52889 file, must be an octal 52890 value between 0000 and 52891 0777 or a decimal value 52892 between 0 and 511. YAML 52893 accepts both octal and 52894 decimal values, JSON 52895 requires decimal values 52896 for mode bits. If not 52897 specified, the volume 52898 defaultMode will be 52899 used. This might be 52900 in conflict with other 52901 options that affect 52902 the file mode, like 52903 fsGroup, and the result 52904 can be other mode bits 52905 set.' 52906 format: int32 52907 type: integer 52908 path: 52909 description: 'Required: 52910 Path is the relative 52911 path name of the file 52912 to be created. Must 52913 not be absolute or contain 52914 the ''..'' path. Must 52915 be utf-8 encoded. The 52916 first item of the relative 52917 path must not start 52918 with ''..''' 52919 type: string 52920 resourceFieldRef: 52921 description: 'Selects 52922 a resource of the container: 52923 only resources limits 52924 and requests (limits.cpu, 52925 limits.memory, requests.cpu 52926 and requests.memory) 52927 are currently supported.' 52928 properties: 52929 containerName: 52930 description: 'Container 52931 name: required for 52932 volumes, optional 52933 for env vars' 52934 type: string 52935 divisor: 52936 anyOf: 52937 - type: integer 52938 - type: string 52939 description: Specifies 52940 the output format 52941 of the exposed resources, 52942 defaults to "1" 52943 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 52944 x-kubernetes-int-or-string: true 52945 resource: 52946 description: 'Required: 52947 resource to select' 52948 type: string 52949 required: 52950 - resource 52951 type: object 52952 required: 52953 - path 52954 type: object 52955 type: array 52956 type: object 52957 secret: 52958 description: secret information 52959 about the secret data to project 52960 properties: 52961 items: 52962 description: items if unspecified, 52963 each key-value pair in the 52964 Data field of the referenced 52965 Secret will be projected into 52966 the volume as a file whose 52967 name is the key and content 52968 is the value. If specified, 52969 the listed keys will be projected 52970 into the specified paths, 52971 and unlisted keys will not 52972 be present. If a key is specified 52973 which is not present in the 52974 Secret, the volume setup will 52975 error unless it is marked 52976 optional. Paths must be relative 52977 and may not contain the '..' 52978 path or start with '..'. 52979 items: 52980 description: Maps a string 52981 key to a path within a volume. 52982 properties: 52983 key: 52984 description: key is the 52985 key to project. 52986 type: string 52987 mode: 52988 description: 'mode is 52989 Optional: mode bits 52990 used to set permissions 52991 on this file. Must be 52992 an octal value between 52993 0000 and 0777 or a decimal 52994 value between 0 and 52995 511. YAML accepts both 52996 octal and decimal values, 52997 JSON requires decimal 52998 values for mode bits. 52999 If not specified, the 53000 volume defaultMode will 53001 be used. This might 53002 be in conflict with 53003 other options that affect 53004 the file mode, like 53005 fsGroup, and the result 53006 can be other mode bits 53007 set.' 53008 format: int32 53009 type: integer 53010 path: 53011 description: path is the 53012 relative path of the 53013 file to map the key 53014 to. May not be an absolute 53015 path. May not contain 53016 the path element '..'. 53017 May not start with the 53018 string '..'. 53019 type: string 53020 required: 53021 - key 53022 - path 53023 type: object 53024 type: array 53025 name: 53026 description: 'Name of the referent. 53027 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53028 TODO: Add other useful fields. 53029 apiVersion, kind, uid?' 53030 type: string 53031 optional: 53032 description: optional field 53033 specify whether the Secret 53034 or its key must be defined 53035 type: boolean 53036 type: object 53037 serviceAccountToken: 53038 description: serviceAccountToken 53039 is information about the serviceAccountToken 53040 data to project 53041 properties: 53042 audience: 53043 description: audience is the 53044 intended audience of the token. 53045 A recipient of a token must 53046 identify itself with an identifier 53047 specified in the audience 53048 of the token, and otherwise 53049 should reject the token. The 53050 audience defaults to the identifier 53051 of the apiserver. 53052 type: string 53053 expirationSeconds: 53054 description: expirationSeconds 53055 is the requested duration 53056 of validity of the service 53057 account token. As the token 53058 approaches expiration, the 53059 kubelet volume plugin will 53060 proactively rotate the service 53061 account token. The kubelet 53062 will start trying to rotate 53063 the token if the token is 53064 older than 80 percent of its 53065 time to live or if the token 53066 is older than 24 hours.Defaults 53067 to 1 hour and must be at least 53068 10 minutes. 53069 format: int64 53070 type: integer 53071 path: 53072 description: path is the path 53073 relative to the mount point 53074 of the file to project the 53075 token into. 53076 type: string 53077 required: 53078 - path 53079 type: object 53080 type: object 53081 type: array 53082 type: object 53083 quobyte: 53084 description: quobyte represents a Quobyte 53085 mount on the host that shares a pod's lifetime 53086 properties: 53087 group: 53088 description: group to map volume access 53089 to Default is no group 53090 type: string 53091 readOnly: 53092 description: readOnly here will force 53093 the Quobyte volume to be mounted with 53094 read-only permissions. Defaults to false. 53095 type: boolean 53096 registry: 53097 description: registry represents a single 53098 or multiple Quobyte Registry services 53099 specified as a string as host:port pair 53100 (multiple entries are separated with 53101 commas) which acts as the central registry 53102 for volumes 53103 type: string 53104 tenant: 53105 description: tenant owning the given Quobyte 53106 volume in the Backend Used with dynamically 53107 provisioned Quobyte volumes, value is 53108 set by the plugin 53109 type: string 53110 user: 53111 description: user to map volume access 53112 to Defaults to serivceaccount user 53113 type: string 53114 volume: 53115 description: volume is a string that references 53116 an already created Quobyte volume by 53117 name. 53118 type: string 53119 required: 53120 - registry 53121 - volume 53122 type: object 53123 rbd: 53124 description: 'rbd represents a Rados Block 53125 Device mount on the host that shares a pod''s 53126 lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 53127 properties: 53128 fsType: 53129 description: 'fsType is the filesystem 53130 type of the volume that you want to 53131 mount. Tip: Ensure that the filesystem 53132 type is supported by the host operating 53133 system. Examples: "ext4", "xfs", "ntfs". 