github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/50_crd.yaml

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    api-approved.kubernetes.io: https://github.com/kubernetes/test-infra/pull/8669
    controller-gen.kubebuilder.io/version: v0.6.3-0.20210827222652-7b3a8699fa04
  creationTimestamp: null
  name: prowjobs.prow.k8s.io
spec:
  preserveUnknownFields: false
  group: prow.k8s.io
  names:
    kind: ProwJob
    listKind: ProwJobList
    plural: prowjobs
    singular: prowjob
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: The name of the job being run
      jsonPath: .spec.job
      name: Job
      type: string
    - description: The ID of the job being run.
      jsonPath: .status.build_id
      name: BuildId
      type: string
    - description: The type of job being run.
      jsonPath: .spec.type
      name: Type
      type: string
    - description: The org for which the job is running.
      jsonPath: .spec.refs.org
      name: Org
      type: string
    - description: The repo for which the job is running.
      jsonPath: .spec.refs.repo
      name: Repo
      type: string
    - description: The pulls for which the job is running.
      jsonPath: .spec.refs.pulls[*].number
      name: Pulls
      type: string
    - description: When the job started running.
      jsonPath: .status.startTime
      name: StartTime
      type: date
    - description: When the job finished running.
      jsonPath: .status.completionTime
      name: CompletionTime
      type: date
    - description: The state of the job.
      jsonPath: .status.state
      name: State
      type: string
    name: v1
    schema:
      openAPIV3Schema:
        description: ProwJob contains the spec as well as runtime metadata.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: "ProwJobSpec configures the details of the prow job. \n Details
              include the podspec, code to clone, the cluster it runs any child jobs,
              concurrency limitations, etc."
            properties:
              agent:
                description: Agent determines which controller fulfills this specific
                  ProwJobSpec and runs the job
                type: string
              cluster:
                description: Cluster is which Kubernetes cluster is used to run the
                  job, only applicable for that specific agent
                type: string
              context:
                description: Context is the name of the status context used to report
                  back to GitHub
                type: string
              decoration_config:
                description: DecorationConfig holds configuration options for decorating
                  PodSpecs that users provide
                properties:
                  blobless_fetch:
                    description: BloblessFetch tells Prow to avoid fetching objects
                      when cloning using the --filter=blob:none flag.
                    type: boolean
                  censor_secrets:
                    description: CensorSecrets enables censoring output logs and artifacts.
                    type: boolean
                  censoring_options:
                    description: CensoringOptions exposes options for censoring output
                      logs and artifacts.
                    properties:
                      censoring_buffer_size:
                        description: CensoringBufferSize is the size in bytes of the
                          buffer allocated for every file being censored. We want
                          to keep as little of the file in memory as possible in order
                          for censoring to be reasonably performant in space. However,
                          to guarantee that we censor every instance of every secret,
                          our buffer size must be at least two times larger than the
                          largest secret we are about to censor. While that size is
                          the smallest possible buffer we could use, if the secrets
                          being censored are small, censoring will not be performant
                          as the number of I/O actions per file would increase. If
                          unset, defaults to 10MiB.
                        type: integer
                      censoring_concurrency:
                        description: CensoringConcurrency is the maximum number of
                          goroutines that should be censoring artifacts and logs at
                          any time. If unset, defaults to 10.
                        format: int64
                        type: integer
                      exclude_directories:
                        description: ExcludeDirectories are directories which should
                          not have their content censored. If present, content in
                          these directories will not be censored even if the directory
                          also matches a glob in IncludeDirectories. Entries in this
                          list are relative to $ARTIFACTS, and are parsed with the
                          go-zglob library, allowing for globbed matches.
                        items:
                          type: string
                        type: array
                      include_directories:
                        description: IncludeDirectories are directories which should
                          have their content censored. If present, only content in
                          these directories will be censored. Entries in this list
                          are relative to $ARTIFACTS and are parsed with the go-zglob
                          library, allowing for globbed matches.
                        items:
                          type: string
                        type: array
                    type: object
                  cookiefile_secret:
                    description: CookieFileSecret is the name of a kubernetes secret
                      that contains a git http.cookiefile, which should be used during
                      the cloning process.
                    type: string
                  default_memory_request:
                    anyOf:
                    - type: integer
                    - type: string
                    description: DefaultMemoryRequest is the default requested memory
                      on a test container. If SetLimitEqualsMemoryRequest is also
                      true then the Limit will also be set the same as this request.
                      Could be overridden by memory request defined explicitly on
                      prowjob.
                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                    x-kubernetes-int-or-string: true
                  default_service_account_name:
                    description: DefaultServiceAccountName is the name of the Kubernetes
                      service account that should be used by the pod if one is not
                      specified in the podspec.
                    type: string
                  fs_group:
                    description: FsGroup defines special supplemental group ID used
                      in all containers in a Pod. This allows to change the ownership
                      of particular volumes by kubelet. This field will not override
                      the existing ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's
                      FsGroup
                    format: int64
                    type: integer
                  gcs_configuration:
                    description: GCSConfiguration holds options for pushing logs and
                      artifacts to GCS from a job.
                    properties:
                      bucket:
                        description: 'Bucket is the bucket to upload to, it can be:
                          * a GCS bucket: with gs:// prefix * a S3 bucket: with s3://
                          prefix * a GCS bucket: without a prefix (deprecated, it''s
                          discouraged to use Bucket without prefix please add the
                          gs:// prefix)'
                        type: string
                      compress_file_types:
                        description: 'CompressFileTypes specify file types that should
                          be gzipped prior to upload. Matching files will be compressed
                          prior to upload, and the content-encoding on these files
                          will be set to gzip. GCS will transcode these gzipped files
                          transparently when viewing. See: https://cloud.google.com/storage/docs/transcoding
                          Example: "txt", "json" Use "*" for all'
                        items:
                          type: string
                        type: array
                      default_org:
                        description: DefaultOrg is omitted from GCS paths when using
                          the legacy or simple strategy
                        type: string
                      default_repo:
                        description: DefaultRepo is omitted from GCS paths when using
                          the legacy or simple strategy
                        type: string
                      job_url_prefix:
                        description: JobURLPrefix holds the baseURL under which the
                          jobs output can be viewed. If unset, this will be derived
                          based on org/repo from the job_url_prefix_config.
                        type: string
                      local_output_dir:
                        description: LocalOutputDir specifies a directory where files
                          should be copied INSTEAD of uploading to blob storage. This
                          option is useful for testing jobs that use the pod-utilities
                          without actually uploading.
                        type: string
                      mediaTypes:
                        additionalProperties:
                          type: string
                        description: 'MediaTypes holds additional extension media
                          types to add to Go''s builtin''s and the local system''s
                          defaults.  This maps extensions to media types, for example:
                          MediaTypes["log"] = "text/plain"'
                        type: object
                      path_prefix:
                        description: PathPrefix is an optional path that follows the
                          bucket name and comes before any structure
                        type: string
                      path_strategy:
                        description: PathStrategy dictates how the org and repo are
                          used when calculating the full path to an artifact in GCS
                        type: string
                    type: object
                  gcs_credentials_secret:
                    description: GCSCredentialsSecret is the name of the Kubernetes
                      secret that holds GCS push credentials.
                    type: string
                  github_api_endpoints:
                    description: GitHubAPIEndpoints are the endpoints of GitHub APIs.
                    items:
                      type: string
                    type: array
                  github_app_id:
                    description: GitHubAppID is the ID of GitHub App, which is going
                      to be used for fetching a private repository.
                    type: string
                  github_app_private_key_secret:
                    description: GitHubAppPrivateKeySecret is a Kubernetes secret
                      that contains the GitHub App private key, which is going to
                      be used for fetching a private repository.
                    properties:
                      key:
                        description: Key is the key of the corresponding kubernetes
                          secret that holds the value of the GitHub App private key.
                        type: string
                      name:
                        description: Name is the name of a kubernetes secret.
                        type: string
                    type: object
                  grace_period:
                    description: GracePeriod is how long the pod utilities will wait
                      after sending SIGINT to send SIGKILL when aborting a job. Only
                      applicable if decorating the PodSpec.
                    type: string
                  oauth_token_secret:
                    description: OauthTokenSecret is a Kubernetes secret that contains
                      the OAuth token, which is going to be used for fetching a private
                      repository.
                    properties:
                      key:
                        description: Key is the key of the corresponding kubernetes
                          secret that holds the value of the OAuth token.
                        type: string
                      name:
                        description: Name is the name of a kubernetes secret.
                        type: string
                    type: object
                  pod_pending_timeout:
                    description: PodPendingTimeout defines how long the controller
                      will wait to perform garbage collection on pending pods. Specific
                      for OrgRepo or Cluster. If not set, it has a fallback inside
                      plank field.
                    type: string
                  pod_running_timeout:
                    description: PodRunningTimeout defines how long the controller
                      will wait to abort a prowjob pod stuck in running state. Specific
                      for OrgRepo or Cluster. If not set, it has a fallback inside
                      plank field.
                    type: string
                  pod_unscheduled_timeout:
                    description: PodUnscheduledTimeout defines how long the controller
                      will wait to abort a prowjob stuck in an unscheduled state.
                      Specific for OrgRepo or Cluster. If not set, it has a fallback
                      inside plank field.
                    type: string
                  resources:
                    description: Resources holds resource requests and limits for
                      utility containers used to decorate a PodSpec.
                    properties:
                      clonerefs:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      initupload:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      place_entrypoint:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      sidecar:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                    type: object
                  run_as_group:
                    description: RunAsGroup defines GID of process in all containers
                      running in a Pod. This field will not override the existing
                      ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's
                      RunAsGroup
                    format: int64
                    type: integer
                  run_as_user:
                    description: RunAsUser defines UID for process in all containers
                      running in a Pod. This field will not override the existing
                      ProwJob's PodSecurityContext. Equivalent to PodSecurityContext's
                      RunAsUser
                    format: int64
                    type: integer
                  s3_credentials_secret:
                    description: S3CredentialsSecret is the name of the Kubernetes
                      secret that holds blob storage push credentials.
                    type: string
                  set_limit_equals_memory_request:
                    description: SetLimitEqualsMemoryRequest sets memory limit equal
                      to request.
                    type: boolean
                  skip_cloning:
                    description: SkipCloning determines if we should clone source
                      code in the initcontainers for jobs that specify refs
                    type: boolean
                  ssh_host_fingerprints:
                    description: SSHHostFingerprints are the fingerprints of known
                      SSH hosts that the cloning process can trust. Create with ssh-keyscan
                      [-t rsa] host
                    items:
                      type: string
                    type: array
                  ssh_key_secrets:
                    description: SSHKeySecrets are the names of Kubernetes secrets
                      that contain SSK keys which should be used during the cloning
                      process.
                    items:
                      type: string
                    type: array
                  timeout:
                    description: Timeout is how long the pod utilities will wait before
                      aborting a job with SIGINT.
                    type: string
                  upload_ignores_interrupts:
                    description: UploadIgnoresInterrupts causes sidecar to ignore
                      interrupts for the upload process in hope that the test process
                      exits cleanly before starting an upload.
                    type: boolean
                  utility_images:
                    description: UtilityImages holds pull specs for utility container
                      images used to decorate a PodSpec.
                    properties:
                      clonerefs:
                        description: CloneRefs is the pull spec used for the clonerefs
                          utility
                        type: string
                      entrypoint:
                        description: Entrypoint is the pull spec used for the entrypoint
                          utility
                        type: string
                      initupload:
                        description: InitUpload is the pull spec used for the initupload
                          utility
                        type: string
                      sidecar:
                        description: sidecar is the pull spec used for the sidecar
                          utility
                        type: string
                    type: object
                type: object
              error_on_eviction:
                description: ErrorOnEviction indicates that the ProwJob should be
                  completed and given the ErrorState status if the pod that is executing
                  the job is evicted. If this field is unspecified or false, a new
                  pod will be created to replace the evicted one.
                type: boolean
              extra_refs:
                description: ExtraRefs are auxiliary repositories that need to be
                  cloned, determined from config
                items:
                  description: Refs describes how the repo was constructed.
                  properties:
                    base_link:
                      description: BaseLink is a link to the commit identified by
                        BaseSHA.
                      type: string
                    base_ref:
                      type: string
                    base_sha:
                      type: string
                    blobless_fetch:
                      description: BloblessFetch tells prow to avoid fetching objects
                        when cloning using the --filter=blob:none flag. If unspecified,
                        defaults to DecorationConfig.BloblessFetch.
                      type: boolean
                    clone_depth:
                      description: CloneDepth is the depth of the clone that will
                        be used. A depth of zero will do a full clone.
                      type: integer
                    clone_uri:
                      description: CloneURI is the URI that is used to clone the repository.
                        If unset, will default to `https://github.com/org/repo.git`.
                      type: string
                    org:
                      description: Org is something like kubernetes or k8s.io
                      type: string
                    path_alias:
                      description: PathAlias is the location under <root-dir>/src
                        where this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo
                        will be used as the default.
                      type: string
                    pulls:
                      items:
                        description: Pull describes a pull request at a particular
                          point in time.
                        properties:
                          author:
                            type: string
                          author_link:
                            description: AuthorLink links to the author of the pull
                              request.
                            type: string
                          commit_link:
                            description: CommitLink links to the commit identified
                              by the SHA.
                            type: string
                          head_ref:
                            description: 'HeadRef is the git ref (branch name) of
                              the proposed change.  This can be more human-readable
                              than just a PR #, and some tools want this metadata
                              to help associate the work with a pull request (e.g.
                              some code scanning services, or chromatic.com).'
                            type: string
                          link:
                            description: Link links to the pull request itself.
                            type: string
                          number:
                            type: integer
                          ref:
                            description: 'Ref is git ref can be checked out for a
                              change for example, github: pull/123/head gerrit: refs/changes/00/123/1'
                            type: string
                          sha:
                            type: string
                          title:
                            type: string
                        required:
                        - author
                        - number
                        - sha
                        type: object
                      type: array
                    repo:
                      description: Repo is something like test-infra
                      type: string
                    repo_link:
                      description: RepoLink links to the source for Repo.
                      type: string
                    skip_fetch_head:
                      description: SkipFetchHead tells prow to avoid a git fetch <remote>
                        call. Multiheaded repos may need to not make this call. The
                        git fetch <remote> <BaseRef> call occurs regardless.
                      type: boolean
                    skip_submodules:
                      description: SkipSubmodules determines if submodules should
                        be cloned when the job is run. Defaults to false.
                      type: boolean
                    workdir:
                      description: WorkDir defines if the location of the cloned repository
                        will be used as the default working directory.
                      type: boolean
                  required:
                  - org
                  - repo
                  type: object
                type: array
              hidden:
                description: Hidden specifies if the Job is considered hidden. Hidden
                  jobs are only shown by deck instances that have the `--hiddenOnly=true`
                  or `--show-hidden=true` flag set. Presubmits and Postsubmits can
                  also be set to hidden by adding their repository in Decks `hidden_repo`
                  setting.
                type: boolean
              jenkins_spec:
                description: JenkinsSpec holds configuration specific to Jenkins jobs
                properties:
                  github_branch_source_job:
                    type: boolean
                type: object
              job:
                description: Job is the name of the job
                type: string
              job_queue_name:
                description: JobQueueName is an optional field with name of a queue
                  defining max concurrency. When several jobs from the same queue
                  try to run at the same time, the number of them that is actually
                  started is limited by JobQueueCapacities (part of Plank's config).
                  If this field is left undefined inifinite concurrency is assumed.
                  This behaviour may be superseded by MaxConcurrency field, if it
                  is set to a constraining value.
                type: string
              max_concurrency:
                description: MaxConcurrency restricts the total number of instances
                  of this job that can run in parallel at once. This is a separate
                  mechanism to JobQueueName and the lowest max concurrency is selected
                  from these two.
                minimum: 0
                type: integer
              namespace:
                description: Namespace defines where to create pods/resources.
                type: string
              pipeline_run_spec:
                description: PipelineRunSpec provides the basis for running the test
                  as a pipeline-crd resource https://github.com/tektoncd/pipeline
                properties:
                  params:
                    description: Params is a list of parameter names and values.
                    items:
                      description: Param declares an ParamValues to use for the parameter
                        called name.
                      properties:
                        name:
                          type: string
                        value:
                          description: ParamValue is a type that can hold a single
                            string or string array. Used in JSON unmarshalling so
                            that a single JSON field can accept either an individual
                            string or an array of strings.
                          properties:
                            arrayVal:
                              items:
                                type: string
                              type: array
                              x-kubernetes-list-type: atomic
                            objectVal:
                              additionalProperties:
                                type: string
                              type: object
                            stringVal:
                              type: string
                            type:
                              description: ParamType indicates the type of an input
                                parameter; Used to distinguish between a single string
                                and an array of strings.
                              type: string
                          required:
                          - arrayVal
                          - objectVal
                          - stringVal
                          - type
                          type: object
                      required:
                      - name
                      - value
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  pipelineRef:
                    description: PipelineRef can be used to refer to a specific instance
                      of a Pipeline.
                    properties:
                      apiVersion:
                        description: API version of the referent
                        type: string
                      bundle:
                        description: 'Bundle url reference to a Tekton Bundle. Deprecated:
                          Please use ResolverRef with the bundles resolver instead.'
                        type: string
                      name:
                        description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                        type: string
                      params:
                        description: Params contains the parameters used to identify
                          the referenced Tekton resource. Example entries might include
                          "repo" or "path" but the set of params ultimately depends
                          on the chosen resolver.
                        items:
                          description: Param declares an ParamValues to use for the
                            parameter called name.
                          properties:
                            name:
                              type: string
                            value:
                              description: ParamValue is a type that can hold a single
                                string or string array. Used in JSON unmarshalling
                                so that a single JSON field can accept either an individual
                                string or an array of strings.
                              properties:
                                arrayVal:
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                objectVal:
                                  additionalProperties:
                                    type: string
                                  type: object
                                stringVal:
                                  type: string
                                type:
                                  description: ParamType indicates the type of an
                                    input parameter; Used to distinguish between a
                                    single string and an array of strings.
                                  type: string
                              required:
                              - arrayVal
                              - objectVal
                              - stringVal
                              - type
                              type: object
                          required:
                          - name
                          - value
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      resolver:
                        description: Resolver is the name of the resolver that should
                          perform resolution of the referenced Tekton resource, such
                          as "git".
                        type: string
                    type: object
                  pipelineSpec:
                    description: PipelineSpec defines the desired state of Pipeline.
                    properties:
                      description:
                        description: Description is a user-facing description of the
                          pipeline that may be used to populate a UI.
                        type: string
                      finally:
                        description: Finally declares the list of Tasks that execute
                          just before leaving the Pipeline i.e. either after all Tasks
                          are finished executing successfully or after a failure which
                          would result in ending the Pipeline
                        items:
                          description: PipelineTask defines a task in a Pipeline,
                            passing inputs from both Params and from the output of
                            previous tasks.
                          properties:
                            matrix:
                              description: Matrix declares parameters used to fan
                                out this task.
                              properties:
                                params:
                                  description: Params is a list of parameters used
                                    to fan out the pipelineTask Params takes only
                                    `Parameters` of type `"array"` Each array element
                                    is supplied to the `PipelineTask` by substituting
                                    `params` of type `"string"` in the underlying
                                    `Task`. The names of the `params` in the `Matrix`
                                    must match the names of the `params` in the underlying
                                    `Task` that they will be substituting.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            name:
                              description: Name is the name of this task within the
                                context of a Pipeline. Name is used as a coordinate
                                with the `from` and `runAfter` fields to establish
                                the execution order of tasks relative to one another.
                              type: string
                            params:
                              description: Parameters declares parameters passed to
                                this task.
                              items:
                                description: Param declares an ParamValues to use
                                  for the parameter called name.
                                properties:
                                  name:
                                    type: string
                                  value:
                                    description: ParamValue is a type that can hold
                                      a single string or string array. Used in JSON
                                      unmarshalling so that a single JSON field can
                                      accept either an individual string or an array
                                      of strings.
                                    properties:
                                      arrayVal:
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      objectVal:
                                        additionalProperties:
                                          type: string
                                        type: object
                                      stringVal:
                                        type: string
                                      type:
                                        description: ParamType indicates the type
                                          of an input parameter; Used to distinguish
                                          between a single string and an array of
                                          strings.
                                        type: string
                                    required:
                                    - arrayVal
                                    - objectVal
                                    - stringVal
                                    - type
                                    type: object
                                required:
                                - name
                                - value
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            resources:
                              description: Resources declares the resources given
                                to this task as inputs and outputs.
                              properties:
                                inputs:
                                  description: Inputs holds the mapping from the PipelineResources
                                    declared in DeclaredPipelineResources to the input
                                    PipelineResources required by the Task.
                                  items:
                                    description: PipelineTaskInputResource maps the
                                      name of a declared PipelineResource input dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                      This input may come from a previous task.
                                    properties:
                                      from:
                                        description: From is the list of PipelineTask
                                          names that the resource has to come from.
                                          (Implies an ordering in the execution graph.)
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                outputs:
                                  description: Outputs holds the mapping from the
                                    PipelineResources declared in DeclaredPipelineResources
                                    to the input PipelineResources required by the
                                    Task.
                                  items:
                                    description: PipelineTaskOutputResource maps the
                                      name of a declared PipelineResource output dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                    properties:
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            retries:
                              description: 'Retries represents how many times this
                                task should be retried in case of task failure: ConditionSucceeded
                                set to False'
                              type: integer
                            runAfter:
                              description: RunAfter is the list of PipelineTask names
                                that should be executed before this Task executes.
                                (Used to force a specific ordering in graph execution.)
                              items:
                                type: string
                              type: array
                              x-kubernetes-list-type: atomic
                            taskRef:
                              description: TaskRef is a reference to a task definition.
                              properties:
                                apiVersion:
                                  description: API version of the referent
                                  type: string
                                bundle:
                                  description: 'Bundle url reference to a Tekton Bundle.
                                    Deprecated: Please use ResolverRef with the bundles
                                    resolver instead.'
                                  type: string
                                kind:
                                  description: TaskKind indicates the kind of the
                                    task, namespaced or cluster scoped.
                                  type: string
                                name:
                                  description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                                  type: string
                                params:
                                  description: Params contains the parameters used
                                    to identify the referenced Tekton resource. Example
                                    entries might include "repo" or "path" but the
                                    set of params ultimately depends on the chosen
                                    resolver.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resolver:
                                  description: Resolver is the name of the resolver
                                    that should perform resolution of the referenced
                                    Tekton resource, such as "git".
                                  type: string
                              type: object
                            taskSpec:
                              description: TaskSpec is a specification of a task
                              properties:
                                apiVersion:
                                  type: string
                                description:
                                  description: Description is a user-facing description
                                    of the task that may be used to populate a UI.
                                  type: string
                                kind:
                                  type: string
                                metadata:
                                  description: PipelineTaskMetadata contains the labels
                                    or annotations for an EmbeddedTask
                                  properties:
                                    annotations:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    labels:
                                      additionalProperties:
                                        type: string
                                      type: object
                                  type: object
                                params:
                                  description: Params is a list of input parameters
                                    required to run the task. Params must be supplied
                                    as inputs in TaskRuns unless they declare a default
                                    value.
                                  items:
                                    description: ParamSpec defines arbitrary parameters
                                      needed beyond typed inputs (such as resources).
                                      Parameter values are provided by users as inputs
                                      on a TaskRun or PipelineRun.
                                    properties:
                                      default:
                                        description: Default is the value a parameter
                                          takes if no input value is supplied. If
                                          default is set, a Task may be executed without
                                          a supplied value for the parameter.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                      description:
                                        description: Description is a user-facing
                                          description of the parameter that may be
                                          used to populate a UI.
                                        type: string
                                      name:
                                        description: Name declares the name by which
                                          a parameter is referenced.
                                        type: string
                                      properties:
                                        additionalProperties:
                                          description: PropertySpec defines the struct
                                            for object keys
                                          properties:
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          type: object
                                        description: Properties is the JSON Schema
                                          properties to support key-value pairs parameter.
                                        type: object
                                      type:
                                        description: Type is the user-specified type
                                          of the parameter. The possible types are
                                          currently "string", "array" and "object",
                                          and "string" is the default.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resources:
                                  description: Resources is a list input and output
                                    resource to run the task Resources are represented
                                    in TaskRuns as bindings to instances of PipelineResources.
                                  properties:
                                    inputs:
                                      description: Inputs holds the mapping from the
                                        PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    outputs:
                                      description: Outputs holds the mapping from
                                        the PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                results:
                                  description: Results are values that this Task can
                                    output
                                  items:
                                    description: TaskResult used to describe the results
                                      of a task
                                    properties:
                                      description:
                                        description: Description is a human-readable
                                          description of the result
                                        type: string
                                      name:
                                        description: Name the given name
                                        type: string
                                      properties:
                                        additionalProperties:
                                          description: PropertySpec defines the struct
                                            for object keys
                                          properties:
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          type: object
                                        description: Properties is the JSON Schema
                                          properties to support key-value pairs results.
                                        type: object
                                      type:
                                        description: Type is the user-specified type
                                          of the result. The possible type is currently
                                          "string" and will support "array" in following
                                          work.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                sidecars:
                                  description: Sidecars are run alongside the Task's
                                    step containers. They begin before the steps start
                                    and end after the steps complete.
                                  items:
                                    description: Sidecar has nearly the same data
                                      structure as Step but does not have the ability
                                      to timeout.
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The image''s CMD is used if this is not
                                          provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the Sidecar''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the Sidecar. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the Sidecar. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the Sidecar is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Image name to be used by the
                                          Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Actions that the management system
                                          should take in response to Sidecar lifecycle
                                          events. Cannot be updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Periodic probe of Sidecar liveness.
                                          Container will be restarted if the probe
                                          fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the Sidecar specified
                                          as a DNS_LABEL. Each Sidecar in a Task must
                                          have a unique name (DNS_LABEL). Cannot be
                                          updated.
                                        type: string
                                      ports:
                                        description: List of ports to expose from
                                          the Sidecar. Exposing a port here gives
                                          the system additional information about
                                          the network connections a container uses,
                                          but is primarily informational. Not specifying
                                          a port here DOES NOT prevent that port from
                                          being exposed. Any port which is listening
                                          on the default "0.0.0.0" address inside
                                          a container will be accessible from the
                                          network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Periodic probe of Sidecar service
                                          readiness. Container will be removed from
                                          service endpoints if the probe fails. Cannot
                                          be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this Sidecar. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          or Args."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the Sidecar should be run
                                          with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'StartupProbe indicates that
                                          the Pod the Sidecar is running in has successfully
                                          initialized. If specified, no other probes
                                          are executed until this completes successfully.
                                          If this probe fails, the Pod will be restarted,
                                          just as if the livenessProbe failed. This
                                          can be used to provide different probe parameters
                                          at the beginning of a Pod''s lifecycle,
                                          when it might take a long time to load data
                                          or warm a cache, than during steady-state
                                          operation. This cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stdin:
                                        description: Whether this Sidecar should allocate
                                          a buffer for stdin in the container runtime.
                                          If this is not set, reads from stdin in
                                          the Sidecar will always result in EOF. Default
                                          is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Whether the container runtime
                                          should close the stdin channel after it
                                          has been opened by a single attach. When
                                          stdin is true the stdin stream will remain
                                          open across multiple attach sessions. If
                                          stdinOnce is set to true, stdin is opened
                                          on Sidecar start, is empty until the first
                                          client attaches to stdin, and then remains
                                          open and accepts data until the client disconnects,
                                          at which time stdin is closed and remains
                                          closed until the Sidecar is restarted. If
                                          this flag is false, a container processes
                                          that reads from stdin will never receive
                                          an EOF. Default is false
                                        type: boolean
                                      terminationMessagePath:
                                        description: 'Optional: Path at which the
                                          file to which the Sidecar''s termination
                                          message will be written is mounted into
                                          the Sidecar''s filesystem. Message written
                                          is intended to be brief final status, such
                                          as an assertion failure message. Will be
                                          truncated by the node if greater than 4096
                                          bytes. The total message length across all
                                          containers will be limited to 12kb. Defaults
                                          to /dev/termination-log. Cannot be updated.'
                                        type: string
                                      terminationMessagePolicy:
                                        description: Indicate how the termination
                                          message should be populated. File will use
                                          the contents of terminationMessagePath to
                                          populate the Sidecar status message on both
                                          success and failure. FallbackToLogsOnError
                                          will use the last chunk of Sidecar log output
                                          if the termination message file is empty
                                          and the Sidecar exited with an error. The
                                          log output is limited to 2048 bytes or 80
                                          lines, whichever is smaller. Defaults to
                                          File. Cannot be updated.
                                        type: string
                                      tty:
                                        description: Whether this Sidecar should allocate
                                          a TTY for itself, also requires 'stdin'
                                          to be true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the Sidecar.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Volumes to mount into the Sidecar's
                                          filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Sidecar's working directory.
                                          If not specified, the container runtime's
                                          default will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Sidecar wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                spec:
                                  description: Spec is a specification of a custom
                                    task
                                  type: object
                                stepTemplate:
                                  description: StepTemplate can be used as the basis
                                    for all step containers within the Task, so that
                                    the steps inherit settings on the base container.
                                  properties:
                                    args:
                                      description: 'Arguments to the entrypoint. The
                                        image''s CMD is used if this is not provided.
                                        Variable references $(VAR_NAME) are expanded
                                        using the Step''s environment. If a variable
                                        cannot be resolved, the reference in the input
                                        string will be unchanged. Double $$ are reduced
                                        to a single $, which allows for escaping the
                                        $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
                                        produce the string literal "$(VAR_NAME)".
                                        Escaped references will never be expanded,
                                        regardless of whether the variable exists
                                        or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    command:
                                      description: 'Entrypoint array. Not executed
                                        within a shell. The docker image''s ENTRYPOINT
                                        is used if this is not provided. Variable
                                        references $(VAR_NAME) are expanded using
                                        the Step''s environment. If a variable cannot
                                        be resolved, the reference in the input string
                                        will be unchanged. Double $$ are reduced to
                                        a single $, which allows for escaping the
                                        $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
                                        produce the string literal "$(VAR_NAME)".
                                        Escaped references will never be expanded,
                                        regardless of whether the variable exists
                                        or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    env:
                                      description: List of environment variables to
                                        set in the container. Cannot be updated.
                                      items:
                                        description: EnvVar represents an environment
                                          variable present in a Container.
                                        properties:
                                          name:
                                            description: Name of the environment variable.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          value:
                                            description: 'Variable references $(VAR_NAME)
                                              are expanded using the previously defined
                                              environment variables in the container
                                              and any service environment variables.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Defaults to "".'
                                            type: string
                                          valueFrom:
                                            description: Source for the environment
                                              variable's value. Cannot be used if
                                              value is not empty.
                                            properties:
                                              configMapKeyRef:
                                                description: Selects a key of a ConfigMap.
                                                properties:
                                                  key:
                                                    description: The key to select.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      ConfigMap or its key must be
                                                      defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                              fieldRef:
                                                description: 'Selects a field of the
                                                  pod: supports metadata.name, metadata.namespace,
                                                  `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
                                                  spec.nodeName, spec.serviceAccountName,
                                                  status.hostIP, status.podIP, status.podIPs.'
                                                properties:
                                                  apiVersion:
                                                    description: Version of the schema
                                                      the FieldPath is written in
                                                      terms of, defaults to "v1".
                                                    type: string
                                                  fieldPath:
                                                    description: Path of the field
                                                      to select in the specified API
                                                      version.
                                                    type: string
                                                required:
                                                - fieldPath
                                                type: object
                                              resourceFieldRef:
                                                description: 'Selects a resource of
                                                  the container: only resources limits
                                                  and requests (limits.cpu, limits.memory,
                                                  limits.ephemeral-storage, requests.cpu,
                                                  requests.memory and requests.ephemeral-storage)
                                                  are currently supported.'
                                                properties:
                                                  containerName:
                                                    description: 'Container name:
                                                      required for volumes, optional
                                                      for env vars'
                                                    type: string
                                                  divisor:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Specifies the output
                                                      format of the exposed resources,
                                                      defaults to "1"
                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                    x-kubernetes-int-or-string: true
                                                  resource:
                                                    description: 'Required: resource
                                                      to select'
                                                    type: string
                                                required:
                                                - resource
                                                type: object
                                              secretKeyRef:
                                                description: Selects a key of a secret
                                                  in the pod's namespace
                                                properties:
                                                  key:
                                                    description: The key of the secret
                                                      to select from.  Must be a valid
                                                      secret key.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      Secret or its key must be defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                            type: object
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    envFrom:
                                      description: List of sources to populate environment
                                        variables in the Step. The keys defined within
                                        a source must be a C_IDENTIFIER. All invalid
                                        keys will be reported as an event when the
                                        container is starting. When a key exists in
                                        multiple sources, the value associated with
                                        the last source will take precedence. Values
                                        defined by an Env with a duplicate key will
                                        take precedence. Cannot be updated.
                                      items:
                                        description: EnvFromSource represents the
                                          source of a set of ConfigMaps
                                        properties:
                                          configMapRef:
                                            description: The ConfigMap to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the ConfigMap
                                                  must be defined
                                                type: boolean
                                            type: object
                                          prefix:
                                            description: An optional identifier to
                                              prepend to each key in the ConfigMap.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          secretRef:
                                            description: The Secret to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the Secret
                                                  must be defined
                                                type: boolean
                                            type: object
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    image:
                                      description: 'Default image name to use for
                                        each Step. More info: https://kubernetes.io/docs/concepts/containers/images
                                        This field is optional to allow higher level
                                        config management to default or override container
                                        images in workload controllers like Deployments
                                        and StatefulSets.'
                                      type: string
                                    imagePullPolicy:
                                      description: 'Image pull policy. One of Always,
                                        Never, IfNotPresent. Defaults to Always if
                                        :latest tag is specified, or IfNotPresent
                                        otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                      type: string
                                    lifecycle:
                                      description: Deprecated. This field will be
                                        removed in a future release. Actions that
                                        the management system should take in response
                                        to container lifecycle events. Cannot be updated.
                                      properties:
                                        postStart:
                                          description: 'PostStart is called immediately
                                            after a container is created. If the handler
                                            fails, the container is terminated and
                                            restarted according to its restart policy.
                                            Other management of the container blocks
                                            until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                        preStop:
                                          description: 'PreStop is called immediately
                                            before a container is terminated due to
                                            an API request or management event such
                                            as liveness/startup probe failure, preemption,
                                            resource contention, etc. The handler
                                            is not called if the container crashes
                                            or exits. The Pod''s termination grace
                                            period countdown begins before the PreStop
                                            hook is executed. Regardless of the outcome
                                            of the handler, the container will eventually
                                            terminate within the Pod''s termination
                                            grace period (unless delayed by finalizers).
                                            Other management of the container blocks
                                            until the hook completes or until the
                                            termination grace period is reached. More
                                            info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                      type: object
                                    livenessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container liveness. Container will be restarted
                                        if the probe fails. Cannot be updated. More
                                        info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    name:
                                      description: Deprecated. This field will be
                                        removed in a future release. Default name
                                        for each Step specified as a DNS_LABEL. Each
                                        Step in a Task must have a unique name. Cannot
                                        be updated.
                                      type: string
                                    ports:
                                      description: Deprecated. This field will be
                                        removed in a future release. List of ports
                                        to expose from the Step's container. Exposing
                                        a port here gives the system additional information
                                        about the network connections a container
                                        uses, but is primarily informational. Not
                                        specifying a port here DOES NOT prevent that
                                        port from being exposed. Any port which is
                                        listening on the default "0.0.0.0" address
                                        inside a container will be accessible from
                                        the network. Cannot be updated.
                                      items:
                                        description: ContainerPort represents a network
                                          port in a single container.
                                        properties:
                                          containerPort:
                                            description: Number of port to expose
                                              on the pod's IP address. This must be
                                              a valid port number, 0 < x < 65536.
                                            format: int32
                                            type: integer
                                          hostIP:
                                            description: What host IP to bind the
                                              external port to.
                                            type: string
                                          hostPort:
                                            description: Number of port to expose
                                              on the host. If specified, this must
                                              be a valid port number, 0 < x < 65536.
                                              If HostNetwork is specified, this must
                                              match ContainerPort. Most containers
                                              do not need this.
                                            format: int32
                                            type: integer
                                          name:
                                            description: If specified, this must be
                                              an IANA_SVC_NAME and unique within the
                                              pod. Each named port in a pod must have
                                              a unique name. Name for the port that
                                              can be referred to by services.
                                            type: string
                                          protocol:
                                            default: TCP
                                            description: Protocol for port. Must be
                                              UDP, TCP, or SCTP. Defaults to "TCP".
                                            type: string
                                        required:
                                        - containerPort
                                        type: object
                                      type: array
                                      x-kubernetes-list-map-keys:
                                      - containerPort
                                      - protocol
                                      x-kubernetes-list-type: map
                                    readinessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container service readiness. Container
                                        will be removed from service endpoints if
                                        the probe fails. Cannot be updated. More info:
                                        https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    resources:
                                      description: 'Compute Resources required by
                                        this Step. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    securityContext:
                                      description: 'SecurityContext defines the security
                                        options the Step should be run with. If set,
                                        the fields of SecurityContext override the
                                        equivalent fields of PodSecurityContext. More
                                        info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                      properties:
                                        allowPrivilegeEscalation:
                                          description: 'AllowPrivilegeEscalation controls
                                            whether a process can gain more privileges
                                            than its parent process. This bool directly
                                            controls if the no_new_privs flag will
                                            be set on the container process. AllowPrivilegeEscalation
                                            is true always when the container is:
                                            1) run as Privileged 2) has CAP_SYS_ADMIN
                                            Note that this field cannot be set when
                                            spec.os.name is windows.'
                                          type: boolean
                                        capabilities:
                                          description: The capabilities to add/drop
                                            when running containers. Defaults to the
                                            default set of capabilities granted by
                                            the container runtime. Note that this
                                            field cannot be set when spec.os.name
                                            is windows.
                                          properties:
                                            add:
                                              description: Added capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                            drop:
                                              description: Removed capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                          type: object
                                        privileged:
                                          description: Run container in privileged
                                            mode. Processes in privileged containers
                                            are essentially equivalent to root on
                                            the host. Defaults to false. Note that
                                            this field cannot be set when spec.os.name
                                            is windows.
                                          type: boolean
                                        procMount:
                                          description: procMount denotes the type
                                            of proc mount to use for the containers.
                                            The default is DefaultProcMount which
                                            uses the container runtime defaults for
                                            readonly paths and masked paths. This
                                            requires the ProcMountType feature flag
                                            to be enabled. Note that this field cannot
                                            be set when spec.os.name is windows.
                                          type: string
                                        readOnlyRootFilesystem:
                                          description: Whether this container has
                                            a read-only root filesystem. Default is
                                            false. Note that this field cannot be
                                            set when spec.os.name is windows.
                                          type: boolean
                                        runAsGroup:
                                          description: The GID to run the entrypoint
                                            of the container process. Uses runtime
                                            default if unset. May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        runAsNonRoot:
                                          description: Indicates that the container
                                            must run as a non-root user. If true,
                                            the Kubelet will validate the image at
                                            runtime to ensure that it does not run
                                            as UID 0 (root) and fail to start the
                                            container if it does. If unset or false,
                                            no such validation will be performed.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence.
                                          type: boolean
                                        runAsUser:
                                          description: The UID to run the entrypoint
                                            of the container process. Defaults to
                                            user specified in image metadata if unspecified.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        seLinuxOptions:
                                          description: The SELinux context to be applied
                                            to the container. If unspecified, the
                                            container runtime will allocate a random
                                            SELinux context for each container.  May
                                            also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            level:
                                              description: Level is SELinux level
                                                label that applies to the container.
                                              type: string
                                            role:
                                              description: Role is a SELinux role
                                                label that applies to the container.
                                              type: string
                                            type:
                                              description: Type is a SELinux type
                                                label that applies to the container.
                                              type: string
                                            user:
                                              description: User is a SELinux user
                                                label that applies to the container.
                                              type: string
                                          type: object
                                        seccompProfile:
                                          description: The seccomp options to use
                                            by this container. If seccomp options
                                            are provided at both the pod & container
                                            level, the container options override
                                            the pod options. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            localhostProfile:
                                              description: localhostProfile indicates
                                                a profile defined in a file on the
                                                node should be used. The profile must
                                                be preconfigured on the node to work.
                                                Must be a descending path, relative
                                                to the kubelet's configured seccomp
                                                profile location. Must only be set
                                                if type is "Localhost".
                                              type: string
                                            type:
                                              description: "type indicates which kind
                                                of seccomp profile will be applied.
                                                Valid options are: \n Localhost -
                                                a profile defined in a file on the
                                                node should be used. RuntimeDefault
                                                - the container runtime default profile
                                                should be used. Unconfined - no profile
                                                should be applied."
                                              type: string
                                          required:
                                          - type
                                          type: object
                                        windowsOptions:
                                          description: The Windows specific settings
                                            applied to all containers. If unspecified,
                                            the options from the PodSecurityContext
                                            will be used. If set in both SecurityContext
                                            and PodSecurityContext, the value specified
                                            in SecurityContext takes precedence. Note
                                            that this field cannot be set when spec.os.name
                                            is linux.
                                          properties:
                                            gmsaCredentialSpec:
                                              description: GMSACredentialSpec is where
                                                the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                inlines the contents of the GMSA credential
                                                spec named by the GMSACredentialSpecName
                                                field.
                                              type: string
                                            gmsaCredentialSpecName:
                                              description: GMSACredentialSpecName
                                                is the name of the GMSA credential
                                                spec to use.
                                              type: string
                                            hostProcess:
                                              description: HostProcess determines
                                                if a container should be run as a
                                                'Host Process' container. This field
                                                is alpha-level and will only be honored
                                                by components that enable the WindowsHostProcessContainers
                                                feature flag. Setting this field without
                                                the feature flag will result in errors
                                                when validating the Pod. All of a
                                                Pod's containers must have the same
                                                effective HostProcess value (it is
                                                not allowed to have a mix of HostProcess
                                                containers and non-HostProcess containers).  In
                                                addition, if HostProcess is true then
                                                HostNetwork must also be set to true.
                                              type: boolean
                                            runAsUserName:
                                              description: The UserName in Windows
                                                to run the entrypoint of the container
                                                process. Defaults to the user specified
                                                in image metadata if unspecified.
                                                May also be set in PodSecurityContext.
                                                If set in both SecurityContext and
                                                PodSecurityContext, the value specified
                                                in SecurityContext takes precedence.
                                              type: string
                                          type: object
                                      type: object
                                    startupProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. DeprecatedStartupProbe
                                        indicates that the Pod has successfully initialized.
                                        If specified, no other probes are executed
                                        until this completes successfully. If this
                                        probe fails, the Pod will be restarted, just
                                        as if the livenessProbe failed. This can be
                                        used to provide different probe parameters
                                        at the beginning of a Pod''s lifecycle, when
                                        it might take a long time to load data or
                                        warm a cache, than during steady-state operation.
                                        This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    stdin:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        Step should allocate a buffer for stdin in
                                        the container runtime. If this is not set,
                                        reads from stdin in the Step will always result
                                        in EOF. Default is false.
                                      type: boolean
                                    stdinOnce:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether the container
                                        runtime should close the stdin channel after
                                        it has been opened by a single attach. When
                                        stdin is true the stdin stream will remain
                                        open across multiple attach sessions. If stdinOnce
                                        is set to true, stdin is opened on container
                                        start, is empty until the first client attaches
                                        to stdin, and then remains open and accepts
                                        data until the client disconnects, at which
                                        time stdin is closed and remains closed until
                                        the container is restarted. If this flag is
                                        false, a container processes that reads from
                                        stdin will never receive an EOF. Default is
                                        false
                                      type: boolean
                                    terminationMessagePath:
                                      description: Deprecated. This field will be
                                        removed in a future release and cannot be
                                        meaningfully used.
                                      type: string
                                    terminationMessagePolicy:
                                      description: Deprecated. This field will be
                                        removed in a future release and cannot be
                                        meaningfully used.
                                      type: string
                                    tty:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        Step should allocate a DeprecatedTTY for itself,
                                        also requires 'stdin' to be true. Default
                                        is false.
                                      type: boolean
                                    volumeDevices:
                                      description: volumeDevices is the list of block
                                        devices to be used by the Step.
                                      items:
                                        description: volumeDevice describes a mapping
                                          of a raw block device within a container.
                                        properties:
                                          devicePath:
                                            description: devicePath is the path inside
                                              of the container that the device will
                                              be mapped to.
                                            type: string
                                          name:
                                            description: name must match the name
                                              of a persistentVolumeClaim in the pod
                                            type: string
                                        required:
                                        - devicePath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    volumeMounts:
                                      description: Volumes to mount into the Step's
                                        filesystem. Cannot be updated.
                                      items:
                                        description: VolumeMount describes a mounting
                                          of a Volume within a container.
                                        properties:
                                          mountPath:
                                            description: Path within the container
                                              at which the volume should be mounted.  Must
                                              not contain ':'.
                                            type: string
                                          mountPropagation:
                                            description: mountPropagation determines
                                              how mounts are propagated from the host
                                              to container and the other way around.
                                              When not set, MountPropagationNone is
                                              used. This field is beta in 1.10.
                                            type: string
                                          name:
                                            description: This must match the Name
                                              of a Volume.
                                            type: string
                                          readOnly:
                                            description: Mounted read-only if true,
                                              read-write otherwise (false or unspecified).
                                              Defaults to false.
                                            type: boolean
                                          subPath:
                                            description: Path within the volume from
                                              which the container's volume should
                                              be mounted. Defaults to "" (volume's
                                              root).
                                            type: string
                                          subPathExpr:
                                            description: Expanded path within the
                                              volume from which the container's volume
                                              should be mounted. Behaves similarly
                                              to SubPath but environment variable
                                              references $(VAR_NAME) are expanded
                                              using the container's environment. Defaults
                                              to "" (volume's root). SubPathExpr and
                                              SubPath are mutually exclusive.
                                            type: string
                                        required:
                                        - mountPath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    workingDir:
                                      description: Step's working directory. If not
                                        specified, the container runtime's default
                                        will be used, which might be configured in
                                        the container image. Cannot be updated.
                                      type: string
                                  required:
                                  - name
                                  type: object
                                steps:
                                  description: Steps are the steps of the build; each
                                    step is run sequentially with the source mounted
                                    into /workspace.
                                  items:
                                    description: Step runs a subcomponent of a Task
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The image''s CMD is used if this is not
                                          provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the container''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the container. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the container. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the container is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Image reference name to run
                                          for this Step. More info: https://kubernetes.io/docs/concepts/containers/images'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Deprecated. This field will be
                                          removed in a future release. Actions that
                                          the management system should take in response
                                          to container lifecycle events. Cannot be
                                          updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container liveness. Step will be
                                          restarted if the probe fails. Cannot be
                                          updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the Step specified as
                                          a DNS_LABEL. Each Step in a Task must have
                                          a unique name.
                                        type: string
                                      onError:
                                        description: OnError defines the exiting behavior
                                          of a container on error can be set to [
                                          continue | stopAndFail ]
                                        type: string
                                      ports:
                                        description: Deprecated. This field will be
                                          removed in a future release. List of ports
                                          to expose from the Step's container. Exposing
                                          a port here gives the system additional
                                          information about the network connections
                                          a container uses, but is primarily informational.
                                          Not specifying a port here DOES NOT prevent
                                          that port from being exposed. Any port which
                                          is listening on the default "0.0.0.0" address
                                          inside a container will be accessible from
                                          the network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container service readiness. Step
                                          will be removed from service endpoints if
                                          the probe fails. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this Step. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          and the Args will be passed to the Script."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the Step should be run
                                          with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. DeprecatedStartupProbe
                                          indicates that the Pod this Step runs in
                                          has successfully initialized. If specified,
                                          no other probes are executed until this
                                          completes successfully. If this probe fails,
                                          the Pod will be restarted, just as if the
                                          livenessProbe failed. This can be used to
                                          provide different probe parameters at the
                                          beginning of a Pod''s lifecycle, when it
                                          might take a long time to load data or warm
                                          a cache, than during steady-state operation.
                                          This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stderrConfig:
                                        description: Stores configuration for the
                                          stderr stream of the step.