53134 Implicitly inferred to be "ext4" if 53135 unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 53136 TODO: how do we prevent errors in the 53137 filesystem from compromising the machine' 53138 type: string 53139 image: 53140 description: 'image is the rados image 53141 name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53142 type: string 53143 keyring: 53144 description: 'keyring is the path to key 53145 ring for RBDUser. Default is /etc/ceph/keyring. 53146 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53147 type: string 53148 monitors: 53149 description: 'monitors is a collection 53150 of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53151 items: 53152 type: string 53153 type: array 53154 pool: 53155 description: 'pool is the rados pool name. 53156 Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53157 type: string 53158 readOnly: 53159 description: 'readOnly here will force 53160 the ReadOnly setting in VolumeMounts. 53161 Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53162 type: boolean 53163 secretRef: 53164 description: 'secretRef is name of the 53165 authentication secret for RBDUser. If 53166 provided overrides keyring. Default 53167 is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53168 properties: 53169 name: 53170 description: 'Name of the referent. 53171 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53172 TODO: Add other useful fields. apiVersion, 53173 kind, uid?' 53174 type: string 53175 type: object 53176 user: 53177 description: 'user is the rados user name. 53178 Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 53179 type: string 53180 required: 53181 - image 53182 - monitors 53183 type: object 53184 scaleIO: 53185 description: scaleIO represents a ScaleIO 53186 persistent volume attached and mounted on 53187 Kubernetes nodes. 53188 properties: 53189 fsType: 53190 description: fsType is the filesystem 53191 type to mount. Must be a filesystem 53192 type supported by the host operating 53193 system. Ex. "ext4", "xfs", "ntfs". Default 53194 is "xfs". 53195 type: string 53196 gateway: 53197 description: gateway is the host address 53198 of the ScaleIO API Gateway. 53199 type: string 53200 protectionDomain: 53201 description: protectionDomain is the name 53202 of the ScaleIO Protection Domain for 53203 the configured storage. 53204 type: string 53205 readOnly: 53206 description: readOnly Defaults to false 53207 (read/write). ReadOnly here will force 53208 the ReadOnly setting in VolumeMounts. 53209 type: boolean 53210 secretRef: 53211 description: secretRef references to the 53212 secret for ScaleIO user and other sensitive 53213 information. If this is not provided, 53214 Login operation will fail. 53215 properties: 53216 name: 53217 description: 'Name of the referent. 53218 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53219 TODO: Add other useful fields. apiVersion, 53220 kind, uid?' 53221 type: string 53222 type: object 53223 sslEnabled: 53224 description: sslEnabled Flag enable/disable 53225 SSL communication with Gateway, default 53226 false 53227 type: boolean 53228 storageMode: 53229 description: storageMode indicates whether 53230 the storage for a volume should be ThickProvisioned 53231 or ThinProvisioned. Default is ThinProvisioned. 53232 type: string 53233 storagePool: 53234 description: storagePool is the ScaleIO 53235 Storage Pool associated with the protection 53236 domain. 53237 type: string 53238 system: 53239 description: system is the name of the 53240 storage system as configured in ScaleIO. 53241 type: string 53242 volumeName: 53243 description: volumeName is the name of 53244 a volume already created in the ScaleIO 53245 system that is associated with this 53246 volume source. 53247 type: string 53248 required: 53249 - gateway 53250 - secretRef 53251 - system 53252 type: object 53253 secret: 53254 description: 'secret represents a secret that 53255 should populate this volume. More info: 53256 https://kubernetes.io/docs/concepts/storage/volumes#secret' 53257 properties: 53258 defaultMode: 53259 description: 'defaultMode is Optional: 53260 mode bits used to set permissions on 53261 created files by default. Must be an 53262 octal value between 0000 and 0777 or 53263 a decimal value between 0 and 511. YAML 53264 accepts both octal and decimal values, 53265 JSON requires decimal values for mode 53266 bits. Defaults to 0644. Directories 53267 within the path are not affected by 53268 this setting. This might be in conflict 53269 with other options that affect the file 53270 mode, like fsGroup, and the result can 53271 be other mode bits set.' 53272 format: int32 53273 type: integer 53274 items: 53275 description: items If unspecified, each 53276 key-value pair in the Data field of 53277 the referenced Secret will be projected 53278 into the volume as a file whose name 53279 is the key and content is the value. 53280 If specified, the listed keys will be 53281 projected into the specified paths, 53282 and unlisted keys will not be present. 53283 If a key is specified which is not present 53284 in the Secret, the volume setup will 53285 error unless it is marked optional. 53286 Paths must be relative and may not contain 53287 the '..' path or start with '..'. 53288 items: 53289 description: Maps a string key to a 53290 path within a volume. 53291 properties: 53292 key: 53293 description: key is the key to project. 53294 type: string 53295 mode: 53296 description: 'mode is Optional: 53297 mode bits used to set permissions 53298 on this file. Must be an octal 53299 value between 0000 and 0777 or 53300 a decimal value between 0 and 53301 511. YAML accepts both octal and 53302 decimal values, JSON requires 53303 decimal values for mode bits. 53304 If not specified, the volume defaultMode 53305 will be used. This might be in 53306 conflict with other options that 53307 affect the file mode, like fsGroup, 53308 and the result can be other mode 53309 bits set.' 53310 format: int32 53311 type: integer 53312 path: 53313 description: path is the relative 53314 path of the file to map the key 53315 to. May not be an absolute path. 53316 May not contain the path element 53317 '..'. May not start with the string 53318 '..'. 53319 type: string 53320 required: 53321 - key 53322 - path 53323 type: object 53324 type: array 53325 optional: 53326 description: optional field specify whether 53327 the Secret or its keys must be defined 53328 type: boolean 53329 secretName: 53330 description: 'secretName is the name of 53331 the secret in the pod''s namespace to 53332 use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 53333 type: string 53334 type: object 53335 storageos: 53336 description: storageOS represents a StorageOS 53337 volume attached and mounted on Kubernetes 53338 nodes. 53339 properties: 53340 fsType: 53341 description: fsType is the filesystem 53342 type to mount. Must be a filesystem 53343 type supported by the host operating 53344 system. Ex. "ext4", "xfs", "ntfs". Implicitly 53345 inferred to be "ext4" if unspecified. 