                                        properties:
                                          path:
                                            description: Path to duplicate stdout
                                              stream to on container's local filesystem.
                                            type: string
                                        type: object
                                      stdin:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a buffer for stdin
                                          in the container runtime. If this is not
                                          set, reads from stdin in the container will
                                          always result in EOF. Default is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether the
                                          container runtime should close the stdin
                                          channel after it has been opened by a single
                                          attach. When stdin is true the stdin stream
                                          will remain open across multiple attach
                                          sessions. If stdinOnce is set to true, stdin
                                          is opened on container start, is empty until
                                          the first client attaches to stdin, and
                                          then remains open and accepts data until
                                          the client disconnects, at which time stdin
                                          is closed and remains closed until the container
                                          is restarted. If this flag is false, a container
                                          processes that reads from stdin will never
                                          receive an EOF. Default is false
                                        type: boolean
                                      stdoutConfig:
                                        description: Stores configuration for the
                                          stdout stream of the step.
                                        properties:
                                          path:
                                            description: Path to duplicate stdout
                                              stream to on container's local filesystem.
                                            type: string
                                        type: object
                                      terminationMessagePath:
                                        description: Deprecated. This field will be
                                          removed in a future release and can't be
                                          meaningfully used.
                                        type: string
                                      terminationMessagePolicy:
                                        description: Deprecated. This field will be
                                          removed in a future release and can't be
                                          meaningfully used.
                                        type: string
                                      timeout:
                                        description: 'Timeout is the time after which
                                          the step times out. Defaults to never. Refer
                                          to Go''s ParseDuration documentation for
                                          expected format: https://golang.org/pkg/time/#ParseDuration'
                                        type: string
                                      tty:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a DeprecatedTTY
                                          for itself, also requires 'stdin' to be
                                          true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the Step.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Volumes to mount into the Step's
                                          filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Step's working directory. If
                                          not specified, the container runtime's default
                                          will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Step wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                volumes:
                                  description: Volumes is a collection of volumes
                                    that are available to mount into the steps of
                                    the build.
                                  items:
                                    description: Volume represents a named volume
                                      in a pod that may be accessed by any container
                                      in the pod.
                                    properties:
                                      awsElasticBlockStore:
                                        description: 'awsElasticBlockStore represents
                                          an AWS Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty).'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly value true will
                                              force the readOnly setting in VolumeMounts.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: boolean
                                          volumeID:
                                            description: 'volumeID is unique ID of
                                              the persistent disk resource in AWS
                                              (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      azureDisk:
                                        description: azureDisk represents an Azure
                                          Data Disk mount on the host and bind mount
                                          to the pod.
                                        properties:
                                          cachingMode:
                                            description: 'cachingMode is the Host
                                              Caching mode: None, Read Only, Read
                                              Write.'
                                            type: string
                                          diskName:
                                            description: diskName is the Name of the
                                              data disk in the blob storage
                                            type: string
                                          diskURI:
                                            description: diskURI is the URI of data
                                              disk in the blob storage
                                            type: string
                                          fsType:
                                            description: fsType is Filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          kind:
                                            description: 'kind expected values are
                                              Shared: multiple blob disks per storage
                                              account  Dedicated: single blob disk
                                              per storage account  Managed: azure
                                              managed data disk (only in managed availability
                                              set). defaults to shared'
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                        required:
                                        - diskName
                                        - diskURI
                                        type: object
                                      azureFile:
                                        description: azureFile represents an Azure
                                          File Service mount on the host and bind
                                          mount to the pod.
                                        properties:
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretName:
                                            description: secretName is the  name of
                                              secret that contains Azure Storage Account
                                              Name and Key
                                            type: string
                                          shareName:
                                            description: shareName is the azure share
                                              Name
                                            type: string
                                        required:
                                        - secretName
                                        - shareName
                                        type: object
                                      cephfs:
                                        description: cephFS represents a Ceph FS mount
                                          on the host that shares a pod's lifetime
                                        properties:
                                          monitors:
                                            description: 'monitors is Required: Monitors
                                              is a collection of Ceph monitors More
                                              info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          path:
                                            description: 'path is Optional: Used as
                                              the mounted root, rather than the full
                                              Ceph tree, default is /'
                                            type: string
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: boolean
                                          secretFile:
                                            description: 'secretFile is Optional:
                                              SecretFile is the path to key ring for
                                              User, default is /etc/ceph/user.secret
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                          secretRef:
                                            description: 'secretRef is Optional: SecretRef
                                              is reference to the authentication secret
                                              for User, default is empty. More info:
                                              https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is optional: User is
                                              the rados user name, default is admin
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - monitors
                                        type: object
                                      cinder:
                                        description: 'cinder represents a cinder volume
                                          attached and mounted on kubelets host machine.
                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                          readOnly:
                                            description: 'readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is optional: points
                                              to a secret object containing parameters
                                              used to connect to OpenStack.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeID:
                                            description: 'volumeID used to identify
                                              the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      configMap:
                                        description: configMap represents a configMap
                                          that should populate this volume
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      csi:
                                        description: csi (Container Storage Interface)
                                          represents ephemeral storage that is handled
                                          by certain external CSI drivers (Beta feature).
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              CSI driver that handles this volume.
                                              Consult with your admin for the correct
                                              name as registered in the cluster.
                                            type: string
                                          fsType:
                                            description: fsType to mount. Ex. "ext4",
                                              "xfs", "ntfs". If not provided, the
                                              empty value is passed to the associated
                                              CSI driver which will determine the
                                              default filesystem to apply.
                                            type: string
                                          nodePublishSecretRef:
                                            description: nodePublishSecretRef is a
                                              reference to the secret object containing
                                              sensitive information to pass to the
                                              CSI driver to complete the CSI NodePublishVolume
                                              and NodeUnpublishVolume calls. This
                                              field is optional, and  may be empty
                                              if no secret is required. If the secret
                                              object contains more than one secret,
                                              all secret references are passed.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          readOnly:
                                            description: readOnly specifies a read-only
                                              configuration for the volume. Defaults
                                              to false (read/write).
                                            type: boolean
                                          volumeAttributes:
                                            additionalProperties:
                                              type: string
                                            description: volumeAttributes stores driver-specific
                                              properties that are passed to the CSI
                                              driver. Consult your driver's documentation
                                              for supported values.
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI represents downward
                                          API about the pod that should populate this
                                          volume
                                        properties:
                                          defaultMode:
                                            description: 'Optional: mode bits to use
                                              on created files by default. Must be
                                              a Optional: mode bits used to set permissions
                                              on created files by default. Must be
                                              an octal value between 0000 and 0777
                                              or a decimal value between 0 and 511.
                                              YAML accepts both octal and decimal
                                              values, JSON requires decimal values
                                              for mode bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: Items is a list of downward
                                              API volume file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      emptyDir:
                                        description: 'emptyDir represents a temporary
                                          directory that shares a pod''s lifetime.
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        properties:
                                          medium:
                                            description: 'medium represents what type
                                              of storage medium should back this directory.
                                              The default is "" which means to use
                                              the node''s default medium. Must be
                                              an empty string (default) or Memory.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            type: string
                                          sizeLimit:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: 'sizeLimit is the total amount
                                              of local storage required for this EmptyDir
                                              volume. The size limit is also applicable
                                              for memory medium. The maximum usage
                                              on memory medium EmptyDir would be the
                                              minimum value between the SizeLimit
                                              specified here and the sum of memory
                                              limits of all containers in a pod. The
                                              default is nil which means that the
                                              limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                        type: object
                                      ephemeral:
                                        description: "ephemeral represents a volume
                                          that is handled by a cluster storage driver.
                                          The volume's lifecycle is tied to the pod
                                          that defines it - it will be created before
                                          the pod starts, and deleted when the pod
                                          is removed. \n Use this if: a) the volume
                                          is only needed while the pod runs, b) features
                                          of normal volumes like restoring from snapshot
                                          or capacity    tracking are needed, c) the
                                          storage driver is specified through a storage
                                          class, and d) the storage driver supports
                                          dynamic volume provisioning through    a
                                          PersistentVolumeClaim (see EphemeralVolumeSource
                                          for more    information on the connection
                                          between this volume type    and PersistentVolumeClaim).
                                          \n Use PersistentVolumeClaim or one of the
                                          vendor-specific APIs for volumes that persist
                                          for longer than the lifecycle of an individual
                                          pod. \n Use CSI for light-weight local ephemeral
                                          volumes if the CSI driver is meant to be
                                          used that way - see the documentation of
                                          the driver for more information. \n A pod
                                          can use both types of ephemeral volumes
                                          and persistent volumes at the same time."
                                        properties:
                                          volumeClaimTemplate:
                                            description: "Will be used to create a
                                              stand-alone PVC to provision the volume.
                                              The pod in which this EphemeralVolumeSource
                                              is embedded will be the owner of the
                                              PVC, i.e. the PVC will be deleted together
                                              with the pod.  The name of the PVC will
                                              be `<pod name>-<volume name>` where
                                              `<volume name>` is the name from the
                                              `PodSpec.Volumes` array entry. Pod validation
                                              will reject the pod if the concatenated
                                              name is not valid for a PVC (for example,
                                              too long). \n An existing PVC with that
                                              name that is not owned by the pod will
                                              *not* be used for the pod to avoid using
                                              an unrelated volume by mistake. Starting
                                              the pod is then blocked until the unrelated
                                              PVC is removed. If such a pre-created
                                              PVC is meant to be used by the pod,
                                              the PVC has to updated with an owner
                                              reference to the pod once the pod exists.
                                              Normally this should not be necessary,
                                              but it may be useful when manually reconstructing
                                              a broken cluster. \n This field is read-only
                                              and no changes will be made by Kubernetes
                                              to the PVC after it has been created.
                                              \n Required, must not be nil."
                                            properties:
                                              metadata:
                                                description: May contain labels and
                                                  annotations that will be copied
                                                  into the PVC when creating it. No
                                                  other fields are allowed and will
                                                  be rejected during validation.
                                                type: object
                                              spec:
                                                description: The specification for
                                                  the PersistentVolumeClaim. The entire
                                                  content is copied unchanged into
                                                  the PVC that gets created from this
                                                  template. The same fields as in
                                                  a PersistentVolumeClaim are also
                                                  valid here.
                                                properties:
                                                  accessModes:
                                                    description: 'accessModes contains
                                                      the desired access modes the
                                                      volume should have. More info:
                                                      https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                    items:
                                                      type: string
                                                    type: array
                                                  dataSource:
                                                    description: 'dataSource field
                                                      can be used to specify either:
                                                      * An existing VolumeSnapshot
                                                      object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                      * An existing PVC (PersistentVolumeClaim)
                                                      If the provisioner or an external
                                                      controller can support the specified
                                                      data source, it will create
                                                      a new volume based on the contents
                                                      of the specified data source.
                                                      If the AnyVolumeDataSource feature
                                                      gate is enabled, this field
                                                      will always have the same contents
                                                      as the DataSourceRef field.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  dataSourceRef:
                                                    description: 'dataSourceRef specifies
                                                      the object from which to populate
                                                      the volume with data, if a non-empty
                                                      volume is desired. This may
                                                      be any local object from a non-empty
                                                      API group (non core object)
                                                      or a PersistentVolumeClaim object.
                                                      When this field is specified,
                                                      volume binding will only succeed
                                                      if the type of the specified
                                                      object matches some installed
                                                      volume populator or dynamic
                                                      provisioner. This field will
                                                      replace the functionality of
                                                      the DataSource field and as
                                                      such if both fields are non-empty,
                                                      they must have the same value.
                                                      For backwards compatibility,
                                                      both fields (DataSource and
                                                      DataSourceRef) will be set to
                                                      the same value automatically
                                                      if one of them is empty and
                                                      the other is non-empty. There
                                                      are two important differences
                                                      between DataSource and DataSourceRef:
                                                      * While DataSource only allows
                                                      two specific types of objects,
                                                      DataSourceRef   allows any non-core
                                                      object, as well as PersistentVolumeClaim
                                                      objects. * While DataSource
                                                      ignores disallowed values (dropping
                                                      them), DataSourceRef   preserves
                                                      all values, and generates an
                                                      error if a disallowed value
                                                      is   specified. (Beta) Using
                                                      this field requires the AnyVolumeDataSource
                                                      feature gate to be enabled.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  resources:
                                                    description: 'resources represents
                                                      the minimum resources the volume
                                                      should have. If RecoverVolumeExpansionFailure
                                                      feature is enabled users are
                                                      allowed to specify resource
                                                      requirements that are lower
                                                      than previous value but must
                                                      still be higher than capacity
                                                      recorded in the status field
                                                      of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                    properties:
                                                      limits:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Limits describes
                                                          the maximum amount of compute
                                                          resources allowed. More
                                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                      requests:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Requests describes
                                                          the minimum amount of compute
                                                          resources required. If Requests
                                                          is omitted for a container,
                                                          it defaults to Limits if
                                                          that is explicitly specified,
                                                          otherwise to an implementation-defined
                                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                    type: object
                                                  selector:
                                                    description: selector is a label
                                                      query over volumes to consider
                                                      for binding.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  storageClassName:
                                                    description: 'storageClassName
                                                      is the name of the StorageClass
                                                      required by the claim. More
                                                      info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                    type: string
                                                  volumeMode:
                                                    description: volumeMode defines
                                                      what type of volume is required
                                                      by the claim. Value of Filesystem
                                                      is implied when not included
                                                      in claim spec.
                                                    type: string
                                                  volumeName:
                                                    description: volumeName is the
                                                      binding reference to the PersistentVolume
                                                      backing this claim.
                                                    type: string
                                                type: object
                                            required:
                                            - spec
                                            type: object
                                        type: object
                                      fc:
                                        description: fc represents a Fibre Channel
                                          resource that is attached to a kubelet's
                                          host machine and then exposed to the pod.
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          lun:
                                            description: 'lun is Optional: FC target
                                              lun number'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          targetWWNs:
                                            description: 'targetWWNs is Optional:
                                              FC target worldwide names (WWNs)'
                                            items:
                                              type: string
                                            type: array
                                          wwids:
                                            description: 'wwids Optional: FC volume
                                              world wide identifiers (wwids) Either
                                              wwids or combination of targetWWNs and
                                              lun must be set, but not both simultaneously.'
                                            items:
                                              type: string
                                            type: array
                                        type: object
                                      flexVolume:
                                        description: flexVolume represents a generic
                                          volume resource that is provisioned/attached
                                          using an exec based plugin.
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              driver to use for this volume.
                                            type: string
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". The
                                              default filesystem depends on FlexVolume
                                              script.
                                            type: string
                                          options:
                                            additionalProperties:
                                              type: string
                                            description: 'options is Optional: this
                                              field holds extra command options if
                                              any.'
                                            type: object
                                          readOnly:
                                            description: 'readOnly is Optional: defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is Optional: secretRef
                                              is reference to the secret object containing
                                              sensitive information to pass to the
                                              plugin scripts. This may be empty if
                                              no secret object is specified. If the
                                              secret object contains more than one
                                              secret, all secrets are passed to the
                                              plugin scripts.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      flocker:
                                        description: flocker represents a Flocker
                                          volume attached to a kubelet's host machine.
                                          This depends on the Flocker control service
                                          being running
                                        properties:
                                          datasetName:
                                            description: datasetName is Name of the
                                              dataset stored as metadata -> name on
                                              the dataset for Flocker should be considered
                                              as deprecated
                                            type: string
                                          datasetUUID:
                                            description: datasetUUID is the UUID of
                                              the dataset. This is unique identifier
                                              of a Flocker dataset
                                            type: string
                                        type: object
                                      gcePersistentDisk:
                                        description: 'gcePersistentDisk represents
                                          a GCE Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        properties:
                                          fsType:
                                            description: 'fsType is filesystem type
                                              of the volume that you want to mount.
                                              Tip: Ensure that the filesystem type
                                              is supported by the host operating system.
                                              Examples: "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            format: int32
                                            type: integer
                                          pdName:
                                            description: 'pdName is unique name of
                                              the PD resource in GCE. Used to identify
                                              the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: boolean
                                        required:
                                        - pdName
                                        type: object
                                      gitRepo:
                                        description: 'gitRepo represents a git repository
                                          at a particular revision. DEPRECATED: GitRepo
                                          is deprecated. To provision a container
                                          with a git repo, mount an EmptyDir into
                                          an InitContainer that clones the repo using
                                          git, then mount the EmptyDir into the Pod''s
                                          container.'
                                        properties:
                                          directory:
                                            description: directory is the target directory
                                              name. Must not contain or start with
                                              '..'.  If '.' is supplied, the volume
                                              directory will be the git repository.  Otherwise,
                                              if specified, the volume will contain
                                              the git repository in the subdirectory
                                              with the given name.
                                            type: string
                                          repository:
                                            description: repository is the URL
                                            type: string
                                          revision:
                                            description: revision is the commit hash
                                              for the specified revision.
                                            type: string
                                        required:
                                        - repository
                                        type: object
                                      glusterfs:
                                        description: 'glusterfs represents a Glusterfs
                                          mount on the host that shares a pod''s lifetime.
                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                        properties:
                                          endpoints:
                                            description: 'endpoints is the endpoint
                                              name that details Glusterfs topology.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          path:
                                            description: 'path is the Glusterfs volume
                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the Glusterfs volume to be mounted with
                                              read-only permissions. Defaults to false.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: boolean
                                        required:
                                        - endpoints
                                        - path
                                        type: object
                                      hostPath:
                                        description: 'hostPath represents a pre-existing
                                          file or directory on the host machine that
                                          is directly exposed to the container. This
                                          is generally used for system agents or other
                                          privileged things that are allowed to see
                                          the host machine. Most containers will NOT
                                          need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                          --- TODO(jonesdl) We need to restrict who
                                          can use host directory mounts and who can/can
                                          not mount host directories as read/write.'
                                        properties:
                                          path:
                                            description: 'path of the directory on
                                              the host. If the path is a symlink,
                                              it will follow the link to the real
                                              path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                          type:
                                            description: 'type for HostPath Volume
                                              Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                        required:
                                        - path
                                        type: object
                                      iscsi:
                                        description: 'iscsi represents an ISCSI Disk
                                          resource that is attached to a kubelet''s
                                          host machine and then exposed to the pod.
                                          More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                        properties:
                                          chapAuthDiscovery:
                                            description: chapAuthDiscovery defines
                                              whether support iSCSI Discovery CHAP
                                              authentication
                                            type: boolean
                                          chapAuthSession:
                                            description: chapAuthSession defines whether
                                              support iSCSI Session CHAP authentication
                                            type: boolean
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          initiatorName:
                                            description: initiatorName is the custom
                                              iSCSI Initiator Name. If initiatorName
                                              is specified with iscsiInterface simultaneously,
                                              new iSCSI interface <target portal>:<volume
                                              name> will be created for the connection.
                                            type: string
                                          iqn:
                                            description: iqn is the target iSCSI Qualified
                                              Name.
                                            type: string
                                          iscsiInterface:
                                            description: iscsiInterface is the interface
                                              Name that uses an iSCSI transport. Defaults
                                              to 'default' (tcp).
                                            type: string
                                          lun:
                                            description: lun represents iSCSI Target
                                              Lun number.
                                            format: int32
                                            type: integer
                                          portals:
                                            description: portals is the iSCSI Target
                                              Portal List. The portal is either an
                                              IP or ip_addr:port if the port is other
                                              than default (typically TCP ports 860
                                              and 3260).
                                            items:
                                              type: string
                                            type: array
                                          readOnly:
                                            description: readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false.
                                            type: boolean
                                          secretRef:
                                            description: secretRef is the CHAP Secret
                                              for iSCSI target and initiator authentication
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          targetPortal:
                                            description: targetPortal is iSCSI Target
                                              Portal. The Portal is either an IP or
                                              ip_addr:port if the port is other than
                                              default (typically TCP ports 860 and
                                              3260).
                                            type: string
                                        required:
                                        - iqn
                                        - lun
                                        - targetPortal
                                        type: object
                                      name:
                                        description: 'name of the volume. Must be
                                          a DNS_LABEL and unique within the pod. More
                                          info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                        type: string
                                      nfs:
                                        description: 'nfs represents an NFS mount
                                          on the host that shares a pod''s lifetime
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        properties:
                                          path:
                                            description: 'path that is exported by
                                              the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the NFS export to be mounted with read-only
                                              permissions. Defaults to false. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: boolean
                                          server:
                                            description: 'server is the hostname or
                                              IP address of the NFS server. More info:
                                              https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                        required:
                                        - path
                                        - server
                                        type: object
                                      persistentVolumeClaim:
                                        description: 'persistentVolumeClaimVolumeSource
                                          represents a reference to a PersistentVolumeClaim
                                          in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        properties:
                                          claimName:
                                            description: 'claimName is the name of
                                              a PersistentVolumeClaim in the same
                                              namespace as the pod using this volume.
                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            type: string
                                          readOnly:
                                            description: readOnly Will force the ReadOnly
                                              setting in VolumeMounts. Default false.
                                            type: boolean
                                        required:
                                        - claimName
                                        type: object
                                      photonPersistentDisk:
                                        description: photonPersistentDisk represents
                                          a PhotonController persistent disk attached
                                          and mounted on kubelets host machine
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          pdID:
                                            description: pdID is the ID that identifies
                                              Photon Controller persistent disk
                                            type: string
                                        required:
                                        - pdID
                                        type: object
                                      portworxVolume:
                                        description: portworxVolume represents a portworx
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fSType represents the filesystem
                                              type to mount Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs". Implicitly inferred
                                              to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          volumeID:
                                            description: volumeID uniquely identifies
                                              a Portworx volume
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      projected:
                                        description: projected items for all in one
                                          resources secrets, configmaps, and downward
                                          API
                                        properties:
                                          defaultMode:
                                            description: defaultMode are the mode
                                              bits used to set permissions on created
                                              files by default. Must be an octal value
                                              between 0000 and 0777 or a decimal value
                                              between 0 and 511. YAML accepts both
                                              octal and decimal values, JSON requires
                                              decimal values for mode bits. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.
                                            format: int32
                                            type: integer
                                          sources:
                                            description: sources is the list of volume
                                              projections
                                            items:
                                              description: Projection that may be
                                                projected along with other supported
                                                volume types
                                              properties:
                                                configMap:
                                                  description: configMap information
                                                    about the configMap data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        ConfigMap will be projected
                                                        into the volume as a file
                                                        whose name is the key and
                                                        content is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        ConfigMap, the volume setup
                                                        will error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional specify
                                                        whether the ConfigMap or its
                                                        keys must be defined
                                                      type: boolean
                                                  type: object
                                                downwardAPI:
                                                  description: downwardAPI information
                                                    about the downwardAPI data to
                                                    project
                                                  properties:
                                                    items:
                                                      description: Items is a list
                                                        of DownwardAPIVolume file
                                                      items:
                                                        description: DownwardAPIVolumeFile
                                                          represents information to
                                                          create the file containing
                                                          the pod field
                                                        properties:
                                                          fieldRef:
                                                            description: 'Required:
                                                              Selects a field of the
                                                              pod: only annotations,
                                                              labels, name and namespace
                                                              are supported.'
                                                            properties:
                                                              apiVersion:
                                                                description: Version
                                                                  of the schema the
                                                                  FieldPath is written
                                                                  in terms of, defaults
                                                                  to "v1".
                                                                type: string
                                                              fieldPath:
                                                                description: Path
                                                                  of the field to
                                                                  select in the specified
                                                                  API version.
                                                                type: string
                                                            required:
                                                            - fieldPath
                                                            type: object
                                                          mode:
                                                            description: 'Optional:
                                                              mode bits used to set
                                                              permissions on this
                                                              file, must be an octal
                                                              value between 0000 and
                                                              0777 or a decimal value
                                                              between 0 and 511. YAML
                                                              accepts both octal and
                                                              decimal values, JSON
                                                              requires decimal values
                                                              for mode bits. If not
                                                              specified, the volume
                                                              defaultMode will be
                                                              used. This might be
                                                              in conflict with other
                                                              options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: 'Required:
                                                              Path is  the relative
                                                              path name of the file
                                                              to be created. Must
                                                              not be absolute or contain
                                                              the ''..'' path. Must
                                                              be utf-8 encoded. The
                                                              first item of the relative
                                                              path must not start
                                                              with ''..'''
                                                            type: string
                                                          resourceFieldRef:
                                                            description: 'Selects
                                                              a resource of the container:
                                                              only resources limits
                                                              and requests (limits.cpu,
                                                              limits.memory, requests.cpu
                                                              and requests.memory)
                                                              are currently supported.'
                                                            properties:
                                                              containerName:
                                                                description: 'Container
                                                                  name: required for
                                                                  volumes, optional
                                                                  for env vars'
                                                                type: string
                                                              divisor:
                                                                anyOf:
                                                                - type: integer
                                                                - type: string
                                                                description: Specifies
                                                                  the output format
                                                                  of the exposed resources,
                                                                  defaults to "1"
                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                x-kubernetes-int-or-string: true
                                                              resource:
                                                                description: 'Required:
                                                                  resource to select'
                                                                type: string
                                                            required:
                                                            - resource
                                                            type: object
                                                        required:
                                                        - path
                                                        type: object
                                                      type: array
                                                  type: object
                                                secret:
                                                  description: secret information
                                                    about the secret data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        Secret will be projected into
                                                        the volume as a file whose
                                                        name is the key and content
                                                        is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        Secret, the volume setup will
                                                        error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional field
                                                        specify whether the Secret
                                                        or its key must be defined
                                                      type: boolean
                                                  type: object
                                                serviceAccountToken:
                                                  description: serviceAccountToken
                                                    is information about the serviceAccountToken
                                                    data to project
                                                  properties:
                                                    audience:
                                                      description: audience is the
                                                        intended audience of the token.
                                                        A recipient of a token must
                                                        identify itself with an identifier
                                                        specified in the audience
                                                        of the token, and otherwise
                                                        should reject the token. The
                                                        audience defaults to the identifier
                                                        of the apiserver.
                                                      type: string
                                                    expirationSeconds:
                                                      description: expirationSeconds
                                                        is the requested duration
                                                        of validity of the service
                                                        account token. As the token
                                                        approaches expiration, the
                                                        kubelet volume plugin will
                                                        proactively rotate the service
                                                        account token. The kubelet
                                                        will start trying to rotate
                                                        the token if the token is
                                                        older than 80 percent of its
                                                        time to live or if the token
                                                        is older than 24 hours.Defaults
                                                        to 1 hour and must be at least
                                                        10 minutes.
                                                      format: int64
                                                      type: integer
                                                    path:
                                                      description: path is the path
                                                        relative to the mount point
                                                        of the file to project the
                                                        token into.
                                                      type: string
                                                  required:
                                                  - path
                                                  type: object
                                              type: object
                                            type: array
                                        type: object
                                      quobyte:
                                        description: quobyte represents a Quobyte
                                          mount on the host that shares a pod's lifetime
                                        properties:
                                          group:
                                            description: group to map volume access
                                              to Default is no group
                                            type: string
                                          readOnly:
                                            description: readOnly here will force
                                              the Quobyte volume to be mounted with
                                              read-only permissions. Defaults to false.
                                            type: boolean
                                          registry:
                                            description: registry represents a single
                                              or multiple Quobyte Registry services
                                              specified as a string as host:port pair
                                              (multiple entries are separated with
                                              commas) which acts as the central registry
                                              for volumes
                                            type: string
                                          tenant:
                                            description: tenant owning the given Quobyte
                                              volume in the Backend Used with dynamically
                                              provisioned Quobyte volumes, value is
                                              set by the plugin
                                            type: string
                                          user:
                                            description: user to map volume access
                                              to Defaults to serivceaccount user
                                            type: string
                                          volume:
                                            description: volume is a string that references
                                              an already created Quobyte volume by
                                              name.
                                            type: string
                                        required:
                                        - registry
                                        - volume
                                        type: object
                                      rbd:
                                        description: 'rbd represents a Rados Block
                                          Device mount on the host that shares a pod''s
                                          lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          image:
                                            description: 'image is the rados image
                                              name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          keyring:
                                            description: 'keyring is the path to key
                                              ring for RBDUser. Default is /etc/ceph/keyring.
                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          monitors:
                                            description: 'monitors is a collection
                                              of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          pool:
                                            description: 'pool is the rados pool name.
                                              Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is name of the
                                              authentication secret for RBDUser. If
                                              provided overrides keyring. Default
                                              is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is the rados user name.
                                              Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - image
                                        - monitors
                                        type: object
                                      scaleIO:
                                        description: scaleIO represents a ScaleIO
                                          persistent volume attached and mounted on
                                          Kubernetes nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Default
                                              is "xfs".
                                            type: string
                                          gateway:
                                            description: gateway is the host address
                                              of the ScaleIO API Gateway.
                                            type: string
                                          protectionDomain:
                                            description: protectionDomain is the name
                                              of the ScaleIO Protection Domain for
                                              the configured storage.
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef references to the
                                              secret for ScaleIO user and other sensitive
                                              information. If this is not provided,
                                              Login operation will fail.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          sslEnabled:
                                            description: sslEnabled Flag enable/disable
                                              SSL communication with Gateway, default
                                              false
                                            type: boolean
                                          storageMode:
                                            description: storageMode indicates whether
                                              the storage for a volume should be ThickProvisioned
                                              or ThinProvisioned. Default is ThinProvisioned.
                                            type: string
                                          storagePool:
                                            description: storagePool is the ScaleIO
                                              Storage Pool associated with the protection
                                              domain.
                                            type: string
                                          system:
                                            description: system is the name of the
                                              storage system as configured in ScaleIO.
                                            type: string
                                          volumeName:
                                            description: volumeName is the name of
                                              a volume already created in the ScaleIO
                                              system that is associated with this
                                              volume source.
                                            type: string
                                        required:
                                        - gateway
                                        - secretRef
                                        - system
                                        type: object
                                      secret:
                                        description: 'secret represents a secret that
                                          should populate this volume. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is Optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items If unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its keys must be defined
                                            type: boolean
                                          secretName:
                                            description: 'secretName is the name of
                                              the secret in the pod''s namespace to
                                              use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            type: string
                                        type: object
                                      storageos:
                                        description: storageOS represents a StorageOS
                                          volume attached and mounted on Kubernetes
                                          nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef specifies the secret
                                              to use for obtaining the StorageOS API
                                              credentials.  If not specified, default
                                              values will be attempted.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeName:
                                            description: volumeName is the human-readable
                                              name of the StorageOS volume.  Volume
                                              names are only unique within a namespace.
                                            type: string
                                          volumeNamespace:
                                            description: volumeNamespace specifies
                                              the scope of the volume within StorageOS.  If
                                              no namespace is specified then the Pod's
                                              namespace will be used.  This allows
                                              the Kubernetes name scoping to be mirrored
                                              within StorageOS for tighter integration.
                                              Set VolumeName to any name to override
                                              the default behaviour. Set to "default"
                                              if you are not using namespaces within
                                              StorageOS. Namespaces that do not pre-exist
                                              within StorageOS will be created.
                                            type: string
                                        type: object
                                      vsphereVolume:
                                        description: vsphereVolume represents a vSphere
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fsType is filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          storagePolicyID:
                                            description: storagePolicyID is the storage
                                              Policy Based Management (SPBM) profile
                                              ID associated with the StoragePolicyName.
                                            type: string
                                          storagePolicyName:
                                            description: storagePolicyName is the
                                              storage Policy Based Management (SPBM)
                                              profile name.
                                            type: string
                                          volumePath:
                                            description: volumePath is the path that
                                              identifies vSphere volume vmdk
                                            type: string
                                        required:
                                        - volumePath
                                        type: object
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                workspaces:
                                  description: Workspaces are the volumes that this
                                    Task requires.
                                  items:
                                    description: WorkspaceDeclaration is a declaration
                                      of a volume that a Task requires.
                                    properties:
                                      description:
                                        description: Description is an optional human
                                          readable description of this volume.
                                        type: string
                                      mountPath:
                                        description: MountPath overrides the directory
                                          that the volume will be made available at.
                                        type: string
                                      name:
                                        description: Name is the name by which you
                                          can bind the volume at runtime.
                                        type: string
                                      optional:
                                        description: Optional marks a Workspace as
                                          not being required in TaskRuns. By default
                                          this field is false and so declared workspaces
                                          are required.
                                        type: boolean
                                      readOnly:
                                        description: ReadOnly dictates whether a mounted
                                          volume is writable. By default this field
                                          is false and so mounted volumes are writable.
                                        type: boolean
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            timeout:
                              description: 'Time after which the TaskRun times out.
                                Defaults to 1 hour. Specified TaskRun timeout should
                                be less than 24h. Refer Go''s ParseDuration documentation
                                for expected format: https://golang.org/pkg/time/#ParseDuration'
                              type: string
                            when:
                              description: WhenExpressions is a list of when expressions
                                that need to be true for the task to run
                              items:
                                description: WhenExpression allows a PipelineTask
                                  to declare expressions to be evaluated before the
                                  Task is run to determine whether the Task should
                                  be executed or skipped
                                properties:
                                  input:
                                    description: Input is the string for guard checking
                                      which can be a static input or an output from
                                      a parent Task
                                    type: string
                                  operator:
                                    description: Operator that represents an Input's
                                      relationship to the values
                                    type: string
                                  values:
                                    description: Values is an array of strings, which
                                      is compared against the input, for guard checking
                                      It must be non-empty
                                    items:
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                required:
                                - input
                                - operator
                                - values
                                type: object
                              type: array
                            workspaces:
                              description: Workspaces maps workspaces from the pipeline
                                spec to the workspaces declared in the Task.
                              items:
                                description: WorkspacePipelineTaskBinding describes
                                  how a workspace passed into the pipeline should
                                  be mapped to a task's declared workspace.
                                properties:
                                  name:
                                    description: Name is the name of the workspace
                                      as declared by the task
                                    type: string
                                  subPath:
                                    description: SubPath is optionally a directory
                                      on the volume which should be used for this
                                      binding (i.e. the volume will be mounted at
                                      this sub directory).
                                    type: string
                                  workspace:
                                    description: Workspace is the name of the workspace
                                      declared by the pipeline
                                    type: string
                                required:
                                - name
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      params:
                        description: Params declares a list of input parameters that
                          must be supplied when this Pipeline is run.
                        items:
                          description: ParamSpec defines arbitrary parameters needed
                            beyond typed inputs (such as resources). Parameter values
                            are provided by users as inputs on a TaskRun or PipelineRun.
                          properties:
                            default:
                              description: Default is the value a parameter takes
                                if no input value is supplied. If default is set,
                                a Task may be executed without a supplied value for
                                the parameter.
                              properties:
                                arrayVal:
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                objectVal:
                                  additionalProperties:
                                    type: string
                                  type: object
                                stringVal:
                                  type: string
                                type:
                                  description: ParamType indicates the type of an
                                    input parameter; Used to distinguish between a
                                    single string and an array of strings.
                                  type: string
                              required:
                              - arrayVal
                              - objectVal
                              - stringVal
                              - type
                              type: object
                            description:
                              description: Description is a user-facing description
                                of the parameter that may be used to populate a UI.
                              type: string
                            name:
                              description: Name declares the name by which a parameter
                                is referenced.
                              type: string
                            properties:
                              additionalProperties:
                                description: PropertySpec defines the struct for object
                                  keys
                                properties:
                                  type:
                                    description: ParamType indicates the type of an
                                      input parameter; Used to distinguish between
                                      a single string and an array of strings.
                                    type: string
                                type: object
                              description: Properties is the JSON Schema properties
                                to support key-value pairs parameter.
                              type: object
                            type:
                              description: Type is the user-specified type of the
                                parameter. The possible types are currently "string",
                                "array" and "object", and "string" is the default.
                              type: string
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      resources:
                        description: Resources declares the names and types of the
                          resources given to the Pipeline's tasks as inputs and outputs.
                        items:
                          description: PipelineDeclaredResource is used by a Pipeline
                            to declare the types of the PipelineResources that it
                            will required to run and names which can be used to refer
                            to these PipelineResources in PipelineTaskResourceBindings.
                          properties:
                            name:
                              description: Name is the name that will be used by the
                                Pipeline to refer to this resource. It does not directly
                                correspond to the name of any PipelineResources Task
                                inputs or outputs, and it does not correspond to the
                                actual names of the PipelineResources that will be
                                bound in the PipelineRun.
                              type: string
                            optional:
                              description: 'Optional declares the resource as optional.
                                optional: true - the resource is considered optional
                                optional: false - the resource is considered required
                                (default/equivalent of not specifying it)'
                              type: boolean
                            type:
                              description: Type is the type of the PipelineResource.
                              type: string
                          required:
                          - name
                          - type
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      results:
                        description: Results are values that this pipeline can output
                          once run
                        items:
                          description: PipelineResult used to describe the results
                            of a pipeline
                          properties:
                            description:
                              description: Description is a human-readable description
                                of the result
                              type: string
                            name:
                              description: Name the given name
                              type: string
                            type:
                              description: Type is the user-specified type of the
                                result. The possible types are 'string', 'array',
                                and 'object', with 'string' as the default. 'array'
                                and 'object' types are alpha features.
                              type: string
                            value:
                              description: Value the expression used to retrieve the
                                value
                              properties:
                                arrayVal:
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                objectVal:
                                  additionalProperties:
                                    type: string
                                  type: object
                                stringVal:
                                  type: string
                                type:
                                  description: ParamType indicates the type of an
                                    input parameter; Used to distinguish between a
                                    single string and an array of strings.
                                  type: string
                              required:
                              - arrayVal
                              - objectVal
                              - stringVal
                              - type
                              type: object
                          required:
                          - name
                          - value
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      tasks:
                        description: Tasks declares the graph of Tasks that execute
                          when this Pipeline is run.
                        items:
                          description: PipelineTask defines a task in a Pipeline,
                            passing inputs from both Params and from the output of
                            previous tasks.
                          properties:
                            matrix:
                              description: Matrix declares parameters used to fan
                                out this task.
                              properties:
                                params:
                                  description: Params is a list of parameters used
                                    to fan out the pipelineTask Params takes only
                                    `Parameters` of type `"array"` Each array element
                                    is supplied to the `PipelineTask` by substituting
                                    `params` of type `"string"` in the underlying
                                    `Task`. The names of the `params` in the `Matrix`
                                    must match the names of the `params` in the underlying
                                    `Task` that they will be substituting.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            name:
                              description: Name is the name of this task within the
                                context of a Pipeline. Name is used as a coordinate
                                with the `from` and `runAfter` fields to establish
                                the execution order of tasks relative to one another.
                              type: string
                            params:
                              description: Parameters declares parameters passed to
                                this task.
                              items:
                                description: Param declares an ParamValues to use
                                  for the parameter called name.
                                properties:
                                  name:
                                    type: string
                                  value:
                                    description: ParamValue is a type that can hold
                                      a single string or string array. Used in JSON
                                      unmarshalling so that a single JSON field can
                                      accept either an individual string or an array
                                      of strings.
                                    properties:
                                      arrayVal:
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      objectVal:
                                        additionalProperties:
                                          type: string
                                        type: object
                                      stringVal:
                                        type: string
                                      type:
                                        description: ParamType indicates the type
                                          of an input parameter; Used to distinguish
                                          between a single string and an array of
                                          strings.
                                        type: string
                                    required:
                                    - arrayVal
                                    - objectVal
                                    - stringVal
                                    - type
                                    type: object
                                required:
                                - name
                                - value
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            resources:
                              description: Resources declares the resources given
                                to this task as inputs and outputs.
                              properties:
                                inputs:
                                  description: Inputs holds the mapping from the PipelineResources
                                    declared in DeclaredPipelineResources to the input
                                    PipelineResources required by the Task.
                                  items:
                                    description: PipelineTaskInputResource maps the
                                      name of a declared PipelineResource input dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                      This input may come from a previous task.
                                    properties:
                                      from:
                                        description: From is the list of PipelineTask
                                          names that the resource has to come from.
                                          (Implies an ordering in the execution graph.)
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                outputs:
                                  description: Outputs holds the mapping from the
                                    PipelineResources declared in DeclaredPipelineResources
                                    to the input PipelineResources required by the
                                    Task.
                                  items:
                                    description: PipelineTaskOutputResource maps the
                                      name of a declared PipelineResource output dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                    properties:
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            retries:
                              description: 'Retries represents how many times this
                                task should be retried in case of task failure: ConditionSucceeded
                                set to False'
                              type: integer
                            runAfter:
                              description: RunAfter is the list of PipelineTask names
                                that should be executed before this Task executes.
                                (Used to force a specific ordering in graph execution.)
                              items:
                                type: string
                              type: array
                              x-kubernetes-list-type: atomic
                            taskRef:
                              description: TaskRef is a reference to a task definition.
                              properties:
                                apiVersion:
                                  description: API version of the referent
                                  type: string
                                bundle:
                                  description: 'Bundle url reference to a Tekton Bundle.
                                    Deprecated: Please use ResolverRef with the bundles
                                    resolver instead.'
                                  type: string
                                kind:
                                  description: TaskKind indicates the kind of the
                                    task, namespaced or cluster scoped.
                                  type: string
                                name:
                                  description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                                  type: string
                                params:
                                  description: Params contains the parameters used
                                    to identify the referenced Tekton resource. Example
                                    entries might include "repo" or "path" but the
                                    set of params ultimately depends on the chosen
                                    resolver.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resolver:
                                  description: Resolver is the name of the resolver
                                    that should perform resolution of the referenced
                                    Tekton resource, such as "git".
                                  type: string
                              type: object
                            taskSpec:
                              description: TaskSpec is a specification of a task
                              properties:
                                apiVersion:
                                  type: string
                                description:
                                  description: Description is a user-facing description
                                    of the task that may be used to populate a UI.
                                  type: string
                                kind:
                                  type: string
                                metadata:
                                  description: PipelineTaskMetadata contains the labels
                                    or annotations for an EmbeddedTask
                                  properties:
                                    annotations:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    labels:
                                      additionalProperties:
                                        type: string
                                      type: object
                                  type: object
                                params:
                                  description: Params is a list of input parameters
                                    required to run the task. Params must be supplied
                                    as inputs in TaskRuns unless they declare a default
                                    value.
                                  items:
                                    description: ParamSpec defines arbitrary parameters
                                      needed beyond typed inputs (such as resources).
                                      Parameter values are provided by users as inputs
                                      on a TaskRun or PipelineRun.
                                    properties:
                                      default:
                                        description: Default is the value a parameter
                                          takes if no input value is supplied. If
                                          default is set, a Task may be executed without
                                          a supplied value for the parameter.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                      description:
                                        description: Description is a user-facing
                                          description of the parameter that may be
                                          used to populate a UI.
                                        type: string
                                      name:
                                        description: Name declares the name by which
                                          a parameter is referenced.
                                        type: string
                                      properties:
                                        additionalProperties:
                                          description: PropertySpec defines the struct
                                            for object keys
                                          properties:
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          type: object
                                        description: Properties is the JSON Schema
                                          properties to support key-value pairs parameter.
                                        type: object
                                      type:
                                        description: Type is the user-specified type
                                          of the parameter. The possible types are
                                          currently "string", "array" and "object",
                                          and "string" is the default.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resources:
                                  description: Resources is a list input and output
                                    resource to run the task Resources are represented
                                    in TaskRuns as bindings to instances of PipelineResources.
                                  properties:
                                    inputs:
                                      description: Inputs holds the mapping from the
                                        PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    outputs:
                                      description: Outputs holds the mapping from
                                        the PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                results:
                                  description: Results are values that this Task can
                                    output
                                  items:
                                    description: TaskResult used to describe the results
                                      of a task
                                    properties:
                                      description:
                                        description: Description is a human-readable
                                          description of the result
                                        type: string
                                      name:
                                        description: Name the given name
                                        type: string
                                      properties:
                                        additionalProperties:
                                          description: PropertySpec defines the struct
                                            for object keys
                                          properties:
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          type: object
                                        description: Properties is the JSON Schema
                                          properties to support key-value pairs results.
                                        type: object
                                      type:
                                        description: Type is the user-specified type
                                          of the result. The possible type is currently
                                          "string" and will support "array" in following
                                          work.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                sidecars:
                                  description: Sidecars are run alongside the Task's
                                    step containers. They begin before the steps start
                                    and end after the steps complete.
                                  items:
                                    description: Sidecar has nearly the same data
                                      structure as Step but does not have the ability
                                      to timeout.
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The image''s CMD is used if this is not
                                          provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the Sidecar''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the Sidecar. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the Sidecar. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the Sidecar is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Image name to be used by the
                                          Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Actions that the management system
                                          should take in response to Sidecar lifecycle
                                          events. Cannot be updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Periodic probe of Sidecar liveness.
                                          Container will be restarted if the probe
                                          fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the Sidecar specified
                                          as a DNS_LABEL. Each Sidecar in a Task must
                                          have a unique name (DNS_LABEL). Cannot be
                                          updated.
                                        type: string
                                      ports:
                                        description: List of ports to expose from
                                          the Sidecar. Exposing a port here gives
                                          the system additional information about
                                          the network connections a container uses,
                                          but is primarily informational. Not specifying
                                          a port here DOES NOT prevent that port from
                                          being exposed. Any port which is listening
                                          on the default "0.0.0.0" address inside
                                          a container will be accessible from the
                                          network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Periodic probe of Sidecar service
                                          readiness. Container will be removed from
                                          service endpoints if the probe fails. Cannot
                                          be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this Sidecar. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          or Args."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the Sidecar should be run
                                          with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'StartupProbe indicates that
                                          the Pod the Sidecar is running in has successfully
                                          initialized. If specified, no other probes
                                          are executed until this completes successfully.
                                          If this probe fails, the Pod will be restarted,
                                          just as if the livenessProbe failed. This
                                          can be used to provide different probe parameters
                                          at the beginning of a Pod''s lifecycle,
                                          when it might take a long time to load data
                                          or warm a cache, than during steady-state
                                          operation. This cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stdin:
                                        description: Whether this Sidecar should allocate
                                          a buffer for stdin in the container runtime.
                                          If this is not set, reads from stdin in
                                          the Sidecar will always result in EOF. Default
                                          is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Whether the container runtime
                                          should close the stdin channel after it
                                          has been opened by a single attach. When
                                          stdin is true the stdin stream will remain
                                          open across multiple attach sessions. If
                                          stdinOnce is set to true, stdin is opened
                                          on Sidecar start, is empty until the first
                                          client attaches to stdin, and then remains
                                          open and accepts data until the client disconnects,
                                          at which time stdin is closed and remains
                                          closed until the Sidecar is restarted. If
                                          this flag is false, a container processes
                                          that reads from stdin will never receive
                                          an EOF. Default is false
                                        type: boolean
                                      terminationMessagePath:
                                        description: 'Optional: Path at which the
                                          file to which the Sidecar''s termination
                                          message will be written is mounted into
                                          the Sidecar''s filesystem. Message written
                                          is intended to be brief final status, such
                                          as an assertion failure message. Will be
                                          truncated by the node if greater than 4096
                                          bytes. The total message length across all
                                          containers will be limited to 12kb. Defaults
                                          to /dev/termination-log. Cannot be updated.'
                                        type: string
                                      terminationMessagePolicy:
                                        description: Indicate how the termination
                                          message should be populated. File will use
                                          the contents of terminationMessagePath to
                                          populate the Sidecar status message on both
                                          success and failure. FallbackToLogsOnError
                                          will use the last chunk of Sidecar log output
                                          if the termination message file is empty
                                          and the Sidecar exited with an error. The
                                          log output is limited to 2048 bytes or 80
                                          lines, whichever is smaller. Defaults to
                                          File. Cannot be updated.
                                        type: string
                                      tty:
                                        description: Whether this Sidecar should allocate
                                          a TTY for itself, also requires 'stdin'
                                          to be true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the Sidecar.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Volumes to mount into the Sidecar's
                                          filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Sidecar's working directory.
                                          If not specified, the container runtime's
                                          default will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Sidecar wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                spec:
                                  description: Spec is a specification of a custom
                                    task
                                  type: object
                                stepTemplate:
                                  description: StepTemplate can be used as the basis
                                    for all step containers within the Task, so that
                                    the steps inherit settings on the base container.
                                  properties:
                                    args:
                                      description: 'Arguments to the entrypoint. The
                                        image''s CMD is used if this is not provided.