53346 type: string 53347 readOnly: 53348 description: readOnly defaults to false 53349 (read/write). ReadOnly here will force 53350 the ReadOnly setting in VolumeMounts. 53351 type: boolean 53352 secretRef: 53353 description: secretRef specifies the secret 53354 to use for obtaining the StorageOS API 53355 credentials. If not specified, default 53356 values will be attempted. 53357 properties: 53358 name: 53359 description: 'Name of the referent. 53360 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53361 TODO: Add other useful fields. apiVersion, 53362 kind, uid?' 53363 type: string 53364 type: object 53365 volumeName: 53366 description: volumeName is the human-readable 53367 name of the StorageOS volume. Volume 53368 names are only unique within a namespace. 53369 type: string 53370 volumeNamespace: 53371 description: volumeNamespace specifies 53372 the scope of the volume within StorageOS. If 53373 no namespace is specified then the Pod's 53374 namespace will be used. This allows 53375 the Kubernetes name scoping to be mirrored 53376 within StorageOS for tighter integration. 53377 Set VolumeName to any name to override 53378 the default behaviour. Set to "default" 53379 if you are not using namespaces within 53380 StorageOS. Namespaces that do not pre-exist 53381 within StorageOS will be created. 53382 type: string 53383 type: object 53384 vsphereVolume: 53385 description: vsphereVolume represents a vSphere 53386 volume attached and mounted on kubelets 53387 host machine 53388 properties: 53389 fsType: 53390 description: fsType is filesystem type 53391 to mount. Must be a filesystem type 53392 supported by the host operating system. 53393 Ex. "ext4", "xfs", "ntfs". Implicitly 53394 inferred to be "ext4" if unspecified. 53395 type: string 53396 storagePolicyID: 53397 description: storagePolicyID is the storage 53398 Policy Based Management (SPBM) profile 53399 ID associated with the StoragePolicyName. 53400 type: string 53401 storagePolicyName: 53402 description: storagePolicyName is the 53403 storage Policy Based Management (SPBM) 53404 profile name. 53405 type: string 53406 volumePath: 53407 description: volumePath is the path that 53408 identifies vSphere volume vmdk 53409 type: string 53410 required: 53411 - volumePath 53412 type: object 53413 required: 53414 - name 53415 type: object 53416 type: array 53417 x-kubernetes-list-type: atomic 53418 type: object 53419 taskServiceAccountName: 53420 type: string 53421 type: object 53422 type: array 53423 x-kubernetes-list-type: atomic 53424 timeout: 53425 description: 'Timeout Deprecated: use pipelineRunSpec.Timeouts.Pipeline 53426 instead Time after which the Pipeline times out. Defaults 53427 to never. Refer to Go''s ParseDuration documentation for 53428 expected format: https://golang.org/pkg/time/#ParseDuration' 53429 type: string 53430 timeouts: 53431 description: Time after which the Pipeline times out. Currently 53432 three keys are accepted in the map pipeline, tasks and finally 53433 with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally 53434 properties: 53435 finally: 53436 description: Finally sets the maximum allowed duration 53437 of this pipeline's finally 53438 type: string 53439 pipeline: 53440 description: Pipeline sets the maximum allowed duration 53441 for execution of the entire pipeline. The sum of individual 53442 timeouts for tasks and finally must not exceed this 53443 value. 53444 type: string 53445 tasks: 53446 description: Tasks sets the maximum allowed duration of 53447 this pipeline's tasks 53448 type: string 53449 type: object 53450 workspaces: 53451 description: Workspaces holds a set of workspace bindings 53452 that must match names with those declared in the pipeline. 53453 items: 53454 description: WorkspaceBinding maps a Task's declared workspace 53455 to a Volume. 53456 properties: 53457 configMap: 53458 description: ConfigMap represents a configMap that should 53459 populate this workspace. 53460 properties: 53461 defaultMode: 53462 description: 'defaultMode is optional: mode bits 53463 used to set permissions on created files by default. 53464 Must be an octal value between 0000 and 0777 or 53465 a decimal value between 0 and 511. YAML accepts 53466 both octal and decimal values, JSON requires decimal 53467 values for mode bits. Defaults to 0644. Directories 53468 within the path are not affected by this setting. 53469 This might be in conflict with other options that 53470 affect the file mode, like fsGroup, and the result 53471 can be other mode bits set.' 53472 format: int32 53473 type: integer 53474 items: 53475 description: items if unspecified, each key-value 53476 pair in the Data field of the referenced ConfigMap 53477 will be projected into the volume as a file whose 53478 name is the key and content is the value. If specified, 53479 the listed keys will be projected into the specified 53480 paths, and unlisted keys will not be present. 53481 If a key is specified which is not present in 53482 the ConfigMap, the volume setup will error unless 53483 it is marked optional. Paths must be relative 53484 and may not contain the '..' path or start with 53485 '..'. 53486 items: 53487 description: Maps a string key to a path within 53488 a volume. 53489 properties: 53490 key: 53491 description: key is the key to project. 53492 type: string 53493 mode: 53494 description: 'mode is Optional: mode bits 53495 used to set permissions on this file. Must 53496 be an octal value between 0000 and 0777 53497 or a decimal value between 0 and 511. YAML 53498 accepts both octal and decimal values, JSON 53499 requires decimal values for mode bits. If 53500 not specified, the volume defaultMode will 53501 be used. This might be in conflict with 53502 other options that affect the file mode, 53503 like fsGroup, and the result can be other 53504 mode bits set.' 53505 format: int32 53506 type: integer 53507 path: 53508 description: path is the relative path of 53509 the file to map the key to. May not be an 53510 absolute path. May not contain the path 53511 element '..'. May not start with the string 53512 '..'. 53513 type: string 53514 required: 53515 - key 53516 - path 53517 type: object 53518 type: array 53519 name: 53520 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53521 TODO: Add other useful fields. apiVersion, kind, 53522 uid?' 53523 type: string 53524 optional: 53525 description: optional specify whether the ConfigMap 53526 or its keys must be defined 53527 type: boolean 53528 type: object 53529 csi: 53530 description: CSI (Container Storage Interface) represents 53531 ephemeral storage that is handled by certain external 53532 CSI drivers. 53533 properties: 53534 driver: 53535 description: driver is the name of the CSI driver 53536 that handles this volume. Consult with your admin 53537 for the correct name as registered in the cluster. 