                                        Variable references $(VAR_NAME) are expanded
                                        using the Step''s environment. If a variable
                                        cannot be resolved, the reference in the input
                                        string will be unchanged. Double $$ are reduced
                                        to a single $, which allows for escaping the
                                        $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
                                        produce the string literal "$(VAR_NAME)".
                                        Escaped references will never be expanded,
                                        regardless of whether the variable exists
                                        or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    command:
                                      description: 'Entrypoint array. Not executed
                                        within a shell. The docker image''s ENTRYPOINT
                                        is used if this is not provided. Variable
                                        references $(VAR_NAME) are expanded using
                                        the Step''s environment. If a variable cannot
                                        be resolved, the reference in the input string
                                        will be unchanged. Double $$ are reduced to
                                        a single $, which allows for escaping the
                                        $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
                                        produce the string literal "$(VAR_NAME)".
                                        Escaped references will never be expanded,
                                        regardless of whether the variable exists
                                        or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    env:
                                      description: List of environment variables to
                                        set in the container. Cannot be updated.
                                      items:
                                        description: EnvVar represents an environment
                                          variable present in a Container.
                                        properties:
                                          name:
                                            description: Name of the environment variable.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          value:
                                            description: 'Variable references $(VAR_NAME)
                                              are expanded using the previously defined
                                              environment variables in the container
                                              and any service environment variables.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Defaults to "".'
                                            type: string
                                          valueFrom:
                                            description: Source for the environment
                                              variable's value. Cannot be used if
                                              value is not empty.
                                            properties:
                                              configMapKeyRef:
                                                description: Selects a key of a ConfigMap.
                                                properties:
                                                  key:
                                                    description: The key to select.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      ConfigMap or its key must be
                                                      defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                              fieldRef:
                                                description: 'Selects a field of the
                                                  pod: supports metadata.name, metadata.namespace,
                                                  `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
                                                  spec.nodeName, spec.serviceAccountName,
                                                  status.hostIP, status.podIP, status.podIPs.'
                                                properties:
                                                  apiVersion:
                                                    description: Version of the schema
                                                      the FieldPath is written in
                                                      terms of, defaults to "v1".
                                                    type: string
                                                  fieldPath:
                                                    description: Path of the field
                                                      to select in the specified API
                                                      version.
                                                    type: string
                                                required:
                                                - fieldPath
                                                type: object
                                              resourceFieldRef:
                                                description: 'Selects a resource of
                                                  the container: only resources limits
                                                  and requests (limits.cpu, limits.memory,
                                                  limits.ephemeral-storage, requests.cpu,
                                                  requests.memory and requests.ephemeral-storage)
                                                  are currently supported.'
                                                properties:
                                                  containerName:
                                                    description: 'Container name:
                                                      required for volumes, optional
                                                      for env vars'
                                                    type: string
                                                  divisor:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Specifies the output
                                                      format of the exposed resources,
                                                      defaults to "1"
                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                    x-kubernetes-int-or-string: true
                                                  resource:
                                                    description: 'Required: resource
                                                      to select'
                                                    type: string
                                                required:
                                                - resource
                                                type: object
                                              secretKeyRef:
                                                description: Selects a key of a secret
                                                  in the pod's namespace
                                                properties:
                                                  key:
                                                    description: The key of the secret
                                                      to select from.  Must be a valid
                                                      secret key.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      Secret or its key must be defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                            type: object
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    envFrom:
                                      description: List of sources to populate environment
                                        variables in the Step. The keys defined within
                                        a source must be a C_IDENTIFIER. All invalid
                                        keys will be reported as an event when the
                                        container is starting. When a key exists in
                                        multiple sources, the value associated with
                                        the last source will take precedence. Values
                                        defined by an Env with a duplicate key will
                                        take precedence. Cannot be updated.
                                      items:
                                        description: EnvFromSource represents the
                                          source of a set of ConfigMaps
                                        properties:
                                          configMapRef:
                                            description: The ConfigMap to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the ConfigMap
                                                  must be defined
                                                type: boolean
                                            type: object
                                          prefix:
                                            description: An optional identifier to
                                              prepend to each key in the ConfigMap.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          secretRef:
                                            description: The Secret to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the Secret
                                                  must be defined
                                                type: boolean
                                            type: object
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    image:
                                      description: 'Default image name to use for
                                        each Step. More info: https://kubernetes.io/docs/concepts/containers/images
                                        This field is optional to allow higher level
                                        config management to default or override container
                                        images in workload controllers like Deployments
                                        and StatefulSets.'
                                      type: string
                                    imagePullPolicy:
                                      description: 'Image pull policy. One of Always,
                                        Never, IfNotPresent. Defaults to Always if
                                        :latest tag is specified, or IfNotPresent
                                        otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                      type: string
                                    lifecycle:
                                      description: Deprecated. This field will be
                                        removed in a future release. Actions that
                                        the management system should take in response
                                        to container lifecycle events. Cannot be updated.
                                      properties:
                                        postStart:
                                          description: 'PostStart is called immediately
                                            after a container is created. If the handler
                                            fails, the container is terminated and
                                            restarted according to its restart policy.
                                            Other management of the container blocks
                                            until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                        preStop:
                                          description: 'PreStop is called immediately
                                            before a container is terminated due to
                                            an API request or management event such
                                            as liveness/startup probe failure, preemption,
                                            resource contention, etc. The handler
                                            is not called if the container crashes
                                            or exits. The Pod''s termination grace
                                            period countdown begins before the PreStop
                                            hook is executed. Regardless of the outcome
                                            of the handler, the container will eventually
                                            terminate within the Pod''s termination
                                            grace period (unless delayed by finalizers).
                                            Other management of the container blocks
                                            until the hook completes or until the
                                            termination grace period is reached. More
                                            info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                      type: object
                                    livenessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container liveness. Container will be restarted
                                        if the probe fails. Cannot be updated. More
                                        info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    name:
                                      description: Deprecated. This field will be
                                        removed in a future release. Default name
                                        for each Step specified as a DNS_LABEL. Each
                                        Step in a Task must have a unique name. Cannot
                                        be updated.
                                      type: string
                                    ports:
                                      description: Deprecated. This field will be
                                        removed in a future release. List of ports
                                        to expose from the Step's container. Exposing
                                        a port here gives the system additional information
                                        about the network connections a container
                                        uses, but is primarily informational. Not
                                        specifying a port here DOES NOT prevent that
                                        port from being exposed. Any port which is
                                        listening on the default "0.0.0.0" address
                                        inside a container will be accessible from
                                        the network. Cannot be updated.
                                      items:
                                        description: ContainerPort represents a network
                                          port in a single container.
                                        properties:
                                          containerPort:
                                            description: Number of port to expose
                                              on the pod's IP address. This must be
                                              a valid port number, 0 < x < 65536.
                                            format: int32
                                            type: integer
                                          hostIP:
                                            description: What host IP to bind the
                                              external port to.
                                            type: string
                                          hostPort:
                                            description: Number of port to expose
                                              on the host. If specified, this must
                                              be a valid port number, 0 < x < 65536.
                                              If HostNetwork is specified, this must
                                              match ContainerPort. Most containers
                                              do not need this.
                                            format: int32
                                            type: integer
                                          name:
                                            description: If specified, this must be
                                              an IANA_SVC_NAME and unique within the
                                              pod. Each named port in a pod must have
                                              a unique name. Name for the port that
                                              can be referred to by services.
                                            type: string
                                          protocol:
                                            default: TCP
                                            description: Protocol for port. Must be
                                              UDP, TCP, or SCTP. Defaults to "TCP".
                                            type: string
                                        required:
                                        - containerPort
                                        type: object
                                      type: array
                                      x-kubernetes-list-map-keys:
                                      - containerPort
                                      - protocol
                                      x-kubernetes-list-type: map
                                    readinessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container service readiness. Container
                                        will be removed from service endpoints if
                                        the probe fails. Cannot be updated. More info:
                                        https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    resources:
                                      description: 'Compute Resources required by
                                        this Step. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    securityContext:
                                      description: 'SecurityContext defines the security
                                        options the Step should be run with. If set,
                                        the fields of SecurityContext override the
                                        equivalent fields of PodSecurityContext. More
                                        info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                      properties:
                                        allowPrivilegeEscalation:
                                          description: 'AllowPrivilegeEscalation controls
                                            whether a process can gain more privileges
                                            than its parent process. This bool directly
                                            controls if the no_new_privs flag will
                                            be set on the container process. AllowPrivilegeEscalation
                                            is true always when the container is:
                                            1) run as Privileged 2) has CAP_SYS_ADMIN
                                            Note that this field cannot be set when
                                            spec.os.name is windows.'
                                          type: boolean
                                        capabilities:
                                          description: The capabilities to add/drop
                                            when running containers. Defaults to the
                                            default set of capabilities granted by
                                            the container runtime. Note that this
                                            field cannot be set when spec.os.name
                                            is windows.
                                          properties:
                                            add:
                                              description: Added capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                            drop:
                                              description: Removed capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                          type: object
                                        privileged:
                                          description: Run container in privileged
                                            mode. Processes in privileged containers
                                            are essentially equivalent to root on
                                            the host. Defaults to false. Note that
                                            this field cannot be set when spec.os.name
                                            is windows.
                                          type: boolean
                                        procMount:
                                          description: procMount denotes the type
                                            of proc mount to use for the containers.
                                            The default is DefaultProcMount which
                                            uses the container runtime defaults for
                                            readonly paths and masked paths. This
                                            requires the ProcMountType feature flag
                                            to be enabled. Note that this field cannot
                                            be set when spec.os.name is windows.
                                          type: string
                                        readOnlyRootFilesystem:
                                          description: Whether this container has
                                            a read-only root filesystem. Default is
                                            false. Note that this field cannot be
                                            set when spec.os.name is windows.
                                          type: boolean
                                        runAsGroup:
                                          description: The GID to run the entrypoint
                                            of the container process. Uses runtime
                                            default if unset. May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        runAsNonRoot:
                                          description: Indicates that the container
                                            must run as a non-root user. If true,
                                            the Kubelet will validate the image at
                                            runtime to ensure that it does not run
                                            as UID 0 (root) and fail to start the
                                            container if it does. If unset or false,
                                            no such validation will be performed.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence.
                                          type: boolean
                                        runAsUser:
                                          description: The UID to run the entrypoint
                                            of the container process. Defaults to
                                            user specified in image metadata if unspecified.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        seLinuxOptions:
                                          description: The SELinux context to be applied
                                            to the container. If unspecified, the
                                            container runtime will allocate a random
                                            SELinux context for each container.  May
                                            also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            level:
                                              description: Level is SELinux level
                                                label that applies to the container.
                                              type: string
                                            role:
                                              description: Role is a SELinux role
                                                label that applies to the container.
                                              type: string
                                            type:
                                              description: Type is a SELinux type
                                                label that applies to the container.
                                              type: string
                                            user:
                                              description: User is a SELinux user
                                                label that applies to the container.
                                              type: string
                                          type: object
                                        seccompProfile:
                                          description: The seccomp options to use
                                            by this container. If seccomp options
                                            are provided at both the pod & container
                                            level, the container options override
                                            the pod options. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            localhostProfile:
                                              description: localhostProfile indicates
                                                a profile defined in a file on the
                                                node should be used. The profile must
                                                be preconfigured on the node to work.
                                                Must be a descending path, relative
                                                to the kubelet's configured seccomp
                                                profile location. Must only be set
                                                if type is "Localhost".
                                              type: string
                                            type:
                                              description: "type indicates which kind
                                                of seccomp profile will be applied.
                                                Valid options are: \n Localhost -
                                                a profile defined in a file on the
                                                node should be used. RuntimeDefault
                                                - the container runtime default profile
                                                should be used. Unconfined - no profile
                                                should be applied."
                                              type: string
                                          required:
                                          - type
                                          type: object
                                        windowsOptions:
                                          description: The Windows specific settings
                                            applied to all containers. If unspecified,
                                            the options from the PodSecurityContext
                                            will be used. If set in both SecurityContext
                                            and PodSecurityContext, the value specified
                                            in SecurityContext takes precedence. Note
                                            that this field cannot be set when spec.os.name
                                            is linux.
                                          properties:
                                            gmsaCredentialSpec:
                                              description: GMSACredentialSpec is where
                                                the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                inlines the contents of the GMSA credential
                                                spec named by the GMSACredentialSpecName
                                                field.
                                              type: string
                                            gmsaCredentialSpecName:
                                              description: GMSACredentialSpecName
                                                is the name of the GMSA credential
                                                spec to use.
                                              type: string
                                            hostProcess:
                                              description: HostProcess determines
                                                if a container should be run as a
                                                'Host Process' container. This field
                                                is alpha-level and will only be honored
                                                by components that enable the WindowsHostProcessContainers
                                                feature flag. Setting this field without
                                                the feature flag will result in errors
                                                when validating the Pod. All of a
                                                Pod's containers must have the same
                                                effective HostProcess value (it is
                                                not allowed to have a mix of HostProcess
                                                containers and non-HostProcess containers).  In
                                                addition, if HostProcess is true then
                                                HostNetwork must also be set to true.
                                              type: boolean
                                            runAsUserName:
                                              description: The UserName in Windows
                                                to run the entrypoint of the container
                                                process. Defaults to the user specified
                                                in image metadata if unspecified.
                                                May also be set in PodSecurityContext.
                                                If set in both SecurityContext and
                                                PodSecurityContext, the value specified
                                                in SecurityContext takes precedence.
                                              type: string
                                          type: object
                                      type: object
                                    startupProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. DeprecatedStartupProbe
                                        indicates that the Pod has successfully initialized.
                                        If specified, no other probes are executed
                                        until this completes successfully. If this
                                        probe fails, the Pod will be restarted, just
                                        as if the livenessProbe failed. This can be
                                        used to provide different probe parameters
                                        at the beginning of a Pod''s lifecycle, when
                                        it might take a long time to load data or
                                        warm a cache, than during steady-state operation.
                                        This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    stdin:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        Step should allocate a buffer for stdin in
                                        the container runtime. If this is not set,
                                        reads from stdin in the Step will always result
                                        in EOF. Default is false.
                                      type: boolean
                                    stdinOnce:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether the container
                                        runtime should close the stdin channel after
                                        it has been opened by a single attach. When
                                        stdin is true the stdin stream will remain
                                        open across multiple attach sessions. If stdinOnce
                                        is set to true, stdin is opened on container
                                        start, is empty until the first client attaches
                                        to stdin, and then remains open and accepts
                                        data until the client disconnects, at which
                                        time stdin is closed and remains closed until
                                        the container is restarted. If this flag is
                                        false, a container processes that reads from
                                        stdin will never receive an EOF. Default is
                                        false
                                      type: boolean
                                    terminationMessagePath:
                                      description: Deprecated. This field will be
                                        removed in a future release and cannot be
                                        meaningfully used.
                                      type: string
                                    terminationMessagePolicy:
                                      description: Deprecated. This field will be
                                        removed in a future release and cannot be
                                        meaningfully used.
                                      type: string
                                    tty:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        Step should allocate a DeprecatedTTY for itself,
                                        also requires 'stdin' to be true. Default
                                        is false.
                                      type: boolean
                                    volumeDevices:
                                      description: volumeDevices is the list of block
                                        devices to be used by the Step.
                                      items:
                                        description: volumeDevice describes a mapping
                                          of a raw block device within a container.
                                        properties:
                                          devicePath:
                                            description: devicePath is the path inside
                                              of the container that the device will
                                              be mapped to.
                                            type: string
                                          name:
                                            description: name must match the name
                                              of a persistentVolumeClaim in the pod
                                            type: string
                                        required:
                                        - devicePath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    volumeMounts:
                                      description: Volumes to mount into the Step's
                                        filesystem. Cannot be updated.
                                      items:
                                        description: VolumeMount describes a mounting
                                          of a Volume within a container.
                                        properties:
                                          mountPath:
                                            description: Path within the container
                                              at which the volume should be mounted.  Must
                                              not contain ':'.
                                            type: string
                                          mountPropagation:
                                            description: mountPropagation determines
                                              how mounts are propagated from the host
                                              to container and the other way around.
                                              When not set, MountPropagationNone is
                                              used. This field is beta in 1.10.
                                            type: string
                                          name:
                                            description: This must match the Name
                                              of a Volume.
                                            type: string
                                          readOnly:
                                            description: Mounted read-only if true,
                                              read-write otherwise (false or unspecified).
                                              Defaults to false.
                                            type: boolean
                                          subPath:
                                            description: Path within the volume from
                                              which the container's volume should
                                              be mounted. Defaults to "" (volume's
                                              root).
                                            type: string
                                          subPathExpr:
                                            description: Expanded path within the
                                              volume from which the container's volume
                                              should be mounted. Behaves similarly
                                              to SubPath but environment variable
                                              references $(VAR_NAME) are expanded
                                              using the container's environment. Defaults
                                              to "" (volume's root). SubPathExpr and
                                              SubPath are mutually exclusive.
                                            type: string
                                        required:
                                        - mountPath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    workingDir:
                                      description: Step's working directory. If not
                                        specified, the container runtime's default
                                        will be used, which might be configured in
                                        the container image. Cannot be updated.
                                      type: string
                                  required:
                                  - name
                                  type: object
                                steps:
                                  description: Steps are the steps of the build; each
                                    step is run sequentially with the source mounted
                                    into /workspace.
                                  items:
                                    description: Step runs a subcomponent of a Task
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The image''s CMD is used if this is not
                                          provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the container''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the container. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the container. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the container is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Image reference name to run
                                          for this Step. More info: https://kubernetes.io/docs/concepts/containers/images'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Deprecated. This field will be
                                          removed in a future release. Actions that
                                          the management system should take in response
                                          to container lifecycle events. Cannot be
                                          updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container liveness. Step will be
                                          restarted if the probe fails. Cannot be
                                          updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the Step specified as
                                          a DNS_LABEL. Each Step in a Task must have
                                          a unique name.
                                        type: string
                                      onError:
                                        description: OnError defines the exiting behavior
                                          of a container on error can be set to [
                                          continue | stopAndFail ]
                                        type: string
                                      ports:
                                        description: Deprecated. This field will be
                                          removed in a future release. List of ports
                                          to expose from the Step's container. Exposing
                                          a port here gives the system additional
                                          information about the network connections
                                          a container uses, but is primarily informational.
                                          Not specifying a port here DOES NOT prevent
                                          that port from being exposed. Any port which
                                          is listening on the default "0.0.0.0" address
                                          inside a container will be accessible from
                                          the network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container service readiness. Step
                                          will be removed from service endpoints if
                                          the probe fails. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this Step. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          and the Args will be passed to the Script."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the Step should be run
                                          with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. DeprecatedStartupProbe
                                          indicates that the Pod this Step runs in
                                          has successfully initialized. If specified,
                                          no other probes are executed until this
                                          completes successfully. If this probe fails,
                                          the Pod will be restarted, just as if the
                                          livenessProbe failed. This can be used to
                                          provide different probe parameters at the
                                          beginning of a Pod''s lifecycle, when it
                                          might take a long time to load data or warm
                                          a cache, than during steady-state operation.
                                          This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stderrConfig:
                                        description: Stores configuration for the
                                          stderr stream of the step.
                                        properties:
                                          path:
                                            description: Path to duplicate stdout
                                              stream to on container's local filesystem.
                                            type: string
                                        type: object
                                      stdin:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a buffer for stdin
                                          in the container runtime. If this is not
                                          set, reads from stdin in the container will
                                          always result in EOF. Default is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether the
                                          container runtime should close the stdin
                                          channel after it has been opened by a single
                                          attach. When stdin is true the stdin stream
                                          will remain open across multiple attach
                                          sessions. If stdinOnce is set to true, stdin
                                          is opened on container start, is empty until
                                          the first client attaches to stdin, and
                                          then remains open and accepts data until
                                          the client disconnects, at which time stdin
                                          is closed and remains closed until the container
                                          is restarted. If this flag is false, a container
                                          processes that reads from stdin will never
                                          receive an EOF. Default is false
                                        type: boolean
                                      stdoutConfig:
                                        description: Stores configuration for the
                                          stdout stream of the step.
                                        properties:
                                          path:
                                            description: Path to duplicate stdout
                                              stream to on container's local filesystem.
                                            type: string
                                        type: object
                                      terminationMessagePath:
                                        description: Deprecated. This field will be
                                          removed in a future release and can't be
                                          meaningfully used.
                                        type: string
                                      terminationMessagePolicy:
                                        description: Deprecated. This field will be
                                          removed in a future release and can't be
                                          meaningfully used.
                                        type: string
                                      timeout:
                                        description: 'Timeout is the time after which
                                          the step times out. Defaults to never. Refer
                                          to Go''s ParseDuration documentation for
                                          expected format: https://golang.org/pkg/time/#ParseDuration'
                                        type: string
                                      tty:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a DeprecatedTTY
                                          for itself, also requires 'stdin' to be
                                          true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the Step.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Volumes to mount into the Step's
                                          filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Step's working directory. If
                                          not specified, the container runtime's default
                                          will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Step wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                volumes:
                                  description: Volumes is a collection of volumes
                                    that are available to mount into the steps of
                                    the build.
                                  items:
                                    description: Volume represents a named volume
                                      in a pod that may be accessed by any container
                                      in the pod.
                                    properties:
                                      awsElasticBlockStore:
                                        description: 'awsElasticBlockStore represents
                                          an AWS Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty).'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly value true will
                                              force the readOnly setting in VolumeMounts.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: boolean
                                          volumeID:
                                            description: 'volumeID is unique ID of
                                              the persistent disk resource in AWS
                                              (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      azureDisk:
                                        description: azureDisk represents an Azure
                                          Data Disk mount on the host and bind mount
                                          to the pod.
                                        properties:
                                          cachingMode:
                                            description: 'cachingMode is the Host
                                              Caching mode: None, Read Only, Read
                                              Write.'
                                            type: string
                                          diskName:
                                            description: diskName is the Name of the
                                              data disk in the blob storage
                                            type: string
                                          diskURI:
                                            description: diskURI is the URI of data
                                              disk in the blob storage
                                            type: string
                                          fsType:
                                            description: fsType is Filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          kind:
                                            description: 'kind expected values are
                                              Shared: multiple blob disks per storage
                                              account  Dedicated: single blob disk
                                              per storage account  Managed: azure
                                              managed data disk (only in managed availability
                                              set). defaults to shared'
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                        required:
                                        - diskName
                                        - diskURI
                                        type: object
                                      azureFile:
                                        description: azureFile represents an Azure
                                          File Service mount on the host and bind
                                          mount to the pod.
                                        properties:
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretName:
                                            description: secretName is the  name of
                                              secret that contains Azure Storage Account
                                              Name and Key
                                            type: string
                                          shareName:
                                            description: shareName is the azure share
                                              Name
                                            type: string
                                        required:
                                        - secretName
                                        - shareName
                                        type: object
                                      cephfs:
                                        description: cephFS represents a Ceph FS mount
                                          on the host that shares a pod's lifetime
                                        properties:
                                          monitors:
                                            description: 'monitors is Required: Monitors
                                              is a collection of Ceph monitors More
                                              info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          path:
                                            description: 'path is Optional: Used as
                                              the mounted root, rather than the full
                                              Ceph tree, default is /'
                                            type: string
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: boolean
                                          secretFile:
                                            description: 'secretFile is Optional:
                                              SecretFile is the path to key ring for
                                              User, default is /etc/ceph/user.secret
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                          secretRef:
                                            description: 'secretRef is Optional: SecretRef
                                              is reference to the authentication secret
                                              for User, default is empty. More info:
                                              https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is optional: User is
                                              the rados user name, default is admin
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - monitors
                                        type: object
                                      cinder:
                                        description: 'cinder represents a cinder volume
                                          attached and mounted on kubelets host machine.
                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                          readOnly:
                                            description: 'readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is optional: points
                                              to a secret object containing parameters
                                              used to connect to OpenStack.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeID:
                                            description: 'volumeID used to identify
                                              the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      configMap:
                                        description: configMap represents a configMap
                                          that should populate this volume
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      csi:
                                        description: csi (Container Storage Interface)
                                          represents ephemeral storage that is handled
                                          by certain external CSI drivers (Beta feature).
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              CSI driver that handles this volume.
                                              Consult with your admin for the correct
                                              name as registered in the cluster.
                                            type: string
                                          fsType:
                                            description: fsType to mount. Ex. "ext4",
                                              "xfs", "ntfs". If not provided, the
                                              empty value is passed to the associated
                                              CSI driver which will determine the
                                              default filesystem to apply.
                                            type: string
                                          nodePublishSecretRef:
                                            description: nodePublishSecretRef is a
                                              reference to the secret object containing
                                              sensitive information to pass to the
                                              CSI driver to complete the CSI NodePublishVolume
                                              and NodeUnpublishVolume calls. This
                                              field is optional, and  may be empty
                                              if no secret is required. If the secret
                                              object contains more than one secret,
                                              all secret references are passed.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          readOnly:
                                            description: readOnly specifies a read-only
                                              configuration for the volume. Defaults
                                              to false (read/write).
                                            type: boolean
                                          volumeAttributes:
                                            additionalProperties:
                                              type: string
                                            description: volumeAttributes stores driver-specific
                                              properties that are passed to the CSI
                                              driver. Consult your driver's documentation
                                              for supported values.
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI represents downward
                                          API about the pod that should populate this
                                          volume
                                        properties:
                                          defaultMode:
                                            description: 'Optional: mode bits to use
                                              on created files by default. Must be
                                              a Optional: mode bits used to set permissions
                                              on created files by default. Must be
                                              an octal value between 0000 and 0777
                                              or a decimal value between 0 and 511.
                                              YAML accepts both octal and decimal
                                              values, JSON requires decimal values
                                              for mode bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: Items is a list of downward
                                              API volume file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      emptyDir:
                                        description: 'emptyDir represents a temporary
                                          directory that shares a pod''s lifetime.
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        properties:
                                          medium:
                                            description: 'medium represents what type
                                              of storage medium should back this directory.
                                              The default is "" which means to use
                                              the node''s default medium. Must be
                                              an empty string (default) or Memory.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            type: string
                                          sizeLimit:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: 'sizeLimit is the total amount
                                              of local storage required for this EmptyDir
                                              volume. The size limit is also applicable
                                              for memory medium. The maximum usage
                                              on memory medium EmptyDir would be the
                                              minimum value between the SizeLimit
                                              specified here and the sum of memory
                                              limits of all containers in a pod. The
                                              default is nil which means that the
                                              limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                        type: object
                                      ephemeral:
                                        description: "ephemeral represents a volume
                                          that is handled by a cluster storage driver.
                                          The volume's lifecycle is tied to the pod
                                          that defines it - it will be created before
                                          the pod starts, and deleted when the pod
                                          is removed. \n Use this if: a) the volume
                                          is only needed while the pod runs, b) features
                                          of normal volumes like restoring from snapshot
                                          or capacity    tracking are needed, c) the
                                          storage driver is specified through a storage
                                          class, and d) the storage driver supports
                                          dynamic volume provisioning through    a
                                          PersistentVolumeClaim (see EphemeralVolumeSource
                                          for more    information on the connection
                                          between this volume type    and PersistentVolumeClaim).
                                          \n Use PersistentVolumeClaim or one of the
                                          vendor-specific APIs for volumes that persist
                                          for longer than the lifecycle of an individual
                                          pod. \n Use CSI for light-weight local ephemeral
                                          volumes if the CSI driver is meant to be
                                          used that way - see the documentation of
                                          the driver for more information. \n A pod
                                          can use both types of ephemeral volumes
                                          and persistent volumes at the same time."
                                        properties:
                                          volumeClaimTemplate:
                                            description: "Will be used to create a
                                              stand-alone PVC to provision the volume.
                                              The pod in which this EphemeralVolumeSource
                                              is embedded will be the owner of the
                                              PVC, i.e. the PVC will be deleted together
                                              with the pod.  The name of the PVC will
                                              be `<pod name>-<volume name>` where
                                              `<volume name>` is the name from the
                                              `PodSpec.Volumes` array entry. Pod validation
                                              will reject the pod if the concatenated
                                              name is not valid for a PVC (for example,
                                              too long). \n An existing PVC with that
                                              name that is not owned by the pod will
                                              *not* be used for the pod to avoid using
                                              an unrelated volume by mistake. Starting
                                              the pod is then blocked until the unrelated
                                              PVC is removed. If such a pre-created
                                              PVC is meant to be used by the pod,
                                              the PVC has to updated with an owner
                                              reference to the pod once the pod exists.
                                              Normally this should not be necessary,
                                              but it may be useful when manually reconstructing
                                              a broken cluster. \n This field is read-only
                                              and no changes will be made by Kubernetes
                                              to the PVC after it has been created.
                                              \n Required, must not be nil."
                                            properties:
                                              metadata:
                                                description: May contain labels and
                                                  annotations that will be copied
                                                  into the PVC when creating it. No
                                                  other fields are allowed and will
                                                  be rejected during validation.
                                                type: object
                                              spec:
                                                description: The specification for
                                                  the PersistentVolumeClaim. The entire
                                                  content is copied unchanged into
                                                  the PVC that gets created from this
                                                  template. The same fields as in
                                                  a PersistentVolumeClaim are also
                                                  valid here.
                                                properties:
                                                  accessModes:
                                                    description: 'accessModes contains
                                                      the desired access modes the
                                                      volume should have. More info:
                                                      https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                    items:
                                                      type: string
                                                    type: array
                                                  dataSource:
                                                    description: 'dataSource field
                                                      can be used to specify either:
                                                      * An existing VolumeSnapshot
                                                      object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                      * An existing PVC (PersistentVolumeClaim)
                                                      If the provisioner or an external
                                                      controller can support the specified
                                                      data source, it will create
                                                      a new volume based on the contents
                                                      of the specified data source.
                                                      If the AnyVolumeDataSource feature
                                                      gate is enabled, this field
                                                      will always have the same contents
                                                      as the DataSourceRef field.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  dataSourceRef:
                                                    description: 'dataSourceRef specifies
                                                      the object from which to populate
                                                      the volume with data, if a non-empty
                                                      volume is desired. This may
                                                      be any local object from a non-empty
                                                      API group (non core object)
                                                      or a PersistentVolumeClaim object.
                                                      When this field is specified,
                                                      volume binding will only succeed
                                                      if the type of the specified
                                                      object matches some installed
                                                      volume populator or dynamic
                                                      provisioner. This field will
                                                      replace the functionality of
                                                      the DataSource field and as
                                                      such if both fields are non-empty,
                                                      they must have the same value.
                                                      For backwards compatibility,
                                                      both fields (DataSource and
                                                      DataSourceRef) will be set to
                                                      the same value automatically
                                                      if one of them is empty and
                                                      the other is non-empty. There
                                                      are two important differences
                                                      between DataSource and DataSourceRef:
                                                      * While DataSource only allows
                                                      two specific types of objects,
                                                      DataSourceRef   allows any non-core
                                                      object, as well as PersistentVolumeClaim
                                                      objects. * While DataSource
                                                      ignores disallowed values (dropping
                                                      them), DataSourceRef   preserves
                                                      all values, and generates an
                                                      error if a disallowed value
                                                      is   specified. (Beta) Using
                                                      this field requires the AnyVolumeDataSource
                                                      feature gate to be enabled.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  resources:
                                                    description: 'resources represents
                                                      the minimum resources the volume
                                                      should have. If RecoverVolumeExpansionFailure
                                                      feature is enabled users are
                                                      allowed to specify resource
                                                      requirements that are lower
                                                      than previous value but must
                                                      still be higher than capacity
                                                      recorded in the status field
                                                      of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                    properties:
                                                      limits:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Limits describes
                                                          the maximum amount of compute
                                                          resources allowed. More
                                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                      requests:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Requests describes
                                                          the minimum amount of compute
                                                          resources required. If Requests
                                                          is omitted for a container,
                                                          it defaults to Limits if
                                                          that is explicitly specified,
                                                          otherwise to an implementation-defined
                                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                    type: object
                                                  selector:
                                                    description: selector is a label
                                                      query over volumes to consider
                                                      for binding.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  storageClassName:
                                                    description: 'storageClassName
                                                      is the name of the StorageClass
                                                      required by the claim. More
                                                      info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                    type: string
                                                  volumeMode:
                                                    description: volumeMode defines
                                                      what type of volume is required
                                                      by the claim. Value of Filesystem
                                                      is implied when not included
                                                      in claim spec.
                                                    type: string
                                                  volumeName:
                                                    description: volumeName is the
                                                      binding reference to the PersistentVolume
                                                      backing this claim.
                                                    type: string
                                                type: object
                                            required:
                                            - spec
                                            type: object
                                        type: object
                                      fc:
                                        description: fc represents a Fibre Channel
                                          resource that is attached to a kubelet's
                                          host machine and then exposed to the pod.
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          lun:
                                            description: 'lun is Optional: FC target
                                              lun number'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          targetWWNs:
                                            description: 'targetWWNs is Optional:
                                              FC target worldwide names (WWNs)'
                                            items:
                                              type: string
                                            type: array
                                          wwids:
                                            description: 'wwids Optional: FC volume
                                              world wide identifiers (wwids) Either
                                              wwids or combination of targetWWNs and
                                              lun must be set, but not both simultaneously.'
                                            items:
                                              type: string
                                            type: array
                                        type: object
                                      flexVolume:
                                        description: flexVolume represents a generic
                                          volume resource that is provisioned/attached
                                          using an exec based plugin.
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              driver to use for this volume.
                                            type: string
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". The
                                              default filesystem depends on FlexVolume
                                              script.
                                            type: string
                                          options:
                                            additionalProperties:
                                              type: string
                                            description: 'options is Optional: this
                                              field holds extra command options if
                                              any.'
                                            type: object
                                          readOnly:
                                            description: 'readOnly is Optional: defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is Optional: secretRef
                                              is reference to the secret object containing
                                              sensitive information to pass to the
                                              plugin scripts. This may be empty if
                                              no secret object is specified. If the
                                              secret object contains more than one
                                              secret, all secrets are passed to the
                                              plugin scripts.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      flocker:
                                        description: flocker represents a Flocker
                                          volume attached to a kubelet's host machine.
                                          This depends on the Flocker control service
                                          being running
                                        properties:
                                          datasetName:
                                            description: datasetName is Name of the
                                              dataset stored as metadata -> name on
                                              the dataset for Flocker should be considered
                                              as deprecated
                                            type: string
                                          datasetUUID:
                                            description: datasetUUID is the UUID of
                                              the dataset. This is unique identifier
                                              of a Flocker dataset
                                            type: string
                                        type: object
                                      gcePersistentDisk:
                                        description: 'gcePersistentDisk represents
                                          a GCE Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        properties:
                                          fsType:
                                            description: 'fsType is filesystem type
                                              of the volume that you want to mount.
                                              Tip: Ensure that the filesystem type
                                              is supported by the host operating system.
                                              Examples: "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            format: int32
                                            type: integer
                                          pdName:
                                            description: 'pdName is unique name of
                                              the PD resource in GCE. Used to identify
                                              the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: boolean
                                        required:
                                        - pdName
                                        type: object
                                      gitRepo:
                                        description: 'gitRepo represents a git repository
                                          at a particular revision. DEPRECATED: GitRepo
                                          is deprecated. To provision a container
                                          with a git repo, mount an EmptyDir into
                                          an InitContainer that clones the repo using
                                          git, then mount the EmptyDir into the Pod''s
                                          container.'
                                        properties:
                                          directory:
                                            description: directory is the target directory
                                              name. Must not contain or start with
                                              '..'.  If '.' is supplied, the volume
                                              directory will be the git repository.  Otherwise,
                                              if specified, the volume will contain
                                              the git repository in the subdirectory
                                              with the given name.
                                            type: string
                                          repository:
                                            description: repository is the URL
                                            type: string
                                          revision:
                                            description: revision is the commit hash
                                              for the specified revision.
                                            type: string
                                        required:
                                        - repository
                                        type: object
                                      glusterfs:
                                        description: 'glusterfs represents a Glusterfs
                                          mount on the host that shares a pod''s lifetime.
                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                        properties:
                                          endpoints:
                                            description: 'endpoints is the endpoint
                                              name that details Glusterfs topology.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          path:
                                            description: 'path is the Glusterfs volume
                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the Glusterfs volume to be mounted with
                                              read-only permissions. Defaults to false.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: boolean
                                        required:
                                        - endpoints
                                        - path
                                        type: object
                                      hostPath:
                                        description: 'hostPath represents a pre-existing
                                          file or directory on the host machine that
                                          is directly exposed to the container. This
                                          is generally used for system agents or other
                                          privileged things that are allowed to see
                                          the host machine. Most containers will NOT
                                          need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                          --- TODO(jonesdl) We need to restrict who
                                          can use host directory mounts and who can/can
                                          not mount host directories as read/write.'
                                        properties:
                                          path:
                                            description: 'path of the directory on
                                              the host. If the path is a symlink,
                                              it will follow the link to the real
                                              path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                          type:
                                            description: 'type for HostPath Volume
                                              Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                        required:
                                        - path
                                        type: object
                                      iscsi:
                                        description: 'iscsi represents an ISCSI Disk
                                          resource that is attached to a kubelet''s
                                          host machine and then exposed to the pod.
                                          More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                        properties:
                                          chapAuthDiscovery:
                                            description: chapAuthDiscovery defines
                                              whether support iSCSI Discovery CHAP
                                              authentication
                                            type: boolean
                                          chapAuthSession:
                                            description: chapAuthSession defines whether
                                              support iSCSI Session CHAP authentication
                                            type: boolean
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          initiatorName:
                                            description: initiatorName is the custom
                                              iSCSI Initiator Name. If initiatorName
                                              is specified with iscsiInterface simultaneously,
                                              new iSCSI interface <target portal>:<volume
                                              name> will be created for the connection.
                                            type: string
                                          iqn:
                                            description: iqn is the target iSCSI Qualified
                                              Name.
                                            type: string
                                          iscsiInterface:
                                            description: iscsiInterface is the interface
                                              Name that uses an iSCSI transport. Defaults
                                              to 'default' (tcp).
                                            type: string
                                          lun:
                                            description: lun represents iSCSI Target
                                              Lun number.
                                            format: int32
                                            type: integer
                                          portals:
                                            description: portals is the iSCSI Target
                                              Portal List. The portal is either an
                                              IP or ip_addr:port if the port is other
                                              than default (typically TCP ports 860
                                              and 3260).
                                            items:
                                              type: string
                                            type: array
                                          readOnly:
                                            description: readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false.
                                            type: boolean
                                          secretRef:
                                            description: secretRef is the CHAP Secret
                                              for iSCSI target and initiator authentication
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          targetPortal:
                                            description: targetPortal is iSCSI Target
                                              Portal. The Portal is either an IP or
                                              ip_addr:port if the port is other than
                                              default (typically TCP ports 860 and
                                              3260).
                                            type: string
                                        required:
                                        - iqn
                                        - lun
                                        - targetPortal
                                        type: object
                                      name:
                                        description: 'name of the volume. Must be
                                          a DNS_LABEL and unique within the pod. More
                                          info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                        type: string
                                      nfs:
                                        description: 'nfs represents an NFS mount
                                          on the host that shares a pod''s lifetime
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        properties:
                                          path:
                                            description: 'path that is exported by
                                              the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the NFS export to be mounted with read-only
                                              permissions. Defaults to false. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: boolean
                                          server:
                                            description: 'server is the hostname or
                                              IP address of the NFS server. More info:
                                              https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                        required:
                                        - path
                                        - server
                                        type: object
                                      persistentVolumeClaim:
                                        description: 'persistentVolumeClaimVolumeSource
                                          represents a reference to a PersistentVolumeClaim
                                          in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        properties:
                                          claimName:
                                            description: 'claimName is the name of
                                              a PersistentVolumeClaim in the same
                                              namespace as the pod using this volume.
                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            type: string
                                          readOnly:
                                            description: readOnly Will force the ReadOnly
                                              setting in VolumeMounts. Default false.
                                            type: boolean
                                        required:
                                        - claimName
                                        type: object
                                      photonPersistentDisk:
                                        description: photonPersistentDisk represents
                                          a PhotonController persistent disk attached
                                          and mounted on kubelets host machine
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          pdID:
                                            description: pdID is the ID that identifies
                                              Photon Controller persistent disk
                                            type: string
                                        required:
                                        - pdID
                                        type: object
                                      portworxVolume:
                                        description: portworxVolume represents a portworx
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fSType represents the filesystem
                                              type to mount Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs". Implicitly inferred
                                              to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          volumeID:
                                            description: volumeID uniquely identifies
                                              a Portworx volume
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      projected:
                                        description: projected items for all in one
                                          resources secrets, configmaps, and downward
                                          API
                                        properties:
                                          defaultMode:
                                            description: defaultMode are the mode
                                              bits used to set permissions on created
                                              files by default. Must be an octal value
                                              between 0000 and 0777 or a decimal value
                                              between 0 and 511. YAML accepts both
                                              octal and decimal values, JSON requires
                                              decimal values for mode bits. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.
                                            format: int32
                                            type: integer
                                          sources:
                                            description: sources is the list of volume
                                              projections
                                            items:
                                              description: Projection that may be
                                                projected along with other supported
                                                volume types
                                              properties:
                                                configMap:
                                                  description: configMap information
                                                    about the configMap data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        ConfigMap will be projected
                                                        into the volume as a file
                                                        whose name is the key and
                                                        content is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        ConfigMap, the volume setup
                                                        will error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional specify
                                                        whether the ConfigMap or its
                                                        keys must be defined
                                                      type: boolean
                                                  type: object
                                                downwardAPI:
                                                  description: downwardAPI information
                                                    about the downwardAPI data to
                                                    project
                                                  properties:
                                                    items:
                                                      description: Items is a list
                                                        of DownwardAPIVolume file
                                                      items:
                                                        description: DownwardAPIVolumeFile
                                                          represents information to
                                                          create the file containing
                                                          the pod field
                                                        properties:
                                                          fieldRef:
                                                            description: 'Required:
                                                              Selects a field of the
                                                              pod: only annotations,
                                                              labels, name and namespace
                                                              are supported.'
                                                            properties:
                                                              apiVersion:
                                                                description: Version
                                                                  of the schema the
                                                                  FieldPath is written
                                                                  in terms of, defaults
                                                                  to "v1".
                                                                type: string
                                                              fieldPath:
                                                                description: Path
                                                                  of the field to
                                                                  select in the specified
                                                                  API version.
                                                                type: string
                                                            required:
                                                            - fieldPath
                                                            type: object
                                                          mode:
                                                            description: 'Optional:
                                                              mode bits used to set
                                                              permissions on this
                                                              file, must be an octal
                                                              value between 0000 and
                                                              0777 or a decimal value
                                                              between 0 and 511. YAML
                                                              accepts both octal and
                                                              decimal values, JSON
                                                              requires decimal values
                                                              for mode bits. If not
                                                              specified, the volume
                                                              defaultMode will be
                                                              used. This might be
                                                              in conflict with other
                                                              options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: 'Required:
                                                              Path is  the relative
                                                              path name of the file
                                                              to be created. Must
                                                              not be absolute or contain
                                                              the ''..'' path. Must
                                                              be utf-8 encoded. The
                                                              first item of the relative
                                                              path must not start
                                                              with ''..'''
                                                            type: string
                                                          resourceFieldRef:
                                                            description: 'Selects
                                                              a resource of the container:
                                                              only resources limits
                                                              and requests (limits.cpu,
                                                              limits.memory, requests.cpu
                                                              and requests.memory)
                                                              are currently supported.'
                                                            properties:
                                                              containerName:
                                                                description: 'Container
                                                                  name: required for
                                                                  volumes, optional
                                                                  for env vars'
                                                                type: string
                                                              divisor:
                                                                anyOf:
                                                                - type: integer
                                                                - type: string
                                                                description: Specifies
                                                                  the output format
                                                                  of the exposed resources,
                                                                  defaults to "1"
                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                x-kubernetes-int-or-string: true
                                                              resource:
                                                                description: 'Required:
                                                                  resource to select'
                                                                type: string
                                                            required:
                                                            - resource
                                                            type: object
                                                        required:
                                                        - path
                                                        type: object
                                                      type: array
                                                  type: object
                                                secret:
                                                  description: secret information
                                                    about the secret data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        Secret will be projected into
                                                        the volume as a file whose
                                                        name is the key and content
                                                        is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        Secret, the volume setup will
                                                        error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional field
                                                        specify whether the Secret
                                                        or its key must be defined
                                                      type: boolean
                                                  type: object
                                                serviceAccountToken:
                                                  description: serviceAccountToken
                                                    is information about the serviceAccountToken
                                                    data to project
                                                  properties:
                                                    audience:
                                                      description: audience is the
                                                        intended audience of the token.
                                                        A recipient of a token must
                                                        identify itself with an identifier
                                                        specified in the audience
                                                        of the token, and otherwise
                                                        should reject the token. The
                                                        audience defaults to the identifier
                                                        of the apiserver.
                                                      type: string
                                                    expirationSeconds:
                                                      description: expirationSeconds
                                                        is the requested duration
                                                        of validity of the service
                                                        account token. As the token
                                                        approaches expiration, the
                                                        kubelet volume plugin will
                                                        proactively rotate the service
                                                        account token. The kubelet
                                                        will start trying to rotate
                                                        the token if the token is
                                                        older than 80 percent of its
                                                        time to live or if the token
                                                        is older than 24 hours.Defaults
                                                        to 1 hour and must be at least
                                                        10 minutes.
                                                      format: int64
                                                      type: integer
                                                    path:
                                                      description: path is the path
                                                        relative to the mount point
                                                        of the file to project the
                                                        token into.
                                                      type: string
                                                  required:
                                                  - path
                                                  type: object
                                              type: object
                                            type: array
                                        type: object
                                      quobyte:
                                        description: quobyte represents a Quobyte
                                          mount on the host that shares a pod's lifetime
                                        properties:
                                          group:
                                            description: group to map volume access
                                              to Default is no group
                                            type: string
                                          readOnly:
                                            description: readOnly here will force
                                              the Quobyte volume to be mounted with
                                              read-only permissions. Defaults to false.
                                            type: boolean
                                          registry:
                                            description: registry represents a single
                                              or multiple Quobyte Registry services
                                              specified as a string as host:port pair
                                              (multiple entries are separated with
                                              commas) which acts as the central registry
                                              for volumes
                                            type: string
                                          tenant:
                                            description: tenant owning the given Quobyte
                                              volume in the Backend Used with dynamically
                                              provisioned Quobyte volumes, value is
                                              set by the plugin
                                            type: string
                                          user:
                                            description: user to map volume access
                                              to Defaults to serivceaccount user
                                            type: string
                                          volume:
                                            description: volume is a string that references
                                              an already created Quobyte volume by
                                              name.
                                            type: string
                                        required:
                                        - registry
                                        - volume
                                        type: object
                                      rbd:
                                        description: 'rbd represents a Rados Block
                                          Device mount on the host that shares a pod''s
                                          lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          image:
                                            description: 'image is the rados image
                                              name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          keyring:
                                            description: 'keyring is the path to key
                                              ring for RBDUser. Default is /etc/ceph/keyring.
                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          monitors:
                                            description: 'monitors is a collection
                                              of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          pool:
                                            description: 'pool is the rados pool name.
                                              Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is name of the
                                              authentication secret for RBDUser. If
                                              provided overrides keyring. Default
                                              is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is the rados user name.
                                              Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - image
                                        - monitors
                                        type: object
                                      scaleIO:
                                        description: scaleIO represents a ScaleIO
                                          persistent volume attached and mounted on
                                          Kubernetes nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Default
                                              is "xfs".
                                            type: string
                                          gateway:
                                            description: gateway is the host address
                                              of the ScaleIO API Gateway.
                                            type: string
                                          protectionDomain:
                                            description: protectionDomain is the name
                                              of the ScaleIO Protection Domain for
                                              the configured storage.
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef references to the
                                              secret for ScaleIO user and other sensitive
                                              information. If this is not provided,
                                              Login operation will fail.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          sslEnabled:
                                            description: sslEnabled Flag enable/disable
                                              SSL communication with Gateway, default
                                              false
                                            type: boolean
                                          storageMode:
                                            description: storageMode indicates whether
                                              the storage for a volume should be ThickProvisioned
                                              or ThinProvisioned. Default is ThinProvisioned.
                                            type: string
                                          storagePool:
                                            description: storagePool is the ScaleIO
                                              Storage Pool associated with the protection
                                              domain.
                                            type: string
                                          system:
                                            description: system is the name of the
                                              storage system as configured in ScaleIO.
                                            type: string
                                          volumeName:
                                            description: volumeName is the name of
                                              a volume already created in the ScaleIO
                                              system that is associated with this
                                              volume source.
                                            type: string
                                        required:
                                        - gateway
                                        - secretRef
                                        - system
                                        type: object
                                      secret:
                                        description: 'secret represents a secret that
                                          should populate this volume. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is Optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items If unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its keys must be defined
                                            type: boolean
                                          secretName:
                                            description: 'secretName is the name of
                                              the secret in the pod''s namespace to
                                              use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            type: string
                                        type: object
                                      storageos:
                                        description: storageOS represents a StorageOS
                                          volume attached and mounted on Kubernetes
                                          nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef specifies the secret
                                              to use for obtaining the StorageOS API
                                              credentials.  If not specified, default
                                              values will be attempted.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeName:
                                            description: volumeName is the human-readable
                                              name of the StorageOS volume.  Volume
                                              names are only unique within a namespace.
                                            type: string
                                          volumeNamespace:
                                            description: volumeNamespace specifies
                                              the scope of the volume within StorageOS.  If
                                              no namespace is specified then the Pod's
                                              namespace will be used.  This allows
                                              the Kubernetes name scoping to be mirrored
                                              within StorageOS for tighter integration.
                                              Set VolumeName to any name to override
                                              the default behaviour. Set to "default"
                                              if you are not using namespaces within
                                              StorageOS. Namespaces that do not pre-exist
                                              within StorageOS will be created.
                                            type: string
                                        type: object
                                      vsphereVolume:
                                        description: vsphereVolume represents a vSphere
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fsType is filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          storagePolicyID:
                                            description: storagePolicyID is the storage
                                              Policy Based Management (SPBM) profile
                                              ID associated with the StoragePolicyName.
                                            type: string
                                          storagePolicyName:
                                            description: storagePolicyName is the
                                              storage Policy Based Management (SPBM)
                                              profile name.
                                            type: string
                                          volumePath:
                                            description: volumePath is the path that
                                              identifies vSphere volume vmdk
                                            type: string
                                        required:
                                        - volumePath
                                        type: object
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                workspaces:
                                  description: Workspaces are the volumes that this
                                    Task requires.
                                  items:
                                    description: WorkspaceDeclaration is a declaration
                                      of a volume that a Task requires.
                                    properties:
                                      description:
                                        description: Description is an optional human
                                          readable description of this volume.
                                        type: string
                                      mountPath:
                                        description: MountPath overrides the directory
                                          that the volume will be made available at.
                                        type: string
                                      name:
                                        description: Name is the name by which you
                                          can bind the volume at runtime.
                                        type: string
                                      optional:
                                        description: Optional marks a Workspace as
                                          not being required in TaskRuns. By default
                                          this field is false and so declared workspaces
                                          are required.
                                        type: boolean
                                      readOnly:
                                        description: ReadOnly dictates whether a mounted
                                          volume is writable. By default this field
                                          is false and so mounted volumes are writable.
                                        type: boolean
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            timeout:
                              description: 'Time after which the TaskRun times out.
                                Defaults to 1 hour. Specified TaskRun timeout should
                                be less than 24h. Refer Go''s ParseDuration documentation
                                for expected format: https://golang.org/pkg/time/#ParseDuration'
                              type: string
                            when:
                              description: WhenExpressions is a list of when expressions
                                that need to be true for the task to run
                              items:
                                description: WhenExpression allows a PipelineTask
                                  to declare expressions to be evaluated before the
                                  Task is run to determine whether the Task should
                                  be executed or skipped
                                properties:
                                  input:
                                    description: Input is the string for guard checking
                                      which can be a static input or an output from
                                      a parent Task
                                    type: string
                                  operator:
                                    description: Operator that represents an Input's
                                      relationship to the values
                                    type: string
                                  values:
                                    description: Values is an array of strings, which
                                      is compared against the input, for guard checking
                                      It must be non-empty
                                    items:
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                required:
                                - input
                                - operator
                                - values
                                type: object
                              type: array
                            workspaces:
                              description: Workspaces maps workspaces from the pipeline
                                spec to the workspaces declared in the Task.
                              items:
                                description: WorkspacePipelineTaskBinding describes
                                  how a workspace passed into the pipeline should
                                  be mapped to a task's declared workspace.
                                properties:
                                  name:
                                    description: Name is the name of the workspace
                                      as declared by the task
                                    type: string
                                  subPath:
                                    description: SubPath is optionally a directory
                                      on the volume which should be used for this
                                      binding (i.e. the volume will be mounted at
                                      this sub directory).
                                    type: string
                                  workspace:
                                    description: Workspace is the name of the workspace
                                      declared by the pipeline
                                    type: string
                                required:
                                - name
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      workspaces:
                        description: Workspaces declares a set of named workspaces
                          that are expected to be provided by a PipelineRun.
                        items:
                          description: PipelineWorkspaceDeclaration creates a named
                            slot in a Pipeline that a PipelineRun is expected to populate
                            with a workspace binding.
                          properties:
                            description:
                              description: Description is a human readable string
                                describing how the workspace will be used in the Pipeline.
                                It can be useful to include a bit of detail about
                                which tasks are intended to have access to the data
                                on the workspace.
                              type: string
                            name:
                              description: Name is the name of a workspace to be provided
                                by a PipelineRun.
                              type: string
                            optional:
                              description: Optional marks a Workspace as not being
                                required in PipelineRuns. By default this field is
                                false and so declared workspaces are required.
                              type: boolean
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                    type: object
                  podTemplate:
                    description: PodTemplate holds pod specific configuration
                    properties:
                      affinity:
                        description: If specified, the pod's scheduling constraints
                        properties:
                          nodeAffinity:
                            description: Describes node affinity scheduling rules
                              for the pod.
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling affinity expressions,
                                  etc.), compute a sum by iterating through the elements
                                  of this field and adding "weight" to the sum if
                                  the node matches the corresponding matchExpressions;
                                  the node(s) with the highest sum are the most preferred.
                                items:
                                  description: An empty preferred scheduling term
                                    matches all objects with implicit weight 0 (i.e.
                                    it's a no-op). A null preferred scheduling term
                                    matches no objects (i.e. is also a no-op).
                                  properties:
                                    preference:
                                      description: A node selector term, associated
                                        with the corresponding weight.
                                      properties:
                                        matchExpressions:
                                          description: A list of node selector requirements
                                            by node's labels.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchFields:
                                          description: A list of node selector requirements
                                            by node's fields.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                      type: object
                                    weight:
                                      description: Weight associated with matching
                                        the corresponding nodeSelectorTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - preference
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  affinity requirements specified by this field cease
                                  to be met at some point during pod execution (e.g.
                                  due to an update), the system may or may not try
                                  to eventually evict the pod from its node.
                                properties:
                                  nodeSelectorTerms:
                                    description: Required. A list of node selector
                                      terms. The terms are ORed.
                                    items:
                                      description: A null or empty node selector term
                                        matches no objects. The requirements of them
                                        are ANDed. The TopologySelectorTerm type implements
                                        a subset of the NodeSelectorTerm.
                                      properties:
                                        matchExpressions:
                                          description: A list of node selector requirements
                                            by node's labels.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchFields:
                                          description: A list of node selector requirements
                                            by node's fields.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                      type: object
                                    type: array
                                required:
                                - nodeSelectorTerms
                                type: object
                            type: object
                          podAffinity:
                            description: Describes pod affinity scheduling rules (e.g.
                              co-locate this pod in the same node, zone, etc. as some
                              other pod(s)).
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling affinity expressions,
                                  etc.), compute a sum by iterating through the elements
                                  of this field and adding "weight" to the sum if
                                  the node has pods which matches the corresponding
                                  podAffinityTerm; the node(s) with the highest sum
                                  are the most preferred.
                                items:
                                  description: The weights of all of the matched WeightedPodAffinityTerm
                                    fields are added per-node to find the most preferred
                                    node(s)
                                  properties:
                                    podAffinityTerm:
                                      description: Required. A pod affinity term,
                                        associated with the corresponding weight.
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    weight:
                                      description: weight associated with matching
                                        the corresponding podAffinityTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - podAffinityTerm
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  affinity requirements specified by this field cease
                                  to be met at some point during pod execution (e.g.
                                  due to a pod label update), the system may or may
                                  not try to eventually evict the pod from its node.
                                  When there are multiple elements, the lists of nodes
                                  corresponding to each podAffinityTerm are intersected,
                                  i.e. all terms must be satisfied.
                                items:
                                  description: Defines a set of pods (namely those
                                    matching the labelSelector relative to the given
                                    namespace(s)) that this pod should be co-located
                                    (affinity) or not co-located (anti-affinity) with,
                                    where co-located is defined as running on a node
                                    whose value of the label with key <topologyKey>
                                    matches that of any node on which a pod of the
                                    set of pods is running
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                type: array
                            type: object
                          podAntiAffinity:
                            description: Describes pod anti-affinity scheduling rules
                              (e.g. avoid putting this pod in the same node, zone,
                              etc. as some other pod(s)).
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the anti-affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling anti-affinity
                                  expressions, etc.), compute a sum by iterating through
                                  the elements of this field and adding "weight" to
                                  the sum if the node has pods which matches the corresponding
                                  podAffinityTerm; the node(s) with the highest sum
                                  are the most preferred.
                                items:
                                  description: The weights of all of the matched WeightedPodAffinityTerm
                                    fields are added per-node to find the most preferred
                                    node(s)
                                  properties:
                                    podAffinityTerm:
                                      description: Required. A pod affinity term,
                                        associated with the corresponding weight.
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    weight:
                                      description: weight associated with matching
                                        the corresponding podAffinityTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - podAffinityTerm
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the anti-affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  anti-affinity requirements specified by this field
                                  cease to be met at some point during pod execution
                                  (e.g. due to a pod label update), the system may
                                  or may not try to eventually evict the pod from
                                  its node. When there are multiple elements, the
                                  lists of nodes corresponding to each podAffinityTerm
                                  are intersected, i.e. all terms must be satisfied.
                                items:
                                  description: Defines a set of pods (namely those
                                    matching the labelSelector relative to the given
                                    namespace(s)) that this pod should be co-located
                                    (affinity) or not co-located (anti-affinity) with,
                                    where co-located is defined as running on a node
                                    whose value of the label with key <topologyKey>
                                    matches that of any node on which a pod of the
                                    set of pods is running
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                type: array
                            type: object
                        type: object
                      automountServiceAccountToken:
                        description: AutomountServiceAccountToken indicates whether
                          pods running as this service account should have an API
                          token automatically mounted.
                        type: boolean
                      dnsConfig:
                        description: Specifies the DNS parameters of a pod. Parameters
                          specified here will be merged to the generated DNS configuration
                          based on DNSPolicy.
                        properties:
                          nameservers:
                            description: A list of DNS name server IP addresses. This
                              will be appended to the base nameservers generated from
                              DNSPolicy. Duplicated nameservers will be removed.
                            items:
                              type: string
                            type: array
                          options:
                            description: A list of DNS resolver options. This will
                              be merged with the base options generated from DNSPolicy.
                              Duplicated entries will be removed. Resolution options
                              given in Options will override those that appear in
                              the base DNSPolicy.
                            items:
                              description: PodDNSConfigOption defines DNS resolver
                                options of a pod.
                              properties:
                                name:
                                  description: Required.
                                  type: string
                                value:
                                  type: string
                              type: object
                            type: array
                          searches:
                            description: A list of DNS search domains for host-name
                              lookup. This will be appended to the base search paths
                              generated from DNSPolicy. Duplicated search paths will
                              be removed.
                            items:
                              type: string
                            type: array
                        type: object
                      dnsPolicy:
                        description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                          Valid values are 'ClusterFirst', 'Default' or 'None'. DNS
                          parameters given in DNSConfig will be merged with the policy
                          selected with DNSPolicy.
                        type: string
                      enableServiceLinks:
                        description: 'EnableServiceLinks indicates whether information
                          about services should be injected into pod''s environment
                          variables, matching the syntax of Docker links. Optional:
                          Defaults to true.'
                        type: boolean
                      env:
                        description: List of environment variables that can be provided
                          to the containers belonging to the pod.
                        items:
                          description: EnvVar represents an environment variable present
                            in a Container.
                          properties:
                            name:
                              description: Name of the environment variable. Must
                                be a C_IDENTIFIER.
                              type: string
                            value:
                              description: 'Variable references $(VAR_NAME) are expanded
                                using the previously defined environment variables
                                in the container and any service environment variables.
                                If a variable cannot be resolved, the reference in
                                the input string will be unchanged. Double $$ are
                                reduced to a single $, which allows for escaping the
                                $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
                                the string literal "$(VAR_NAME)". Escaped references
                                will never be expanded, regardless of whether the
                                variable exists or not. Defaults to "".'
                              type: string
                            valueFrom:
                              description: Source for the environment variable's value.
                                Cannot be used if value is not empty.
                              properties:
                                configMapKeyRef:
                                  description: Selects a key of a ConfigMap.
                                  properties:
                                    key:
                                      description: The key to select.
                                      type: string
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the ConfigMap or
                                        its key must be defined
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                fieldRef:
                                  description: 'Selects a field of the pod: supports
                                    metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                    spec.serviceAccountName, status.hostIP, status.podIP,
                                    status.podIPs.'
                                  properties:
                                    apiVersion:
                                      description: Version of the schema the FieldPath
                                        is written in terms of, defaults to "v1".
                                      type: string
                                    fieldPath:
                                      description: Path of the field to select in
                                        the specified API version.
                                      type: string
                                  required:
                                  - fieldPath
                                  type: object
                                resourceFieldRef:
                                  description: 'Selects a resource of the container:
                                    only resources limits and requests (limits.cpu,
                                    limits.memory, limits.ephemeral-storage, requests.cpu,
                                    requests.memory and requests.ephemeral-storage)
                                    are currently supported.'
                                  properties:
                                    containerName:
                                      description: 'Container name: required for volumes,
                                        optional for env vars'
                                      type: string
                                    divisor:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Specifies the output format of
                                        the exposed resources, defaults to "1"
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    resource:
                                      description: 'Required: resource to select'
                                      type: string
                                  required:
                                  - resource
                                  type: object
                                secretKeyRef:
                                  description: Selects a key of a secret in the pod's
                                    namespace
                                  properties:
                                    key:
                                      description: The key of the secret to select
                                        from.  Must be a valid secret key.
                                      type: string
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                    optional:
                                      description: Specify whether the Secret or its
                                        key must be defined
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                              type: object
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      hostAliases:
                        description: HostAliases is an optional list of hosts and
                          IPs that will be injected into the pod's hosts file if specified.
                          This is only valid for non-hostNetwork pods.
                        items:
                          description: HostAlias holds the mapping between IP and
                            hostnames that will be injected as an entry in the pod's
                            hosts file.
                          properties:
                            hostnames:
                              description: Hostnames for the above IP address.
                              items:
                                type: string
                              type: array
                            ip:
                              description: IP address of the host file entry.
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      hostNetwork:
                        description: HostNetwork specifies whether the pod may use
                          the node network namespace
                        type: boolean
                      imagePullSecrets:
                        description: ImagePullSecrets gives the name of the secret
                          used by the pod to pull the image if specified
                        items:
                          description: LocalObjectReference contains enough information
                            to let you locate the referenced object inside the same
                            namespace.
                          properties:
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      nodeSelector:
                        additionalProperties:
                          type: string
                        description: 'NodeSelector is a selector which must be true
                          for the pod to fit on a node. Selector which must match
                          a node''s labels for the pod to be scheduled on that node.
                          More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                        type: object
                      priorityClassName:
                        description: If specified, indicates the pod's priority. "system-node-critical"
                          and "system-cluster-critical" are two special keywords which
                          indicate the highest priorities with the former being the
                          highest priority. Any other name must be defined by creating
                          a PriorityClass object with that name. If not specified,
                          the pod priority will be default or zero if there is no
                          default.
                        type: string
                      runtimeClassName:
                        description: 'RuntimeClassName refers to a RuntimeClass object
                          in the node.k8s.io group, which should be used to run this
                          pod. If no RuntimeClass resource matches the named class,
                          the pod will not be run. If unset or empty, the "legacy"
                          RuntimeClass will be used, which is an implicit class with
                          an empty definition that uses the default runtime handler.
                          More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                          This is a beta feature as of Kubernetes v1.14.'
                        type: string
                      schedulerName:
                        description: SchedulerName specifies the scheduler to be used
                          to dispatch the Pod
                        type: string
                      securityContext:
                        description: 'SecurityContext holds pod-level security attributes
                          and common container settings. Optional: Defaults to empty.  See
                          type description for default values of each field.'
                        properties:
                          fsGroup:
                            description: "A special supplemental group that applies
                              to all containers in a pod. Some volume types allow
                              the Kubelet to change the ownership of that volume to
                              be owned by the pod: \n 1. The owning GID will be the
                              FSGroup 2. The setgid bit is set (new files created
                              in the volume will be owned by FSGroup) 3. The permission
                              bits are OR'd with rw-rw---- \n If unset, the Kubelet
                              will not modify the ownership and permissions of any
                              volume. Note that this field cannot be set when spec.os.name
                              is windows."
                            format: int64
                            type: integer
                          fsGroupChangePolicy:
                            description: 'fsGroupChangePolicy defines behavior of
                              changing ownership and permission of the volume before
                              being exposed inside Pod. This field will only apply
                              to volume types which support fsGroup based ownership(and
                              permissions). It will have no effect on ephemeral volume
                              types such as: secret, configmaps and emptydir. Valid
                              values are "OnRootMismatch" and "Always". If not specified,
                              "Always" is used. Note that this field cannot be set
                              when spec.os.name is windows.'
                            type: string
                          runAsGroup:
                            description: The GID to run the entrypoint of the container
                              process. Uses runtime default if unset. May also be
                              set in SecurityContext.  If set in both SecurityContext
                              and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container. Note that this
                              field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          runAsNonRoot:
                            description: Indicates that the container must run as
                              a non-root user. If true, the Kubelet will validate
                              the image at runtime to ensure that it does not run
                              as UID 0 (root) and fail to start the container if it
                              does. If unset or false, no such validation will be
                              performed. May also be set in SecurityContext.  If set
                              in both SecurityContext and PodSecurityContext, the
                              value specified in SecurityContext takes precedence.
                            type: boolean
                          runAsUser:
                            description: The UID to run the entrypoint of the container
                              process. Defaults to user specified in image metadata
                              if unspecified. May also be set in SecurityContext.  If
                              set in both SecurityContext and PodSecurityContext,
                              the value specified in SecurityContext takes precedence
                              for that container. Note that this field cannot be set
                              when spec.os.name is windows.
                            format: int64
                            type: integer
                          seLinuxOptions:
                            description: The SELinux context to be applied to all
                              containers. If unspecified, the container runtime will
                              allocate a random SELinux context for each container.  May
                              also be set in SecurityContext.  If set in both SecurityContext
                              and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container. Note that this
                              field cannot be set when spec.os.name is windows.
                            properties:
                              level:
                                description: Level is SELinux level label that applies
                                  to the container.
                                type: string
                              role:
                                description: Role is a SELinux role label that applies
                                  to the container.
                                type: string
                              type:
                                description: Type is a SELinux type label that applies
                                  to the container.
                                type: string
                              user:
                                description: User is a SELinux user label that applies
                                  to the container.
                                type: string
                            type: object
                          seccompProfile:
                            description: The seccomp options to use by the containers
                              in this pod. Note that this field cannot be set when
                              spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: localhostProfile indicates a profile
                                  defined in a file on the node should be used. The
                                  profile must be preconfigured on the node to work.
                                  Must be a descending path, relative to the kubelet's
                                  configured seccomp profile location. Must only be
                                  set if type is "Localhost".
                                type: string
                              type:
                                description: "type indicates which kind of seccomp
                                  profile will be applied. Valid options are: \n Localhost
                                  - a profile defined in a file on the node should
                                  be used. RuntimeDefault - the container runtime
                                  default profile should be used. Unconfined - no
                                  profile should be applied."
                                type: string
                            required:
                            - type
                            type: object
                          supplementalGroups:
                            description: A list of groups applied to the first process
                              run in each container, in addition to the container's
                              primary GID.  If unspecified, no groups will be added
                              to any container. Note that this field cannot be set
                              when spec.os.name is windows.
                            items:
                              format: int64
                              type: integer
                            type: array
                          sysctls:
                            description: Sysctls hold a list of namespaced sysctls
                              used for the pod. Pods with unsupported sysctls (by
                              the container runtime) might fail to launch. Note that
                              this field cannot be set when spec.os.name is windows.
                            items:
                              description: Sysctl defines a kernel parameter to be
                                set
                              properties:
                                name:
                                  description: Name of a property to set
                                  type: string
                                value:
                                  description: Value of a property to set
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                          windowsOptions:
                            description: The Windows specific settings applied to
                              all containers. If unspecified, the options within a
                              container's SecurityContext will be used. If set in
                              both SecurityContext and PodSecurityContext, the value
                              specified in SecurityContext takes precedence. Note
                              that this field cannot be set when spec.os.name is linux.
                            properties:
                              gmsaCredentialSpec:
                                description: GMSACredentialSpec is where the GMSA
                                  admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                  inlines the contents of the GMSA credential spec
                                  named by the GMSACredentialSpecName field.
                                type: string
                              gmsaCredentialSpecName:
                                description: GMSACredentialSpecName is the name of
                                  the GMSA credential spec to use.
                                type: string
                              hostProcess:
                                description: HostProcess determines if a container
                                  should be run as a 'Host Process' container. This
                                  field is alpha-level and will only be honored by
                                  components that enable the WindowsHostProcessContainers
                                  feature flag. Setting this field without the feature
                                  flag will result in errors when validating the Pod.
                                  All of a Pod's containers must have the same effective
                                  HostProcess value (it is not allowed to have a mix
                                  of HostProcess containers and non-HostProcess containers).  In
                                  addition, if HostProcess is true then HostNetwork
                                  must also be set to true.
                                type: boolean
                              runAsUserName:
                                description: The UserName in Windows to run the entrypoint
                                  of the container process. Defaults to the user specified
                                  in image metadata if unspecified. May also be set
                                  in PodSecurityContext. If set in both SecurityContext
                                  and PodSecurityContext, the value specified in SecurityContext
                                  takes precedence.
                                type: string
                            type: object
                        type: object
                      tolerations:
                        description: If specified, the pod's tolerations.
                        items:
                          description: The pod this Toleration is attached to tolerates
                            any taint that matches the triple <key,value,effect> using
                            the matching operator <operator>.
                          properties:
                            effect:
                              description: Effect indicates the taint effect to match.
                                Empty means match all taint effects. When specified,
                                allowed values are NoSchedule, PreferNoSchedule and
                                NoExecute.
                              type: string
                            key:
                              description: Key is the taint key that the toleration
                                applies to. Empty means match all taint keys. If the
                                key is empty, operator must be Exists; this combination
                                means to match all values and all keys.
                              type: string
                            operator:
                              description: Operator represents a key's relationship
                                to the value. Valid operators are Exists and Equal.
                                Defaults to Equal. Exists is equivalent to wildcard
                                for value, so that a pod can tolerate all taints of
                                a particular category.
                              type: string
                            tolerationSeconds:
                              description: TolerationSeconds represents the period
                                of time the toleration (which must be of effect NoExecute,
                                otherwise this field is ignored) tolerates the taint.
                                By default, it is not set, which means tolerate the
                                taint forever (do not evict). Zero and negative values
                                will be treated as 0 (evict immediately) by the system.
                              format: int64
                              type: integer
                            value:
                              description: Value is the taint value the toleration
                                matches to. If the operator is Exists, the value should
                                be empty, otherwise just a regular string.
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      topologySpreadConstraints:
                        description: TopologySpreadConstraints controls how Pods are
                          spread across your cluster among failure-domains such as
                          regions, zones, nodes, and other user-defined topology domains.
                        items:
                          description: TopologySpreadConstraint specifies how to spread
                            matching pods among the given topology.
                          properties:
                            labelSelector:
                              description: LabelSelector is used to find matching
                                pods. Pods that match this label selector are counted
                                to determine the number of pods in their corresponding
                                topology domain.
                              properties:
                                matchExpressions:
                                  description: matchExpressions is a list of label
                                    selector requirements. The requirements are ANDed.
                                  items:
                                    description: A label selector requirement is a
                                      selector that contains values, a key, and an
                                      operator that relates the key and values.
                                    properties:
                                      key:
                                        description: key is the label key that the
                                          selector applies to.
                                        type: string
                                      operator:
                                        description: operator represents a key's relationship
                                          to a set of values. Valid operators are
                                          In, NotIn, Exists and DoesNotExist.
                                        type: string
                                      values:
                                        description: values is an array of string
                                          values. If the operator is In or NotIn,
                                          the values array must be non-empty. If the
                                          operator is Exists or DoesNotExist, the
                                          values array must be empty. This array is
                                          replaced during a strategic merge patch.
                                        items:
                                          type: string
                                        type: array
                                    required:
                                    - key
                                    - operator
                                    type: object
                                  type: array
                                matchLabels:
                                  additionalProperties:
                                    type: string
                                  description: matchLabels is a map of {key,value}
                                    pairs. A single {key,value} in the matchLabels
                                    map is equivalent to an element of matchExpressions,
                                    whose key field is "key", the operator is "In",
                                    and the values array contains only "value". The
                                    requirements are ANDed.
                                  type: object
                              type: object
                            matchLabelKeys:
                              description: MatchLabelKeys is a set of pod label keys
                                to select the pods over which spreading will be calculated.
                                The keys are used to lookup values from the incoming
                                pod labels, those key-value labels are ANDed with
                                labelSelector to select the group of existing pods
                                over which spreading will be calculated for the incoming
                                pod. Keys that don't exist in the incoming pod labels
                                will be ignored. A null or empty list means only match
                                against labelSelector.
                              items:
                                type: string
                              type: array
                              x-kubernetes-list-type: atomic
                            maxSkew:
                              description: 'MaxSkew describes the degree to which
                                pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
                                it is the maximum permitted difference between the
                                number of matching pods in the target topology and
                                the global minimum. The global minimum is the minimum
                                number of matching pods in an eligible domain or zero
                                if the number of eligible domains is less than MinDomains.
                                For example, in a 3-zone cluster, MaxSkew is set to
                                1, and pods with the same labelSelector spread as
                                2/2/1: In this case, the global minimum is 1. | zone1
                                | zone2 | zone3 | |  P P  |  P P  |   P   | - if MaxSkew
                                is 1, incoming pod can only be scheduled to zone3
                                to become 2/2/2; scheduling it onto zone1(zone2) would
                                make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1).
                                - if MaxSkew is 2, incoming pod can be scheduled onto
                                any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                                it is used to give higher precedence to topologies
                                that satisfy it. It''s a required field. Default value
                                is 1 and 0 is not allowed.'
                              format: int32
                              type: integer
                            minDomains:
                              description: "MinDomains indicates a minimum number
                                of eligible domains. When the number of eligible domains
                                with matching topology keys is less than minDomains,
                                Pod Topology Spread treats \"global minimum\" as 0,
                                and then the calculation of Skew is performed. And
                                when the number of eligible domains with matching
                                topology keys equals or greater than minDomains, this
                                value has no effect on scheduling. As a result, when
                                the number of eligible domains is less than minDomains,
                                scheduler won't schedule more than maxSkew Pods to
                                those domains. If value is nil, the constraint behaves
                                as if MinDomains is equal to 1. Valid values are integers
                                greater than 0. When value is not nil, WhenUnsatisfiable
                                must be DoNotSchedule. \n For example, in a 3-zone
                                cluster, MaxSkew is set to 2, MinDomains is set to
                                5 and pods with the same labelSelector spread as 2/2/2:
                                | zone1 | zone2 | zone3 | |  P P  |  P P  |  P P  |
                                The number of domains is less than 5(MinDomains),
                                so \"global minimum\" is treated as 0. In this situation,
                                new pod with the same labelSelector cannot be scheduled,
                                because computed skew will be 3(3 - 0) if new Pod
                                is scheduled to any of the three zones, it will violate
                                MaxSkew. \n This is a beta field and requires the
                                MinDomainsInPodTopologySpread feature gate to be enabled
                                (enabled by default)."
                              format: int32
                              type: integer
                            nodeAffinityPolicy:
                              description: "NodeAffinityPolicy indicates how we will
                                treat Pod's nodeAffinity/nodeSelector when calculating
                                pod topology spread skew. Options are: - Honor: only
                                nodes matching nodeAffinity/nodeSelector are included
                                in the calculations. - Ignore: nodeAffinity/nodeSelector
                                are ignored. All nodes are included in the calculations.
                                \n If this value is nil, the behavior is equivalent
                                to the Honor policy. This is a alpha-level feature
                                enabled by the NodeInclusionPolicyInPodTopologySpread
                                feature flag."
                              type: string
                            nodeTaintsPolicy:
                              description: "NodeTaintsPolicy indicates how we will
                                treat node taints when calculating pod topology spread
                                skew. Options are: - Honor: nodes without taints,
                                along with tainted nodes for which the incoming pod
                                has a toleration, are included. - Ignore: node taints
                                are ignored. All nodes are included. \n If this value
                                is nil, the behavior is equivalent to the Ignore policy.
                                This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
                                feature flag."
                              type: string
                            topologyKey:
                              description: TopologyKey is the key of node labels.
                                Nodes that have a label with this key and identical
                                values are considered to be in the same topology.
                                We consider each <key, value> as a "bucket", and try
                                to put balanced number of pods into each bucket. We
                                define a domain as a particular instance of a topology.
                                Also, we define an eligible domain as a domain whose
                                nodes meet the requirements of nodeAffinityPolicy
                                and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
                                each Node is a domain of that topology. And, if TopologyKey
                                is "topology.kubernetes.io/zone", each zone is a domain
                                of that topology. It's a required field.
                              type: string
                            whenUnsatisfiable:
                              description: 'WhenUnsatisfiable indicates how to deal
                                with a pod if it doesn''t satisfy the spread constraint.
                                - DoNotSchedule (default) tells the scheduler not
                                to schedule it. - ScheduleAnyway tells the scheduler
                                to schedule the pod in any location,   but giving
                                higher precedence to topologies that would help reduce
                                the   skew. A constraint is considered "Unsatisfiable"
                                for an incoming pod if and only if every possible
                                node assignment for that pod would violate "MaxSkew"
                                on some topology. For example, in a 3-zone cluster,
                                MaxSkew is set to 1, and pods with the same labelSelector
                                spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P
                                |   P   |   P   | If WhenUnsatisfiable is set to DoNotSchedule,
                                incoming pod can only be scheduled to zone2(zone3)
                                to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
                                satisfies MaxSkew(1). In other words, the cluster
                                can still be imbalanced, but scheduler won''t make
                                it *more* imbalanced. It''s a required field.'
                              type: string
                          required:
                          - maxSkew
                          - topologyKey
                          - whenUnsatisfiable
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      volumes:
                        description: 'List of volumes that can be mounted by containers
                          belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                        items:
                          description: Volume represents a named volume in a pod that
                            may be accessed by any container in the pod.
                          properties:
                            awsElasticBlockStore:
                              description: 'awsElasticBlockStore represents an AWS
                                Disk resource that is attached to a kubelet''s host
                                machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                partition:
                                  description: 'partition is the partition in the
                                    volume that you want to mount. If omitted, the
                                    default is to mount by volume name. Examples:
                                    For volume /dev/sda1, you specify the partition
                                    as "1". Similarly, the volume partition for /dev/sda
                                    is "0" (or you can leave the property empty).'
                                  format: int32
                                  type: integer
                                readOnly:
                                  description: 'readOnly value true will force the
                                    readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                  type: boolean
                                volumeID:
                                  description: 'volumeID is unique ID of the persistent
                                    disk resource in AWS (Amazon EBS volume). More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                  type: string
                              required:
                              - volumeID
                              type: object
                            azureDisk:
                              description: azureDisk represents an Azure Data Disk
                                mount on the host and bind mount to the pod.
                              properties:
                                cachingMode:
                                  description: 'cachingMode is the Host Caching mode:
                                    None, Read Only, Read Write.'
                                  type: string
                                diskName:
                                  description: diskName is the Name of the data disk
                                    in the blob storage
                                  type: string
                                diskURI:
                                  description: diskURI is the URI of data disk in
                                    the blob storage
                                  type: string
                                fsType:
                                  description: fsType is Filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                kind:
                                  description: 'kind expected values are Shared: multiple
                                    blob disks per storage account  Dedicated: single
                                    blob disk per storage account  Managed: azure
                                    managed data disk (only in managed availability
                                    set). defaults to shared'
                                  type: string
                                readOnly:
                                  description: readOnly Defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                              required:
                              - diskName
                              - diskURI
                              type: object
                            azureFile:
                              description: azureFile represents an Azure File Service
                                mount on the host and bind mount to the pod.
                              properties:
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretName:
                                  description: secretName is the  name of secret that
                                    contains Azure Storage Account Name and Key
                                  type: string
                                shareName:
                                  description: shareName is the azure share Name
                                  type: string
                              required:
                              - secretName
                              - shareName
                              type: object
                            cephfs:
                              description: cephFS represents a Ceph FS mount on the
                                host that shares a pod's lifetime
                              properties:
                                monitors:
                                  description: 'monitors is Required: Monitors is
                                    a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  items:
                                    type: string
                                  type: array
                                path:
                                  description: 'path is Optional: Used as the mounted
                                    root, rather than the full Ceph tree, default
                                    is /'
                                  type: string
                                readOnly:
                                  description: 'readOnly is Optional: Defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: boolean
                                secretFile:
                                  description: 'secretFile is Optional: SecretFile
                                    is the path to key ring for User, default is /etc/ceph/user.secret
                                    More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: string
                                secretRef:
                                  description: 'secretRef is Optional: SecretRef is
                                    reference to the authentication secret for User,
                                    default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                user:
                                  description: 'user is optional: User is the rados
                                    user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: string
                              required:
                              - monitors
                              type: object
                            cinder:
                              description: 'cinder represents a cinder volume attached
                                and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Examples: "ext4", "xfs", "ntfs".
                                    Implicitly inferred to be "ext4" if unspecified.
                                    More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: string
                                readOnly:
                                  description: 'readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is optional: points to a
                                    secret object containing parameters used to connect
                                    to OpenStack.'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                volumeID:
                                  description: 'volumeID used to identify the volume
                                    in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: string
                              required:
                              - volumeID
                              type: object
                            configMap:
                              description: configMap represents a configMap that should
                                populate this volume
                              properties:
                                defaultMode:
                                  description: 'defaultMode is optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items if unspecified, each key-value
                                    pair in the Data field of the referenced ConfigMap
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the ConfigMap, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: optional specify whether the ConfigMap
                                    or its keys must be defined
                                  type: boolean
                              type: object
                            csi:
                              description: csi (Container Storage Interface) represents
                                ephemeral storage that is handled by certain external
                                CSI drivers (Beta feature).
                              properties:
                                driver:
                                  description: driver is the name of the CSI driver
                                    that handles this volume. Consult with your admin
                                    for the correct name as registered in the cluster.
                                  type: string
                                fsType:
                                  description: fsType to mount. Ex. "ext4", "xfs",
                                    "ntfs". If not provided, the empty value is passed
                                    to the associated CSI driver which will determine
                                    the default filesystem to apply.
                                  type: string
                                nodePublishSecretRef:
                                  description: nodePublishSecretRef is a reference
                                    to the secret object containing sensitive information
                                    to pass to the CSI driver to complete the CSI
                                    NodePublishVolume and NodeUnpublishVolume calls.
                                    This field is optional, and  may be empty if no
                                    secret is required. If the secret object contains
                                    more than one secret, all secret references are
                                    passed.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                readOnly:
                                  description: readOnly specifies a read-only configuration
                                    for the volume. Defaults to false (read/write).
                                  type: boolean
                                volumeAttributes:
                                  additionalProperties:
                                    type: string
                                  description: volumeAttributes stores driver-specific
                                    properties that are passed to the CSI driver.
                                    Consult your driver's documentation for supported
                                    values.
                                  type: object
                              required:
                              - driver
                              type: object
                            downwardAPI:
                              description: downwardAPI represents downward API about
                                the pod that should populate this volume
                              properties:
                                defaultMode:
                                  description: 'Optional: mode bits to use on created
                                    files by default. Must be a Optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: Items is a list of downward API volume
                                    file
                                  items:
                                    description: DownwardAPIVolumeFile represents
                                      information to create the file containing the
                                      pod field
                                    properties:
                                      fieldRef:
                                        description: 'Required: Selects a field of
                                          the pod: only annotations, labels, name
                                          and namespace are supported.'
                                        properties:
                                          apiVersion:
                                            description: Version of the schema the
                                              FieldPath is written in terms of, defaults
                                              to "v1".
                                            type: string
                                          fieldPath:
                                            description: Path of the field to select
                                              in the specified API version.
                                            type: string
                                        required:
                                        - fieldPath
                                        type: object
                                      mode:
                                        description: 'Optional: mode bits used to
                                          set permissions on this file, must be an
                                          octal value between 0000 and 0777 or a decimal
                                          value between 0 and 511. YAML accepts both
                                          octal and decimal values, JSON requires
                                          decimal values for mode bits. If not specified,
                                          the volume defaultMode will be used. This
                                          might be in conflict with other options
                                          that affect the file mode, like fsGroup,
                                          and the result can be other mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: 'Required: Path is  the relative
                                          path name of the file to be created. Must
                                          not be absolute or contain the ''..'' path.
                                          Must be utf-8 encoded. The first item of
                                          the relative path must not start with ''..'''
                                        type: string
                                      resourceFieldRef:
                                        description: 'Selects a resource of the container:
                                          only resources limits and requests (limits.cpu,
                                          limits.memory, requests.cpu and requests.memory)
                                          are currently supported.'
                                        properties:
                                          containerName:
                                            description: 'Container name: required
                                              for volumes, optional for env vars'
                                            type: string
                                          divisor:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: Specifies the output format
                                              of the exposed resources, defaults to
                                              "1"
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          resource:
                                            description: 'Required: resource to select'
                                            type: string
                                        required:
                                        - resource
                                        type: object
                                    required:
                                    - path
                                    type: object
                                  type: array
                              type: object
                            emptyDir:
                              description: 'emptyDir represents a temporary directory
                                that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              properties:
                                medium:
                                  description: 'medium represents what type of storage
                                    medium should back this directory. The default
                                    is "" which means to use the node''s default medium.
                                    Must be an empty string (default) or Memory. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                  type: string
                                sizeLimit:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: 'sizeLimit is the total amount of local
                                    storage required for this EmptyDir volume. The
                                    size limit is also applicable for memory medium.
                                    The maximum usage on memory medium EmptyDir would
                                    be the minimum value between the SizeLimit specified
                                    here and the sum of memory limits of all containers
                                    in a pod. The default is nil which means that
                                    the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                              type: object
                            ephemeral:
                              description: "ephemeral represents a volume that is
                                handled by a cluster storage driver. The volume's
                                lifecycle is tied to the pod that defines it - it
                                will be created before the pod starts, and deleted
                                when the pod is removed. \n Use this if: a) the volume
                                is only needed while the pod runs, b) features of
                                normal volumes like restoring from snapshot or capacity
                                \   tracking are needed, c) the storage driver is
                                specified through a storage class, and d) the storage
                                driver supports dynamic volume provisioning through
                                \   a PersistentVolumeClaim (see EphemeralVolumeSource
                                for more    information on the connection between
                                this volume type    and PersistentVolumeClaim). \n
                                Use PersistentVolumeClaim or one of the vendor-specific
                                APIs for volumes that persist for longer than the
                                lifecycle of an individual pod. \n Use CSI for light-weight
                                local ephemeral volumes if the CSI driver is meant
                                to be used that way - see the documentation of the
                                driver for more information. \n A pod can use both
                                types of ephemeral volumes and persistent volumes
                                at the same time."
                              properties:
                                volumeClaimTemplate:
                                  description: "Will be used to create a stand-alone
                                    PVC to provision the volume. The pod in which
                                    this EphemeralVolumeSource is embedded will be
                                    the owner of the PVC, i.e. the PVC will be deleted
                                    together with the pod.  The name of the PVC will
                                    be `<pod name>-<volume name>` where `<volume name>`
                                    is the name from the `PodSpec.Volumes` array entry.
                                    Pod validation will reject the pod if the concatenated
                                    name is not valid for a PVC (for example, too
                                    long). \n An existing PVC with that name that
                                    is not owned by the pod will *not* be used for
                                    the pod to avoid using an unrelated volume by
                                    mistake. Starting the pod is then blocked until
                                    the unrelated PVC is removed. If such a pre-created
                                    PVC is meant to be used by the pod, the PVC has
                                    to updated with an owner reference to the pod
                                    once the pod exists. Normally this should not
                                    be necessary, but it may be useful when manually
                                    reconstructing a broken cluster. \n This field
                                    is read-only and no changes will be made by Kubernetes
                                    to the PVC after it has been created. \n Required,
                                    must not be nil."
                                  properties:
                                    metadata:
                                      description: May contain labels and annotations
                                        that will be copied into the PVC when creating
                                        it. No other fields are allowed and will be
                                        rejected during validation.
                                      type: object
                                    spec:
                                      description: The specification for the PersistentVolumeClaim.
                                        The entire content is copied unchanged into
                                        the PVC that gets created from this template.
                                        The same fields as in a PersistentVolumeClaim
                                        are also valid here.
                                      properties:
                                        accessModes:
                                          description: 'accessModes contains the desired
                                            access modes the volume should have. More
                                            info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                          items:
                                            type: string
                                          type: array
                                        dataSource:
                                          description: 'dataSource field can be used
                                            to specify either: * An existing VolumeSnapshot
                                            object (snapshot.storage.k8s.io/VolumeSnapshot)
                                            * An existing PVC (PersistentVolumeClaim)
                                            If the provisioner or an external controller
                                            can support the specified data source,
                                            it will create a new volume based on the
                                            contents of the specified data source.
                                            If the AnyVolumeDataSource feature gate
                                            is enabled, this field will always have
                                            the same contents as the DataSourceRef
                                            field.'
                                          properties:
                                            apiGroup:
                                              description: APIGroup is the group for
                                                the resource being referenced. If
                                                APIGroup is not specified, the specified
                                                Kind must be in the core API group.
                                                For any other third-party types, APIGroup
                                                is required.
                                              type: string
                                            kind:
                                              description: Kind is the type of resource
                                                being referenced
                                              type: string
                                            name:
                                              description: Name is the name of resource
                                                being referenced
                                              type: string
                                          required:
                                          - kind
                                          - name
                                          type: object
                                        dataSourceRef:
                                          description: 'dataSourceRef specifies the
                                            object from which to populate the volume
                                            with data, if a non-empty volume is desired.
                                            This may be any local object from a non-empty
                                            API group (non core object) or a PersistentVolumeClaim
                                            object. When this field is specified,
                                            volume binding will only succeed if the
                                            type of the specified object matches some
                                            installed volume populator or dynamic
                                            provisioner. This field will replace the
                                            functionality of the DataSource field
                                            and as such if both fields are non-empty,
                                            they must have the same value. For backwards
                                            compatibility, both fields (DataSource
                                            and DataSourceRef) will be set to the
                                            same value automatically if one of them
                                            is empty and the other is non-empty. There
                                            are two important differences between
                                            DataSource and DataSourceRef: * While
                                            DataSource only allows two specific types
                                            of objects, DataSourceRef   allows any
                                            non-core object, as well as PersistentVolumeClaim
                                            objects. * While DataSource ignores disallowed
                                            values (dropping them), DataSourceRef   preserves
                                            all values, and generates an error if
                                            a disallowed value is   specified. (Beta)
                                            Using this field requires the AnyVolumeDataSource
                                            feature gate to be enabled.'
                                          properties:
                                            apiGroup:
                                              description: APIGroup is the group for
                                                the resource being referenced. If
                                                APIGroup is not specified, the specified
                                                Kind must be in the core API group.
                                                For any other third-party types, APIGroup
                                                is required.
                                              type: string
                                            kind:
                                              description: Kind is the type of resource
                                                being referenced
                                              type: string
                                            name:
                                              description: Name is the name of resource
                                                being referenced
                                              type: string
                                          required:
                                          - kind
                                          - name
                                          type: object
                                        resources:
                                          description: 'resources represents the minimum
                                            resources the volume should have. If RecoverVolumeExpansionFailure
                                            feature is enabled users are allowed to
                                            specify resource requirements that are
                                            lower than previous value but must still
                                            be higher than capacity recorded in the
                                            status field of the claim. More info:
                                            https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                          properties:
                                            limits:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Limits describes the maximum
                                                amount of compute resources allowed.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                            requests:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Requests describes the
                                                minimum amount of compute resources
                                                required. If Requests is omitted for
                                                a container, it defaults to Limits
                                                if that is explicitly specified, otherwise
                                                to an implementation-defined value.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                          type: object
                                        selector:
                                          description: selector is a label query over
                                            volumes to consider for binding.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        storageClassName:
                                          description: 'storageClassName is the name
                                            of the StorageClass required by the claim.
                                            More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                          type: string
                                        volumeMode:
                                          description: volumeMode defines what type
                                            of volume is required by the claim. Value
                                            of Filesystem is implied when not included
                                            in claim spec.
                                          type: string
                                        volumeName:
                                          description: volumeName is the binding reference
                                            to the PersistentVolume backing this claim.
                                          type: string
                                      type: object
                                  required:
                                  - spec
                                  type: object
                              type: object
                            fc:
                              description: fc represents a Fibre Channel resource
                                that is attached to a kubelet's host machine and then
                                exposed to the pod.
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. TODO: how
                                    do we prevent errors in the filesystem from compromising
                                    the machine'
                                  type: string
                                lun:
                                  description: 'lun is Optional: FC target lun number'
                                  format: int32
                                  type: integer
                                readOnly:
                                  description: 'readOnly is Optional: Defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts.'
                                  type: boolean
                                targetWWNs:
                                  description: 'targetWWNs is Optional: FC target
                                    worldwide names (WWNs)'
                                  items:
                                    type: string
                                  type: array
                                wwids:
                                  description: 'wwids Optional: FC volume world wide
                                    identifiers (wwids) Either wwids or combination
                                    of targetWWNs and lun must be set, but not both
                                    simultaneously.'
                                  items:
                                    type: string
                                  type: array
                              type: object
                            flexVolume:
                              description: flexVolume represents a generic volume
                                resource that is provisioned/attached using an exec
                                based plugin.
                              properties:
                                driver:
                                  description: driver is the name of the driver to
                                    use for this volume.
                                  type: string
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". The
                                    default filesystem depends on FlexVolume script.
                                  type: string
                                options:
                                  additionalProperties:
                                    type: string
                                  description: 'options is Optional: this field holds
                                    extra command options if any.'
                                  type: object
                                readOnly:
                                  description: 'readOnly is Optional: defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts.'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is Optional: secretRef is
                                    reference to the secret object containing sensitive
                                    information to pass to the plugin scripts. This
                                    may be empty if no secret object is specified.
                                    If the secret object contains more than one secret,
                                    all secrets are passed to the plugin scripts.'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                              required:
                              - driver
                              type: object
                            flocker:
                              description: flocker represents a Flocker volume attached
                                to a kubelet's host machine. This depends on the Flocker
                                control service being running
                              properties:
                                datasetName:
                                  description: datasetName is Name of the dataset
                                    stored as metadata -> name on the dataset for
                                    Flocker should be considered as deprecated
                                  type: string
                                datasetUUID:
                                  description: datasetUUID is the UUID of the dataset.
                                    This is unique identifier of a Flocker dataset
                                  type: string
                              type: object
                            gcePersistentDisk:
                              description: 'gcePersistentDisk represents a GCE Disk
                                resource that is attached to a kubelet''s host machine
                                and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              properties:
                                fsType:
                                  description: 'fsType is filesystem type of the volume
                                    that you want to mount. Tip: Ensure that the filesystem
                                    type is supported by the host operating system.
                                    Examples: "ext4", "xfs", "ntfs". Implicitly inferred
                                    to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                partition:
                                  description: 'partition is the partition in the
                                    volume that you want to mount. If omitted, the
                                    default is to mount by volume name. Examples:
                                    For volume /dev/sda1, you specify the partition
                                    as "1". Similarly, the volume partition for /dev/sda
                                    is "0" (or you can leave the property empty).