53538 type: string 53539 fsType: 53540 description: fsType to mount. Ex. "ext4", "xfs", 53541 "ntfs". If not provided, the empty value is passed 53542 to the associated CSI driver which will determine 53543 the default filesystem to apply. 53544 type: string 53545 nodePublishSecretRef: 53546 description: nodePublishSecretRef is a reference 53547 to the secret object containing sensitive information 53548 to pass to the CSI driver to complete the CSI 53549 NodePublishVolume and NodeUnpublishVolume calls. 53550 This field is optional, and may be empty if no 53551 secret is required. If the secret object contains 53552 more than one secret, all secret references are 53553 passed. 53554 properties: 53555 name: 53556 description: 'Name of the referent. More info: 53557 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53558 TODO: Add other useful fields. apiVersion, 53559 kind, uid?' 53560 type: string 53561 type: object 53562 readOnly: 53563 description: readOnly specifies a read-only configuration 53564 for the volume. Defaults to false (read/write). 53565 type: boolean 53566 volumeAttributes: 53567 additionalProperties: 53568 type: string 53569 description: volumeAttributes stores driver-specific 53570 properties that are passed to the CSI driver. 53571 Consult your driver's documentation for supported 53572 values. 53573 type: object 53574 required: 53575 - driver 53576 type: object 53577 emptyDir: 53578 description: 'EmptyDir represents a temporary directory 53579 that shares a Task''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 53580 Either this OR PersistentVolumeClaim can be used.' 53581 properties: 53582 medium: 53583 description: 'medium represents what type of storage 53584 medium should back this directory. The default 53585 is "" which means to use the node''s default medium. 53586 Must be an empty string (default) or Memory. More 53587 info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 53588 type: string 53589 sizeLimit: 53590 anyOf: 53591 - type: integer 53592 - type: string 53593 description: 'sizeLimit is the total amount of local 53594 storage required for this EmptyDir volume. The 53595 size limit is also applicable for memory medium. 53596 The maximum usage on memory medium EmptyDir would 53597 be the minimum value between the SizeLimit specified 53598 here and the sum of memory limits of all containers 53599 in a pod. The default is nil which means that 53600 the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 53601 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 53602 x-kubernetes-int-or-string: true 53603 type: object 53604 name: 53605 description: Name is the name of the workspace populated 53606 by the volume. 53607 type: string 53608 persistentVolumeClaim: 53609 description: PersistentVolumeClaimVolumeSource represents 53610 a reference to a PersistentVolumeClaim in the same 53611 namespace. Either this OR EmptyDir can be used. 53612 properties: 53613 claimName: 53614 description: 'claimName is the name of a PersistentVolumeClaim 53615 in the same namespace as the pod using this volume. 53616 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 53617 type: string 53618 readOnly: 53619 description: readOnly Will force the ReadOnly setting 53620 in VolumeMounts. Default false. 53621 type: boolean 53622 required: 53623 - claimName 53624 type: object 53625 projected: 53626 description: Projected represents a projected volume 53627 that should populate this workspace. 53628 properties: 53629 defaultMode: 53630 description: defaultMode are the mode bits used 53631 to set permissions on created files by default. 53632 Must be an octal value between 0000 and 0777 or 53633 a decimal value between 0 and 511. YAML accepts 53634 both octal and decimal values, JSON requires decimal 53635 values for mode bits. Directories within the path 53636 are not affected by this setting. This might be 53637 in conflict with other options that affect the 53638 file mode, like fsGroup, and the result can be 53639 other mode bits set. 53640 format: int32 53641 type: integer 53642 sources: 53643 description: sources is the list of volume projections 53644 items: 53645 description: Projection that may be projected 53646 along with other supported volume types 53647 properties: 53648 configMap: 53649 description: configMap information about the 53650 configMap data to project 53651 properties: 53652 items: 53653 description: items if unspecified, each 53654 key-value pair in the Data field of 53655 the referenced ConfigMap will be projected 53656 into the volume as a file whose name 53657 is the key and content is the value. 53658 If specified, the listed keys will be 53659 projected into the specified paths, 53660 and unlisted keys will not be present. 53661 If a key is specified which is not present 53662 in the ConfigMap, the volume setup will 53663 error unless it is marked optional. 53664 Paths must be relative and may not contain 53665 the '..' path or start with '..'. 53666 items: 53667 description: Maps a string key to a 53668 path within a volume. 53669 properties: 53670 key: 53671 description: key is the key to project. 53672 type: string 53673 mode: 53674 description: 'mode is Optional: 53675 mode bits used to set permissions 53676 on this file. Must be an octal 53677 value between 0000 and 0777 or 53678 a decimal value between 0 and 53679 511. YAML accepts both octal and 53680 decimal values, JSON requires 53681 decimal values for mode bits. 53682 If not specified, the volume defaultMode 53683 will be used. This might be in 53684 conflict with other options that 53685 affect the file mode, like fsGroup, 53686 and the result can be other mode 53687 bits set.' 53688 format: int32 53689 type: integer 53690 path: 53691 description: path is the relative 53692 path of the file to map the key 53693 to. May not be an absolute path. 53694 May not contain the path element 53695 '..'. May not start with the string 53696 '..'. 53697 type: string 53698 required: 53699 - key 53700 - path 53701 type: object 53702 type: array 53703 name: 53704 description: 'Name of the referent. More 53705 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53706 TODO: Add other useful fields. apiVersion, 53707 kind, uid?' 53708 type: string 53709 optional: 53710 description: optional specify whether 53711 the ConfigMap or its keys must be defined 53712 type: boolean 53713 type: object 53714 downwardAPI: 53715 description: downwardAPI information about 53716 the downwardAPI data to project 53717 properties: 53718 items: 53719 description: Items is a list of DownwardAPIVolume 53720 file 53721 items: 53722 description: DownwardAPIVolumeFile represents 53723 information to create the file containing 53724 the pod field 53725 properties: 53726 fieldRef: 53727 description: 'Required: Selects 53728 a field of the pod: only annotations, 53729 labels, name and namespace are 53730 supported.' 53731 properties: 53732 apiVersion: 53733 description: Version of the 53734 schema the FieldPath is written 53735 in terms of, defaults to "v1". 53736 type: string 53737 fieldPath: 53738 description: Path of the field 53739 to select in the specified 53740 API version. 53741 type: string 53742 required: 53743 - fieldPath 53744 type: object 53745 mode: 53746 description: 'Optional: mode bits 53747 used to set permissions on this 53748 file, must be an octal value between 53749 0000 and 0777 or a decimal value 53750 between 0 and 511. YAML accepts 53751 both octal and decimal values, 53752 JSON requires decimal values for 53753 mode bits. If not specified, the 53754 volume defaultMode will be used. 53755 This might be in conflict with 53756 other options that affect the 53757 file mode, like fsGroup, and the 53758 result can be other mode bits 53759 set.' 53760 format: int32 53761 type: integer 53762 path: 53763 description: 'Required: Path is the 53764 relative path name of the file 53765 to be created. Must not be absolute 53766 or contain the ''..'' path. Must 53767 be utf-8 encoded. The first item 53768 of the relative path must not 53769 start with ''..''' 53770 type: string 53771 resourceFieldRef: 53772 description: 'Selects a resource 53773 of the container: only resources 53774 limits and requests (limits.cpu, 53775 limits.memory, requests.cpu and 53776 requests.memory) are currently 53777 supported.' 53778 properties: 53779 containerName: 53780 description: 'Container name: 53781 required for volumes, optional 53782 for env vars' 53783 type: string 53784 divisor: 53785 anyOf: 53786 - type: integer 53787 - type: string 53788 description: Specifies the output 53789 format of the exposed resources, 53790 defaults to "1" 53791 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 53792 x-kubernetes-int-or-string: true 53793 resource: 53794 description: 'Required: resource 53795 to select' 53796 type: string 53797 required: 53798 - resource 53799 type: object 53800 required: 53801 - path 53802 type: object 53803 type: array 53804 type: object 53805 secret: 53806 description: secret information about the 53807 secret data to project 53808 properties: 53809 items: 53810 description: items if unspecified, each 53811 key-value pair in the Data field of 53812 the referenced Secret will be projected 53813 into the volume as a file whose name 53814 is the key and content is the value. 53815 If specified, the listed keys will be 53816 projected into the specified paths, 53817 and unlisted keys will not be present. 53818 If a key is specified which is not present 53819 in the Secret, the volume setup will 53820 error unless it is marked optional. 53821 Paths must be relative and may not contain 53822 the '..' path or start with '..'. 53823 items: 53824 description: Maps a string key to a 53825 path within a volume. 53826 properties: 53827 key: 53828 description: key is the key to project. 53829 type: string 53830 mode: 53831 description: 'mode is Optional: 53832 mode bits used to set permissions 53833 on this file. Must be an octal 53834 value between 0000 and 0777 or 53835 a decimal value between 0 and 53836 511. YAML accepts both octal and 53837 decimal values, JSON requires 53838 decimal values for mode bits. 53839 If not specified, the volume defaultMode 53840 will be used. This might be in 53841 conflict with other options that 53842 affect the file mode, like fsGroup, 53843 and the result can be other mode 53844 bits set.' 53845 format: int32 53846 type: integer 53847 path: 53848 description: path is the relative 53849 path of the file to map the key 53850 to. May not be an absolute path. 53851 May not contain the path element 53852 '..'. May not start with the string 53853 '..'. 53854 type: string 53855 required: 53856 - key 53857 - path 53858 type: object 53859 type: array 53860 name: 53861 description: 'Name of the referent. More 53862 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 53863 TODO: Add other useful fields. apiVersion, 53864 kind, uid?' 53865 type: string 53866 optional: 53867 description: optional field specify whether 53868 the Secret or its key must be defined 53869 type: boolean 53870 type: object 53871 serviceAccountToken: 53872 description: serviceAccountToken is information 53873 about the serviceAccountToken data to project 53874 properties: 53875 audience: 53876 description: audience is the intended 53877 audience of the token. A recipient of 53878 a token must identify itself with an 53879 identifier specified in the audience 53880 of the token, and otherwise should reject 53881 the token. The audience defaults to 53882 the identifier of the apiserver. 53883 type: string 53884 expirationSeconds: 53885 description: expirationSeconds is the 53886 requested duration of validity of the 53887 service account token. As the token 53888 approaches expiration, the kubelet volume 53889 plugin will proactively rotate the service 53890 account token. The kubelet will start 53891 trying to rotate the token if the token 53892 is older than 80 percent of its time 53893 to live or if the token is older than 53894 24 hours.Defaults to 1 hour and must 53895 be at least 10 minutes. 53896 format: int64 53897 type: integer 53898 path: 53899 description: path is the path relative 53900 to the mount point of the file to project 53901 the token into. 53902 type: string 53903 required: 53904 - path 53905 type: object 53906 type: object 53907 type: array 53908 type: object 53909 secret: 53910 description: Secret represents a secret that should 53911 populate this workspace. 53912 properties: 53913 defaultMode: 53914 description: 'defaultMode is Optional: mode bits 53915 used to set permissions on created files by default. 53916 Must be an octal value between 0000 and 0777 or 53917 a decimal value between 0 and 511. YAML accepts 53918 both octal and decimal values, JSON requires decimal 53919 values for mode bits. Defaults to 0644. Directories 53920 within the path are not affected by this setting. 53921 This might be in conflict with other options that 53922 affect the file mode, like fsGroup, and the result 53923 can be other mode bits set.' 53924 format: int32 53925 type: integer 53926 items: 53927 description: items If unspecified, each key-value 53928 pair in the Data field of the referenced Secret 53929 will be projected into the volume as a file whose 53930 name is the key and content is the value. If specified, 53931 the listed keys will be projected into the specified 53932 paths, and unlisted keys will not be present. 53933 If a key is specified which is not present in 53934 the Secret, the volume setup will error unless 53935 it is marked optional. Paths must be relative 53936 and may not contain the '..' path or start with 53937 '..'. 53938 items: 53939 description: Maps a string key to a path within 53940 a volume. 53941 properties: 53942 key: 53943 description: key is the key to project. 