                                    More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  format: int32
                                  type: integer
                                pdName:
                                  description: 'pdName is unique name of the PD resource
                                    in GCE. Used to identify the disk in GCE. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  type: boolean
                              required:
                              - pdName
                              type: object
                            gitRepo:
                              description: 'gitRepo represents a git repository at
                                a particular revision. DEPRECATED: GitRepo is deprecated.
                                To provision a container with a git repo, mount an
                                EmptyDir into an InitContainer that clones the repo
                                using git, then mount the EmptyDir into the Pod''s
                                container.'
                              properties:
                                directory:
                                  description: directory is the target directory name.
                                    Must not contain or start with '..'.  If '.' is
                                    supplied, the volume directory will be the git
                                    repository.  Otherwise, if specified, the volume
                                    will contain the git repository in the subdirectory
                                    with the given name.
                                  type: string
                                repository:
                                  description: repository is the URL
                                  type: string
                                revision:
                                  description: revision is the commit hash for the
                                    specified revision.
                                  type: string
                              required:
                              - repository
                              type: object
                            glusterfs:
                              description: 'glusterfs represents a Glusterfs mount
                                on the host that shares a pod''s lifetime. More info:
                                https://examples.k8s.io/volumes/glusterfs/README.md'
                              properties:
                                endpoints:
                                  description: 'endpoints is the endpoint name that
                                    details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: string
                                path:
                                  description: 'path is the Glusterfs volume path.
                                    More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the Glusterfs
                                    volume to be mounted with read-only permissions.
                                    Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: boolean
                              required:
                              - endpoints
                              - path
                              type: object
                            hostPath:
                              description: 'hostPath represents a pre-existing file
                                or directory on the host machine that is directly
                                exposed to the container. This is generally used for
                                system agents or other privileged things that are
                                allowed to see the host machine. Most containers will
                                NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                --- TODO(jonesdl) We need to restrict who can use
                                host directory mounts and who can/can not mount host
                                directories as read/write.'
                              properties:
                                path:
                                  description: 'path of the directory on the host.
                                    If the path is a symlink, it will follow the link
                                    to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                  type: string
                                type:
                                  description: 'type for HostPath Volume Defaults
                                    to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                  type: string
                              required:
                              - path
                              type: object
                            iscsi:
                              description: 'iscsi represents an ISCSI Disk resource
                                that is attached to a kubelet''s host machine and
                                then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                              properties:
                                chapAuthDiscovery:
                                  description: chapAuthDiscovery defines whether support
                                    iSCSI Discovery CHAP authentication
                                  type: boolean
                                chapAuthSession:
                                  description: chapAuthSession defines whether support
                                    iSCSI Session CHAP authentication
                                  type: boolean
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                initiatorName:
                                  description: initiatorName is the custom iSCSI Initiator
                                    Name. If initiatorName is specified with iscsiInterface
                                    simultaneously, new iSCSI interface <target portal>:<volume
                                    name> will be created for the connection.
                                  type: string
                                iqn:
                                  description: iqn is the target iSCSI Qualified Name.
                                  type: string
                                iscsiInterface:
                                  description: iscsiInterface is the interface Name
                                    that uses an iSCSI transport. Defaults to 'default'
                                    (tcp).
                                  type: string
                                lun:
                                  description: lun represents iSCSI Target Lun number.
                                  format: int32
                                  type: integer
                                portals:
                                  description: portals is the iSCSI Target Portal
                                    List. The portal is either an IP or ip_addr:port
                                    if the port is other than default (typically TCP
                                    ports 860 and 3260).
                                  items:
                                    type: string
                                  type: array
                                readOnly:
                                  description: readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false.
                                  type: boolean
                                secretRef:
                                  description: secretRef is the CHAP Secret for iSCSI
                                    target and initiator authentication
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                targetPortal:
                                  description: targetPortal is iSCSI Target Portal.
                                    The Portal is either an IP or ip_addr:port if
                                    the port is other than default (typically TCP
                                    ports 860 and 3260).
                                  type: string
                              required:
                              - iqn
                              - lun
                              - targetPortal
                              type: object
                            name:
                              description: 'name of the volume. Must be a DNS_LABEL
                                and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                              type: string
                            nfs:
                              description: 'nfs represents an NFS mount on the host
                                that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              properties:
                                path:
                                  description: 'path that is exported by the NFS server.
                                    More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the NFS export
                                    to be mounted with read-only permissions. Defaults
                                    to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: boolean
                                server:
                                  description: 'server is the hostname or IP address
                                    of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: string
                              required:
                              - path
                              - server
                              type: object
                            persistentVolumeClaim:
                              description: 'persistentVolumeClaimVolumeSource represents
                                a reference to a PersistentVolumeClaim in the same
                                namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                claimName:
                                  description: 'claimName is the name of a PersistentVolumeClaim
                                    in the same namespace as the pod using this volume.
                                    More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  type: string
                                readOnly:
                                  description: readOnly Will force the ReadOnly setting
                                    in VolumeMounts. Default false.
                                  type: boolean
                              required:
                              - claimName
                              type: object
                            photonPersistentDisk:
                              description: photonPersistentDisk represents a PhotonController
                                persistent disk attached and mounted on kubelets host
                                machine
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                pdID:
                                  description: pdID is the ID that identifies Photon
                                    Controller persistent disk
                                  type: string
                              required:
                              - pdID
                              type: object
                            portworxVolume:
                              description: portworxVolume represents a portworx volume
                                attached and mounted on kubelets host machine
                              properties:
                                fsType:
                                  description: fSType represents the filesystem type
                                    to mount Must be a filesystem type supported by
                                    the host operating system. Ex. "ext4", "xfs".
                                    Implicitly inferred to be "ext4" if unspecified.
                                  type: string
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                volumeID:
                                  description: volumeID uniquely identifies a Portworx
                                    volume
                                  type: string
                              required:
                              - volumeID
                              type: object
                            projected:
                              description: projected items for all in one resources
                                secrets, configmaps, and downward API
                              properties:
                                defaultMode:
                                  description: defaultMode are the mode bits used
                                    to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Directories within the path
                                    are not affected by this setting. This might be
                                    in conflict with other options that affect the
                                    file mode, like fsGroup, and the result can be
                                    other mode bits set.
                                  format: int32
                                  type: integer
                                sources:
                                  description: sources is the list of volume projections
                                  items:
                                    description: Projection that may be projected
                                      along with other supported volume types
                                    properties:
                                      configMap:
                                        description: configMap information about the
                                          configMap data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI information about
                                          the downwardAPI data to project
                                        properties:
                                          items:
                                            description: Items is a list of DownwardAPIVolume
                                              file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      secret:
                                        description: secret information about the
                                          secret data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its key must be defined
                                            type: boolean
                                        type: object
                                      serviceAccountToken:
                                        description: serviceAccountToken is information
                                          about the serviceAccountToken data to project
                                        properties:
                                          audience:
                                            description: audience is the intended
                                              audience of the token. A recipient of
                                              a token must identify itself with an
                                              identifier specified in the audience
                                              of the token, and otherwise should reject
                                              the token. The audience defaults to
                                              the identifier of the apiserver.
                                            type: string
                                          expirationSeconds:
                                            description: expirationSeconds is the
                                              requested duration of validity of the
                                              service account token. As the token
                                              approaches expiration, the kubelet volume
                                              plugin will proactively rotate the service
                                              account token. The kubelet will start
                                              trying to rotate the token if the token
                                              is older than 80 percent of its time
                                              to live or if the token is older than
                                              24 hours.Defaults to 1 hour and must
                                              be at least 10 minutes.
                                            format: int64
                                            type: integer
                                          path:
                                            description: path is the path relative
                                              to the mount point of the file to project
                                              the token into.
                                            type: string
                                        required:
                                        - path
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            quobyte:
                              description: quobyte represents a Quobyte mount on the
                                host that shares a pod's lifetime
                              properties:
                                group:
                                  description: group to map volume access to Default
                                    is no group
                                  type: string
                                readOnly:
                                  description: readOnly here will force the Quobyte
                                    volume to be mounted with read-only permissions.
                                    Defaults to false.
                                  type: boolean
                                registry:
                                  description: registry represents a single or multiple
                                    Quobyte Registry services specified as a string
                                    as host:port pair (multiple entries are separated
                                    with commas) which acts as the central registry
                                    for volumes
                                  type: string
                                tenant:
                                  description: tenant owning the given Quobyte volume
                                    in the Backend Used with dynamically provisioned
                                    Quobyte volumes, value is set by the plugin
                                  type: string
                                user:
                                  description: user to map volume access to Defaults
                                    to serivceaccount user
                                  type: string
                                volume:
                                  description: volume is a string that references
                                    an already created Quobyte volume by name.
                                  type: string
                              required:
                              - registry
                              - volume
                              type: object
                            rbd:
                              description: 'rbd represents a Rados Block Device mount
                                on the host that shares a pod''s lifetime. More info:
                                https://examples.k8s.io/volumes/rbd/README.md'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                image:
                                  description: 'image is the rados image name. More
                                    info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                keyring:
                                  description: 'keyring is the path to key ring for
                                    RBDUser. Default is /etc/ceph/keyring. More info:
                                    https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                monitors:
                                  description: 'monitors is a collection of Ceph monitors.
                                    More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  items:
                                    type: string
                                  type: array
                                pool:
                                  description: 'pool is the rados pool name. Default
                                    is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false. More
                                    info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is name of the authentication
                                    secret for RBDUser. If provided overrides keyring.
                                    Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                user:
                                  description: 'user is the rados user name. Default
                                    is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                              required:
                              - image
                              - monitors
                              type: object
                            scaleIO:
                              description: scaleIO represents a ScaleIO persistent
                                volume attached and mounted on Kubernetes nodes.
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Default
                                    is "xfs".
                                  type: string
                                gateway:
                                  description: gateway is the host address of the
                                    ScaleIO API Gateway.
                                  type: string
                                protectionDomain:
                                  description: protectionDomain is the name of the
                                    ScaleIO Protection Domain for the configured storage.
                                  type: string
                                readOnly:
                                  description: readOnly Defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretRef:
                                  description: secretRef references to the secret
                                    for ScaleIO user and other sensitive information.
                                    If this is not provided, Login operation will
                                    fail.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                sslEnabled:
                                  description: sslEnabled Flag enable/disable SSL
                                    communication with Gateway, default false
                                  type: boolean
                                storageMode:
                                  description: storageMode indicates whether the storage
                                    for a volume should be ThickProvisioned or ThinProvisioned.
                                    Default is ThinProvisioned.
                                  type: string
                                storagePool:
                                  description: storagePool is the ScaleIO Storage
                                    Pool associated with the protection domain.
                                  type: string
                                system:
                                  description: system is the name of the storage system
                                    as configured in ScaleIO.
                                  type: string
                                volumeName:
                                  description: volumeName is the name of a volume
                                    already created in the ScaleIO system that is
                                    associated with this volume source.
                                  type: string
                              required:
                              - gateway
                              - secretRef
                              - system
                              type: object
                            secret:
                              description: 'secret represents a secret that should
                                populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              properties:
                                defaultMode:
                                  description: 'defaultMode is Optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items If unspecified, each key-value
                                    pair in the Data field of the referenced Secret
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the Secret, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                optional:
                                  description: optional field specify whether the
                                    Secret or its keys must be defined
                                  type: boolean
                                secretName:
                                  description: 'secretName is the name of the secret
                                    in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                  type: string
                              type: object
                            storageos:
                              description: storageOS represents a StorageOS volume
                                attached and mounted on Kubernetes nodes.
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretRef:
                                  description: secretRef specifies the secret to use
                                    for obtaining the StorageOS API credentials.  If
                                    not specified, default values will be attempted.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                volumeName:
                                  description: volumeName is the human-readable name
                                    of the StorageOS volume.  Volume names are only
                                    unique within a namespace.
                                  type: string
                                volumeNamespace:
                                  description: volumeNamespace specifies the scope
                                    of the volume within StorageOS.  If no namespace
                                    is specified then the Pod's namespace will be
                                    used.  This allows the Kubernetes name scoping
                                    to be mirrored within StorageOS for tighter integration.
                                    Set VolumeName to any name to override the default
                                    behaviour. Set to "default" if you are not using
                                    namespaces within StorageOS. Namespaces that do
                                    not pre-exist within StorageOS will be created.
                                  type: string
                              type: object
                            vsphereVolume:
                              description: vsphereVolume represents a vSphere volume
                                attached and mounted on kubelets host machine
                              properties:
                                fsType:
                                  description: fsType is filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                storagePolicyID:
                                  description: storagePolicyID is the storage Policy
                                    Based Management (SPBM) profile ID associated
                                    with the StoragePolicyName.
                                  type: string
                                storagePolicyName:
                                  description: storagePolicyName is the storage Policy
                                    Based Management (SPBM) profile name.
                                  type: string
                                volumePath:
                                  description: volumePath is the path that identifies
                                    vSphere volume vmdk
                                  type: string
                              required:
                              - volumePath
                              type: object
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                    type: object
                  resources:
                    description: Resources is a list of bindings specifying which
                      actual instances of PipelineResources to use for the resources
                      the Pipeline has declared it needs.
                    items:
                      description: PipelineResourceBinding connects a reference to
                        an instance of a PipelineResource with a PipelineResource
                        dependency that the Pipeline has declared
                      properties:
                        name:
                          description: Name is the name of the PipelineResource in
                            the Pipeline's declaration
                          type: string
                        resourceRef:
                          description: ResourceRef is a reference to the instance
                            of the actual PipelineResource that should be used
                          properties:
                            apiVersion:
                              description: API version of the referent
                              type: string
                            name:
                              description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                              type: string
                          type: object
                        resourceSpec:
                          description: ResourceSpec is specification of a resource
                            that should be created and consumed by the task
                          properties:
                            description:
                              description: Description is a user-facing description
                                of the resource that may be used to populate a UI.
                              type: string
                            params:
                              items:
                                description: ResourceParam declares a string value
                                  to use for the parameter called Name, and is used
                                  in the specific context of PipelineResources.
                                properties:
                                  name:
                                    type: string
                                  value:
                                    type: string
                                required:
                                - name
                                - value
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            secrets:
                              description: Secrets to fetch to populate some of resource
                                fields
                              items:
                                description: SecretParam indicates which secret can
                                  be used to populate a field of the resource
                                properties:
                                  fieldName:
                                    type: string
                                  secretKey:
                                    type: string
                                  secretName:
                                    type: string
                                required:
                                - fieldName
                                - secretKey
                                - secretName
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            type:
                              type: string
                          required:
                          - params
                          - type
                          type: object
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  serviceAccountName:
                    type: string
                  status:
                    description: Used for cancelling a pipelinerun (and maybe more
                      later on)
                    type: string
                  taskRunSpecs:
                    description: TaskRunSpecs holds a set of runtime specs
                    items:
                      description: PipelineTaskRunSpec  can be used to configure specific
                        specs for a concrete Task
                      properties:
                        computeResources:
                          description: Compute resources to use for this TaskRun
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        metadata:
                          description: PipelineTaskMetadata contains the labels or
                            annotations for an EmbeddedTask
                          properties:
                            annotations:
                              additionalProperties:
                                type: string
                              type: object
                            labels:
                              additionalProperties:
                                type: string
                              type: object
                          type: object
                        pipelineTaskName:
                          type: string
                        sidecarOverrides:
                          items:
                            description: TaskRunSidecarOverride is used to override
                              the values of a Sidecar in the corresponding Task.
                            properties:
                              name:
                                description: The name of the Sidecar to override.
                                type: string
                              resources:
                                description: The resource requirements to apply to
                                  the Sidecar.
                                properties:
                                  limits:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: 'Limits describes the maximum amount
                                      of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                  requests:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: 'Requests describes the minimum amount
                                      of compute resources required. If Requests is
                                      omitted for a container, it defaults to Limits
                                      if that is explicitly specified, otherwise to
                                      an implementation-defined value. More info:
                                      https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                            required:
                            - name
                            - resources
                            type: object
                          type: array
                          x-kubernetes-list-type: atomic
                        stepOverrides:
                          items:
                            description: TaskRunStepOverride is used to override the
                              values of a Step in the corresponding Task.
                            properties:
                              name:
                                description: The name of the Step to override.
                                type: string
                              resources:
                                description: The resource requirements to apply to
                                  the Step.
                                properties:
                                  limits:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: 'Limits describes the maximum amount
                                      of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                  requests:
                                    additionalProperties:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                    description: 'Requests describes the minimum amount
                                      of compute resources required. If Requests is
                                      omitted for a container, it defaults to Limits
                                      if that is explicitly specified, otherwise to
                                      an implementation-defined value. More info:
                                      https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                    type: object
                                type: object
                            required:
                            - name
                            - resources
                            type: object
                          type: array
                          x-kubernetes-list-type: atomic
                        taskPodTemplate:
                          description: Template holds pod specific configuration
                          properties:
                            affinity:
                              description: If specified, the pod's scheduling constraints
                              properties:
                                nodeAffinity:
                                  description: Describes node affinity scheduling
                                    rules for the pod.
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the affinity expressions
                                        specified by this field, but it may choose
                                        a node that violates one or more of the expressions.
                                        The node that is most preferred is the one
                                        with the greatest sum of weights, i.e. for
                                        each node that meets all of the scheduling
                                        requirements (resource request, requiredDuringScheduling
                                        affinity expressions, etc.), compute a sum
                                        by iterating through the elements of this
                                        field and adding "weight" to the sum if the
                                        node matches the corresponding matchExpressions;
                                        the node(s) with the highest sum are the most
                                        preferred.
                                      items:
                                        description: An empty preferred scheduling
                                          term matches all objects with implicit weight
                                          0 (i.e. it's a no-op). A null preferred
                                          scheduling term matches no objects (i.e.
                                          is also a no-op).
                                        properties:
                                          preference:
                                            description: A node selector term, associated
                                              with the corresponding weight.
                                            properties:
                                              matchExpressions:
                                                description: A list of node selector
                                                  requirements by node's labels.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchFields:
                                                description: A list of node selector
                                                  requirements by node's fields.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                            type: object
                                          weight:
                                            description: Weight associated with matching
                                              the corresponding nodeSelectorTerm,
                                              in the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - preference
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the affinity requirements specified
                                        by this field are not met at scheduling time,
                                        the pod will not be scheduled onto the node.
                                        If the affinity requirements specified by
                                        this field cease to be met at some point during
                                        pod execution (e.g. due to an update), the
                                        system may or may not try to eventually evict
                                        the pod from its node.
                                      properties:
                                        nodeSelectorTerms:
                                          description: Required. A list of node selector
                                            terms. The terms are ORed.
                                          items:
                                            description: A null or empty node selector
                                              term matches no objects. The requirements
                                              of them are ANDed. The TopologySelectorTerm
                                              type implements a subset of the NodeSelectorTerm.
                                            properties:
                                              matchExpressions:
                                                description: A list of node selector
                                                  requirements by node's labels.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchFields:
                                                description: A list of node selector
                                                  requirements by node's fields.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                            type: object
                                          type: array
                                      required:
                                      - nodeSelectorTerms
                                      type: object
                                  type: object
                                podAffinity:
                                  description: Describes pod affinity scheduling rules
                                    (e.g. co-locate this pod in the same node, zone,
                                    etc. as some other pod(s)).
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the affinity expressions
                                        specified by this field, but it may choose
                                        a node that violates one or more of the expressions.
                                        The node that is most preferred is the one
                                        with the greatest sum of weights, i.e. for
                                        each node that meets all of the scheduling
                                        requirements (resource request, requiredDuringScheduling
                                        affinity expressions, etc.), compute a sum
                                        by iterating through the elements of this
                                        field and adding "weight" to the sum if the
                                        node has pods which matches the corresponding
                                        podAffinityTerm; the node(s) with the highest
                                        sum are the most preferred.
                                      items:
                                        description: The weights of all of the matched
                                          WeightedPodAffinityTerm fields are added
                                          per-node to find the most preferred node(s)
                                        properties:
                                          podAffinityTerm:
                                            description: Required. A pod affinity
                                              term, associated with the corresponding
                                              weight.
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          weight:
                                            description: weight associated with matching
                                              the corresponding podAffinityTerm, in
                                              the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - podAffinityTerm
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the affinity requirements specified
                                        by this field are not met at scheduling time,
                                        the pod will not be scheduled onto the node.
                                        If the affinity requirements specified by
                                        this field cease to be met at some point during
                                        pod execution (e.g. due to a pod label update),
                                        the system may or may not try to eventually
                                        evict the pod from its node. When there are
                                        multiple elements, the lists of nodes corresponding
                                        to each podAffinityTerm are intersected, i.e.
                                        all terms must be satisfied.
                                      items:
                                        description: Defines a set of pods (namely
                                          those matching the labelSelector relative
                                          to the given namespace(s)) that this pod
                                          should be co-located (affinity) or not co-located
                                          (anti-affinity) with, where co-located is
                                          defined as running on a node whose value
                                          of the label with key <topologyKey> matches
                                          that of any node on which a pod of the set
                                          of pods is running
                                        properties:
                                          labelSelector:
                                            description: A label query over a set
                                              of resources, in this case pods.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaceSelector:
                                            description: A label query over the set
                                              of namespaces that the term applies
                                              to. The term is applied to the union
                                              of the namespaces selected by this field
                                              and the ones listed in the namespaces
                                              field. null selector and null or empty
                                              namespaces list means "this pod's namespace".
                                              An empty selector ({}) matches all namespaces.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaces:
                                            description: namespaces specifies a static
                                              list of namespace names that the term
                                              applies to. The term is applied to the
                                              union of the namespaces listed in this
                                              field and the ones selected by namespaceSelector.
                                              null or empty namespaces list and null
                                              namespaceSelector means "this pod's
                                              namespace".
                                            items:
                                              type: string
                                            type: array
                                          topologyKey:
                                            description: This pod should be co-located
                                              (affinity) or not co-located (anti-affinity)
                                              with the pods matching the labelSelector
                                              in the specified namespaces, where co-located
                                              is defined as running on a node whose
                                              value of the label with key topologyKey
                                              matches that of any node on which any
                                              of the selected pods is running. Empty
                                              topologyKey is not allowed.
                                            type: string
                                        required:
                                        - topologyKey
                                        type: object
                                      type: array
                                  type: object
                                podAntiAffinity:
                                  description: Describes pod anti-affinity scheduling
                                    rules (e.g. avoid putting this pod in the same
                                    node, zone, etc. as some other pod(s)).
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the anti-affinity
                                        expressions specified by this field, but it
                                        may choose a node that violates one or more
                                        of the expressions. The node that is most
                                        preferred is the one with the greatest sum
                                        of weights, i.e. for each node that meets
                                        all of the scheduling requirements (resource
                                        request, requiredDuringScheduling anti-affinity
                                        expressions, etc.), compute a sum by iterating
                                        through the elements of this field and adding
                                        "weight" to the sum if the node has pods which
                                        matches the corresponding podAffinityTerm;
                                        the node(s) with the highest sum are the most
                                        preferred.
                                      items:
                                        description: The weights of all of the matched
                                          WeightedPodAffinityTerm fields are added
                                          per-node to find the most preferred node(s)
                                        properties:
                                          podAffinityTerm:
                                            description: Required. A pod affinity
                                              term, associated with the corresponding
                                              weight.
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          weight:
                                            description: weight associated with matching
                                              the corresponding podAffinityTerm, in
                                              the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - podAffinityTerm
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the anti-affinity requirements
                                        specified by this field are not met at scheduling
                                        time, the pod will not be scheduled onto the
                                        node. If the anti-affinity requirements specified
                                        by this field cease to be met at some point
                                        during pod execution (e.g. due to a pod label
                                        update), the system may or may not try to
                                        eventually evict the pod from its node. When
                                        there are multiple elements, the lists of
                                        nodes corresponding to each podAffinityTerm
                                        are intersected, i.e. all terms must be satisfied.
                                      items:
                                        description: Defines a set of pods (namely
                                          those matching the labelSelector relative
                                          to the given namespace(s)) that this pod
                                          should be co-located (affinity) or not co-located
                                          (anti-affinity) with, where co-located is
                                          defined as running on a node whose value
                                          of the label with key <topologyKey> matches
                                          that of any node on which a pod of the set
                                          of pods is running
                                        properties:
                                          labelSelector:
                                            description: A label query over a set
                                              of resources, in this case pods.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaceSelector:
                                            description: A label query over the set
                                              of namespaces that the term applies
                                              to. The term is applied to the union
                                              of the namespaces selected by this field
                                              and the ones listed in the namespaces
                                              field. null selector and null or empty
                                              namespaces list means "this pod's namespace".
                                              An empty selector ({}) matches all namespaces.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaces:
                                            description: namespaces specifies a static
                                              list of namespace names that the term
                                              applies to. The term is applied to the
                                              union of the namespaces listed in this
                                              field and the ones selected by namespaceSelector.
                                              null or empty namespaces list and null
                                              namespaceSelector means "this pod's
                                              namespace".
                                            items:
                                              type: string
                                            type: array
                                          topologyKey:
                                            description: This pod should be co-located
                                              (affinity) or not co-located (anti-affinity)
                                              with the pods matching the labelSelector
                                              in the specified namespaces, where co-located
                                              is defined as running on a node whose
                                              value of the label with key topologyKey
                                              matches that of any node on which any
                                              of the selected pods is running. Empty
                                              topologyKey is not allowed.
                                            type: string
                                        required:
                                        - topologyKey
                                        type: object
                                      type: array
                                  type: object
                              type: object
                            automountServiceAccountToken:
                              description: AutomountServiceAccountToken indicates
                                whether pods running as this service account should
                                have an API token automatically mounted.
                              type: boolean
                            dnsConfig:
                              description: Specifies the DNS parameters of a pod.
                                Parameters specified here will be merged to the generated
                                DNS configuration based on DNSPolicy.
                              properties:
                                nameservers:
                                  description: A list of DNS name server IP addresses.
                                    This will be appended to the base nameservers
                                    generated from DNSPolicy. Duplicated nameservers
                                    will be removed.
                                  items:
                                    type: string
                                  type: array
                                options:
                                  description: A list of DNS resolver options. This
                                    will be merged with the base options generated
                                    from DNSPolicy. Duplicated entries will be removed.
                                    Resolution options given in Options will override
                                    those that appear in the base DNSPolicy.
                                  items:
                                    description: PodDNSConfigOption defines DNS resolver
                                      options of a pod.
                                    properties:
                                      name:
                                        description: Required.
                                        type: string
                                      value:
                                        type: string
                                    type: object
                                  type: array
                                searches:
                                  description: A list of DNS search domains for host-name
                                    lookup. This will be appended to the base search
                                    paths generated from DNSPolicy. Duplicated search
                                    paths will be removed.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            dnsPolicy:
                              description: Set DNS policy for the pod. Defaults to
                                "ClusterFirst". Valid values are 'ClusterFirst', 'Default'
                                or 'None'. DNS parameters given in DNSConfig will
                                be merged with the policy selected with DNSPolicy.
                              type: string
                            enableServiceLinks:
                              description: 'EnableServiceLinks indicates whether information
                                about services should be injected into pod''s environment
                                variables, matching the syntax of Docker links. Optional:
                                Defaults to true.'
                              type: boolean
                            env:
                              description: List of environment variables that can
                                be provided to the containers belonging to the pod.
                              items:
                                description: EnvVar represents an environment variable
                                  present in a Container.
                                properties:
                                  name:
                                    description: Name of the environment variable.
                                      Must be a C_IDENTIFIER.
                                    type: string
                                  value:
                                    description: 'Variable references $(VAR_NAME)
                                      are expanded using the previously defined environment
                                      variables in the container and any service environment
                                      variables. If a variable cannot be resolved,
                                      the reference in the input string will be unchanged.
                                      Double $$ are reduced to a single $, which allows
                                      for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                      will produce the string literal "$(VAR_NAME)".
                                      Escaped references will never be expanded, regardless
                                      of whether the variable exists or not. Defaults
                                      to "".'
                                    type: string
                                  valueFrom:
                                    description: Source for the environment variable's
                                      value. Cannot be used if value is not empty.
                                    properties:
                                      configMapKeyRef:
                                        description: Selects a key of a ConfigMap.
                                        properties:
                                          key:
                                            description: The key to select.
                                            type: string
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: Specify whether the ConfigMap
                                              or its key must be defined
                                            type: boolean
                                        required:
                                        - key
                                        type: object
                                      fieldRef:
                                        description: 'Selects a field of the pod:
                                          supports metadata.name, metadata.namespace,
                                          `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
                                          spec.nodeName, spec.serviceAccountName,
                                          status.hostIP, status.podIP, status.podIPs.'
                                        properties:
                                          apiVersion:
                                            description: Version of the schema the
                                              FieldPath is written in terms of, defaults
                                              to "v1".
                                            type: string
                                          fieldPath:
                                            description: Path of the field to select
                                              in the specified API version.
                                            type: string
                                        required:
                                        - fieldPath
                                        type: object
                                      resourceFieldRef:
                                        description: 'Selects a resource of the container:
                                          only resources limits and requests (limits.cpu,
                                          limits.memory, limits.ephemeral-storage,
                                          requests.cpu, requests.memory and requests.ephemeral-storage)
                                          are currently supported.'
                                        properties:
                                          containerName:
                                            description: 'Container name: required
                                              for volumes, optional for env vars'
                                            type: string
                                          divisor:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: Specifies the output format
                                              of the exposed resources, defaults to
                                              "1"
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          resource:
                                            description: 'Required: resource to select'
                                            type: string
                                        required:
                                        - resource
                                        type: object
                                      secretKeyRef:
                                        description: Selects a key of a secret in
                                          the pod's namespace
                                        properties:
                                          key:
                                            description: The key of the secret to
                                              select from.  Must be a valid secret
                                              key.
                                            type: string
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: Specify whether the Secret
                                              or its key must be defined
                                            type: boolean
                                        required:
                                        - key
                                        type: object
                                    type: object
                                required:
                                - name
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            hostAliases:
                              description: HostAliases is an optional list of hosts
                                and IPs that will be injected into the pod's hosts
                                file if specified. This is only valid for non-hostNetwork
                                pods.
                              items:
                                description: HostAlias holds the mapping between IP
                                  and hostnames that will be injected as an entry
                                  in the pod's hosts file.
                                properties:
                                  hostnames:
                                    description: Hostnames for the above IP address.
                                    items:
                                      type: string
                                    type: array
                                  ip:
                                    description: IP address of the host file entry.
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            hostNetwork:
                              description: HostNetwork specifies whether the pod may
                                use the node network namespace
                              type: boolean
                            imagePullSecrets:
                              description: ImagePullSecrets gives the name of the
                                secret used by the pod to pull the image if specified
                              items:
                                description: LocalObjectReference contains enough
                                  information to let you locate the referenced object
                                  inside the same namespace.
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            nodeSelector:
                              additionalProperties:
                                type: string
                              description: 'NodeSelector is a selector which must
                                be true for the pod to fit on a node. Selector which
                                must match a node''s labels for the pod to be scheduled
                                on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                              type: object
                            priorityClassName:
                              description: If specified, indicates the pod's priority.
                                "system-node-critical" and "system-cluster-critical"
                                are two special keywords which indicate the highest
                                priorities with the former being the highest priority.
                                Any other name must be defined by creating a PriorityClass
                                object with that name. If not specified, the pod priority
                                will be default or zero if there is no default.
                              type: string
                            runtimeClassName:
                              description: 'RuntimeClassName refers to a RuntimeClass
                                object in the node.k8s.io group, which should be used
                                to run this pod. If no RuntimeClass resource matches
                                the named class, the pod will not be run. If unset
                                or empty, the "legacy" RuntimeClass will be used,
                                which is an implicit class with an empty definition
                                that uses the default runtime handler. More info:
                                https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                                This is a beta feature as of Kubernetes v1.14.'
                              type: string
                            schedulerName:
                              description: SchedulerName specifies the scheduler to
                                be used to dispatch the Pod
                              type: string
                            securityContext:
                              description: 'SecurityContext holds pod-level security
                                attributes and common container settings. Optional:
                                Defaults to empty.  See type description for default
                                values of each field.'
                              properties:
                                fsGroup:
                                  description: "A special supplemental group that
                                    applies to all containers in a pod. Some volume
                                    types allow the Kubelet to change the ownership
                                    of that volume to be owned by the pod: \n 1. The
                                    owning GID will be the FSGroup 2. The setgid bit
                                    is set (new files created in the volume will be
                                    owned by FSGroup) 3. The permission bits are OR'd
                                    with rw-rw---- \n If unset, the Kubelet will not
                                    modify the ownership and permissions of any volume.
                                    Note that this field cannot be set when spec.os.name
                                    is windows."
                                  format: int64
                                  type: integer
                                fsGroupChangePolicy:
                                  description: 'fsGroupChangePolicy defines behavior
                                    of changing ownership and permission of the volume
                                    before being exposed inside Pod. This field will
                                    only apply to volume types which support fsGroup
                                    based ownership(and permissions). It will have
                                    no effect on ephemeral volume types such as: secret,
                                    configmaps and emptydir. Valid values are "OnRootMismatch"
                                    and "Always". If not specified, "Always" is used.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.'
                                  type: string
                                runAsGroup:
                                  description: The GID to run the entrypoint of the
                                    container process. Uses runtime default if unset.
                                    May also be set in SecurityContext.  If set in
                                    both SecurityContext and PodSecurityContext, the
                                    value specified in SecurityContext takes precedence
                                    for that container. Note that this field cannot
                                    be set when spec.os.name is windows.
                                  format: int64
                                  type: integer
                                runAsNonRoot:
                                  description: Indicates that the container must run
                                    as a non-root user. If true, the Kubelet will
                                    validate the image at runtime to ensure that it
                                    does not run as UID 0 (root) and fail to start
                                    the container if it does. If unset or false, no
                                    such validation will be performed. May also be
                                    set in SecurityContext.  If set in both SecurityContext
                                    and PodSecurityContext, the value specified in
                                    SecurityContext takes precedence.
                                  type: boolean
                                runAsUser:
                                  description: The UID to run the entrypoint of the
                                    container process. Defaults to user specified
                                    in image metadata if unspecified. May also be
                                    set in SecurityContext.  If set in both SecurityContext
                                    and PodSecurityContext, the value specified in
                                    SecurityContext takes precedence for that container.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.
                                  format: int64
                                  type: integer
                                seLinuxOptions:
                                  description: The SELinux context to be applied to
                                    all containers. If unspecified, the container
                                    runtime will allocate a random SELinux context
                                    for each container.  May also be set in SecurityContext.  If
                                    set in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence
                                    for that container. Note that this field cannot
                                    be set when spec.os.name is windows.
                                  properties:
                                    level:
                                      description: Level is SELinux level label that
                                        applies to the container.
                                      type: string
                                    role:
                                      description: Role is a SELinux role label that
                                        applies to the container.
                                      type: string
                                    type:
                                      description: Type is a SELinux type label that
                                        applies to the container.
                                      type: string
                                    user:
                                      description: User is a SELinux user label that
                                        applies to the container.
                                      type: string
                                  type: object
                                seccompProfile:
                                  description: The seccomp options to use by the containers
                                    in this pod. Note that this field cannot be set
                                    when spec.os.name is windows.
                                  properties:
                                    localhostProfile:
                                      description: localhostProfile indicates a profile
                                        defined in a file on the node should be used.
                                        The profile must be preconfigured on the node
                                        to work. Must be a descending path, relative
                                        to the kubelet's configured seccomp profile
                                        location. Must only be set if type is "Localhost".
                                      type: string
                                    type:
                                      description: "type indicates which kind of seccomp
                                        profile will be applied. Valid options are:
                                        \n Localhost - a profile defined in a file
                                        on the node should be used. RuntimeDefault
                                        - the container runtime default profile should
                                        be used. Unconfined - no profile should be
                                        applied."
                                      type: string
                                  required:
                                  - type
                                  type: object
                                supplementalGroups:
                                  description: A list of groups applied to the first
                                    process run in each container, in addition to
                                    the container's primary GID.  If unspecified,
                                    no groups will be added to any container. Note
                                    that this field cannot be set when spec.os.name
                                    is windows.
                                  items:
                                    format: int64
                                    type: integer
                                  type: array
                                sysctls:
                                  description: Sysctls hold a list of namespaced sysctls
                                    used for the pod. Pods with unsupported sysctls
                                    (by the container runtime) might fail to launch.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.
                                  items:
                                    description: Sysctl defines a kernel parameter
                                      to be set
                                    properties:
                                      name:
                                        description: Name of a property to set
                                        type: string
                                      value:
                                        description: Value of a property to set
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                windowsOptions:
                                  description: The Windows specific settings applied
                                    to all containers. If unspecified, the options
                                    within a container's SecurityContext will be used.
                                    If set in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                    Note that this field cannot be set when spec.os.name
                                    is linux.
                                  properties:
                                    gmsaCredentialSpec:
                                      description: GMSACredentialSpec is where the
                                        GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                        inlines the contents of the GMSA credential
                                        spec named by the GMSACredentialSpecName field.
                                      type: string
                                    gmsaCredentialSpecName:
                                      description: GMSACredentialSpecName is the name
                                        of the GMSA credential spec to use.
                                      type: string
                                    hostProcess:
                                      description: HostProcess determines if a container
                                        should be run as a 'Host Process' container.
                                        This field is alpha-level and will only be
                                        honored by components that enable the WindowsHostProcessContainers
                                        feature flag. Setting this field without the
                                        feature flag will result in errors when validating
                                        the Pod. All of a Pod's containers must have
                                        the same effective HostProcess value (it is
                                        not allowed to have a mix of HostProcess containers
                                        and non-HostProcess containers).  In addition,
                                        if HostProcess is true then HostNetwork must
                                        also be set to true.
                                      type: boolean
                                    runAsUserName:
                                      description: The UserName in Windows to run
                                        the entrypoint of the container process. Defaults
                                        to the user specified in image metadata if
                                        unspecified. May also be set in PodSecurityContext.
                                        If set in both SecurityContext and PodSecurityContext,
                                        the value specified in SecurityContext takes
                                        precedence.
                                      type: string
                                  type: object
                              type: object
                            tolerations:
                              description: If specified, the pod's tolerations.
                              items:
                                description: The pod this Toleration is attached to
                                  tolerates any taint that matches the triple <key,value,effect>
                                  using the matching operator <operator>.
                                properties:
                                  effect:
                                    description: Effect indicates the taint effect
                                      to match. Empty means match all taint effects.
                                      When specified, allowed values are NoSchedule,
                                      PreferNoSchedule and NoExecute.
                                    type: string
                                  key:
                                    description: Key is the taint key that the toleration
                                      applies to. Empty means match all taint keys.
                                      If the key is empty, operator must be Exists;
                                      this combination means to match all values and
                                      all keys.
                                    type: string
                                  operator:
                                    description: Operator represents a key's relationship
                                      to the value. Valid operators are Exists and
                                      Equal. Defaults to Equal. Exists is equivalent
                                      to wildcard for value, so that a pod can tolerate
                                      all taints of a particular category.
                                    type: string
                                  tolerationSeconds:
                                    description: TolerationSeconds represents the
                                      period of time the toleration (which must be
                                      of effect NoExecute, otherwise this field is
                                      ignored) tolerates the taint. By default, it
                                      is not set, which means tolerate the taint forever
                                      (do not evict). Zero and negative values will
                                      be treated as 0 (evict immediately) by the system.
                                    format: int64
                                    type: integer
                                  value:
                                    description: Value is the taint value the toleration
                                      matches to. If the operator is Exists, the value
                                      should be empty, otherwise just a regular string.
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            topologySpreadConstraints:
                              description: TopologySpreadConstraints controls how
                                Pods are spread across your cluster among failure-domains
                                such as regions, zones, nodes, and other user-defined
                                topology domains.
                              items:
                                description: TopologySpreadConstraint specifies how
                                  to spread matching pods among the given topology.
                                properties:
                                  labelSelector:
                                    description: LabelSelector is used to find matching
                                      pods. Pods that match this label selector are
                                      counted to determine the number of pods in their
                                      corresponding topology domain.
                                    properties:
                                      matchExpressions:
                                        description: matchExpressions is a list of
                                          label selector requirements. The requirements
                                          are ANDed.
                                        items:
                                          description: A label selector requirement
                                            is a selector that contains values, a
                                            key, and an operator that relates the
                                            key and values.
                                          properties:
                                            key:
                                              description: key is the label key that
                                                the selector applies to.
                                              type: string
                                            operator:
                                              description: operator represents a key's
                                                relationship to a set of values. Valid
                                                operators are In, NotIn, Exists and
                                                DoesNotExist.
                                              type: string
                                            values:
                                              description: values is an array of string
                                                values. If the operator is In or NotIn,
                                                the values array must be non-empty.
                                                If the operator is Exists or DoesNotExist,
                                                the values array must be empty. This
                                                array is replaced during a strategic
                                                merge patch.
                                              items:
                                                type: string
                                              type: array
                                          required:
                                          - key
                                          - operator
                                          type: object
                                        type: array
                                      matchLabels:
                                        additionalProperties:
                                          type: string
                                        description: matchLabels is a map of {key,value}
                                          pairs. A single {key,value} in the matchLabels
                                          map is equivalent to an element of matchExpressions,
                                          whose key field is "key", the operator is
                                          "In", and the values array contains only
                                          "value". The requirements are ANDed.
                                        type: object
                                    type: object
                                  matchLabelKeys:
                                    description: MatchLabelKeys is a set of pod label
                                      keys to select the pods over which spreading
                                      will be calculated. The keys are used to lookup
                                      values from the incoming pod labels, those key-value
                                      labels are ANDed with labelSelector to select
                                      the group of existing pods over which spreading
                                      will be calculated for the incoming pod. Keys
                                      that don't exist in the incoming pod labels
                                      will be ignored. A null or empty list means
                                      only match against labelSelector.
                                    items:
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  maxSkew:
                                    description: 'MaxSkew describes the degree to
                                      which pods may be unevenly distributed. When
                                      `whenUnsatisfiable=DoNotSchedule`, it is the
                                      maximum permitted difference between the number
                                      of matching pods in the target topology and
                                      the global minimum. The global minimum is the
                                      minimum number of matching pods in an eligible
                                      domain or zero if the number of eligible domains
                                      is less than MinDomains. For example, in a 3-zone
                                      cluster, MaxSkew is set to 1, and pods with
                                      the same labelSelector spread as 2/2/1: In this
                                      case, the global minimum is 1. | zone1 | zone2
                                      | zone3 | |  P P  |  P P  |   P   | - if MaxSkew
                                      is 1, incoming pod can only be scheduled to
                                      zone3 to become 2/2/2; scheduling it onto zone1(zone2)
                                      would make the ActualSkew(3-1) on zone1(zone2)
                                      violate MaxSkew(1). - if MaxSkew is 2, incoming
                                      pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                                      it is used to give higher precedence to topologies
                                      that satisfy it. It''s a required field. Default
                                      value is 1 and 0 is not allowed.'
                                    format: int32
                                    type: integer
                                  minDomains:
                                    description: "MinDomains indicates a minimum number
                                      of eligible domains. When the number of eligible
                                      domains with matching topology keys is less
                                      than minDomains, Pod Topology Spread treats
                                      \"global minimum\" as 0, and then the calculation
                                      of Skew is performed. And when the number of
                                      eligible domains with matching topology keys
                                      equals or greater than minDomains, this value
                                      has no effect on scheduling. As a result, when
                                      the number of eligible domains is less than
                                      minDomains, scheduler won't schedule more than
                                      maxSkew Pods to those domains. If value is nil,
                                      the constraint behaves as if MinDomains is equal
                                      to 1. Valid values are integers greater than
                                      0. When value is not nil, WhenUnsatisfiable
                                      must be DoNotSchedule. \n For example, in a
                                      3-zone cluster, MaxSkew is set to 2, MinDomains
                                      is set to 5 and pods with the same labelSelector
                                      spread as 2/2/2: | zone1 | zone2 | zone3 | |
                                      \ P P  |  P P  |  P P  | The number of domains
                                      is less than 5(MinDomains), so \"global minimum\"
                                      is treated as 0. In this situation, new pod
                                      with the same labelSelector cannot be scheduled,
                                      because computed skew will be 3(3 - 0) if new
                                      Pod is scheduled to any of the three zones,
                                      it will violate MaxSkew. \n This is a beta field
                                      and requires the MinDomainsInPodTopologySpread
                                      feature gate to be enabled (enabled by default)."
                                    format: int32
                                    type: integer
                                  nodeAffinityPolicy:
                                    description: "NodeAffinityPolicy indicates how
                                      we will treat Pod's nodeAffinity/nodeSelector
                                      when calculating pod topology spread skew. Options
                                      are: - Honor: only nodes matching nodeAffinity/nodeSelector
                                      are included in the calculations. - Ignore:
                                      nodeAffinity/nodeSelector are ignored. All nodes
                                      are included in the calculations. \n If this
                                      value is nil, the behavior is equivalent to
                                      the Honor policy. This is a alpha-level feature
                                      enabled by the NodeInclusionPolicyInPodTopologySpread
                                      feature flag."
                                    type: string
                                  nodeTaintsPolicy:
                                    description: "NodeTaintsPolicy indicates how we
                                      will treat node taints when calculating pod
                                      topology spread skew. Options are: - Honor:
                                      nodes without taints, along with tainted nodes
                                      for which the incoming pod has a toleration,
                                      are included. - Ignore: node taints are ignored.
                                      All nodes are included. \n If this value is
                                      nil, the behavior is equivalent to the Ignore
                                      policy. This is a alpha-level feature enabled
                                      by the NodeInclusionPolicyInPodTopologySpread
                                      feature flag."
                                    type: string
                                  topologyKey:
                                    description: TopologyKey is the key of node labels.
                                      Nodes that have a label with this key and identical
                                      values are considered to be in the same topology.
                                      We consider each <key, value> as a "bucket",
                                      and try to put balanced number of pods into
                                      each bucket. We define a domain as a particular
                                      instance of a topology. Also, we define an eligible
                                      domain as a domain whose nodes meet the requirements
                                      of nodeAffinityPolicy and nodeTaintsPolicy.
                                      e.g. If TopologyKey is "kubernetes.io/hostname",
                                      each Node is a domain of that topology. And,
                                      if TopologyKey is "topology.kubernetes.io/zone",
                                      each zone is a domain of that topology. It's
                                      a required field.
                                    type: string
                                  whenUnsatisfiable:
                                    description: 'WhenUnsatisfiable indicates how
                                      to deal with a pod if it doesn''t satisfy the
                                      spread constraint. - DoNotSchedule (default)
                                      tells the scheduler not to schedule it. - ScheduleAnyway
                                      tells the scheduler to schedule the pod in any
                                      location,   but giving higher precedence to
                                      topologies that would help reduce the   skew.
                                      A constraint is considered "Unsatisfiable" for
                                      an incoming pod if and only if every possible
                                      node assignment for that pod would violate "MaxSkew"
                                      on some topology. For example, in a 3-zone cluster,
                                      MaxSkew is set to 1, and pods with the same
                                      labelSelector spread as 3/1/1: | zone1 | zone2
                                      | zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable
                                      is set to DoNotSchedule, incoming pod can only
                                      be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
                                      as ActualSkew(2-1) on zone2(zone3) satisfies
                                      MaxSkew(1). In other words, the cluster can
                                      still be imbalanced, but scheduler won''t make
                                      it *more* imbalanced. It''s a required field.'
                                    type: string
                                required:
                                - maxSkew
                                - topologyKey
                                - whenUnsatisfiable
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            volumes:
                              description: 'List of volumes that can be mounted by
                                containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                              items:
                                description: Volume represents a named volume in a
                                  pod that may be accessed by any container in the
                                  pod.
                                properties:
                                  awsElasticBlockStore:
                                    description: 'awsElasticBlockStore represents
                                      an AWS Disk resource that is attached to a kubelet''s
                                      host machine and then exposed to the pod. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      partition:
                                        description: 'partition is the partition in
                                          the volume that you want to mount. If omitted,
                                          the default is to mount by volume name.
                                          Examples: For volume /dev/sda1, you specify
                                          the partition as "1". Similarly, the volume
                                          partition for /dev/sda is "0" (or you can
                                          leave the property empty).'