53944 type: string 53945 mode: 53946 description: 'mode is Optional: mode bits 53947 used to set permissions on this file. Must 53948 be an octal value between 0000 and 0777 53949 or a decimal value between 0 and 511. YAML 53950 accepts both octal and decimal values, JSON 53951 requires decimal values for mode bits. If 53952 not specified, the volume defaultMode will 53953 be used. This might be in conflict with 53954 other options that affect the file mode, 53955 like fsGroup, and the result can be other 53956 mode bits set.' 53957 format: int32 53958 type: integer 53959 path: 53960 description: path is the relative path of 53961 the file to map the key to. May not be an 53962 absolute path. May not contain the path 53963 element '..'. May not start with the string 53964 '..'. 53965 type: string 53966 required: 53967 - key 53968 - path 53969 type: object 53970 type: array 53971 optional: 53972 description: optional field specify whether the 53973 Secret or its keys must be defined 53974 type: boolean 53975 secretName: 53976 description: 'secretName is the name of the secret 53977 in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 53978 type: string 53979 type: object 53980 subPath: 53981 description: SubPath is optionally a directory on the 53982 volume which should be used for this binding (i.e. 53983 the volume will be mounted at this sub directory). 53984 type: string 53985 volumeClaimTemplate: 53986 description: VolumeClaimTemplate is a template for a 53987 claim that will be created in the same namespace. 53988 The PipelineRun controller is responsible for creating 53989 a unique claim for each instance of PipelineRun. 53990 properties: 53991 apiVersion: 53992 description: 'APIVersion defines the versioned schema 53993 of this representation of an object. Servers should 53994 convert recognized schemas to the latest internal 53995 value, and may reject unrecognized values. More 53996 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 53997 type: string 53998 kind: 53999 description: 'Kind is a string value representing 54000 the REST resource this object represents. Servers 54001 may infer this from the endpoint the client submits 54002 requests to. Cannot be updated. In CamelCase. 54003 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 54004 type: string 54005 metadata: 54006 description: 'Standard object''s metadata. More 54007 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' 54008 type: object 54009 spec: 54010 description: 'spec defines the desired characteristics 54011 of a volume requested by a pod author. More info: 54012 https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 54013 properties: 54014 accessModes: 54015 description: 'accessModes contains the desired 54016 access modes the volume should have. More 54017 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 54018 items: 54019 type: string 54020 type: array 54021 dataSource: 54022 description: 'dataSource field can be used to 54023 specify either: * An existing VolumeSnapshot 54024 object (snapshot.storage.k8s.io/VolumeSnapshot) 54025 * An existing PVC (PersistentVolumeClaim) 54026 If the provisioner or an external controller 54027 can support the specified data source, it 54028 will create a new volume based on the contents 54029 of the specified data source. When the AnyVolumeDataSource 54030 feature gate is enabled, dataSource contents 54031 will be copied to dataSourceRef, and dataSourceRef 54032 contents will be copied to dataSource when 54033 dataSourceRef.namespace is not specified. 54034 If the namespace is specified, then dataSourceRef 54035 will not be copied to dataSource.' 54036 properties: 54037 apiGroup: 54038 description: APIGroup is the group for the 54039 resource being referenced. If APIGroup 54040 is not specified, the specified Kind must 54041 be in the core API group. For any other 54042 third-party types, APIGroup is required. 54043 type: string 54044 kind: 54045 description: Kind is the type of resource 54046 being referenced 54047 type: string 54048 name: 54049 description: Name is the name of resource 54050 being referenced 54051 type: string 54052 required: 54053 - kind 54054 - name 54055 type: object 54056 dataSourceRef: 54057 description: 'dataSourceRef specifies the object 54058 from which to populate the volume with data, 54059 if a non-empty volume is desired. This may 54060 be any object from a non-empty API group (non 54061 core object) or a PersistentVolumeClaim object. 54062 When this field is specified, volume binding 54063 will only succeed if the type of the specified 54064 object matches some installed volume populator 54065 or dynamic provisioner. This field will replace 54066 the functionality of the dataSource field 54067 and as such if both fields are non-empty, 54068 they must have the same value. For backwards 54069 compatibility, when namespace isn''t specified 54070 in dataSourceRef, both fields (dataSource 54071 and dataSourceRef) will be set to the same 54072 value automatically if one of them is empty 54073 and the other is non-empty. When namespace 54074 is specified in dataSourceRef, dataSource 54075 isn''t set to the same value and must be empty. 54076 There are three important differences between 54077 dataSource and dataSourceRef: * While dataSource 54078 only allows two specific types of objects, 54079 dataSourceRef allows any non-core object, 54080 as well as PersistentVolumeClaim objects. 54081 * While dataSource ignores disallowed values 54082 (dropping them), dataSourceRef preserves 54083 all values, and generates an error if a disallowed 54084 value is specified. * While dataSource only 54085 allows local objects, dataSourceRef allows 54086 objects in any namespaces. (Beta) Using 54087 this field requires the AnyVolumeDataSource 54088 feature gate to be enabled. (Alpha) Using 54089 the namespace field of dataSourceRef requires 54090 the CrossNamespaceVolumeDataSource feature 54091 gate to be enabled.' 54092 properties: 54093 apiGroup: 54094 description: APIGroup is the group for the 54095 resource being referenced. If APIGroup 54096 is not specified, the specified Kind must 54097 be in the core API group. For any other 54098 third-party types, APIGroup is required. 54099 type: string 54100 kind: 54101 description: Kind is the type of resource 54102 being referenced 54103 type: string 54104 name: 54105 description: Name is the name of resource 54106 being referenced 54107 type: string 54108 namespace: 54109 description: Namespace is the namespace 54110 of resource being referenced Note that 54111 when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant 54112 object is required in the referent namespace 54113 to allow that namespace's owner to accept 54114 the reference. See the ReferenceGrant 54115 documentation for details. (Alpha) This 54116 field requires the CrossNamespaceVolumeDataSource 54117 feature gate to be enabled. 