                                        format: int32
                                        type: integer
                                      readOnly:
                                        description: 'readOnly value true will force
                                          the readOnly setting in VolumeMounts. More
                                          info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        type: boolean
                                      volumeID:
                                        description: 'volumeID is unique ID of the
                                          persistent disk resource in AWS (Amazon
                                          EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  azureDisk:
                                    description: azureDisk represents an Azure Data
                                      Disk mount on the host and bind mount to the
                                      pod.
                                    properties:
                                      cachingMode:
                                        description: 'cachingMode is the Host Caching
                                          mode: None, Read Only, Read Write.'
                                        type: string
                                      diskName:
                                        description: diskName is the Name of the data
                                          disk in the blob storage
                                        type: string
                                      diskURI:
                                        description: diskURI is the URI of data disk
                                          in the blob storage
                                        type: string
                                      fsType:
                                        description: fsType is Filesystem type to
                                          mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      kind:
                                        description: 'kind expected values are Shared:
                                          multiple blob disks per storage account  Dedicated:
                                          single blob disk per storage account  Managed:
                                          azure managed data disk (only in managed
                                          availability set). defaults to shared'
                                        type: string
                                      readOnly:
                                        description: readOnly Defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                    required:
                                    - diskName
                                    - diskURI
                                    type: object
                                  azureFile:
                                    description: azureFile represents an Azure File
                                      Service mount on the host and bind mount to
                                      the pod.
                                    properties:
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretName:
                                        description: secretName is the  name of secret
                                          that contains Azure Storage Account Name
                                          and Key
                                        type: string
                                      shareName:
                                        description: shareName is the azure share
                                          Name
                                        type: string
                                    required:
                                    - secretName
                                    - shareName
                                    type: object
                                  cephfs:
                                    description: cephFS represents a Ceph FS mount
                                      on the host that shares a pod's lifetime
                                    properties:
                                      monitors:
                                        description: 'monitors is Required: Monitors
                                          is a collection of Ceph monitors More info:
                                          https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        items:
                                          type: string
                                        type: array
                                      path:
                                        description: 'path is Optional: Used as the
                                          mounted root, rather than the full Ceph
                                          tree, default is /'
                                        type: string
                                      readOnly:
                                        description: 'readOnly is Optional: Defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.
                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: boolean
                                      secretFile:
                                        description: 'secretFile is Optional: SecretFile
                                          is the path to key ring for User, default
                                          is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: string
                                      secretRef:
                                        description: 'secretRef is Optional: SecretRef
                                          is reference to the authentication secret
                                          for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      user:
                                        description: 'user is optional: User is the
                                          rados user name, default is admin More info:
                                          https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: string
                                    required:
                                    - monitors
                                    type: object
                                  cinder:
                                    description: 'cinder represents a cinder volume
                                      attached and mounted on kubelets host machine.
                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: string
                                      readOnly:
                                        description: 'readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is optional: points
                                          to a secret object containing parameters
                                          used to connect to OpenStack.'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      volumeID:
                                        description: 'volumeID used to identify the
                                          volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  configMap:
                                    description: configMap represents a configMap
                                      that should populate this volume
                                    properties:
                                      defaultMode:
                                        description: 'defaultMode is optional: mode
                                          bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional specify whether the
                                          ConfigMap or its keys must be defined
                                        type: boolean
                                    type: object
                                  csi:
                                    description: csi (Container Storage Interface)
                                      represents ephemeral storage that is handled
                                      by certain external CSI drivers (Beta feature).
                                    properties:
                                      driver:
                                        description: driver is the name of the CSI
                                          driver that handles this volume. Consult
                                          with your admin for the correct name as
                                          registered in the cluster.
                                        type: string
                                      fsType:
                                        description: fsType to mount. Ex. "ext4",
                                          "xfs", "ntfs". If not provided, the empty
                                          value is passed to the associated CSI driver
                                          which will determine the default filesystem
                                          to apply.
                                        type: string
                                      nodePublishSecretRef:
                                        description: nodePublishSecretRef is a reference
                                          to the secret object containing sensitive
                                          information to pass to the CSI driver to
                                          complete the CSI NodePublishVolume and NodeUnpublishVolume
                                          calls. This field is optional, and  may
                                          be empty if no secret is required. If the
                                          secret object contains more than one secret,
                                          all secret references are passed.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      readOnly:
                                        description: readOnly specifies a read-only
                                          configuration for the volume. Defaults to
                                          false (read/write).
                                        type: boolean
                                      volumeAttributes:
                                        additionalProperties:
                                          type: string
                                        description: volumeAttributes stores driver-specific
                                          properties that are passed to the CSI driver.
                                          Consult your driver's documentation for
                                          supported values.
                                        type: object
                                    required:
                                    - driver
                                    type: object
                                  downwardAPI:
                                    description: downwardAPI represents downward API
                                      about the pod that should populate this volume
                                    properties:
                                      defaultMode:
                                        description: 'Optional: mode bits to use on
                                          created files by default. Must be a Optional:
                                          mode bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: Items is a list of downward API
                                          volume file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  emptyDir:
                                    description: 'emptyDir represents a temporary
                                      directory that shares a pod''s lifetime. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                    properties:
                                      medium:
                                        description: 'medium represents what type
                                          of storage medium should back this directory.
                                          The default is "" which means to use the
                                          node''s default medium. Must be an empty
                                          string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        type: string
                                      sizeLimit:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: 'sizeLimit is the total amount
                                          of local storage required for this EmptyDir
                                          volume. The size limit is also applicable
                                          for memory medium. The maximum usage on
                                          memory medium EmptyDir would be the minimum
                                          value between the SizeLimit specified here
                                          and the sum of memory limits of all containers
                                          in a pod. The default is nil which means
                                          that the limit is undefined. More info:
                                          http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                    type: object
                                  ephemeral:
                                    description: "ephemeral represents a volume that
                                      is handled by a cluster storage driver. The
                                      volume's lifecycle is tied to the pod that defines
                                      it - it will be created before the pod starts,
                                      and deleted when the pod is removed. \n Use
                                      this if: a) the volume is only needed while
                                      the pod runs, b) features of normal volumes
                                      like restoring from snapshot or capacity    tracking
                                      are needed, c) the storage driver is specified
                                      through a storage class, and d) the storage
                                      driver supports dynamic volume provisioning
                                      through    a PersistentVolumeClaim (see EphemeralVolumeSource
                                      for more    information on the connection between
                                      this volume type    and PersistentVolumeClaim).
                                      \n Use PersistentVolumeClaim or one of the vendor-specific
                                      APIs for volumes that persist for longer than
                                      the lifecycle of an individual pod. \n Use CSI
                                      for light-weight local ephemeral volumes if
                                      the CSI driver is meant to be used that way
                                      - see the documentation of the driver for more
                                      information. \n A pod can use both types of
                                      ephemeral volumes and persistent volumes at
                                      the same time."
                                    properties:
                                      volumeClaimTemplate:
                                        description: "Will be used to create a stand-alone
                                          PVC to provision the volume. The pod in
                                          which this EphemeralVolumeSource is embedded
                                          will be the owner of the PVC, i.e. the PVC
                                          will be deleted together with the pod.  The
                                          name of the PVC will be `<pod name>-<volume
                                          name>` where `<volume name>` is the name
                                          from the `PodSpec.Volumes` array entry.
                                          Pod validation will reject the pod if the
                                          concatenated name is not valid for a PVC
                                          (for example, too long). \n An existing
                                          PVC with that name that is not owned by
                                          the pod will *not* be used for the pod to
                                          avoid using an unrelated volume by mistake.
                                          Starting the pod is then blocked until the
                                          unrelated PVC is removed. If such a pre-created
                                          PVC is meant to be used by the pod, the
                                          PVC has to updated with an owner reference
                                          to the pod once the pod exists. Normally
                                          this should not be necessary, but it may
                                          be useful when manually reconstructing a
                                          broken cluster. \n This field is read-only
                                          and no changes will be made by Kubernetes
                                          to the PVC after it has been created. \n
                                          Required, must not be nil."
                                        properties:
                                          metadata:
                                            description: May contain labels and annotations
                                              that will be copied into the PVC when
                                              creating it. No other fields are allowed
                                              and will be rejected during validation.
                                            type: object
                                          spec:
                                            description: The specification for the
                                              PersistentVolumeClaim. The entire content
                                              is copied unchanged into the PVC that
                                              gets created from this template. The
                                              same fields as in a PersistentVolumeClaim
                                              are also valid here.
                                            properties:
                                              accessModes:
                                                description: 'accessModes contains
                                                  the desired access modes the volume
                                                  should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                items:
                                                  type: string
                                                type: array
                                              dataSource:
                                                description: 'dataSource field can
                                                  be used to specify either: * An
                                                  existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                  * An existing PVC (PersistentVolumeClaim)
                                                  If the provisioner or an external
                                                  controller can support the specified
                                                  data source, it will create a new
                                                  volume based on the contents of
                                                  the specified data source. If the
                                                  AnyVolumeDataSource feature gate
                                                  is enabled, this field will always
                                                  have the same contents as the DataSourceRef
                                                  field.'
                                                properties:
                                                  apiGroup:
                                                    description: APIGroup is the group
                                                      for the resource being referenced.
                                                      If APIGroup is not specified,
                                                      the specified Kind must be in
                                                      the core API group. For any
                                                      other third-party types, APIGroup
                                                      is required.
                                                    type: string
                                                  kind:
                                                    description: Kind is the type
                                                      of resource being referenced
                                                    type: string
                                                  name:
                                                    description: Name is the name
                                                      of resource being referenced
                                                    type: string
                                                required:
                                                - kind
                                                - name
                                                type: object
                                              dataSourceRef:
                                                description: 'dataSourceRef specifies
                                                  the object from which to populate
                                                  the volume with data, if a non-empty
                                                  volume is desired. This may be any
                                                  local object from a non-empty API
                                                  group (non core object) or a PersistentVolumeClaim
                                                  object. When this field is specified,
                                                  volume binding will only succeed
                                                  if the type of the specified object
                                                  matches some installed volume populator
                                                  or dynamic provisioner. This field
                                                  will replace the functionality of
                                                  the DataSource field and as such
                                                  if both fields are non-empty, they
                                                  must have the same value. For backwards
                                                  compatibility, both fields (DataSource
                                                  and DataSourceRef) will be set to
                                                  the same value automatically if
                                                  one of them is empty and the other
                                                  is non-empty. There are two important
                                                  differences between DataSource and
                                                  DataSourceRef: * While DataSource
                                                  only allows two specific types of
                                                  objects, DataSourceRef   allows
                                                  any non-core object, as well as
                                                  PersistentVolumeClaim objects. *
                                                  While DataSource ignores disallowed
                                                  values (dropping them), DataSourceRef   preserves
                                                  all values, and generates an error
                                                  if a disallowed value is   specified.
                                                  (Beta) Using this field requires
                                                  the AnyVolumeDataSource feature
                                                  gate to be enabled.'
                                                properties:
                                                  apiGroup:
                                                    description: APIGroup is the group
                                                      for the resource being referenced.
                                                      If APIGroup is not specified,
                                                      the specified Kind must be in
                                                      the core API group. For any
                                                      other third-party types, APIGroup
                                                      is required.
                                                    type: string
                                                  kind:
                                                    description: Kind is the type
                                                      of resource being referenced
                                                    type: string
                                                  name:
                                                    description: Name is the name
                                                      of resource being referenced
                                                    type: string
                                                required:
                                                - kind
                                                - name
                                                type: object
                                              resources:
                                                description: 'resources represents
                                                  the minimum resources the volume
                                                  should have. If RecoverVolumeExpansionFailure
                                                  feature is enabled users are allowed
                                                  to specify resource requirements
                                                  that are lower than previous value
                                                  but must still be higher than capacity
                                                  recorded in the status field of
                                                  the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                properties:
                                                  limits:
                                                    additionalProperties:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    description: 'Limits describes
                                                      the maximum amount of compute
                                                      resources allowed. More info:
                                                      https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                    type: object
                                                  requests:
                                                    additionalProperties:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    description: 'Requests describes
                                                      the minimum amount of compute
                                                      resources required. If Requests
                                                      is omitted for a container,
                                                      it defaults to Limits if that
                                                      is explicitly specified, otherwise
                                                      to an implementation-defined
                                                      value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                    type: object
                                                type: object
                                              selector:
                                                description: selector is a label query
                                                  over volumes to consider for binding.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              storageClassName:
                                                description: 'storageClassName is
                                                  the name of the StorageClass required
                                                  by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                type: string
                                              volumeMode:
                                                description: volumeMode defines what
                                                  type of volume is required by the
                                                  claim. Value of Filesystem is implied
                                                  when not included in claim spec.
                                                type: string
                                              volumeName:
                                                description: volumeName is the binding
                                                  reference to the PersistentVolume
                                                  backing this claim.
                                                type: string
                                            type: object
                                        required:
                                        - spec
                                        type: object
                                    type: object
                                  fc:
                                    description: fc represents a Fibre Channel resource
                                      that is attached to a kubelet's host machine
                                      and then exposed to the pod.
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified. TODO: how do we prevent
                                          errors in the filesystem from compromising
                                          the machine'
                                        type: string
                                      lun:
                                        description: 'lun is Optional: FC target lun
                                          number'
                                        format: int32
                                        type: integer
                                      readOnly:
                                        description: 'readOnly is Optional: Defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.'
                                        type: boolean
                                      targetWWNs:
                                        description: 'targetWWNs is Optional: FC target
                                          worldwide names (WWNs)'
                                        items:
                                          type: string
                                        type: array
                                      wwids:
                                        description: 'wwids Optional: FC volume world
                                          wide identifiers (wwids) Either wwids or
                                          combination of targetWWNs and lun must be
                                          set, but not both simultaneously.'
                                        items:
                                          type: string
                                        type: array
                                    type: object
                                  flexVolume:
                                    description: flexVolume represents a generic volume
                                      resource that is provisioned/attached using
                                      an exec based plugin.
                                    properties:
                                      driver:
                                        description: driver is the name of the driver
                                          to use for this volume.
                                        type: string
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". The default filesystem depends
                                          on FlexVolume script.
                                        type: string
                                      options:
                                        additionalProperties:
                                          type: string
                                        description: 'options is Optional: this field
                                          holds extra command options if any.'
                                        type: object
                                      readOnly:
                                        description: 'readOnly is Optional: defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is Optional: secretRef
                                          is reference to the secret object containing
                                          sensitive information to pass to the plugin
                                          scripts. This may be empty if no secret
                                          object is specified. If the secret object
                                          contains more than one secret, all secrets
                                          are passed to the plugin scripts.'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                    required:
                                    - driver
                                    type: object
                                  flocker:
                                    description: flocker represents a Flocker volume
                                      attached to a kubelet's host machine. This depends
                                      on the Flocker control service being running
                                    properties:
                                      datasetName:
                                        description: datasetName is Name of the dataset
                                          stored as metadata -> name on the dataset
                                          for Flocker should be considered as deprecated
                                        type: string
                                      datasetUUID:
                                        description: datasetUUID is the UUID of the
                                          dataset. This is unique identifier of a
                                          Flocker dataset
                                        type: string
                                    type: object
                                  gcePersistentDisk:
                                    description: 'gcePersistentDisk represents a GCE
                                      Disk resource that is attached to a kubelet''s
                                      host machine and then exposed to the pod. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                    properties:
                                      fsType:
                                        description: 'fsType is filesystem type of
                                          the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      partition:
                                        description: 'partition is the partition in
                                          the volume that you want to mount. If omitted,
                                          the default is to mount by volume name.
                                          Examples: For volume /dev/sda1, you specify
                                          the partition as "1". Similarly, the volume
                                          partition for /dev/sda is "0" (or you can
                                          leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        format: int32
                                        type: integer
                                      pdName:
                                        description: 'pdName is unique name of the
                                          PD resource in GCE. Used to identify the
                                          disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        type: boolean
                                    required:
                                    - pdName
                                    type: object
                                  gitRepo:
                                    description: 'gitRepo represents a git repository
                                      at a particular revision. DEPRECATED: GitRepo
                                      is deprecated. To provision a container with
                                      a git repo, mount an EmptyDir into an InitContainer
                                      that clones the repo using git, then mount the
                                      EmptyDir into the Pod''s container.'
                                    properties:
                                      directory:
                                        description: directory is the target directory
                                          name. Must not contain or start with '..'.  If
                                          '.' is supplied, the volume directory will
                                          be the git repository.  Otherwise, if specified,
                                          the volume will contain the git repository
                                          in the subdirectory with the given name.
                                        type: string
                                      repository:
                                        description: repository is the URL
                                        type: string
                                      revision:
                                        description: revision is the commit hash for
                                          the specified revision.
                                        type: string
                                    required:
                                    - repository
                                    type: object
                                  glusterfs:
                                    description: 'glusterfs represents a Glusterfs
                                      mount on the host that shares a pod''s lifetime.
                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                    properties:
                                      endpoints:
                                        description: 'endpoints is the endpoint name
                                          that details Glusterfs topology. More info:
                                          https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: string
                                      path:
                                        description: 'path is the Glusterfs volume
                                          path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          Glusterfs volume to be mounted with read-only
                                          permissions. Defaults to false. More info:
                                          https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: boolean
                                    required:
                                    - endpoints
                                    - path
                                    type: object
                                  hostPath:
                                    description: 'hostPath represents a pre-existing
                                      file or directory on the host machine that is
                                      directly exposed to the container. This is generally
                                      used for system agents or other privileged things
                                      that are allowed to see the host machine. Most
                                      containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                      --- TODO(jonesdl) We need to restrict who can
                                      use host directory mounts and who can/can not
                                      mount host directories as read/write.'
                                    properties:
                                      path:
                                        description: 'path of the directory on the
                                          host. If the path is a symlink, it will
                                          follow the link to the real path. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                        type: string
                                      type:
                                        description: 'type for HostPath Volume Defaults
                                          to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                        type: string
                                    required:
                                    - path
                                    type: object
                                  iscsi:
                                    description: 'iscsi represents an ISCSI Disk resource
                                      that is attached to a kubelet''s host machine
                                      and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                    properties:
                                      chapAuthDiscovery:
                                        description: chapAuthDiscovery defines whether
                                          support iSCSI Discovery CHAP authentication
                                        type: boolean
                                      chapAuthSession:
                                        description: chapAuthSession defines whether
                                          support iSCSI Session CHAP authentication
                                        type: boolean
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      initiatorName:
                                        description: initiatorName is the custom iSCSI
                                          Initiator Name. If initiatorName is specified
                                          with iscsiInterface simultaneously, new
                                          iSCSI interface <target portal>:<volume
                                          name> will be created for the connection.
                                        type: string
                                      iqn:
                                        description: iqn is the target iSCSI Qualified
                                          Name.
                                        type: string
                                      iscsiInterface:
                                        description: iscsiInterface is the interface
                                          Name that uses an iSCSI transport. Defaults
                                          to 'default' (tcp).
                                        type: string
                                      lun:
                                        description: lun represents iSCSI Target Lun
                                          number.
                                        format: int32
                                        type: integer
                                      portals:
                                        description: portals is the iSCSI Target Portal
                                          List. The portal is either an IP or ip_addr:port
                                          if the port is other than default (typically
                                          TCP ports 860 and 3260).
                                        items:
                                          type: string
                                        type: array
                                      readOnly:
                                        description: readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false.
                                        type: boolean
                                      secretRef:
                                        description: secretRef is the CHAP Secret
                                          for iSCSI target and initiator authentication
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      targetPortal:
                                        description: targetPortal is iSCSI Target
                                          Portal. The Portal is either an IP or ip_addr:port
                                          if the port is other than default (typically
                                          TCP ports 860 and 3260).
                                        type: string
                                    required:
                                    - iqn
                                    - lun
                                    - targetPortal
                                    type: object
                                  name:
                                    description: 'name of the volume. Must be a DNS_LABEL
                                      and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                    type: string
                                  nfs:
                                    description: 'nfs represents an NFS mount on the
                                      host that shares a pod''s lifetime More info:
                                      https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                    properties:
                                      path:
                                        description: 'path that is exported by the
                                          NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          NFS export to be mounted with read-only
                                          permissions. Defaults to false. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: boolean
                                      server:
                                        description: 'server is the hostname or IP
                                          address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: string
                                    required:
                                    - path
                                    - server
                                    type: object
                                  persistentVolumeClaim:
                                    description: 'persistentVolumeClaimVolumeSource
                                      represents a reference to a PersistentVolumeClaim
                                      in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                    properties:
                                      claimName:
                                        description: 'claimName is the name of a PersistentVolumeClaim
                                          in the same namespace as the pod using this
                                          volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        type: string
                                      readOnly:
                                        description: readOnly Will force the ReadOnly
                                          setting in VolumeMounts. Default false.
                                        type: boolean
                                    required:
                                    - claimName
                                    type: object
                                  photonPersistentDisk:
                                    description: photonPersistentDisk represents a
                                      PhotonController persistent disk attached and
                                      mounted on kubelets host machine
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      pdID:
                                        description: pdID is the ID that identifies
                                          Photon Controller persistent disk
                                        type: string
                                    required:
                                    - pdID
                                    type: object
                                  portworxVolume:
                                    description: portworxVolume represents a portworx
                                      volume attached and mounted on kubelets host
                                      machine
                                    properties:
                                      fsType:
                                        description: fSType represents the filesystem
                                          type to mount Must be a filesystem type
                                          supported by the host operating system.
                                          Ex. "ext4", "xfs". Implicitly inferred to
                                          be "ext4" if unspecified.
                                        type: string
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      volumeID:
                                        description: volumeID uniquely identifies
                                          a Portworx volume
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  projected:
                                    description: projected items for all in one resources
                                      secrets, configmaps, and downward API
                                    properties:
                                      defaultMode:
                                        description: defaultMode are the mode bits
                                          used to set permissions on created files
                                          by default. Must be an octal value between
                                          0000 and 0777 or a decimal value between
                                          0 and 511. YAML accepts both octal and decimal
                                          values, JSON requires decimal values for
                                          mode bits. Directories within the path are
                                          not affected by this setting. This might
                                          be in conflict with other options that affect
                                          the file mode, like fsGroup, and the result
                                          can be other mode bits set.
                                        format: int32
                                        type: integer
                                      sources:
                                        description: sources is the list of volume
                                          projections
                                        items:
                                          description: Projection that may be projected
                                            along with other supported volume types
                                          properties:
                                            configMap:
                                              description: configMap information about
                                                the configMap data to project
                                              properties:
                                                items:
                                                  description: items if unspecified,
                                                    each key-value pair in the Data
                                                    field of the referenced ConfigMap
                                                    will be projected into the volume
                                                    as a file whose name is the key
                                                    and content is the value. If specified,
                                                    the listed keys will be projected
                                                    into the specified paths, and
                                                    unlisted keys will not be present.
                                                    If a key is specified which is
                                                    not present in the ConfigMap,
                                                    the volume setup will error unless
                                                    it is marked optional. Paths must
                                                    be relative and may not contain
                                                    the '..' path or start with '..'.
                                                  items:
                                                    description: Maps a string key
                                                      to a path within a volume.
                                                    properties:
                                                      key:
                                                        description: key is the key
                                                          to project.
                                                        type: string
                                                      mode:
                                                        description: 'mode is Optional:
                                                          mode bits used to set permissions
                                                          on this file. Must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: path is the relative
                                                          path of the file to map
                                                          the key to. May not be an
                                                          absolute path. May not contain
                                                          the path element '..'. May
                                                          not start with the string
                                                          '..'.
                                                        type: string
                                                    required:
                                                    - key
                                                    - path
                                                    type: object
                                                  type: array
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: optional specify whether
                                                    the ConfigMap or its keys must
                                                    be defined
                                                  type: boolean
                                              type: object
                                            downwardAPI:
                                              description: downwardAPI information
                                                about the downwardAPI data to project
                                              properties:
                                                items:
                                                  description: Items is a list of
                                                    DownwardAPIVolume file
                                                  items:
                                                    description: DownwardAPIVolumeFile
                                                      represents information to create
                                                      the file containing the pod
                                                      field
                                                    properties:
                                                      fieldRef:
                                                        description: 'Required: Selects
                                                          a field of the pod: only
                                                          annotations, labels, name
                                                          and namespace are supported.'
                                                        properties:
                                                          apiVersion:
                                                            description: Version of
                                                              the schema the FieldPath
                                                              is written in terms
                                                              of, defaults to "v1".
                                                            type: string
                                                          fieldPath:
                                                            description: Path of the
                                                              field to select in the
                                                              specified API version.
                                                            type: string
                                                        required:
                                                        - fieldPath
                                                        type: object
                                                      mode:
                                                        description: 'Optional: mode
                                                          bits used to set permissions
                                                          on this file, must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: 'Required: Path
                                                          is  the relative path name
                                                          of the file to be created.
                                                          Must not be absolute or
                                                          contain the ''..'' path.
                                                          Must be utf-8 encoded. The
                                                          first item of the relative
                                                          path must not start with
                                                          ''..'''
                                                        type: string
                                                      resourceFieldRef:
                                                        description: 'Selects a resource
                                                          of the container: only resources
                                                          limits and requests (limits.cpu,
                                                          limits.memory, requests.cpu
                                                          and requests.memory) are
                                                          currently supported.'
                                                        properties:
                                                          containerName:
                                                            description: 'Container
                                                              name: required for volumes,
                                                              optional for env vars'
                                                            type: string
                                                          divisor:
                                                            anyOf:
                                                            - type: integer
                                                            - type: string
                                                            description: Specifies
                                                              the output format of
                                                              the exposed resources,
                                                              defaults to "1"
                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                            x-kubernetes-int-or-string: true
                                                          resource:
                                                            description: 'Required:
                                                              resource to select'
                                                            type: string
                                                        required:
                                                        - resource
                                                        type: object
                                                    required:
                                                    - path
                                                    type: object
                                                  type: array
                                              type: object
                                            secret:
                                              description: secret information about
                                                the secret data to project
                                              properties:
                                                items:
                                                  description: items if unspecified,
                                                    each key-value pair in the Data
                                                    field of the referenced Secret
                                                    will be projected into the volume
                                                    as a file whose name is the key
                                                    and content is the value. If specified,
                                                    the listed keys will be projected
                                                    into the specified paths, and
                                                    unlisted keys will not be present.
                                                    If a key is specified which is
                                                    not present in the Secret, the
                                                    volume setup will error unless
                                                    it is marked optional. Paths must
                                                    be relative and may not contain
                                                    the '..' path or start with '..'.
                                                  items:
                                                    description: Maps a string key
                                                      to a path within a volume.
                                                    properties:
                                                      key:
                                                        description: key is the key
                                                          to project.
                                                        type: string
                                                      mode:
                                                        description: 'mode is Optional:
                                                          mode bits used to set permissions
                                                          on this file. Must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: path is the relative
                                                          path of the file to map
                                                          the key to. May not be an
                                                          absolute path. May not contain
                                                          the path element '..'. May
                                                          not start with the string
                                                          '..'.
                                                        type: string
                                                    required:
                                                    - key
                                                    - path
                                                    type: object
                                                  type: array
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: optional field specify
                                                    whether the Secret or its key
                                                    must be defined
                                                  type: boolean
                                              type: object
                                            serviceAccountToken:
                                              description: serviceAccountToken is
                                                information about the serviceAccountToken
                                                data to project
                                              properties:
                                                audience:
                                                  description: audience is the intended
                                                    audience of the token. A recipient
                                                    of a token must identify itself
                                                    with an identifier specified in
                                                    the audience of the token, and
                                                    otherwise should reject the token.
                                                    The audience defaults to the identifier
                                                    of the apiserver.
                                                  type: string
                                                expirationSeconds:
                                                  description: expirationSeconds is
                                                    the requested duration of validity
                                                    of the service account token.
                                                    As the token approaches expiration,
                                                    the kubelet volume plugin will
                                                    proactively rotate the service
                                                    account token. The kubelet will
                                                    start trying to rotate the token
                                                    if the token is older than 80
                                                    percent of its time to live or
                                                    if the token is older than 24
                                                    hours.Defaults to 1 hour and must
                                                    be at least 10 minutes.
                                                  format: int64
                                                  type: integer
                                                path:
                                                  description: path is the path relative
                                                    to the mount point of the file
                                                    to project the token into.
                                                  type: string
                                              required:
                                              - path
                                              type: object
                                          type: object
                                        type: array
                                    type: object
                                  quobyte:
                                    description: quobyte represents a Quobyte mount
                                      on the host that shares a pod's lifetime
                                    properties:
                                      group:
                                        description: group to map volume access to
                                          Default is no group
                                        type: string
                                      readOnly:
                                        description: readOnly here will force the
                                          Quobyte volume to be mounted with read-only
                                          permissions. Defaults to false.
                                        type: boolean
                                      registry:
                                        description: registry represents a single
                                          or multiple Quobyte Registry services specified
                                          as a string as host:port pair (multiple
                                          entries are separated with commas) which
                                          acts as the central registry for volumes
                                        type: string
                                      tenant:
                                        description: tenant owning the given Quobyte
                                          volume in the Backend Used with dynamically
                                          provisioned Quobyte volumes, value is set
                                          by the plugin
                                        type: string
                                      user:
                                        description: user to map volume access to
                                          Defaults to serivceaccount user
                                        type: string
                                      volume:
                                        description: volume is a string that references
                                          an already created Quobyte volume by name.
                                        type: string
                                    required:
                                    - registry
                                    - volume
                                    type: object
                                  rbd:
                                    description: 'rbd represents a Rados Block Device
                                      mount on the host that shares a pod''s lifetime.
                                      More info: https://examples.k8s.io/volumes/rbd/README.md'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      image:
                                        description: 'image is the rados image name.
                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      keyring:
                                        description: 'keyring is the path to key ring
                                          for RBDUser. Default is /etc/ceph/keyring.
                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      monitors:
                                        description: 'monitors is a collection of
                                          Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        items:
                                          type: string
                                        type: array
                                      pool:
                                        description: 'pool is the rados pool name.
                                          Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is name of the authentication
                                          secret for RBDUser. If provided overrides
                                          keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      user:
                                        description: 'user is the rados user name.
                                          Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                    required:
                                    - image
                                    - monitors
                                    type: object
                                  scaleIO:
                                    description: scaleIO represents a ScaleIO persistent
                                      volume attached and mounted on Kubernetes nodes.
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Default is "xfs".
                                        type: string
                                      gateway:
                                        description: gateway is the host address of
                                          the ScaleIO API Gateway.
                                        type: string
                                      protectionDomain:
                                        description: protectionDomain is the name
                                          of the ScaleIO Protection Domain for the
                                          configured storage.
                                        type: string
                                      readOnly:
                                        description: readOnly Defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretRef:
                                        description: secretRef references to the secret
                                          for ScaleIO user and other sensitive information.
                                          If this is not provided, Login operation
                                          will fail.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      sslEnabled:
                                        description: sslEnabled Flag enable/disable
                                          SSL communication with Gateway, default
                                          false
                                        type: boolean
                                      storageMode:
                                        description: storageMode indicates whether
                                          the storage for a volume should be ThickProvisioned
                                          or ThinProvisioned. Default is ThinProvisioned.
                                        type: string
                                      storagePool:
                                        description: storagePool is the ScaleIO Storage
                                          Pool associated with the protection domain.
                                        type: string
                                      system:
                                        description: system is the name of the storage
                                          system as configured in ScaleIO.
                                        type: string
                                      volumeName:
                                        description: volumeName is the name of a volume
                                          already created in the ScaleIO system that
                                          is associated with this volume source.
                                        type: string
                                    required:
                                    - gateway
                                    - secretRef
                                    - system
                                    type: object
                                  secret:
                                    description: 'secret represents a secret that
                                      should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                    properties:
                                      defaultMode:
                                        description: 'defaultMode is Optional: mode
                                          bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: items If unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      optional:
                                        description: optional field specify whether
                                          the Secret or its keys must be defined
                                        type: boolean
                                      secretName:
                                        description: 'secretName is the name of the
                                          secret in the pod''s namespace to use. More
                                          info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        type: string
                                    type: object
                                  storageos:
                                    description: storageOS represents a StorageOS
                                      volume attached and mounted on Kubernetes nodes.
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretRef:
                                        description: secretRef specifies the secret
                                          to use for obtaining the StorageOS API credentials.  If
                                          not specified, default values will be attempted.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      volumeName:
                                        description: volumeName is the human-readable
                                          name of the StorageOS volume.  Volume names
                                          are only unique within a namespace.
                                        type: string
                                      volumeNamespace:
                                        description: volumeNamespace specifies the
                                          scope of the volume within StorageOS.  If
                                          no namespace is specified then the Pod's
                                          namespace will be used.  This allows the
                                          Kubernetes name scoping to be mirrored within
                                          StorageOS for tighter integration. Set VolumeName
                                          to any name to override the default behaviour.
                                          Set to "default" if you are not using namespaces
                                          within StorageOS. Namespaces that do not
                                          pre-exist within StorageOS will be created.
                                        type: string
                                    type: object
                                  vsphereVolume:
                                    description: vsphereVolume represents a vSphere
                                      volume attached and mounted on kubelets host
                                      machine
                                    properties:
                                      fsType:
                                        description: fsType is filesystem type to
                                          mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      storagePolicyID:
                                        description: storagePolicyID is the storage
                                          Policy Based Management (SPBM) profile ID
                                          associated with the StoragePolicyName.
                                        type: string
                                      storagePolicyName:
                                        description: storagePolicyName is the storage
                                          Policy Based Management (SPBM) profile name.
                                        type: string
                                      volumePath:
                                        description: volumePath is the path that identifies
                                          vSphere volume vmdk
                                        type: string
                                    required:
                                    - volumePath
                                    type: object
                                required:
                                - name
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                          type: object
                        taskServiceAccountName:
                          type: string
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                  timeout:
                    description: 'Timeout Deprecated: use pipelineRunSpec.Timeouts.Pipeline
                      instead Time after which the Pipeline times out. Defaults to
                      never. Refer to Go''s ParseDuration documentation for expected
                      format: https://golang.org/pkg/time/#ParseDuration'
                    type: string
                  timeouts:
                    description: Time after which the Pipeline times out. Currently
                      three keys are accepted in the map pipeline, tasks and finally
                      with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally
                    properties:
                      finally:
                        description: Finally sets the maximum allowed duration of
                          this pipeline's finally
                        type: string
                      pipeline:
                        description: Pipeline sets the maximum allowed duration for
                          execution of the entire pipeline. The sum of individual
                          timeouts for tasks and finally must not exceed this value.
                        type: string
                      tasks:
                        description: Tasks sets the maximum allowed duration of this
                          pipeline's tasks
                        type: string
                    type: object
                  workspaces:
                    description: Workspaces holds a set of workspace bindings that
                      must match names with those declared in the pipeline.
                    items:
                      description: WorkspaceBinding maps a Task's declared workspace
                        to a Volume.
                      properties:
                        configMap:
                          description: ConfigMap represents a configMap that should
                            populate this workspace.
                          properties:
                            defaultMode:
                              description: 'defaultMode is optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items if unspecified, each key-value pair
                                in the Data field of the referenced ConfigMap will
                                be projected into the volume as a file whose name
                                is the key and content is the value. If specified,
                                the listed keys will be projected into the specified
                                paths, and unlisted keys will not be present. If a
                                key is specified which is not present in the ConfigMap,
                                the volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: optional specify whether the ConfigMap
                                or its keys must be defined
                              type: boolean
                          type: object
                        csi:
                          description: CSI (Container Storage Interface) represents
                            ephemeral storage that is handled by certain external
                            CSI drivers.
                          properties:
                            driver:
                              description: driver is the name of the CSI driver that
                                handles this volume. Consult with your admin for the
                                correct name as registered in the cluster.
                              type: string
                            fsType:
                              description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
                                If not provided, the empty value is passed to the
                                associated CSI driver which will determine the default
                                filesystem to apply.
                              type: string
                            nodePublishSecretRef:
                              description: nodePublishSecretRef is a reference to
                                the secret object containing sensitive information
                                to pass to the CSI driver to complete the CSI NodePublishVolume
                                and NodeUnpublishVolume calls. This field is optional,
                                and  may be empty if no secret is required. If the
                                secret object contains more than one secret, all secret
                                references are passed.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            readOnly:
                              description: readOnly specifies a read-only configuration
                                for the volume. Defaults to false (read/write).
                              type: boolean
                            volumeAttributes:
                              additionalProperties:
                                type: string
                              description: volumeAttributes stores driver-specific
                                properties that are passed to the CSI driver. Consult
                                your driver's documentation for supported values.
                              type: object
                          required:
                          - driver
                          type: object
                        emptyDir:
                          description: 'EmptyDir represents a temporary directory
                            that shares a Task''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
                            Either this OR PersistentVolumeClaim can be used.'
                          properties:
                            medium:
                              description: 'medium represents what type of storage
                                medium should back this directory. The default is
                                "" which means to use the node''s default medium.
                                Must be an empty string (default) or Memory. More
                                info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              type: string
                            sizeLimit:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'sizeLimit is the total amount of local
                                storage required for this EmptyDir volume. The size
                                limit is also applicable for memory medium. The maximum
                                usage on memory medium EmptyDir would be the minimum
                                value between the SizeLimit specified here and the
                                sum of memory limits of all containers in a pod. The
                                default is nil which means that the limit is undefined.
                                More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        name:
                          description: Name is the name of the workspace populated
                            by the volume.
                          type: string
                        persistentVolumeClaim:
                          description: PersistentVolumeClaimVolumeSource represents
                            a reference to a PersistentVolumeClaim in the same namespace.
                            Either this OR EmptyDir can be used.
                          properties:
                            claimName:
                              description: 'claimName is the name of a PersistentVolumeClaim
                                in the same namespace as the pod using this volume.
                                More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              type: string
                            readOnly:
                              description: readOnly Will force the ReadOnly setting
                                in VolumeMounts. Default false.
                              type: boolean
                          required:
                          - claimName
                          type: object
                        projected:
                          description: Projected represents a projected volume that
                            should populate this workspace.
                          properties:
                            defaultMode:
                              description: defaultMode are the mode bits used to set
                                permissions on created files by default. Must be an
                                octal value between 0000 and 0777 or a decimal value
                                between 0 and 511. YAML accepts both octal and decimal
                                values, JSON requires decimal values for mode bits.
                                Directories within the path are not affected by this
                                setting. This might be in conflict with other options
                                that affect the file mode, like fsGroup, and the result
                                can be other mode bits set.
                              format: int32
                              type: integer
                            sources:
                              description: sources is the list of volume projections
                              items:
                                description: Projection that may be projected along
                                  with other supported volume types
                                properties:
                                  configMap:
                                    description: configMap information about the configMap
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional specify whether the
                                          ConfigMap or its keys must be defined
                                        type: boolean
                                    type: object
                                  downwardAPI:
                                    description: downwardAPI information about the
                                      downwardAPI data to project
                                    properties:
                                      items:
                                        description: Items is a list of DownwardAPIVolume
                                          file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  secret:
                                    description: secret information about the secret
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional field specify whether
                                          the Secret or its key must be defined
                                        type: boolean
                                    type: object
                                  serviceAccountToken:
                                    description: serviceAccountToken is information
                                      about the serviceAccountToken data to project
                                    properties:
                                      audience:
                                        description: audience is the intended audience
                                          of the token. A recipient of a token must
                                          identify itself with an identifier specified
                                          in the audience of the token, and otherwise
                                          should reject the token. The audience defaults
                                          to the identifier of the apiserver.
                                        type: string
                                      expirationSeconds:
                                        description: expirationSeconds is the requested
                                          duration of validity of the service account
                                          token. As the token approaches expiration,
                                          the kubelet volume plugin will proactively
                                          rotate the service account token. The kubelet
                                          will start trying to rotate the token if
                                          the token is older than 80 percent of its
                                          time to live or if the token is older than
                                          24 hours.Defaults to 1 hour and must be
                                          at least 10 minutes.
                                        format: int64
                                        type: integer
                                      path:
                                        description: path is the path relative to
                                          the mount point of the file to project the
                                          token into.
                                        type: string
                                    required:
                                    - path
                                    type: object
                                type: object
                              type: array
                          type: object
                        secret:
                          description: Secret represents a secret that should populate
                            this workspace.
                          properties:
                            defaultMode:
                              description: 'defaultMode is Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items If unspecified, each key-value pair
                                in the Data field of the referenced Secret will be
                                projected into the volume as a file whose name is
                                the key and content is the value. If specified, the
                                listed keys will be projected into the specified paths,
                                and unlisted keys will not be present. If a key is
                                specified which is not present in the Secret, the
                                volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            optional:
                              description: optional field specify whether the Secret
                                or its keys must be defined
                              type: boolean
                            secretName:
                              description: 'secretName is the name of the secret in
                                the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              type: string
                          type: object
                        subPath:
                          description: SubPath is optionally a directory on the volume
                            which should be used for this binding (i.e. the volume
                            will be mounted at this sub directory).
                          type: string
                        volumeClaimTemplate:
                          description: VolumeClaimTemplate is a template for a claim
                            that will be created in the same namespace. The PipelineRun
                            controller is responsible for creating a unique claim
                            for each instance of PipelineRun.
                          properties:
                            apiVersion:
                              description: 'APIVersion defines the versioned schema
                                of this representation of an object. Servers should
                                convert recognized schemas to the latest internal
                                value, and may reject unrecognized values. More info:
                                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                              type: string
                            kind:
                              description: 'Kind is a string value representing the
                                REST resource this object represents. Servers may
                                infer this from the endpoint the client submits requests
                                to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                              type: string
                            metadata:
                              description: 'Standard object''s metadata. More info:
                                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
                              type: object
                            spec:
                              description: 'spec defines the desired characteristics
                                of a volume requested by a pod author. More info:
                                https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                accessModes:
                                  description: 'accessModes contains the desired access
                                    modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                  items:
                                    type: string
                                  type: array
                                dataSource:
                                  description: 'dataSource field can be used to specify
                                    either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                    * An existing PVC (PersistentVolumeClaim) If the
                                    provisioner or an external controller can support
                                    the specified data source, it will create a new
                                    volume based on the contents of the specified
                                    data source. If the AnyVolumeDataSource feature
                                    gate is enabled, this field will always have the
                                    same contents as the DataSourceRef field.'
                                  properties:
                                    apiGroup:
                                      description: APIGroup is the group for the resource
                                        being referenced. If APIGroup is not specified,
                                        the specified Kind must be in the core API
                                        group. For any other third-party types, APIGroup
                                        is required.
                                      type: string
                                    kind:
                                      description: Kind is the type of resource being
                                        referenced
                                      type: string
                                    name:
                                      description: Name is the name of resource being
                                        referenced
                                      type: string
                                  required:
                                  - kind
                                  - name
                                  type: object
                                dataSourceRef:
                                  description: 'dataSourceRef specifies the object
                                    from which to populate the volume with data, if
                                    a non-empty volume is desired. This may be any
                                    local object from a non-empty API group (non core
                                    object) or a PersistentVolumeClaim object. When
                                    this field is specified, volume binding will only
                                    succeed if the type of the specified object matches
                                    some installed volume populator or dynamic provisioner.
                                    This field will replace the functionality of the
                                    DataSource field and as such if both fields are
                                    non-empty, they must have the same value. For
                                    backwards compatibility, both fields (DataSource
                                    and DataSourceRef) will be set to the same value
                                    automatically if one of them is empty and the
                                    other is non-empty. There are two important differences
                                    between DataSource and DataSourceRef: * While
                                    DataSource only allows two specific types of objects,
                                    DataSourceRef   allows any non-core object, as
                                    well as PersistentVolumeClaim objects. * While
                                    DataSource ignores disallowed values (dropping
                                    them), DataSourceRef   preserves all values, and
                                    generates an error if a disallowed value is   specified.
                                    (Beta) Using this field requires the AnyVolumeDataSource
                                    feature gate to be enabled.'
                                  properties:
                                    apiGroup:
                                      description: APIGroup is the group for the resource
                                        being referenced. If APIGroup is not specified,
                                        the specified Kind must be in the core API
                                        group. For any other third-party types, APIGroup
                                        is required.
                                      type: string
                                    kind:
                                      description: Kind is the type of resource being
                                        referenced
                                      type: string
                                    name:
                                      description: Name is the name of resource being
                                        referenced
                                      type: string
                                  required:
                                  - kind
                                  - name
                                  type: object
                                resources:
                                  description: 'resources represents the minimum resources
                                    the volume should have. If RecoverVolumeExpansionFailure
                                    feature is enabled users are allowed to specify
                                    resource requirements that are lower than previous
                                    value but must still be higher than capacity recorded
                                    in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                  properties:
                                    limits:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: 'Limits describes the maximum amount
                                        of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      type: object
                                    requests:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: 'Requests describes the minimum
                                        amount of compute resources required. If Requests
                                        is omitted for a container, it defaults to
                                        Limits if that is explicitly specified, otherwise
                                        to an implementation-defined value. More info:
                                        https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      type: object
                                  type: object
                                selector:
                                  description: selector is a label query over volumes
                                    to consider for binding.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                storageClassName:
                                  description: 'storageClassName is the name of the
                                    StorageClass required by the claim. More info:
                                    https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                  type: string
                                volumeMode:
                                  description: volumeMode defines what type of volume
                                    is required by the claim. Value of Filesystem
                                    is implied when not included in claim spec.
                                  type: string
                                volumeName:
                                  description: volumeName is the binding reference
                                    to the PersistentVolume backing this claim.
                                  type: string
                              type: object
                            status:
                              description: 'status represents the current information/status
                                of a persistent volume claim. Read-only. More info:
                                https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                accessModes:
                                  description: 'accessModes contains the actual access
                                    modes the volume backing the PVC has. More info:
                                    https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                  items:
                                    type: string
                                  type: array
                                allocatedResources:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: allocatedResources is the storage resource
                                    within AllocatedResources tracks the capacity
                                    allocated to a PVC. It may be larger than the
                                    actual capacity when a volume expansion operation
                                    is requested. For storage quota, the larger value
                                    from allocatedResources and PVC.spec.resources
                                    is used. If allocatedResources is not set, PVC.spec.resources
                                    alone is used for quota calculation. If a volume
                                    expansion capacity request is lowered, allocatedResources
                                    is only lowered if there are no expansion operations
                                    in progress and if the actual volume capacity
                                    is equal or lower than the requested capacity.
                                    This is an alpha field and requires enabling RecoverVolumeExpansionFailure
                                    feature.
                                  type: object
                                capacity:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: capacity represents the actual resources
                                    of the underlying volume.
                                  type: object
                                conditions:
                                  description: conditions is the current Condition
                                    of persistent volume claim. If underlying persistent
                                    volume is being resized then the Condition will
                                    be set to 'ResizeStarted'.
                                  items:
                                    description: PersistentVolumeClaimCondition contails
                                      details about state of pvc
                                    properties:
                                      lastProbeTime:
                                        description: lastProbeTime is the time we
                                          probed the condition.
                                        format: date-time
                                        type: string
                                      lastTransitionTime:
                                        description: lastTransitionTime is the time
                                          the condition transitioned from one status
                                          to another.
                                        format: date-time
                                        type: string
                                      message:
                                        description: message is the human-readable
                                          message indicating details about last transition.
                                        type: string
                                      reason:
                                        description: reason is a unique, this should
                                          be a short, machine understandable string
                                          that gives the reason for condition's last
                                          transition. If it reports "ResizeStarted"
                                          that means the underlying persistent volume
                                          is being resized.
                                        type: string
                                      status:
                                        type: string
                                      type:
                                        description: PersistentVolumeClaimConditionType
                                          is a valid value of PersistentVolumeClaimCondition.Type
                                        type: string
                                    required:
                                    - status
                                    - type
                                    type: object
                                  type: array
                                phase:
                                  description: phase represents the current phase
                                    of PersistentVolumeClaim.
                                  type: string
                                resizeStatus:
                                  description: resizeStatus stores status of resize
                                    operation. ResizeStatus is not set by default
                                    but when expansion is complete resizeStatus is
                                    set to empty string by resize controller or kubelet.
                                    This is an alpha field and requires enabling RecoverVolumeExpansionFailure
                                    feature.
                                  type: string
                              type: object
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                    x-kubernetes-list-type: atomic
                type: object
              pod_spec:
                description: PodSpec provides the basis for running the test under
                  a Kubernetes agent
                properties:
                  activeDeadlineSeconds:
                    description: Optional duration in seconds the pod may be active
                      on the node relative to StartTime before the system will actively
                      try to mark it failed and kill associated containers. Value
                      must be a positive integer.
                    format: int64
                    type: integer
                  affinity:
                    description: If specified, the pod's scheduling constraints
                    properties:
                      nodeAffinity:
                        description: Describes node affinity scheduling rules for
                          the pod.
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node matches the corresponding matchExpressions;
                              the node(s) with the highest sum are the most preferred.
                            items:
                              description: An empty preferred scheduling term matches
                                all objects with implicit weight 0 (i.e. it's a no-op).
                                A null preferred scheduling term matches no objects
                                (i.e. is also a no-op).
                              properties:
                                preference:
                                  description: A node selector term, associated with
                                    the corresponding weight.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                weight:
                                  description: Weight associated with matching the
                                    corresponding nodeSelectorTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - preference
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to an update), the system
                              may or may not try to eventually evict the pod from
                              its node.
                            properties:
                              nodeSelectorTerms:
                                description: Required. A list of node selector terms.
                                  The terms are ORed.
                                items:
                                  description: A null or empty node selector term
                                    matches no objects. The requirements of them are
                                    ANDed. The TopologySelectorTerm type implements
                                    a subset of the NodeSelectorTerm.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                type: array
                            required:
                            - nodeSelectorTerms
                            type: object
                        type: object
                      podAffinity:
                        description: Describes pod affinity scheduling rules (e.g.
                          co-locate this pod in the same node, zone, etc. as some
                          other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to a pod label update),
                              the system may or may not try to eventually evict the
                              pod from its node. When there are multiple elements,
                              the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace".
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                      podAntiAffinity:
                        description: Describes pod anti-affinity scheduling rules
                          (e.g. avoid putting this pod in the same node, zone, etc.
                          as some other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the anti-affinity expressions
                              specified by this field, but it may choose a node that
                              violates one or more of the expressions. The node that
                              is most preferred is the one with the greatest sum of
                              weights, i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              anti-affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the anti-affinity requirements specified
                              by this field are not met at scheduling time, the pod
                              will not be scheduled onto the node. If the anti-affinity
                              requirements specified by this field cease to be met
                              at some point during pod execution (e.g. due to a pod
                              label update), the system may or may not try to eventually
                              evict the pod from its node. When there are multiple
                              elements, the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace".
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                    type: object
                  automountServiceAccountToken:
                    description: AutomountServiceAccountToken indicates whether a
                      service account token should be automatically mounted.
                    type: boolean
                  containers:
                    description: List of containers belonging to the pod. Containers
                      cannot currently be added or removed. There must be at least
                      one container in a Pod. Cannot be updated.
                    items:
                      description: A single application container that you want to
                        run within a pod.
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The container
                            image''s CMD is used if this is not provided. Variable
                            references $(VAR_NAME) are expanded using the container''s
                            environment. If a variable cannot be resolved, the reference
                            in the input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The container image''s ENTRYPOINT is used if this is not
                            provided. Variable references $(VAR_NAME) are expanded
                            using the container''s environment. If a variable cannot
                            be resolved, the reference in the input string will be
                            unchanged. Double $$ are reduced to a single $, which
                            allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                            will produce the string literal "$(VAR_NAME)". Escaped
                            references will never be expanded, regardless of whether
                            the variable exists or not. Cannot be updated. More info:
                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
                            This field is optional to allow higher level config management
                            to default or override container images in workload controllers
                            like Deployments and StatefulSets.'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Actions that the management system should take
                            in response to container lifecycle events. Cannot be updated.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: 'Periodic probe of container liveness. Container
                            will be restarted if the probe fails. Cannot be updated.
                            More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the container specified as a DNS_LABEL.
                            Each container in a pod must have a unique name (DNS_LABEL).
                            Cannot be updated.
                          type: string
                        ports:
                          description: List of ports to expose from the container.
                            Not specifying a port here DOES NOT prevent that port
                            from being exposed. Any port which is listening on the
                            default "0.0.0.0" address inside a container will be accessible
                            from the network. Modifying this array with strategic
                            merge patch may corrupt the data. For more information
                            See https://github.com/kubernetes/kubernetes/issues/108255.
                            Cannot be updated.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: 'Periodic probe of container service readiness.
                            Container will be removed from service endpoints if the
                            probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: 'Compute Resources required by this container.
                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'SecurityContext defines the security options
                            the container should be run with. If set, the fields of
                            SecurityContext override the equivalent fields of PodSecurityContext.
                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: 'StartupProbe indicates that the Pod has successfully
                            initialized. If specified, no other probes are executed
                            until this completes successfully. If this probe fails,
                            the Pod will be restarted, just as if the livenessProbe
                            failed. This can be used to provide different probe parameters
                            at the beginning of a Pod''s lifecycle, when it might
                            take a long time to load data or warm a cache, than during
                            steady-state operation. This cannot be updated. More info:
                            https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  dnsConfig:
                    description: Specifies the DNS parameters of a pod. Parameters
                      specified here will be merged to the generated DNS configuration
                      based on DNSPolicy.
                    properties:
                      nameservers:
                        description: A list of DNS name server IP addresses. This
                          will be appended to the base nameservers generated from
                          DNSPolicy. Duplicated nameservers will be removed.
                        items:
                          type: string
                        type: array
                      options:
                        description: A list of DNS resolver options. This will be
                          merged with the base options generated from DNSPolicy. Duplicated
                          entries will be removed. Resolution options given in Options
                          will override those that appear in the base DNSPolicy.
                        items:
                          description: PodDNSConfigOption defines DNS resolver options
                            of a pod.
                          properties:
                            name:
                              description: Required.
                              type: string
                            value:
                              type: string
                          type: object
                        type: array
                      searches:
                        description: A list of DNS search domains for host-name lookup.
                          This will be appended to the base search paths generated
                          from DNSPolicy. Duplicated search paths will be removed.
                        items:
                          type: string
                        type: array
                    type: object
                  dnsPolicy:
                    description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                      Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
                      'Default' or 'None'. DNS parameters given in DNSConfig will
                      be merged with the policy selected with DNSPolicy. To have DNS
                      options set along with hostNetwork, you have to specify DNS
                      policy explicitly to 'ClusterFirstWithHostNet'.
                    type: string
                  enableServiceLinks:
                    description: 'EnableServiceLinks indicates whether information
                      about services should be injected into pod''s environment variables,
                      matching the syntax of Docker links. Optional: Defaults to true.'
                    type: boolean
                  ephemeralContainers:
                    description: List of ephemeral containers run in this pod. Ephemeral
                      containers may be run in an existing pod to perform user-initiated
                      actions such as debugging. This list cannot be specified when
                      creating a pod, and it cannot be modified by updating the pod
                      spec. In order to add an ephemeral container to an existing
                      pod, use the pod's ephemeralcontainers subresource.
                    items:
                      description: "An EphemeralContainer is a temporary container
                        that you may add to an existing Pod for user-initiated activities
                        such as debugging. Ephemeral containers have no resource or
                        scheduling guarantees, and they will not be restarted when
                        they exit or when a Pod is removed or restarted. The kubelet
                        may evict a Pod if an ephemeral container causes the Pod to
                        exceed its resource allocation. \n To add an ephemeral container,
                        use the ephemeralcontainers subresource of an existing Pod.
                        Ephemeral containers may not be removed or restarted."
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The image''s
                            CMD is used if this is not provided. Variable references
                            $(VAR_NAME) are expanded using the container''s environment.
                            If a variable cannot be resolved, the reference in the
                            input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The image''s ENTRYPOINT is used if this is not provided.
                            Variable references $(VAR_NAME) are expanded using the
                            container''s environment. If a variable cannot be resolved,
                            the reference in the input string will be unchanged. Double
                            $$ are reduced to a single $, which allows for escaping
                            the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
                            the string literal "$(VAR_NAME)". Escaped references will
                            never be expanded, regardless of whether the variable
                            exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Lifecycle is not allowed for ephemeral containers.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the ephemeral container specified as
                            a DNS_LABEL. This name must be unique among all containers,
                            init containers and ephemeral containers.
                          type: string
                        ports:
                          description: Ports are not allowed for ephemeral containers.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: Resources are not allowed for ephemeral containers.
                            Ephemeral containers use spare resources already allocated
                            to the pod.
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'Optional: SecurityContext defines the security
                            options the ephemeral container should be run with. If
                            set, the fields of SecurityContext override the equivalent
                            fields of PodSecurityContext.'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        targetContainerName:
                          description: "If set, the name of the container from PodSpec
                            that this ephemeral container targets. The ephemeral container
                            will be run in the namespaces (IPC, PID, etc) of this
                            container. If not set then the ephemeral container uses
                            the namespaces configured in the Pod spec. \n The container
                            runtime must implement support for this feature. If the
                            runtime does not support namespace targeting then the
                            result of setting this field is undefined."
                          type: string
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Subpath mounts are not allowed for ephemeral containers.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  hostAliases:
                    description: HostAliases is an optional list of hosts and IPs
                      that will be injected into the pod's hosts file if specified.
                      This is only valid for non-hostNetwork pods.
                    items:
                      description: HostAlias holds the mapping between IP and hostnames
                        that will be injected as an entry in the pod's hosts file.
                      properties:
                        hostnames:
                          description: Hostnames for the above IP address.
                          items:
                            type: string
                          type: array
                        ip:
                          description: IP address of the host file entry.
                          type: string
                      type: object
                    type: array
                  hostIPC:
                    description: 'Use the host''s ipc namespace. Optional: Default
                      to false.'
                    type: boolean
                  hostNetwork:
                    description: Host networking requested for this pod. Use the host's
                      network namespace. If this option is set, the ports that will
                      be used must be specified. Default to false.
                    type: boolean
                  hostPID:
                    description: 'Use the host''s pid namespace. Optional: Default
                      to false.'
                    type: boolean
                  hostUsers:
                    description: 'Use the host''s user namespace. Optional: Default
                      to true. If set to true or not present, the pod will be run
                      in the host user namespace, useful for when the pod needs a
                      feature only available to the host user namespace, such as loading
                      a kernel module with CAP_SYS_MODULE. When set to false, a new
                      userns is created for the pod. Setting false is useful for mitigating
                      container breakout vulnerabilities even allowing users to run
                      their containers as root without actually having root privileges
                      on the host. This field is alpha-level and is only honored by
                      servers that enable the UserNamespacesSupport feature.'
                    type: boolean
                  hostname:
                    description: Specifies the hostname of the Pod If not specified,
                      the pod's hostname will be set to a system-defined value.
                    type: string
                  imagePullSecrets:
                    description: 'ImagePullSecrets is an optional list of references
                      to secrets in the same namespace to use for pulling any of the
                      images used by this PodSpec. If specified, these secrets will
                      be passed to individual puller implementations for them to use.
                      More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
                    items:
                      description: LocalObjectReference contains enough information
                        to let you locate the referenced object inside the same namespace.
                      properties:
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                      type: object
                    type: array
                  initContainers:
                    description: 'List of initialization containers belonging to the
                      pod. Init containers are executed in order prior to containers
                      being started. If any init container fails, the pod is considered
                      to have failed and is handled according to its restartPolicy.
                      The name for an init container or normal container must be unique
                      among all containers. Init containers may not have Lifecycle
                      actions, Readiness probes, Liveness probes, or Startup probes.
                      The resourceRequirements of an init container are taken into
                      account during scheduling by finding the highest request/limit
                      for each resource type, and then using the max of of that value
                      or the sum of the normal containers. Limits are applied to init
                      containers in a similar fashion. Init containers cannot currently
                      be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
                    items:
                      description: A single application container that you want to
                        run within a pod.
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The container
                            image''s CMD is used if this is not provided. Variable
                            references $(VAR_NAME) are expanded using the container''s
                            environment. If a variable cannot be resolved, the reference
                            in the input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The container image''s ENTRYPOINT is used if this is not
                            provided. Variable references $(VAR_NAME) are expanded
                            using the container''s environment. If a variable cannot
                            be resolved, the reference in the input string will be
                            unchanged. Double $$ are reduced to a single $, which
                            allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                            will produce the string literal "$(VAR_NAME)". Escaped
                            references will never be expanded, regardless of whether
                            the variable exists or not. Cannot be updated. More info:
                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
                            This field is optional to allow higher level config management
                            to default or override container images in workload controllers
                            like Deployments and StatefulSets.'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Actions that the management system should take
                            in response to container lifecycle events. Cannot be updated.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: 'Periodic probe of container liveness. Container
                            will be restarted if the probe fails. Cannot be updated.
                            More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the container specified as a DNS_LABEL.
                            Each container in a pod must have a unique name (DNS_LABEL).
                            Cannot be updated.
                          type: string
                        ports:
                          description: List of ports to expose from the container.
                            Not specifying a port here DOES NOT prevent that port
                            from being exposed. Any port which is listening on the
                            default "0.0.0.0" address inside a container will be accessible
                            from the network. Modifying this array with strategic
                            merge patch may corrupt the data. For more information
                            See https://github.com/kubernetes/kubernetes/issues/108255.
                            Cannot be updated.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: 'Periodic probe of container service readiness.
                            Container will be removed from service endpoints if the
                            probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: 'Compute Resources required by this container.
                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'SecurityContext defines the security options
                            the container should be run with. If set, the fields of
                            SecurityContext override the equivalent fields of PodSecurityContext.
                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: 'StartupProbe indicates that the Pod has successfully
                            initialized. If specified, no other probes are executed
                            until this completes successfully. If this probe fails,
                            the Pod will be restarted, just as if the livenessProbe
                            failed. This can be used to provide different probe parameters
                            at the beginning of a Pod''s lifecycle, when it might
                            take a long time to load data or warm a cache, than during
                            steady-state operation. This cannot be updated. More info:
                            https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  nodeName:
                    description: NodeName is a request to schedule this pod onto a
                      specific node. If it is non-empty, the scheduler simply schedules
                      this pod onto that node, assuming that it fits resource requirements.
                    type: string
                  nodeSelector:
                    additionalProperties:
                      type: string
                    description: 'NodeSelector is a selector which must be true for
                      the pod to fit on a node. Selector which must match a node''s
                      labels for the pod to be scheduled on that node. More info:
                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                    type: object
                    x-kubernetes-map-type: atomic
                  os:
                    description: "Specifies the OS of the containers in the pod. Some
                      pod and container fields are restricted if this is set. \n If
                      the OS field is set to linux, the following fields must be unset:
                      -securityContext.windowsOptions \n If the OS field is set to
                      windows, following fields must be unset: - spec.hostPID - spec.hostIPC
                      - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
                      - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
                      - spec.securityContext.sysctls - spec.shareProcessNamespace
                      - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
                      - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
                      - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
                      - spec.containers[*].securityContext.readOnlyRootFilesystem
                      - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
                      - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
                      - spec.containers[*].securityContext.runAsGroup"
                    properties:
                      name:
                        description: 'Name is the name of the operating system. The
                          currently supported values are linux and windows. Additional
                          value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
                          Clients should expect to handle additional values and treat
                          unrecognized values in this field as os: null'
                        type: string
                    required:
                    - name
                    type: object
                  overhead:
                    additionalProperties:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    description: 'Overhead represents the resource overhead associated
                      with running a pod for a given RuntimeClass. This field will
                      be autopopulated at admission time by the RuntimeClass admission
                      controller. If the RuntimeClass admission controller is enabled,
                      overhead must not be set in Pod create requests. The RuntimeClass
                      admission controller will reject Pod create requests which have
                      the overhead already set. If RuntimeClass is configured and
                      selected in the PodSpec, Overhead will be set to the value defined
                      in the corresponding RuntimeClass, otherwise it will remain
                      unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
                    type: object
                  preemptionPolicy:
                    description: PreemptionPolicy is the Policy for preempting pods
                      with lower priority. One of Never, PreemptLowerPriority. Defaults
                      to PreemptLowerPriority if unset.
                    type: string
                  priority:
                    description: The priority value. Various system components use
                      this field to find the priority of the pod. When Priority Admission
                      Controller is enabled, it prevents users from setting this field.
                      The admission controller populates this field from PriorityClassName.
                      The higher the value, the higher the priority.
                    format: int32
                    type: integer
                  priorityClassName:
                    description: If specified, indicates the pod's priority. "system-node-critical"
                      and "system-cluster-critical" are two special keywords which
                      indicate the highest priorities with the former being the highest
                      priority. Any other name must be defined by creating a PriorityClass
                      object with that name. If not specified, the pod priority will
                      be default or zero if there is no default.
                    type: string
                  readinessGates:
                    description: 'If specified, all readiness gates will be evaluated
                      for pod readiness. A pod is ready when all its containers are
                      ready AND all conditions specified in the readiness gates have
                      status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
                    items:
                      description: PodReadinessGate contains the reference to a pod
                        condition
                      properties:
                        conditionType:
                          description: ConditionType refers to a condition in the
                            pod's condition list with matching type.
                          type: string
                      required:
                      - conditionType
                      type: object
                    type: array
                  restartPolicy:
                    description: 'Restart policy for all containers within the pod.
                      One of Always, OnFailure, Never. Default to Always. More info:
                      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
                    type: string
                  runtimeClassName:
                    description: 'RuntimeClassName refers to a RuntimeClass object
                      in the node.k8s.io group, which should be used to run this pod.  If
                      no RuntimeClass resource matches the named class, the pod will
                      not be run. If unset or empty, the "legacy" RuntimeClass will
                      be used, which is an implicit class with an empty definition
                      that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
                    type: string
                  schedulerName:
                    description: If specified, the pod will be dispatched by specified
                      scheduler. If not specified, the pod will be dispatched by default
                      scheduler.
                    type: string
                  securityContext:
                    description: 'SecurityContext holds pod-level security attributes
                      and common container settings. Optional: Defaults to empty.  See
                      type description for default values of each field.'
                    properties:
                      fsGroup:
                        description: "A special supplemental group that applies to
                          all containers in a pod. Some volume types allow the Kubelet
                          to change the ownership of that volume to be owned by the
                          pod: \n 1. The owning GID will be the FSGroup 2. The setgid
                          bit is set (new files created in the volume will be owned
                          by FSGroup) 3. The permission bits are OR'd with rw-rw----
                          \n If unset, the Kubelet will not modify the ownership and
                          permissions of any volume. Note that this field cannot be
                          set when spec.os.name is windows."
                        format: int64
                        type: integer
                      fsGroupChangePolicy:
                        description: 'fsGroupChangePolicy defines behavior of changing
                          ownership and permission of the volume before being exposed
                          inside Pod. This field will only apply to volume types which
                          support fsGroup based ownership(and permissions). It will
                          have no effect on ephemeral volume types such as: secret,
                          configmaps and emptydir. Valid values are "OnRootMismatch"
                          and "Always". If not specified, "Always" is used. Note that
                          this field cannot be set when spec.os.name is windows.'
                        type: string
                      runAsGroup:
                        description: The GID to run the entrypoint of the container
                          process. Uses runtime default if unset. May also be set
                          in SecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence for that container. Note that this field
                          cannot be set when spec.os.name is windows.
                        format: int64
                        type: integer
                      runAsNonRoot:
                        description: Indicates that the container must run as a non-root
                          user. If true, the Kubelet will validate the image at runtime
                          to ensure that it does not run as UID 0 (root) and fail
                          to start the container if it does. If unset or false, no
                          such validation will be performed. May also be set in SecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        type: boolean
                      runAsUser:
                        description: The UID to run the entrypoint of the container
                          process. Defaults to user specified in image metadata if
                          unspecified. May also be set in SecurityContext.  If set
                          in both SecurityContext and PodSecurityContext, the value
                          specified in SecurityContext takes precedence for that container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        format: int64
                        type: integer
                      seLinuxOptions:
                        description: The SELinux context to be applied to all containers.
                          If unspecified, the container runtime will allocate a random
                          SELinux context for each container.  May also be set in
                          SecurityContext.  If set in both SecurityContext and PodSecurityContext,
                          the value specified in SecurityContext takes precedence
                          for that container. Note that this field cannot be set when
                          spec.os.name is windows.
                        properties:
                          level:
                            description: Level is SELinux level label that applies
                              to the container.
                            type: string
                          role:
                            description: Role is a SELinux role label that applies
                              to the container.
                            type: string
                          type:
                            description: Type is a SELinux type label that applies
                              to the container.
                            type: string
                          user:
                            description: User is a SELinux user label that applies
                              to the container.
                            type: string
                        type: object
                      seccompProfile:
                        description: The seccomp options to use by the containers
                          in this pod. Note that this field cannot be set when spec.os.name
                          is windows.
                        properties:
                          localhostProfile:
                            description: localhostProfile indicates a profile defined
                              in a file on the node should be used. The profile must
                              be preconfigured on the node to work. Must be a descending
                              path, relative to the kubelet's configured seccomp profile
                              location. Must only be set if type is "Localhost".
                            type: string
                          type:
                            description: "type indicates which kind of seccomp profile
                              will be applied. Valid options are: \n Localhost - a
                              profile defined in a file on the node should be used.
                              RuntimeDefault - the container runtime default profile
                              should be used. Unconfined - no profile should be applied."
                            type: string
                        required:
                        - type
                        type: object
                      supplementalGroups:
                        description: A list of groups applied to the first process
                          run in each container, in addition to the container's primary
                          GID.  If unspecified, no groups will be added to any container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        items:
                          format: int64
                          type: integer
                        type: array
                      sysctls:
                        description: Sysctls hold a list of namespaced sysctls used
                          for the pod. Pods with unsupported sysctls (by the container
                          runtime) might fail to launch. Note that this field cannot
                          be set when spec.os.name is windows.
                        items:
                          description: Sysctl defines a kernel parameter to be set
                          properties:
                            name:
                              description: Name of a property to set
                              type: string
                            value:
                              description: Value of a property to set
                              type: string
                          required:
                          - name
                          - value
                          type: object
                        type: array
                      windowsOptions:
                        description: The Windows specific settings applied to all
                          containers. If unspecified, the options within a container's
                          SecurityContext will be used. If set in both SecurityContext
                          and PodSecurityContext, the value specified in SecurityContext
                          takes precedence. Note that this field cannot be set when
                          spec.os.name is linux.
                        properties:
                          gmsaCredentialSpec:
                            description: GMSACredentialSpec is where the GMSA admission
                              webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                              inlines the contents of the GMSA credential spec named
                              by the GMSACredentialSpecName field.
                            type: string
                          gmsaCredentialSpecName:
                            description: GMSACredentialSpecName is the name of the
                              GMSA credential spec to use.
                            type: string
                          hostProcess:
                            description: HostProcess determines if a container should
                              be run as a 'Host Process' container. This field is
                              alpha-level and will only be honored by components that
                              enable the WindowsHostProcessContainers feature flag.
                              Setting this field without the feature flag will result
                              in errors when validating the Pod. All of a Pod's containers
                              must have the same effective HostProcess value (it is
                              not allowed to have a mix of HostProcess containers
                              and non-HostProcess containers).  In addition, if HostProcess
                              is true then HostNetwork must also be set to true.
                            type: boolean
                          runAsUserName:
                            description: The UserName in Windows to run the entrypoint
                              of the container process. Defaults to the user specified
                              in image metadata if unspecified. May also be set in
                              PodSecurityContext. If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext
                              takes precedence.
                            type: string
                        type: object
                    type: object
                  serviceAccount:
                    description: 'DeprecatedServiceAccount is a depreciated alias
                      for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
                    type: string
                  serviceAccountName:
                    description: 'ServiceAccountName is the name of the ServiceAccount
                      to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
                    type: string
                  setHostnameAsFQDN:
                    description: If true the pod's hostname will be configured as
                      the pod's FQDN, rather than the leaf name (the default). In
                      Linux containers, this means setting the FQDN in the hostname
                      field of the kernel (the nodename field of struct utsname).
                      In Windows containers, this means setting the registry value
                      of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
                      to FQDN. If a pod does not have FQDN, this has no effect. Default
                      to false.
                    type: boolean
                  shareProcessNamespace:
                    description: 'Share a single process namespace between all of
                      the containers in a pod. When this is set containers will be
                      able to view and signal processes from other containers in the
                      same pod, and the first process in each container will not be
                      assigned PID 1. HostPID and ShareProcessNamespace cannot both
                      be set. Optional: Default to false.'
                    type: boolean
                  subdomain:
                    description: If specified, the fully qualified Pod hostname will
                      be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
                      If not specified, the pod will not have a domainname at all.
                    type: string
                  terminationGracePeriodSeconds:
                    description: Optional duration in seconds the pod needs to terminate
                      gracefully. May be decreased in delete request. Value must be
                      non-negative integer. The value zero indicates stop immediately
                      via the kill signal (no opportunity to shut down). If this value
                      is nil, the default grace period will be used instead. The grace
                      period is the duration in seconds after the processes running
                      in the pod are sent a termination signal and the time when the
                      processes are forcibly halted with a kill signal. Set this value
                      longer than the expected cleanup time for your process. Defaults
                      to 30 seconds.
                    format: int64
                    type: integer
                  tolerations:
                    description: If specified, the pod's tolerations.
                    items:
                      description: The pod this Toleration is attached to tolerates
                        any taint that matches the triple <key,value,effect> using
                        the matching operator <operator>.
                      properties:
                        effect:
                          description: Effect indicates the taint effect to match.
                            Empty means match all taint effects. When specified, allowed
                            values are NoSchedule, PreferNoSchedule and NoExecute.
                          type: string
                        key:
                          description: Key is the taint key that the toleration applies
                            to. Empty means match all taint keys. If the key is empty,
                            operator must be Exists; this combination means to match
                            all values and all keys.
                          type: string
                        operator:
                          description: Operator represents a key's relationship to
                            the value. Valid operators are Exists and Equal. Defaults
                            to Equal. Exists is equivalent to wildcard for value,
                            so that a pod can tolerate all taints of a particular
                            category.
                          type: string
                        tolerationSeconds:
                          description: TolerationSeconds represents the period of
                            time the toleration (which must be of effect NoExecute,
                            otherwise this field is ignored) tolerates the taint.
                            By default, it is not set, which means tolerate the taint
                            forever (do not evict). Zero and negative values will
                            be treated as 0 (evict immediately) by the system.
                          format: int64
                          type: integer
                        value:
                          description: Value is the taint value the toleration matches
                            to. If the operator is Exists, the value should be empty,
                            otherwise just a regular string.
                          type: string
                      type: object
                    type: array
                  topologySpreadConstraints:
                    description: TopologySpreadConstraints describes how a group of
                      pods ought to spread across topology domains. Scheduler will
                      schedule pods in a way which abides by the constraints. All
                      topologySpreadConstraints are ANDed.
                    items:
                      description: TopologySpreadConstraint specifies how to spread
                        matching pods among the given topology.
                      properties:
                        labelSelector:
                          description: LabelSelector is used to find matching pods.
                            Pods that match this label selector are counted to determine
                            the number of pods in their corresponding topology domain.
                          properties:
                            matchExpressions:
                              description: matchExpressions is a list of label selector
                                requirements. The requirements are ANDed.
                              items:
                                description: A label selector requirement is a selector
                                  that contains values, a key, and an operator that
                                  relates the key and values.
                                properties:
                                  key:
                                    description: key is the label key that the selector
                                      applies to.
                                    type: string
                                  operator:
                                    description: operator represents a key's relationship
                                      to a set of values. Valid operators are In,
                                      NotIn, Exists and DoesNotExist.
                                    type: string
                                  values:
                                    description: values is an array of string values.
                                      If the operator is In or NotIn, the values array
                                      must be non-empty. If the operator is Exists
                                      or DoesNotExist, the values array must be empty.
                                      This array is replaced during a strategic merge
                                      patch.
                                    items:
                                      type: string
                                    type: array
                                required:
                                - key
                                - operator
                                type: object
                              type: array
                            matchLabels:
                              additionalProperties:
                                type: string
                              description: matchLabels is a map of {key,value} pairs.
                                A single {key,value} in the matchLabels map is equivalent
                                to an element of matchExpressions, whose key field
                                is "key", the operator is "In", and the values array
                                contains only "value". The requirements are ANDed.
                              type: object
                          type: object
                        matchLabelKeys:
                          description: MatchLabelKeys is a set of pod label keys to
                            select the pods over which spreading will be calculated.
                            The keys are used to lookup values from the incoming pod
                            labels, those key-value labels are ANDed with labelSelector
                            to select the group of existing pods over which spreading
                            will be calculated for the incoming pod. Keys that don't
                            exist in the incoming pod labels will be ignored. A null
                            or empty list means only match against labelSelector.
                          items:
                            type: string
                          type: array
                          x-kubernetes-list-type: atomic
                        maxSkew:
                          description: 'MaxSkew describes the degree to which pods
                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
                            it is the maximum permitted difference between the number
                            of matching pods in the target topology and the global
                            minimum. The global minimum is the minimum number of matching
                            pods in an eligible domain or zero if the number of eligible
                            domains is less than MinDomains. For example, in a 3-zone
                            cluster, MaxSkew is set to 1, and pods with the same labelSelector
                            spread as 2/2/1: In this case, the global minimum is 1.
                            | zone1 | zone2 | zone3 | |  P P  |  P P  |   P   | -
                            if MaxSkew is 1, incoming pod can only be scheduled to
                            zone3 to become 2/2/2; scheduling it onto zone1(zone2)
                            would make the ActualSkew(3-1) on zone1(zone2) violate
                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                            it is used to give higher precedence to topologies that
                            satisfy it. It''s a required field. Default value is 1
                            and 0 is not allowed.'
                          format: int32
                          type: integer
                        minDomains:
                          description: "MinDomains indicates a minimum number of eligible
                            domains. When the number of eligible domains with matching
                            topology keys is less than minDomains, Pod Topology Spread
                            treats \"global minimum\" as 0, and then the calculation
                            of Skew is performed. And when the number of eligible
                            domains with matching topology keys equals or greater
                            than minDomains, this value has no effect on scheduling.
                            As a result, when the number of eligible domains is less
                            than minDomains, scheduler won't schedule more than maxSkew
                            Pods to those domains. If value is nil, the constraint
                            behaves as if MinDomains is equal to 1. Valid values are
                            integers greater than 0. When value is not nil, WhenUnsatisfiable
                            must be DoNotSchedule. \n For example, in a 3-zone cluster,
                            MaxSkew is set to 2, MinDomains is set to 5 and pods with
                            the same labelSelector spread as 2/2/2: | zone1 | zone2
                            | zone3 | |  P P  |  P P  |  P P  | The number of domains
                            is less than 5(MinDomains), so \"global minimum\" is treated
                            as 0. In this situation, new pod with the same labelSelector
                            cannot be scheduled, because computed skew will be 3(3
                            - 0) if new Pod is scheduled to any of the three zones,
                            it will violate MaxSkew. \n This is a beta field and requires
                            the MinDomainsInPodTopologySpread feature gate to be enabled
                            (enabled by default)."
                          format: int32
                          type: integer
                        nodeAffinityPolicy:
                          description: "NodeAffinityPolicy indicates how we will treat
                            Pod's nodeAffinity/nodeSelector when calculating pod topology
                            spread skew. Options are: - Honor: only nodes matching
                            nodeAffinity/nodeSelector are included in the calculations.
                            - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
                            are included in the calculations. \n If this value is
                            nil, the behavior is equivalent to the Honor policy. This
                            is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
                            feature flag."
                          type: string
                        nodeTaintsPolicy:
                          description: "NodeTaintsPolicy indicates how we will treat
                            node taints when calculating pod topology spread skew.
                            Options are: - Honor: nodes without taints, along with
                            tainted nodes for which the incoming pod has a toleration,
                            are included. - Ignore: node taints are ignored. All nodes
                            are included. \n If this value is nil, the behavior is
                            equivalent to the Ignore policy. This is a alpha-level
                            feature enabled by the NodeInclusionPolicyInPodTopologySpread
                            feature flag."
                          type: string
                        topologyKey:
                          description: TopologyKey is the key of node labels. Nodes
                            that have a label with this key and identical values are
                            considered to be in the same topology. We consider each
                            <key, value> as a "bucket", and try to put balanced number
                            of pods into each bucket. We define a domain as a particular
                            instance of a topology. Also, we define an eligible domain
                            as a domain whose nodes meet the requirements of nodeAffinityPolicy
                            and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
                            each Node is a domain of that topology. And, if TopologyKey
                            is "topology.kubernetes.io/zone", each zone is a domain
                            of that topology. It's a required field.
                          type: string
                        whenUnsatisfiable:
                          description: 'WhenUnsatisfiable indicates how to deal with
                            a pod if it doesn''t satisfy the spread constraint. -
                            DoNotSchedule (default) tells the scheduler not to schedule
                            it. - ScheduleAnyway tells the scheduler to schedule the
                            pod in any location,   but giving higher precedence to
                            topologies that would help reduce the   skew. A constraint
                            is considered "Unsatisfiable" for an incoming pod if and
                            only if every possible node assignment for that pod would
                            violate "MaxSkew" on some topology. For example, in a
                            3-zone cluster, MaxSkew is set to 1, and pods with the
                            same labelSelector spread as 3/1/1: | zone1 | zone2 |
                            zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable
                            is set to DoNotSchedule, incoming pod can only be scheduled
                            to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1)
                            on zone2(zone3) satisfies MaxSkew(1). In other words,
                            the cluster can still be imbalanced, but scheduler won''t
                            make it *more* imbalanced. It''s a required field.'
                          type: string
                      required:
                      - maxSkew
                      - topologyKey
                      - whenUnsatisfiable
                      type: object
                    type: array
                    x-kubernetes-list-map-keys:
                    - topologyKey
                    - whenUnsatisfiable
                    x-kubernetes-list-type: map
                  volumes:
                    description: 'List of volumes that can be mounted by containers
                      belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                    items:
                      description: Volume represents a named volume in a pod that
                        may be accessed by any container in the pod.
                      properties:
                        awsElasticBlockStore:
                          description: 'awsElasticBlockStore represents an AWS Disk
                            resource that is attached to a kubelet''s host machine
                            and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'partition is the partition in the volume
                                that you want to mount. If omitted, the default is
                                to mount by volume name. Examples: For volume /dev/sda1,
                                you specify the partition as "1". Similarly, the volume
                                partition for /dev/sda is "0" (or you can leave the
                                property empty).'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'readOnly value true will force the readOnly
                                setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: boolean
                            volumeID:
                              description: 'volumeID is unique ID of the persistent
                                disk resource in AWS (Amazon EBS volume). More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: string
                          required:
                          - volumeID
                          type: object
                        azureDisk:
                          description: azureDisk represents an Azure Data Disk mount
                            on the host and bind mount to the pod.
                          properties:
                            cachingMode:
                              description: 'cachingMode is the Host Caching mode:
                                None, Read Only, Read Write.'
                              type: string
                            diskName:
                              description: diskName is the Name of the data disk in
                                the blob storage
                              type: string
                            diskURI:
                              description: diskURI is the URI of data disk in the
                                blob storage
                              type: string
                            fsType:
                              description: fsType is Filesystem type to mount. Must
                                be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            kind:
                              description: 'kind expected values are Shared: multiple
                                blob disks per storage account  Dedicated: single
                                blob disk per storage account  Managed: azure managed
                                data disk (only in managed availability set). defaults
                                to shared'
                              type: string
                            readOnly:
                              description: readOnly Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                          required:
                          - diskName
                          - diskURI
                          type: object
                        azureFile:
                          description: azureFile represents an Azure File Service
                            mount on the host and bind mount to the pod.
                          properties:
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretName:
                              description: secretName is the  name of secret that
                                contains Azure Storage Account Name and Key
                              type: string
                            shareName:
                              description: shareName is the azure share Name
                              type: string
                          required:
                          - secretName
                          - shareName
                          type: object
                        cephfs:
                          description: cephFS represents a Ceph FS mount on the host
                            that shares a pod's lifetime
                          properties:
                            monitors:
                              description: 'monitors is Required: Monitors is a collection
                                of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            path:
                              description: 'path is Optional: Used as the mounted
                                root, rather than the full Ceph tree, default is /'
                              type: string
                            readOnly:
                              description: 'readOnly is Optional: Defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: boolean
                            secretFile:
                              description: 'secretFile is Optional: SecretFile is
                                the path to key ring for User, default is /etc/ceph/user.secret
                                More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                            secretRef:
                              description: 'secretRef is Optional: SecretRef is reference
                                to the authentication secret for User, default is
                                empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            user:
                              description: 'user is optional: User is the rados user
                                name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                          required:
                          - monitors
                          type: object
                        cinder:
                          description: 'cinder represents a cinder volume attached
                            and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                            readOnly:
                              description: 'readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                                More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: boolean
                            secretRef:
                              description: 'secretRef is optional: points to a secret
                                object containing parameters used to connect to OpenStack.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            volumeID:
                              description: 'volumeID used to identify the volume in
                                cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                          required:
                          - volumeID
                          type: object
                        configMap:
                          description: configMap represents a configMap that should
                            populate this volume
                          properties:
                            defaultMode:
                              description: 'defaultMode is optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items if unspecified, each key-value pair
                                in the Data field of the referenced ConfigMap will
                                be projected into the volume as a file whose name
                                is the key and content is the value. If specified,
                                the listed keys will be projected into the specified
                                paths, and unlisted keys will not be present. If a
                                key is specified which is not present in the ConfigMap,
                                the volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: optional specify whether the ConfigMap
                                or its keys must be defined
                              type: boolean
                          type: object
                        csi:
                          description: csi (Container Storage Interface) represents
                            ephemeral storage that is handled by certain external
                            CSI drivers (Beta feature).
                          properties:
                            driver:
                              description: driver is the name of the CSI driver that
                                handles this volume. Consult with your admin for the
                                correct name as registered in the cluster.
                              type: string
                            fsType:
                              description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
                                If not provided, the empty value is passed to the
                                associated CSI driver which will determine the default
                                filesystem to apply.
                              type: string
                            nodePublishSecretRef:
                              description: nodePublishSecretRef is a reference to
                                the secret object containing sensitive information
                                to pass to the CSI driver to complete the CSI NodePublishVolume
                                and NodeUnpublishVolume calls. This field is optional,
                                and  may be empty if no secret is required. If the
                                secret object contains more than one secret, all secret
                                references are passed.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            readOnly:
                              description: readOnly specifies a read-only configuration
                                for the volume. Defaults to false (read/write).
                              type: boolean
                            volumeAttributes:
                              additionalProperties:
                                type: string
                              description: volumeAttributes stores driver-specific
                                properties that are passed to the CSI driver. Consult
                                your driver's documentation for supported values.
                              type: object
                          required:
                          - driver
                          type: object
                        downwardAPI:
                          description: downwardAPI represents downward API about the
                            pod that should populate this volume
                          properties:
                            defaultMode:
                              description: 'Optional: mode bits to use on created
                                files by default. Must be a Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: Items is a list of downward API volume
                                file
                              items:
                                description: DownwardAPIVolumeFile represents information
                                  to create the file containing the pod field
                                properties:
                                  fieldRef:
                                    description: 'Required: Selects a field of the
                                      pod: only annotations, labels, name and namespace
                                      are supported.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  mode:
                                    description: 'Optional: mode bits used to set
                                      permissions on this file, must be an octal value
                                      between 0000 and 0777 or a decimal value between
                                      0 and 511. YAML accepts both octal and decimal
                                      values, JSON requires decimal values for mode
                                      bits. If not specified, the volume defaultMode
                                      will be used. This might be in conflict with
                                      other options that affect the file mode, like
                                      fsGroup, and the result can be other mode bits
                                      set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: 'Required: Path is  the relative
                                      path name of the file to be created. Must not
                                      be absolute or contain the ''..'' path. Must
                                      be utf-8 encoded. The first item of the relative
                                      path must not start with ''..'''
                                    type: string
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, requests.cpu and requests.memory)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                required:
                                - path
                                type: object
                              type: array
                          type: object
                        emptyDir:
                          description: 'emptyDir represents a temporary directory
                            that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                          properties:
                            medium:
                              description: 'medium represents what type of storage
                                medium should back this directory. The default is
                                "" which means to use the node''s default medium.
                                Must be an empty string (default) or Memory. More
                                info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              type: string
                            sizeLimit:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'sizeLimit is the total amount of local
                                storage required for this EmptyDir volume. The size
                                limit is also applicable for memory medium. The maximum
                                usage on memory medium EmptyDir would be the minimum
                                value between the SizeLimit specified here and the
                                sum of memory limits of all containers in a pod. The
                                default is nil which means that the limit is undefined.
                                More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        ephemeral:
                          description: "ephemeral represents a volume that is handled
                            by a cluster storage driver. The volume's lifecycle is
                            tied to the pod that defines it - it will be created before
                            the pod starts, and deleted when the pod is removed. \n
                            Use this if: a) the volume is only needed while the pod
                            runs, b) features of normal volumes like restoring from
                            snapshot or capacity    tracking are needed, c) the storage
                            driver is specified through a storage class, and d) the
                            storage driver supports dynamic volume provisioning through
                            \   a PersistentVolumeClaim (see EphemeralVolumeSource
                            for more    information on the connection between this
                            volume type    and PersistentVolumeClaim). \n Use PersistentVolumeClaim
                            or one of the vendor-specific APIs for volumes that persist
                            for longer than the lifecycle of an individual pod. \n
                            Use CSI for light-weight local ephemeral volumes if the
                            CSI driver is meant to be used that way - see the documentation
                            of the driver for more information. \n A pod can use both
                            types of ephemeral volumes and persistent volumes at the
                            same time."
                          properties:
                            volumeClaimTemplate:
                              description: "Will be used to create a stand-alone PVC
                                to provision the volume. The pod in which this EphemeralVolumeSource
                                is embedded will be the owner of the PVC, i.e. the
                                PVC will be deleted together with the pod.  The name
                                of the PVC will be `<pod name>-<volume name>` where
                                `<volume name>` is the name from the `PodSpec.Volumes`
                                array entry. Pod validation will reject the pod if
                                the concatenated name is not valid for a PVC (for
                                example, too long). \n An existing PVC with that name
                                that is not owned by the pod will *not* be used for
                                the pod to avoid using an unrelated volume by mistake.
                                Starting the pod is then blocked until the unrelated
                                PVC is removed. If such a pre-created PVC is meant
                                to be used by the pod, the PVC has to updated with
                                an owner reference to the pod once the pod exists.
                                Normally this should not be necessary, but it may
                                be useful when manually reconstructing a broken cluster.
                                \n This field is read-only and no changes will be
                                made by Kubernetes to the PVC after it has been created.
                                \n Required, must not be nil."
                              properties:
                                metadata:
                                  description: May contain labels and annotations
                                    that will be copied into the PVC when creating
                                    it. No other fields are allowed and will be rejected
                                    during validation.
                                  type: object
                                spec:
                                  description: The specification for the PersistentVolumeClaim.
                                    The entire content is copied unchanged into the
                                    PVC that gets created from this template. The
                                    same fields as in a PersistentVolumeClaim are
                                    also valid here.
                                  properties:
                                    accessModes:
                                      description: 'accessModes contains the desired
                                        access modes the volume should have. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                      items:
                                        type: string
                                      type: array
                                    dataSource:
                                      description: 'dataSource field can be used to
                                        specify either: * An existing VolumeSnapshot
                                        object (snapshot.storage.k8s.io/VolumeSnapshot)
                                        * An existing PVC (PersistentVolumeClaim)
                                        If the provisioner or an external controller
                                        can support the specified data source, it
                                        will create a new volume based on the contents
                                        of the specified data source. If the AnyVolumeDataSource
                                        feature gate is enabled, this field will always
                                        have the same contents as the DataSourceRef
                                        field.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    dataSourceRef:
                                      description: 'dataSourceRef specifies the object
                                        from which to populate the volume with data,
                                        if a non-empty volume is desired. This may
                                        be any local object from a non-empty API group
                                        (non core object) or a PersistentVolumeClaim
                                        object. When this field is specified, volume
                                        binding will only succeed if the type of the
                                        specified object matches some installed volume
                                        populator or dynamic provisioner. This field
                                        will replace the functionality of the DataSource
                                        field and as such if both fields are non-empty,
                                        they must have the same value. For backwards
                                        compatibility, both fields (DataSource and
                                        DataSourceRef) will be set to the same value
                                        automatically if one of them is empty and
                                        the other is non-empty. There are two important
                                        differences between DataSource and DataSourceRef:
                                        * While DataSource only allows two specific
                                        types of objects, DataSourceRef   allows any
                                        non-core object, as well as PersistentVolumeClaim
                                        objects. * While DataSource ignores disallowed
                                        values (dropping them), DataSourceRef   preserves
                                        all values, and generates an error if a disallowed
                                        value is   specified. (Beta) Using this field
                                        requires the AnyVolumeDataSource feature gate
                                        to be enabled.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    resources:
                                      description: 'resources represents the minimum
                                        resources the volume should have. If RecoverVolumeExpansionFailure
                                        feature is enabled users are allowed to specify
                                        resource requirements that are lower than
                                        previous value but must still be higher than
                                        capacity recorded in the status field of the
                                        claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    selector:
                                      description: selector is a label query over
                                        volumes to consider for binding.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    storageClassName:
                                      description: 'storageClassName is the name of
                                        the StorageClass required by the claim. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                      type: string
                                    volumeMode:
                                      description: volumeMode defines what type of
                                        volume is required by the claim. Value of
                                        Filesystem is implied when not included in
                                        claim spec.
                                      type: string
                                    volumeName:
                                      description: volumeName is the binding reference
                                        to the PersistentVolume backing this claim.
                                      type: string
                                  type: object
                              required:
                              - spec
                              type: object
                          type: object
                        fc:
                          description: fc represents a Fibre Channel resource that
                            is attached to a kubelet's host machine and then exposed
                            to the pod.
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified. TODO: how do we prevent
                                errors in the filesystem from compromising the machine'
                              type: string
                            lun:
                              description: 'lun is Optional: FC target lun number'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'readOnly is Optional: Defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts.'
                              type: boolean
                            targetWWNs:
                              description: 'targetWWNs is Optional: FC target worldwide
                                names (WWNs)'
                              items:
                                type: string
                              type: array
                            wwids:
                              description: 'wwids Optional: FC volume world wide identifiers
                                (wwids) Either wwids or combination of targetWWNs
                                and lun must be set, but not both simultaneously.'
                              items:
                                type: string
                              type: array
                          type: object
                        flexVolume:
                          description: flexVolume represents a generic volume resource
                            that is provisioned/attached using an exec based plugin.
                          properties:
                            driver:
                              description: driver is the name of the driver to use
                                for this volume.
                              type: string
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". The default filesystem
                                depends on FlexVolume script.
                              type: string
                            options:
                              additionalProperties:
                                type: string
                              description: 'options is Optional: this field holds
                                extra command options if any.'
                              type: object
                            readOnly:
                              description: 'readOnly is Optional: defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts.'
                              type: boolean
                            secretRef:
                              description: 'secretRef is Optional: secretRef is reference
                                to the secret object containing sensitive information
                                to pass to the plugin scripts. This may be empty if
                                no secret object is specified. If the secret object
                                contains more than one secret, all secrets are passed
                                to the plugin scripts.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                          required:
                          - driver
                          type: object
                        flocker:
                          description: flocker represents a Flocker volume attached
                            to a kubelet's host machine. This depends on the Flocker
                            control service being running
                          properties:
                            datasetName:
                              description: datasetName is Name of the dataset stored
                                as metadata -> name on the dataset for Flocker should
                                be considered as deprecated
                              type: string
                            datasetUUID:
                              description: datasetUUID is the UUID of the dataset.
                                This is unique identifier of a Flocker dataset
                              type: string
                          type: object
                        gcePersistentDisk:
                          description: 'gcePersistentDisk represents a GCE Disk resource
                            that is attached to a kubelet''s host machine and then
                            exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                          properties:
                            fsType:
                              description: 'fsType is filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'partition is the partition in the volume
                                that you want to mount. If omitted, the default is
                                to mount by volume name. Examples: For volume /dev/sda1,
                                you specify the partition as "1". Similarly, the volume
                                partition for /dev/sda is "0" (or you can leave the
                                property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              format: int32
                              type: integer
                            pdName:
                              description: 'pdName is unique name of the PD resource
                                in GCE. Used to identify the disk in GCE. More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: boolean
                          required:
                          - pdName
                          type: object
                        gitRepo:
                          description: 'gitRepo represents a git repository at a particular
                            revision. DEPRECATED: GitRepo is deprecated. To provision
                            a container with a git repo, mount an EmptyDir into an
                            InitContainer that clones the repo using git, then mount
                            the EmptyDir into the Pod''s container.'