54118 type: string 54119 required: 54120 - kind 54121 - name 54122 type: object 54123 resources: 54124 description: 'resources represents the minimum 54125 resources the volume should have. If RecoverVolumeExpansionFailure 54126 feature is enabled users are allowed to specify 54127 resource requirements that are lower than 54128 previous value but must still be higher than 54129 capacity recorded in the status field of the 54130 claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 54131 properties: 54132 claims: 54133 description: "Claims lists the names of 54134 resources, defined in spec.resourceClaims, 54135 that are used by this container. \n This 54136 is an alpha field and requires enabling 54137 the DynamicResourceAllocation feature 54138 gate. \n This field is immutable. It can 54139 only be set for containers." 54140 items: 54141 description: ResourceClaim references 54142 one entry in PodSpec.ResourceClaims. 54143 properties: 54144 name: 54145 description: Name must match the name 54146 of one entry in pod.spec.resourceClaims 54147 of the Pod where this field is used. 54148 It makes that resource available 54149 inside a container. 54150 type: string 54151 required: 54152 - name 54153 type: object 54154 type: array 54155 x-kubernetes-list-map-keys: 54156 - name 54157 x-kubernetes-list-type: map 54158 limits: 54159 additionalProperties: 54160 anyOf: 54161 - type: integer 54162 - type: string 54163 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 54164 x-kubernetes-int-or-string: true 54165 description: 'Limits describes the maximum 54166 amount of compute resources allowed. More 54167 info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 54168 type: object 54169 requests: 54170 additionalProperties: 54171 anyOf: 54172 - type: integer 54173 - type: string 54174 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 54175 x-kubernetes-int-or-string: true 54176 description: 'Requests describes the minimum 54177 amount of compute resources required. 54178 If Requests is omitted for a container, 54179 it defaults to Limits if that is explicitly 54180 specified, otherwise to an implementation-defined 54181 value. Requests cannot exceed Limits. 54182 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' 54183 type: object 54184 type: object 54185 selector: 54186 description: selector is a label query over 54187 volumes to consider for binding. 54188 properties: 54189 matchExpressions: 54190 description: matchExpressions is a list 54191 of label selector requirements. The requirements 54192 are ANDed. 54193 items: 54194 description: A label selector requirement 54195 is a selector that contains values, 54196 a key, and an operator that relates 54197 the key and values. 54198 properties: 54199 key: 54200 description: key is the label key 54201 that the selector applies to. 54202 type: string 54203 operator: 54204 description: operator represents a 54205 key's relationship to a set of values. 54206 Valid operators are In, NotIn, Exists 54207 and DoesNotExist. 54208 type: string 54209 values: 54210 description: values is an array of 54211 string values. If the operator is 54212 In or NotIn, the values array must 54213 be non-empty. If the operator is 54214 Exists or DoesNotExist, the values 54215 array must be empty. This array 54216 is replaced during a strategic merge 54217 patch. 54218 items: 54219 type: string 54220 type: array 54221 required: 54222 - key 54223 - operator 54224 type: object 54225 type: array 54226 matchLabels: 54227 additionalProperties: 54228 type: string 54229 description: matchLabels is a map of {key,value} 54230 pairs. A single {key,value} in the matchLabels 54231 map is equivalent to an element of matchExpressions, 54232 whose key field is "key", the operator 54233 is "In", and the values array contains 54234 only "value". The requirements are ANDed. 54235 type: object 54236 type: object 54237 storageClassName: 54238 description: 'storageClassName is the name of 54239 the StorageClass required by the claim. More 54240 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 54241 type: string 54242 volumeMode: 54243 description: volumeMode defines what type of 54244 volume is required by the claim. Value of 54245 Filesystem is implied when not included in 54246 claim spec. 54247 type: string 54248 volumeName: 54249 description: volumeName is the binding reference 54250 to the PersistentVolume backing this claim. 54251 type: string 54252 type: object 54253 status: 54254 description: 'status represents the current information/status 54255 of a persistent volume claim. Read-only. More 54256 info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 54257 properties: 54258 accessModes: 54259 description: 'accessModes contains the actual 54260 access modes the volume backing the PVC has. 54261 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 54262 items: 54263 type: string 54264 type: array 54265 allocatedResourceStatuses: 54266 additionalProperties: 54267 description: When a controller receives persistentvolume 54268 claim update with ClaimResourceStatus for 54269 a resource that it does not recognizes, 54270 then it should ignore that update and let 54271 other controllers handle it. 54272 type: string 54273 description: "allocatedResourceStatuses stores 54274 status of resource being resized for the given 54275 PVC. Key names follow standard Kubernetes 54276 label syntax. Valid values are either: \t* 54277 Un-prefixed keys: \t\t- storage - the capacity 54278 of the volume. \t* Custom resources must use 54279 implementation-defined prefixed names such 54280 as \"example.com/my-custom-resource\" Apart 54281 from above values - keys that are unprefixed 54282 or have kubernetes.io prefix are considered 54283 reserved and hence may not be used. \n ClaimResourceStatus 54284 can be in any of following states: \t- ControllerResizeInProgress: 54285 \t\tState set when resize controller starts 54286 resizing the volume in control-plane. \t- 54287 ControllerResizeFailed: \t\tState set when 54288 resize has failed in resize controller with 54289 a terminal error. \t- NodeResizePending: \t\tState 54290 set when resize controller has finished resizing 54291 the volume but further resizing of \t\tvolume 54292 is needed on the node. \t- NodeResizeInProgress: 54293 \t\tState set when kubelet starts resizing 54294 the volume. \t- NodeResizeFailed: \t\tState 54295 set when resizing has failed in kubelet with 54296 a terminal error. Transient errors don't set 54297 \t\tNodeResizeFailed. For example: if expanding 54298 a PVC for more capacity - this field can be 54299 one of the following states: \t- pvc.status.allocatedResourceStatus['storage'] 54300 = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 54301 = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] 54302 = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] 54303 = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] 54304 = \"NodeResizeFailed\" When this field is 54305 not set, it means that no resize operation 54306 is in progress for the given PVC. \n A controller 54307 that receives PVC update with previously unknown 54308 resourceName or ClaimResourceStatus should 54309 ignore the update for the purpose it was designed. 54310 For example - a controller that only is responsible 54311 for resizing capacity of the volume, should 54312 ignore PVC updates that change other valid 54313 resources associated with PVC. \n This is 54314 an alpha field and requires enabling RecoverVolumeExpansionFailure 54315 feature." 54316 type: object 54317 x-kubernetes-map-type: granular 54318 allocatedResources: 54319 additionalProperties: 54320 anyOf: 54321 - type: integer 54322 - type: string 54323 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 54324 x-kubernetes-int-or-string: true 54325 description: "allocatedResources tracks the 54326 resources allocated to a PVC including its 54327 capacity. Key names follow standard Kubernetes 54328 label syntax. Valid values are either: \t* 54329 Un-prefixed keys: \t\t- storage - the capacity 54330 of the volume. \t* Custom resources must use 54331 implementation-defined prefixed names such 54332 as \"example.com/my-custom-resource\" Apart 54333 from above values - keys that are unprefixed 54334 or have kubernetes.io prefix are considered 54335 reserved and hence may not be used. \n Capacity 54336 reported here may be larger than the actual 54337 capacity when a volume expansion operation 54338 is requested. For storage quota, the larger 54339 value from allocatedResources and PVC.spec.resources 54340 is used. If allocatedResources is not set, 54341 PVC.spec.resources alone is used for quota 54342 calculation. If a volume expansion capacity 54343 request is lowered, allocatedResources is 54344 only lowered if there are no expansion operations 54345 in progress and if the actual volume capacity 54346 is equal or lower than the requested capacity. 54347 \n A controller that receives PVC update with 54348 previously unknown resourceName should ignore 54349 the update for the purpose it was designed. 54350 For example - a controller that only is responsible 54351 for resizing capacity of the volume, should 54352 ignore PVC updates that change other valid 54353 resources associated with PVC. \n This is 54354 an alpha field and requires enabling RecoverVolumeExpansionFailure 54355 feature." 54356 type: object 54357 capacity: 54358 additionalProperties: 54359 anyOf: 54360 - type: integer 54361 - type: string 54362 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 54363 x-kubernetes-int-or-string: true 54364 description: capacity represents the actual 54365 resources of the underlying volume. 54366 type: object 54367 conditions: 54368 description: conditions is the current Condition 54369 of persistent volume claim. If underlying 54370 persistent volume is being resized then the 54371 Condition will be set to 'ResizeStarted'. 54372 items: 54373 description: PersistentVolumeClaimCondition 54374 contains details about state of pvc 54375 properties: 54376 lastProbeTime: 54377 description: lastProbeTime is the time 54378 we probed the condition. 54379 format: date-time 54380 type: string 54381 lastTransitionTime: 54382 description: lastTransitionTime is the 54383 time the condition transitioned from 54384 one status to another. 54385 format: date-time 54386 type: string 54387 message: 54388 description: message is the human-readable 54389 message indicating details about last 54390 transition. 54391 type: string 54392 reason: 54393 description: reason is a unique, this 54394 should be a short, machine understandable 54395 string that gives the reason for condition's 54396 last transition. If it reports "ResizeStarted" 54397 that means the underlying persistent 54398 volume is being resized. 54399 type: string 54400 status: 54401 type: string 54402 type: 54403 description: PersistentVolumeClaimConditionType 54404 is a valid value of PersistentVolumeClaimCondition.Type 54405 type: string 54406 required: 54407 - status 54408 - type 54409 type: object 54410 type: array 54411 phase: 54412 description: phase represents the current phase 54413 of PersistentVolumeClaim. 54414 type: string 54415 type: object 54416 type: object 54417 required: 54418 - name 54419 type: object 54420 type: array 54421 x-kubernetes-list-type: atomic 54422 type: object 54423 type: object 54424 type: 54425 description: Type is the type of job and informs how the jobs is triggered 54426 enum: 54427 - presubmit 54428 - postsubmit 54429 - periodic 54430 - batch 54431 type: string 54432 type: object 54433 status: 54434 anyOf: 54435 - not: 54436 properties: 54437 state: 54438 enum: 54439 - "success" 54440 - "failure" 54441 - "error" 54442 - required: 54443 - completionTime 54444 description: ProwJobStatus provides runtime metadata, such as when it 54445 finished, whether it is running, etc. 54446 properties: 54447 build_id: 54448 description: BuildID is the build identifier vended either by tot 54449 or the snowflake library for this job and used as an identifier 54450 for grouping artifacts in GCS for views in TestGrid and Gubernator. 54451 Idenitifiers vended by tot are monotonically increasing whereas 54452 identifiers vended by the snowflake library are not. 54453 type: string 54454 completionTime: 54455 description: CompletionTime is the timestamp for when the job goes 54456 to a final state 54457 format: date-time 54458 type: string 54459 description: 54460 type: string 54461 jenkins_build_id: 54462 description: JenkinsBuildID applies only to ProwJobs fulfilled by 54463 the jenkins-operator. This field is the build identifier that Jenkins 54464 gave to the build for this ProwJob. 54465 type: string 54466 pendingTime: 54467 description: PendingTime is the timestamp for when the job moved from 54468 triggered to pending 54469 format: date-time 54470 type: string 54471 pod_name: 54472 description: PodName applies only to ProwJobs fulfilled by plank. 54473 This field should always be the same as the ProwJob.ObjectMeta.Name 54474 field. 54475 type: string 54476 prev_report_states: 54477 additionalProperties: 54478 description: ProwJobState specifies whether the job is running 54479 type: string 54480 description: PrevReportStates stores the previous reported prowjob 54481 state per reporter So crier won't make duplicated report attempt 54482 type: object 54483 startTime: 54484 description: StartTime is equal to the creation time of the ProwJob 54485 format: date-time 54486 type: string 54487 state: 54488 description: ProwJobState specifies whether the job is running 54489 enum: 54490 - scheduling 54491 - triggered 54492 - pending 54493 - success 54494 - failure 54495 - aborted 54496 - error 54497 type: string 54498 url: 54499 type: string 54500 type: object 54501 type: object 54502 served: true 54503 storage: true 54504 subresources: {} 54505 status: 54506 acceptedNames: 54507 kind: "" 54508 plural: "" 54509 conditions: [] 54510 storedVersions: []