                          properties:
                            directory:
                              description: directory is the target directory name.
                                Must not contain or start with '..'.  If '.' is supplied,
                                the volume directory will be the git repository.  Otherwise,
                                if specified, the volume will contain the git repository
                                in the subdirectory with the given name.
                              type: string
                            repository:
                              description: repository is the URL
                              type: string
                            revision:
                              description: revision is the commit hash for the specified
                                revision.
                              type: string
                          required:
                          - repository
                          type: object
                        glusterfs:
                          description: 'glusterfs represents a Glusterfs mount on
                            the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                          properties:
                            endpoints:
                              description: 'endpoints is the endpoint name that details
                                Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            path:
                              description: 'path is the Glusterfs volume path. More
                                info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the Glusterfs
                                volume to be mounted with read-only permissions. Defaults
                                to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: boolean
                          required:
                          - endpoints
                          - path
                          type: object
                        hostPath:
                          description: 'hostPath represents a pre-existing file or
                            directory on the host machine that is directly exposed
                            to the container. This is generally used for system agents
                            or other privileged things that are allowed to see the
                            host machine. Most containers will NOT need this. More
                            info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                            --- TODO(jonesdl) We need to restrict who can use host
                            directory mounts and who can/can not mount host directories
                            as read/write.'
                          properties:
                            path:
                              description: 'path of the directory on the host. If
                                the path is a symlink, it will follow the link to
                                the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                            type:
                              description: 'type for HostPath Volume Defaults to ""
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                          required:
                          - path
                          type: object
                        iscsi:
                          description: 'iscsi represents an ISCSI Disk resource that
                            is attached to a kubelet''s host machine and then exposed
                            to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                          properties:
                            chapAuthDiscovery:
                              description: chapAuthDiscovery defines whether support
                                iSCSI Discovery CHAP authentication
                              type: boolean
                            chapAuthSession:
                              description: chapAuthSession defines whether support
                                iSCSI Session CHAP authentication
                              type: boolean
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            initiatorName:
                              description: initiatorName is the custom iSCSI Initiator
                                Name. If initiatorName is specified with iscsiInterface
                                simultaneously, new iSCSI interface <target portal>:<volume
                                name> will be created for the connection.
                              type: string
                            iqn:
                              description: iqn is the target iSCSI Qualified Name.
                              type: string
                            iscsiInterface:
                              description: iscsiInterface is the interface Name that
                                uses an iSCSI transport. Defaults to 'default' (tcp).
                              type: string
                            lun:
                              description: lun represents iSCSI Target Lun number.
                              format: int32
                              type: integer
                            portals:
                              description: portals is the iSCSI Target Portal List.
                                The portal is either an IP or ip_addr:port if the
                                port is other than default (typically TCP ports 860
                                and 3260).
                              items:
                                type: string
                              type: array
                            readOnly:
                              description: readOnly here will force the ReadOnly setting
                                in VolumeMounts. Defaults to false.
                              type: boolean
                            secretRef:
                              description: secretRef is the CHAP Secret for iSCSI
                                target and initiator authentication
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            targetPortal:
                              description: targetPortal is iSCSI Target Portal. The
                                Portal is either an IP or ip_addr:port if the port
                                is other than default (typically TCP ports 860 and
                                3260).
                              type: string
                          required:
                          - iqn
                          - lun
                          - targetPortal
                          type: object
                        name:
                          description: 'name of the volume. Must be a DNS_LABEL and
                            unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                          type: string
                        nfs:
                          description: 'nfs represents an NFS mount on the host that
                            shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                          properties:
                            path:
                              description: 'path that is exported by the NFS server.
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the NFS export
                                to be mounted with read-only permissions. Defaults
                                to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: boolean
                            server:
                              description: 'server is the hostname or IP address of
                                the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                          required:
                          - path
                          - server
                          type: object
                        persistentVolumeClaim:
                          description: 'persistentVolumeClaimVolumeSource represents
                            a reference to a PersistentVolumeClaim in the same namespace.
                            More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                          properties:
                            claimName:
                              description: 'claimName is the name of a PersistentVolumeClaim
                                in the same namespace as the pod using this volume.
                                More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              type: string
                            readOnly:
                              description: readOnly Will force the ReadOnly setting
                                in VolumeMounts. Default false.
                              type: boolean
                          required:
                          - claimName
                          type: object
                        photonPersistentDisk:
                          description: photonPersistentDisk represents a PhotonController
                            persistent disk attached and mounted on kubelets host
                            machine
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            pdID:
                              description: pdID is the ID that identifies Photon Controller
                                persistent disk
                              type: string
                          required:
                          - pdID
                          type: object
                        portworxVolume:
                          description: portworxVolume represents a portworx volume
                            attached and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: fSType represents the filesystem type to
                                mount Must be a filesystem type supported by the host
                                operating system. Ex. "ext4", "xfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            volumeID:
                              description: volumeID uniquely identifies a Portworx
                                volume
                              type: string
                          required:
                          - volumeID
                          type: object
                        projected:
                          description: projected items for all in one resources secrets,
                            configmaps, and downward API
                          properties:
                            defaultMode:
                              description: defaultMode are the mode bits used to set
                                permissions on created files by default. Must be an
                                octal value between 0000 and 0777 or a decimal value
                                between 0 and 511. YAML accepts both octal and decimal
                                values, JSON requires decimal values for mode bits.
                                Directories within the path are not affected by this
                                setting. This might be in conflict with other options
                                that affect the file mode, like fsGroup, and the result
                                can be other mode bits set.
                              format: int32
                              type: integer
                            sources:
                              description: sources is the list of volume projections
                              items:
                                description: Projection that may be projected along
                                  with other supported volume types
                                properties:
                                  configMap:
                                    description: configMap information about the configMap
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional specify whether the
                                          ConfigMap or its keys must be defined
                                        type: boolean
                                    type: object
                                  downwardAPI:
                                    description: downwardAPI information about the
                                      downwardAPI data to project
                                    properties:
                                      items:
                                        description: Items is a list of DownwardAPIVolume
                                          file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  secret:
                                    description: secret information about the secret
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional field specify whether
                                          the Secret or its key must be defined
                                        type: boolean
                                    type: object
                                  serviceAccountToken:
                                    description: serviceAccountToken is information
                                      about the serviceAccountToken data to project
                                    properties:
                                      audience:
                                        description: audience is the intended audience
                                          of the token. A recipient of a token must
                                          identify itself with an identifier specified
                                          in the audience of the token, and otherwise
                                          should reject the token. The audience defaults
                                          to the identifier of the apiserver.
                                        type: string
                                      expirationSeconds:
                                        description: expirationSeconds is the requested
                                          duration of validity of the service account
                                          token. As the token approaches expiration,
                                          the kubelet volume plugin will proactively
                                          rotate the service account token. The kubelet
                                          will start trying to rotate the token if
                                          the token is older than 80 percent of its
                                          time to live or if the token is older than
                                          24 hours.Defaults to 1 hour and must be
                                          at least 10 minutes.
                                        format: int64
                                        type: integer
                                      path:
                                        description: path is the path relative to
                                          the mount point of the file to project the
                                          token into.
                                        type: string
                                    required:
                                    - path
                                    type: object
                                type: object
                              type: array
                          type: object
                        quobyte:
                          description: quobyte represents a Quobyte mount on the host
                            that shares a pod's lifetime
                          properties:
                            group:
                              description: group to map volume access to Default is
                                no group
                              type: string
                            readOnly:
                              description: readOnly here will force the Quobyte volume
                                to be mounted with read-only permissions. Defaults
                                to false.
                              type: boolean
                            registry:
                              description: registry represents a single or multiple
                                Quobyte Registry services specified as a string as
                                host:port pair (multiple entries are separated with
                                commas) which acts as the central registry for volumes
                              type: string
                            tenant:
                              description: tenant owning the given Quobyte volume
                                in the Backend Used with dynamically provisioned Quobyte
                                volumes, value is set by the plugin
                              type: string
                            user:
                              description: user to map volume access to Defaults to
                                serivceaccount user
                              type: string
                            volume:
                              description: volume is a string that references an already
                                created Quobyte volume by name.
                              type: string
                          required:
                          - registry
                          - volume
                          type: object
                        rbd:
                          description: 'rbd represents a Rados Block Device mount
                            on the host that shares a pod''s lifetime. More info:
                            https://examples.k8s.io/volumes/rbd/README.md'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            image:
                              description: 'image is the rados image name. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            keyring:
                              description: 'keyring is the path to key ring for RBDUser.
                                Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            monitors:
                              description: 'monitors is a collection of Ceph monitors.
                                More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            pool:
                              description: 'pool is the rados pool name. Default is
                                rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: boolean
                            secretRef:
                              description: 'secretRef is name of the authentication
                                secret for RBDUser. If provided overrides keyring.
                                Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            user:
                              description: 'user is the rados user name. Default is
                                admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                          required:
                          - image
                          - monitors
                          type: object
                        scaleIO:
                          description: scaleIO represents a ScaleIO persistent volume
                            attached and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
                              type: string
                            gateway:
                              description: gateway is the host address of the ScaleIO
                                API Gateway.
                              type: string
                            protectionDomain:
                              description: protectionDomain is the name of the ScaleIO
                                Protection Domain for the configured storage.
                              type: string
                            readOnly:
                              description: readOnly Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: secretRef references to the secret for
                                ScaleIO user and other sensitive information. If this
                                is not provided, Login operation will fail.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            sslEnabled:
                              description: sslEnabled Flag enable/disable SSL communication
                                with Gateway, default false
                              type: boolean
                            storageMode:
                              description: storageMode indicates whether the storage
                                for a volume should be ThickProvisioned or ThinProvisioned.
                                Default is ThinProvisioned.
                              type: string
                            storagePool:
                              description: storagePool is the ScaleIO Storage Pool
                                associated with the protection domain.
                              type: string
                            system:
                              description: system is the name of the storage system
                                as configured in ScaleIO.
                              type: string
                            volumeName:
                              description: volumeName is the name of a volume already
                                created in the ScaleIO system that is associated with
                                this volume source.
                              type: string
                          required:
                          - gateway
                          - secretRef
                          - system
                          type: object
                        secret:
                          description: 'secret represents a secret that should populate
                            this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                          properties:
                            defaultMode:
                              description: 'defaultMode is Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items If unspecified, each key-value pair
                                in the Data field of the referenced Secret will be
                                projected into the volume as a file whose name is
                                the key and content is the value. If specified, the
                                listed keys will be projected into the specified paths,
                                and unlisted keys will not be present. If a key is
                                specified which is not present in the Secret, the
                                volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            optional:
                              description: optional field specify whether the Secret
                                or its keys must be defined
                              type: boolean
                            secretName:
                              description: 'secretName is the name of the secret in
                                the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              type: string
                          type: object
                        storageos:
                          description: storageOS represents a StorageOS volume attached
                            and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: secretRef specifies the secret to use for
                                obtaining the StorageOS API credentials.  If not specified,
                                default values will be attempted.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            volumeName:
                              description: volumeName is the human-readable name of
                                the StorageOS volume.  Volume names are only unique
                                within a namespace.
                              type: string
                            volumeNamespace:
                              description: volumeNamespace specifies the scope of
                                the volume within StorageOS.  If no namespace is specified
                                then the Pod's namespace will be used.  This allows
                                the Kubernetes name scoping to be mirrored within
                                StorageOS for tighter integration. Set VolumeName
                                to any name to override the default behaviour. Set
                                to "default" if you are not using namespaces within
                                StorageOS. Namespaces that do not pre-exist within
                                StorageOS will be created.
                              type: string
                          type: object
                        vsphereVolume:
                          description: vsphereVolume represents a vSphere volume attached
                            and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: fsType is filesystem type to mount. Must
                                be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            storagePolicyID:
                              description: storagePolicyID is the storage Policy Based
                                Management (SPBM) profile ID associated with the StoragePolicyName.
                              type: string
                            storagePolicyName:
                              description: storagePolicyName is the storage Policy
                                Based Management (SPBM) profile name.
                              type: string
                            volumePath:
                              description: volumePath is the path that identifies
                                vSphere volume vmdk
                              type: string
                          required:
                          - volumePath
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                required:
                - containers
                type: object
              prowjob_defaults:
                description: ProwJobDefault holds configuration options provided as
                  defaults in the Prow config
                properties:
                  resultstore_config:
                    description: ResultStoreConfig specifies parameters for uploading
                      results to the ResultStore service.
                    properties:
                      project_id:
                        description: ProjectID specifies the ResultStore InvocationAttributes.ProjectID,
                          used for various quota and GUI access control purposes.
                          In practice, it is generally the same as the Google Cloud
                          Project ID or number of the job's GCS storage bucket. Required
                          to upload results to ResultStore.
                        type: string
                    type: object
                  tenant_id:
                    type: string
                type: object
              refs:
                description: Refs is the code under test, determined at runtime by
                  Prow itself
                properties:
                  base_link:
                    description: BaseLink is a link to the commit identified by BaseSHA.
                    type: string
                  base_ref:
                    type: string
                  base_sha:
                    type: string
                  blobless_fetch:
                    description: BloblessFetch tells prow to avoid fetching objects
                      when cloning using the --filter=blob:none flag. If unspecified,
                      defaults to DecorationConfig.BloblessFetch.
                    type: boolean
                  clone_depth:
                    description: CloneDepth is the depth of the clone that will be
                      used. A depth of zero will do a full clone.
                    type: integer
                  clone_uri:
                    description: CloneURI is the URI that is used to clone the repository.
                      If unset, will default to `https://github.com/org/repo.git`.
                    type: string
                  org:
                    description: Org is something like kubernetes or k8s.io
                    type: string
                  path_alias:
                    description: PathAlias is the location under <root-dir>/src where
                      this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo
                      will be used as the default.
                    type: string
                  pulls:
                    items:
                      description: Pull describes a pull request at a particular point
                        in time.
                      properties:
                        author:
                          type: string
                        author_link:
                          description: AuthorLink links to the author of the pull
                            request.
                          type: string
                        commit_link:
                          description: CommitLink links to the commit identified by
                            the SHA.
                          type: string
                        head_ref:
                          description: 'HeadRef is the git ref (branch name) of the
                            proposed change.  This can be more human-readable than
                            just a PR #, and some tools want this metadata to help
                            associate the work with a pull request (e.g. some code
                            scanning services, or chromatic.com).'
                          type: string
                        link:
                          description: Link links to the pull request itself.
                          type: string
                        number:
                          type: integer
                        ref:
                          description: 'Ref is git ref can be checked out for a change
                            for example, github: pull/123/head gerrit: refs/changes/00/123/1'
                          type: string
                        sha:
                          type: string
                        title:
                          type: string
                      required:
                      - author
                      - number
                      - sha
                      type: object
                    type: array
                  repo:
                    description: Repo is something like test-infra
                    type: string
                  repo_link:
                    description: RepoLink links to the source for Repo.
                    type: string
                  skip_fetch_head:
                    description: SkipFetchHead tells prow to avoid a git fetch <remote>
                      call. Multiheaded repos may need to not make this call. The
                      git fetch <remote> <BaseRef> call occurs regardless.
                    type: boolean
                  skip_submodules:
                    description: SkipSubmodules determines if submodules should be
                      cloned when the job is run. Defaults to false.
                    type: boolean
                  workdir:
                    description: WorkDir defines if the location of the cloned repository
                      will be used as the default working directory.
                    type: boolean
                required:
                - org
                - repo
                type: object
              report:
                description: Report determines if the result of this job should be
                  reported (e.g. status on GitHub, message in Slack, etc.)
                type: boolean
              reporter_config:
                description: ReporterConfig holds reporter-specific configuration
                properties:
                  slack:
                    properties:
                      channel:
                        type: string
                      host:
                        type: string
                      job_states_to_report:
                        items:
                          description: ProwJobState specifies whether the job is running
                          type: string
                        type: array
                      report:
                        description: 'Report is derived from JobStatesToReport, it''s
                          used for differentiating nil from empty slice, as yaml roundtrip
                          by design can''t tell the difference when omitempty is supplied.
                          See https://github.com/kubernetes/test-infra/pull/24168
                          for details Priority-wise, it goes by following order: -
                          `report: true/false`` in job config - `JobStatesToReport:
                          <anything including empty slice>` in job config - `report:
                          true/false`` in global config - `JobStatesToReport:` in
                          global config'
                        type: boolean
                      report_template:
                        type: string
                    type: object
                type: object
              rerun_auth_config:
                description: RerunAuthConfig holds information about which users can
                  rerun the job
                properties:
                  allow_anyone:
                    description: If AllowAnyone is set to true, any user can rerun
                      the job
                    type: boolean
                  github_orgs:
                    description: GitHubOrgs contains names of GitHub organizations
                      whose members can rerun the job
                    items:
                      type: string
                    type: array
                  github_team_ids:
                    description: 'GitHubTeams contains IDs of GitHub teams of users
                      who can rerun the job If you know the name of a team and the
                      org it belongs to, you can look up its ID using this command,
                      where the team slug is the hyphenated name: curl -H "Authorization:
                      token <token>" "https://api.github.com/orgs/<org-name>/teams/<team
                      slug>" or, to list all teams in a given org, use curl -H "Authorization:
                      token <token>" "https://api.github.com/orgs/<org-name>/teams"'
                    items:
                      type: integer
                    type: array
                  github_team_slugs:
                    description: GitHubTeamSlugs contains slugs and orgs of teams
                      of users who can rerun the job
                    items:
                      properties:
                        org:
                          type: string
                        slug:
                          type: string
                      required:
                      - org
                      - slug
                      type: object
                    type: array
                  github_users:
                    description: GitHubUsers contains names of individual users who
                      can rerun the job
                    items:
                      type: string
                    type: array
                type: object
              rerun_command:
                description: RerunCommand is the command a user would write to trigger
                  this job on their pull request
                type: string
              tekton_pipeline_run_spec:
                description: TektonPipelineRunSpec provides the basis for running
                  the test as a pipeline-crd resource https://github.com/tektoncd/pipeline
                properties:
                  v1beta1:
                    description: PipelineRunSpec defines the desired state of PipelineRun
                    properties:
                      params:
                        description: Params is a list of parameter names and values.
                        items:
                          description: Param declares an ParamValues to use for the
                            parameter called name.
                          properties:
                            name:
                              type: string
                            value:
                              description: ParamValue is a type that can hold a single
                                string or string array. Used in JSON unmarshalling
                                so that a single JSON field can accept either an individual
                                string or an array of strings.
                              properties:
                                arrayVal:
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                objectVal:
                                  additionalProperties:
                                    type: string
                                  type: object
                                stringVal:
                                  type: string
                                type:
                                  description: ParamType indicates the type of an
                                    input parameter; Used to distinguish between a
                                    single string and an array of strings.
                                  type: string
                              required:
                              - arrayVal
                              - objectVal
                              - stringVal
                              - type
                              type: object
                          required:
                          - name
                          - value
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      pipelineRef:
                        description: PipelineRef can be used to refer to a specific
                          instance of a Pipeline.
                        properties:
                          apiVersion:
                            description: API version of the referent
                            type: string
                          bundle:
                            description: 'Bundle url reference to a Tekton Bundle.
                              Deprecated: Please use ResolverRef with the bundles
                              resolver instead.'
                            type: string
                          name:
                            description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                            type: string
                          params:
                            description: Params contains the parameters used to identify
                              the referenced Tekton resource. Example entries might
                              include "repo" or "path" but the set of params ultimately
                              depends on the chosen resolver.
                            items:
                              description: Param declares an ParamValues to use for
                                the parameter called name.
                              properties:
                                name:
                                  type: string
                                value:
                                  description: ParamValue is a type that can hold
                                    a single string or string array. Used in JSON
                                    unmarshalling so that a single JSON field can
                                    accept either an individual string or an array
                                    of strings.
                                  properties:
                                    arrayVal:
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    objectVal:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    stringVal:
                                      type: string
                                    type:
                                      description: ParamType indicates the type of
                                        an input parameter; Used to distinguish between
                                        a single string and an array of strings.
                                      type: string
                                  required:
                                  - arrayVal
                                  - objectVal
                                  - stringVal
                                  - type
                                  type: object
                              required:
                              - name
                              - value
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          resolver:
                            description: Resolver is the name of the resolver that
                              should perform resolution of the referenced Tekton resource,
                              such as "git".
                            type: string
                        type: object
                      pipelineSpec:
                        description: PipelineSpec defines the desired state of Pipeline.
                        properties:
                          description:
                            description: Description is a user-facing description
                              of the pipeline that may be used to populate a UI.
                            type: string
                          finally:
                            description: Finally declares the list of Tasks that execute
                              just before leaving the Pipeline i.e. either after all
                              Tasks are finished executing successfully or after a
                              failure which would result in ending the Pipeline
                            items:
                              description: PipelineTask defines a task in a Pipeline,
                                passing inputs from both Params and from the output
                                of previous tasks.
                              properties:
                                matrix:
                                  description: Matrix declares parameters used to
                                    fan out this task.
                                  properties:
                                    params:
                                      description: Params is a list of parameters
                                        used to fan out the pipelineTask Params takes
                                        only `Parameters` of type `"array"` Each array
                                        element is supplied to the `PipelineTask`
                                        by substituting `params` of type `"string"`
                                        in the underlying `Task`. The names of the
                                        `params` in the `Matrix` must match the names
                                        of the `params` in the underlying `Task` that
                                        they will be substituting.
                                      items:
                                        description: Param declares an ParamValues
                                          to use for the parameter called name.
                                        properties:
                                          name:
                                            type: string
                                          value:
                                            description: ParamValue is a type that
                                              can hold a single string or string array.
                                              Used in JSON unmarshalling so that a
                                              single JSON field can accept either
                                              an individual string or an array of
                                              strings.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                name:
                                  description: Name is the name of this task within
                                    the context of a Pipeline. Name is used as a coordinate
                                    with the `from` and `runAfter` fields to establish
                                    the execution order of tasks relative to one another.
                                  type: string
                                params:
                                  description: Parameters declares parameters passed
                                    to this task.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resources:
                                  description: Resources declares the resources given
                                    to this task as inputs and outputs.
                                  properties:
                                    inputs:
                                      description: Inputs holds the mapping from the
                                        PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: PipelineTaskInputResource maps
                                          the name of a declared PipelineResource
                                          input dependency in a Task to the resource
                                          in the Pipeline's DeclaredPipelineResources
                                          that should be used. This input may come
                                          from a previous task.
                                        properties:
                                          from:
                                            description: From is the list of PipelineTask
                                              names that the resource has to come
                                              from. (Implies an ordering in the execution
                                              graph.)
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          name:
                                            description: Name is the name of the PipelineResource
                                              as declared by the Task.
                                            type: string
                                          resource:
                                            description: Resource is the name of the
                                              DeclaredPipelineResource to use.
                                            type: string
                                        required:
                                        - name
                                        - resource
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    outputs:
                                      description: Outputs holds the mapping from
                                        the PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: PipelineTaskOutputResource maps
                                          the name of a declared PipelineResource
                                          output dependency in a Task to the resource
                                          in the Pipeline's DeclaredPipelineResources
                                          that should be used.
                                        properties:
                                          name:
                                            description: Name is the name of the PipelineResource
                                              as declared by the Task.
                                            type: string
                                          resource:
                                            description: Resource is the name of the
                                              DeclaredPipelineResource to use.
                                            type: string
                                        required:
                                        - name
                                        - resource
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                retries:
                                  description: 'Retries represents how many times
                                    this task should be retried in case of task failure:
                                    ConditionSucceeded set to False'
                                  type: integer
                                runAfter:
                                  description: RunAfter is the list of PipelineTask
                                    names that should be executed before this Task
                                    executes. (Used to force a specific ordering in
                                    graph execution.)
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                taskRef:
                                  description: TaskRef is a reference to a task definition.
                                  properties:
                                    apiVersion:
                                      description: API version of the referent
                                      type: string
                                    bundle:
                                      description: 'Bundle url reference to a Tekton
                                        Bundle. Deprecated: Please use ResolverRef
                                        with the bundles resolver instead.'
                                      type: string
                                    kind:
                                      description: TaskKind indicates the kind of
                                        the task, namespaced or cluster scoped.
                                      type: string
                                    name:
                                      description: 'Name of the referent; More info:
                                        http://kubernetes.io/docs/user-guide/identifiers#names'
                                      type: string
                                    params:
                                      description: Params contains the parameters
                                        used to identify the referenced Tekton resource.
                                        Example entries might include "repo" or "path"
                                        but the set of params ultimately depends on
                                        the chosen resolver.
                                      items:
                                        description: Param declares an ParamValues
                                          to use for the parameter called name.
                                        properties:
                                          name:
                                            type: string
                                          value:
                                            description: ParamValue is a type that
                                              can hold a single string or string array.
                                              Used in JSON unmarshalling so that a
                                              single JSON field can accept either
                                              an individual string or an array of
                                              strings.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    resolver:
                                      description: Resolver is the name of the resolver
                                        that should perform resolution of the referenced
                                        Tekton resource, such as "git".
                                      type: string
                                  type: object
                                taskSpec:
                                  description: TaskSpec is a specification of a task
                                  properties:
                                    apiVersion:
                                      type: string
                                    description:
                                      description: Description is a user-facing description
                                        of the task that may be used to populate a
                                        UI.
                                      type: string
                                    kind:
                                      type: string
                                    metadata:
                                      description: PipelineTaskMetadata contains the
                                        labels or annotations for an EmbeddedTask
                                      properties:
                                        annotations:
                                          additionalProperties:
                                            type: string
                                          type: object
                                        labels:
                                          additionalProperties:
                                            type: string
                                          type: object
                                      type: object
                                    params:
                                      description: Params is a list of input parameters
                                        required to run the task. Params must be supplied
                                        as inputs in TaskRuns unless they declare
                                        a default value.
                                      items:
                                        description: ParamSpec defines arbitrary parameters
                                          needed beyond typed inputs (such as resources).
                                          Parameter values are provided by users as
                                          inputs on a TaskRun or PipelineRun.
                                        properties:
                                          default:
                                            description: Default is the value a parameter
                                              takes if no input value is supplied.
                                              If default is set, a Task may be executed
                                              without a supplied value for the parameter.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                          description:
                                            description: Description is a user-facing
                                              description of the parameter that may
                                              be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a parameter is referenced.
                                            type: string
                                          properties:
                                            additionalProperties:
                                              description: PropertySpec defines the
                                                struct for object keys
                                              properties:
                                                type:
                                                  description: ParamType indicates
                                                    the type of an input parameter;
                                                    Used to distinguish between a
                                                    single string and an array of
                                                    strings.
                                                  type: string
                                              type: object
                                            description: Properties is the JSON Schema
                                              properties to support key-value pairs
                                              parameter.
                                            type: object
                                          type:
                                            description: Type is the user-specified
                                              type of the parameter. The possible
                                              types are currently "string", "array"
                                              and "object", and "string" is the default.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    resources:
                                      description: Resources is a list input and output
                                        resource to run the task Resources are represented
                                        in TaskRuns as bindings to instances of PipelineResources.
                                      properties:
                                        inputs:
                                          description: Inputs holds the mapping from
                                            the PipelineResources declared in DeclaredPipelineResources
                                            to the input PipelineResources required
                                            by the Task.
                                          items:
                                            description: TaskResource defines an input
                                              or output Resource declared as a requirement
                                              by a Task. The Name field will be used
                                              to refer to these Resources within the
                                              Task definition, and when provided as
                                              an Input, the Name will be the path
                                              to the volume mounted containing this
                                              Resource as an input (e.g. an input
                                              Resource named `workspace` will be mounted
                                              at `/workspace`).
                                            properties:
                                              description:
                                                description: Description is a user-facing
                                                  description of the declared resource
                                                  that may be used to populate a UI.
                                                type: string
                                              name:
                                                description: Name declares the name
                                                  by which a resource is referenced
                                                  in the definition. Resources may
                                                  be referenced by name in the definition
                                                  of a Task's steps.
                                                type: string
                                              optional:
                                                description: 'Optional declares the
                                                  resource as optional. By default
                                                  optional is set to false which makes
                                                  a resource required. optional: true
                                                  - the resource is considered optional
                                                  optional: false - the resource is
                                                  considered required (equivalent
                                                  of not specifying it)'
                                                type: boolean
                                              targetPath:
                                                description: TargetPath is the path
                                                  in workspace directory where the
                                                  resource will be copied.
                                                type: string
                                              type:
                                                description: Type is the type of this
                                                  resource;
                                                type: string
                                            required:
                                            - name
                                            - type
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        outputs:
                                          description: Outputs holds the mapping from
                                            the PipelineResources declared in DeclaredPipelineResources
                                            to the input PipelineResources required
                                            by the Task.
                                          items:
                                            description: TaskResource defines an input
                                              or output Resource declared as a requirement
                                              by a Task. The Name field will be used
                                              to refer to these Resources within the
                                              Task definition, and when provided as
                                              an Input, the Name will be the path
                                              to the volume mounted containing this
                                              Resource as an input (e.g. an input
                                              Resource named `workspace` will be mounted
                                              at `/workspace`).
                                            properties:
                                              description:
                                                description: Description is a user-facing
                                                  description of the declared resource
                                                  that may be used to populate a UI.
                                                type: string
                                              name:
                                                description: Name declares the name
                                                  by which a resource is referenced
                                                  in the definition. Resources may
                                                  be referenced by name in the definition
                                                  of a Task's steps.
                                                type: string
                                              optional:
                                                description: 'Optional declares the
                                                  resource as optional. By default
                                                  optional is set to false which makes
                                                  a resource required. optional: true
                                                  - the resource is considered optional
                                                  optional: false - the resource is
                                                  considered required (equivalent
                                                  of not specifying it)'
                                                type: boolean
                                              targetPath:
                                                description: TargetPath is the path
                                                  in workspace directory where the
                                                  resource will be copied.
                                                type: string
                                              type:
                                                description: Type is the type of this
                                                  resource;
                                                type: string
                                            required:
                                            - name
                                            - type
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                      type: object
                                    results:
                                      description: Results are values that this Task
                                        can output
                                      items:
                                        description: TaskResult used to describe the
                                          results of a task
                                        properties:
                                          description:
                                            description: Description is a human-readable
                                              description of the result
                                            type: string
                                          name:
                                            description: Name the given name
                                            type: string
                                          properties:
                                            additionalProperties:
                                              description: PropertySpec defines the
                                                struct for object keys
                                              properties:
                                                type:
                                                  description: ParamType indicates
                                                    the type of an input parameter;
                                                    Used to distinguish between a
                                                    single string and an array of
                                                    strings.
                                                  type: string
                                              type: object
                                            description: Properties is the JSON Schema
                                              properties to support key-value pairs
                                              results.
                                            type: object
                                          type:
                                            description: Type is the user-specified
                                              type of the result. The possible type
                                              is currently "string" and will support
                                              "array" in following work.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    sidecars:
                                      description: Sidecars are run alongside the
                                        Task's step containers. They begin before
                                        the steps start and end after the steps complete.
                                      items:
                                        description: Sidecar has nearly the same data
                                          structure as Step but does not have the
                                          ability to timeout.
                                        properties:
                                          args:
                                            description: 'Arguments to the entrypoint.
                                              The image''s CMD is used if this is
                                              not provided. Variable references $(VAR_NAME)
                                              are expanded using the container''s
                                              environment. If a variable cannot be
                                              resolved, the reference in the input
                                              string will be unchanged. Double $$
                                              are reduced to a single $, which allows
                                              for escaping the $(VAR_NAME) syntax:
                                              i.e. "$$(VAR_NAME)" will produce the
                                              string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          command:
                                            description: 'Entrypoint array. Not executed
                                              within a shell. The image''s ENTRYPOINT
                                              is used if this is not provided. Variable
                                              references $(VAR_NAME) are expanded
                                              using the Sidecar''s environment. If
                                              a variable cannot be resolved, the reference
                                              in the input string will be unchanged.
                                              Double $$ are reduced to a single $,
                                              which allows for escaping the $(VAR_NAME)
                                              syntax: i.e. "$$(VAR_NAME)" will produce
                                              the string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          env:
                                            description: List of environment variables
                                              to set in the Sidecar. Cannot be updated.
                                            items:
                                              description: EnvVar represents an environment
                                                variable present in a Container.
                                              properties:
                                                name:
                                                  description: Name of the environment
                                                    variable. Must be a C_IDENTIFIER.
                                                  type: string
                                                value:
                                                  description: 'Variable references
                                                    $(VAR_NAME) are expanded using
                                                    the previously defined environment
                                                    variables in the container and
                                                    any service environment variables.
                                                    If a variable cannot be resolved,
                                                    the reference in the input string
                                                    will be unchanged. Double $$ are
                                                    reduced to a single $, which allows
                                                    for escaping the $(VAR_NAME) syntax:
                                                    i.e. "$$(VAR_NAME)" will produce
                                                    the string literal "$(VAR_NAME)".
                                                    Escaped references will never
                                                    be expanded, regardless of whether
                                                    the variable exists or not. Defaults
                                                    to "".'
                                                  type: string
                                                valueFrom:
                                                  description: Source for the environment
                                                    variable's value. Cannot be used
                                                    if value is not empty.
                                                  properties:
                                                    configMapKeyRef:
                                                      description: Selects a key of
                                                        a ConfigMap.
                                                      properties:
                                                        key:
                                                          description: The key to
                                                            select.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the ConfigMap or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                    fieldRef:
                                                      description: 'Selects a field
                                                        of the pod: supports metadata.name,
                                                        metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                        `metadata.annotations[''<KEY>'']`,
                                                        spec.nodeName, spec.serviceAccountName,
                                                        status.hostIP, status.podIP,
                                                        status.podIPs.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, limits.ephemeral-storage,
                                                        requests.cpu, requests.memory
                                                        and requests.ephemeral-storage)
                                                        are currently supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                    secretKeyRef:
                                                      description: Selects a key of
                                                        a secret in the pod's namespace
                                                      properties:
                                                        key:
                                                          description: The key of
                                                            the secret to select from.  Must
                                                            be a valid secret key.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the Secret or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                  type: object
                                              required:
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          envFrom:
                                            description: List of sources to populate
                                              environment variables in the Sidecar.
                                              The keys defined within a source must
                                              be a C_IDENTIFIER. All invalid keys
                                              will be reported as an event when the
                                              Sidecar is starting. When a key exists
                                              in multiple sources, the value associated
                                              with the last source will take precedence.
                                              Values defined by an Env with a duplicate
                                              key will take precedence. Cannot be
                                              updated.
                                            items:
                                              description: EnvFromSource represents
                                                the source of a set of ConfigMaps
                                              properties:
                                                configMapRef:
                                                  description: The ConfigMap to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap must be defined
                                                      type: boolean
                                                  type: object
                                                prefix:
                                                  description: An optional identifier
                                                    to prepend to each key in the
                                                    ConfigMap. Must be a C_IDENTIFIER.
                                                  type: string
                                                secretRef:
                                                  description: The Secret to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret must be defined
                                                      type: boolean
                                                  type: object
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          image:
                                            description: 'Image name to be used by
                                              the Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images'
                                            type: string
                                          imagePullPolicy:
                                            description: 'Image pull policy. One of
                                              Always, Never, IfNotPresent. Defaults
                                              to Always if :latest tag is specified,
                                              or IfNotPresent otherwise. Cannot be
                                              updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                            type: string
                                          lifecycle:
                                            description: Actions that the management
                                              system should take in response to Sidecar
                                              lifecycle events. Cannot be updated.
                                            properties:
                                              postStart:
                                                description: 'PostStart is called
                                                  immediately after a container is
                                                  created. If the handler fails, the
                                                  container is terminated and restarted
                                                  according to its restart policy.
                                                  Other management of the container
                                                  blocks until the hook completes.
                                                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                              preStop:
                                                description: 'PreStop is called immediately
                                                  before a container is terminated
                                                  due to an API request or management
                                                  event such as liveness/startup probe
                                                  failure, preemption, resource contention,
                                                  etc. The handler is not called if
                                                  the container crashes or exits.
                                                  The Pod''s termination grace period
                                                  countdown begins before the PreStop
                                                  hook is executed. Regardless of
                                                  the outcome of the handler, the
                                                  container will eventually terminate
                                                  within the Pod''s termination grace
                                                  period (unless delayed by finalizers).
                                                  Other management of the container
                                                  blocks until the hook completes
                                                  or until the termination grace period
                                                  is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                            type: object
                                          livenessProbe:
                                            description: 'Periodic probe of Sidecar
                                              liveness. Container will be restarted
                                              if the probe fails. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          name:
                                            description: Name of the Sidecar specified
                                              as a DNS_LABEL. Each Sidecar in a Task
                                              must have a unique name (DNS_LABEL).
                                              Cannot be updated.
                                            type: string
                                          ports:
                                            description: List of ports to expose from
                                              the Sidecar. Exposing a port here gives
                                              the system additional information about
                                              the network connections a container
                                              uses, but is primarily informational.
                                              Not specifying a port here DOES NOT
                                              prevent that port from being exposed.
                                              Any port which is listening on the default
                                              "0.0.0.0" address inside a container
                                              will be accessible from the network.
                                              Cannot be updated.
                                            items:
                                              description: ContainerPort represents
                                                a network port in a single container.
                                              properties:
                                                containerPort:
                                                  description: Number of port to expose
                                                    on the pod's IP address. This
                                                    must be a valid port number, 0
                                                    < x < 65536.
                                                  format: int32
                                                  type: integer
                                                hostIP:
                                                  description: What host IP to bind
                                                    the external port to.
                                                  type: string
                                                hostPort:
                                                  description: Number of port to expose
                                                    on the host. If specified, this
                                                    must be a valid port number, 0
                                                    < x < 65536. If HostNetwork is
                                                    specified, this must match ContainerPort.
                                                    Most containers do not need this.
                                                  format: int32
                                                  type: integer
                                                name:
                                                  description: If specified, this
                                                    must be an IANA_SVC_NAME and unique
                                                    within the pod. Each named port
                                                    in a pod must have a unique name.
                                                    Name for the port that can be
                                                    referred to by services.
                                                  type: string
                                                protocol:
                                                  default: TCP
                                                  description: Protocol for port.
                                                    Must be UDP, TCP, or SCTP. Defaults
                                                    to "TCP".
                                                  type: string
                                              required:
                                              - containerPort
                                              type: object
                                            type: array
                                            x-kubernetes-list-map-keys:
                                            - containerPort
                                            - protocol
                                            x-kubernetes-list-type: map
                                          readinessProbe:
                                            description: 'Periodic probe of Sidecar
                                              service readiness. Container will be
                                              removed from service endpoints if the
                                              probe fails. Cannot be updated. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          resources:
                                            description: 'Compute Resources required
                                              by this Sidecar. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            properties:
                                              limits:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Limits describes the
                                                  maximum amount of compute resources
                                                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                              requests:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Requests describes the
                                                  minimum amount of compute resources
                                                  required. If Requests is omitted
                                                  for a container, it defaults to
                                                  Limits if that is explicitly specified,
                                                  otherwise to an implementation-defined
                                                  value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          script:
                                            description: "Script is the contents of
                                              an executable file to execute. \n If
                                              Script is not empty, the Step cannot
                                              have an Command or Args."
                                            type: string
                                          securityContext:
                                            description: 'SecurityContext defines
                                              the security options the Sidecar should
                                              be run with. If set, the fields of SecurityContext
                                              override the equivalent fields of PodSecurityContext.
                                              More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                            properties:
                                              allowPrivilegeEscalation:
                                                description: 'AllowPrivilegeEscalation
                                                  controls whether a process can gain
                                                  more privileges than its parent
                                                  process. This bool directly controls
                                                  if the no_new_privs flag will be
                                                  set on the container process. AllowPrivilegeEscalation
                                                  is true always when the container
                                                  is: 1) run as Privileged 2) has
                                                  CAP_SYS_ADMIN Note that this field
                                                  cannot be set when spec.os.name
                                                  is windows.'
                                                type: boolean
                                              capabilities:
                                                description: The capabilities to add/drop
                                                  when running containers. Defaults
                                                  to the default set of capabilities
                                                  granted by the container runtime.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  add:
                                                    description: Added capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                  drop:
                                                    description: Removed capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                type: object
                                              privileged:
                                                description: Run container in privileged
                                                  mode. Processes in privileged containers
                                                  are essentially equivalent to root
                                                  on the host. Defaults to false.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                type: boolean
                                              procMount:
                                                description: procMount denotes the
                                                  type of proc mount to use for the
                                                  containers. The default is DefaultProcMount
                                                  which uses the container runtime
                                                  defaults for readonly paths and
                                                  masked paths. This requires the
                                                  ProcMountType feature flag to be
                                                  enabled. Note that this field cannot
                                                  be set when spec.os.name is windows.
                                                type: string
                                              readOnlyRootFilesystem:
                                                description: Whether this container
                                                  has a read-only root filesystem.
                                                  Default is false. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                type: boolean
                                              runAsGroup:
                                                description: The GID to run the entrypoint
                                                  of the container process. Uses runtime
                                                  default if unset. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              runAsNonRoot:
                                                description: Indicates that the container
                                                  must run as a non-root user. If
                                                  true, the Kubelet will validate
                                                  the image at runtime to ensure that
                                                  it does not run as UID 0 (root)
                                                  and fail to start the container
                                                  if it does. If unset or false, no
                                                  such validation will be performed.
                                                  May also be set in PodSecurityContext.  If
                                                  set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: boolean
                                              runAsUser:
                                                description: The UID to run the entrypoint
                                                  of the container process. Defaults
                                                  to user specified in image metadata
                                                  if unspecified. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              seLinuxOptions:
                                                description: The SELinux context to
                                                  be applied to the container. If
                                                  unspecified, the container runtime
                                                  will allocate a random SELinux context
                                                  for each container.  May also be
                                                  set in PodSecurityContext.  If set
                                                  in both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                properties:
                                                  level:
                                                    description: Level is SELinux
                                                      level label that applies to
                                                      the container.
                                                    type: string
                                                  role:
                                                    description: Role is a SELinux
                                                      role label that applies to the
                                                      container.
                                                    type: string
                                                  type:
                                                    description: Type is a SELinux
                                                      type label that applies to the
                                                      container.
                                                    type: string
                                                  user:
                                                    description: User is a SELinux
                                                      user label that applies to the
                                                      container.
                                                    type: string
                                                type: object
                                              seccompProfile:
                                                description: The seccomp options to
                                                  use by this container. If seccomp
                                                  options are provided at both the
                                                  pod & container level, the container
                                                  options override the pod options.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  localhostProfile:
                                                    description: localhostProfile
                                                      indicates a profile defined
                                                      in a file on the node should
                                                      be used. The profile must be
                                                      preconfigured on the node to
                                                      work. Must be a descending path,
                                                      relative to the kubelet's configured
                                                      seccomp profile location. Must
                                                      only be set if type is "Localhost".
                                                    type: string
                                                  type:
                                                    description: "type indicates which
                                                      kind of seccomp profile will
                                                      be applied. Valid options are:
                                                      \n Localhost - a profile defined
                                                      in a file on the node should
                                                      be used. RuntimeDefault - the
                                                      container runtime default profile
                                                      should be used. Unconfined -
                                                      no profile should be applied."
                                                    type: string
                                                required:
                                                - type
                                                type: object
                                              windowsOptions:
                                                description: The Windows specific
                                                  settings applied to all containers.
                                                  If unspecified, the options from
                                                  the PodSecurityContext will be used.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                  Note that this field cannot be set
                                                  when spec.os.name is linux.
                                                properties:
                                                  gmsaCredentialSpec:
                                                    description: GMSACredentialSpec
                                                      is where the GMSA admission
                                                      webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                      inlines the contents of the
                                                      GMSA credential spec named by
                                                      the GMSACredentialSpecName field.
                                                    type: string
                                                  gmsaCredentialSpecName:
                                                    description: GMSACredentialSpecName
                                                      is the name of the GMSA credential
                                                      spec to use.
                                                    type: string
                                                  hostProcess:
                                                    description: HostProcess determines
                                                      if a container should be run
                                                      as a 'Host Process' container.
                                                      This field is alpha-level and
                                                      will only be honored by components
                                                      that enable the WindowsHostProcessContainers
                                                      feature flag. Setting this field
                                                      without the feature flag will
                                                      result in errors when validating
                                                      the Pod. All of a Pod's containers
                                                      must have the same effective
                                                      HostProcess value (it is not
                                                      allowed to have a mix of HostProcess
                                                      containers and non-HostProcess
                                                      containers).  In addition, if
                                                      HostProcess is true then HostNetwork
                                                      must also be set to true.
                                                    type: boolean
                                                  runAsUserName:
                                                    description: The UserName in Windows
                                                      to run the entrypoint of the
                                                      container process. Defaults
                                                      to the user specified in image
                                                      metadata if unspecified. May
                                                      also be set in PodSecurityContext.
                                                      If set in both SecurityContext
                                                      and PodSecurityContext, the
                                                      value specified in SecurityContext
                                                      takes precedence.
                                                    type: string
                                                type: object
                                            type: object
                                          startupProbe:
                                            description: 'StartupProbe indicates that
                                              the Pod the Sidecar is running in has
                                              successfully initialized. If specified,
                                              no other probes are executed until this
                                              completes successfully. If this probe
                                              fails, the Pod will be restarted, just
                                              as if the livenessProbe failed. This
                                              can be used to provide different probe
                                              parameters at the beginning of a Pod''s
                                              lifecycle, when it might take a long
                                              time to load data or warm a cache, than
                                              during steady-state operation. This
                                              cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          stdin:
                                            description: Whether this Sidecar should
                                              allocate a buffer for stdin in the container
                                              runtime. If this is not set, reads from
                                              stdin in the Sidecar will always result
                                              in EOF. Default is false.
                                            type: boolean
                                          stdinOnce:
                                            description: Whether the container runtime
                                              should close the stdin channel after
                                              it has been opened by a single attach.
                                              When stdin is true the stdin stream
                                              will remain open across multiple attach
                                              sessions. If stdinOnce is set to true,
                                              stdin is opened on Sidecar start, is
                                              empty until the first client attaches
                                              to stdin, and then remains open and
                                              accepts data until the client disconnects,
                                              at which time stdin is closed and remains
                                              closed until the Sidecar is restarted.
                                              If this flag is false, a container processes
                                              that reads from stdin will never receive
                                              an EOF. Default is false
                                            type: boolean
                                          terminationMessagePath:
                                            description: 'Optional: Path at which
                                              the file to which the Sidecar''s termination
                                              message will be written is mounted into
                                              the Sidecar''s filesystem. Message written
                                              is intended to be brief final status,
                                              such as an assertion failure message.
                                              Will be truncated by the node if greater
                                              than 4096 bytes. The total message length
                                              across all containers will be limited
                                              to 12kb. Defaults to /dev/termination-log.
                                              Cannot be updated.'
                                            type: string
                                          terminationMessagePolicy:
                                            description: Indicate how the termination
                                              message should be populated. File will
                                              use the contents of terminationMessagePath
                                              to populate the Sidecar status message
                                              on both success and failure. FallbackToLogsOnError
                                              will use the last chunk of Sidecar log
                                              output if the termination message file
                                              is empty and the Sidecar exited with
                                              an error. The log output is limited
                                              to 2048 bytes or 80 lines, whichever
                                              is smaller. Defaults to File. Cannot
                                              be updated.
                                            type: string
                                          tty:
                                            description: Whether this Sidecar should
                                              allocate a TTY for itself, also requires
                                              'stdin' to be true. Default is false.
                                            type: boolean
                                          volumeDevices:
                                            description: volumeDevices is the list
                                              of block devices to be used by the Sidecar.
                                            items:
                                              description: volumeDevice describes
                                                a mapping of a raw block device within
                                                a container.
                                              properties:
                                                devicePath:
                                                  description: devicePath is the path
                                                    inside of the container that the
                                                    device will be mapped to.
                                                  type: string
                                                name:
                                                  description: name must match the
                                                    name of a persistentVolumeClaim
                                                    in the pod
                                                  type: string
                                              required:
                                              - devicePath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          volumeMounts:
                                            description: Volumes to mount into the
                                              Sidecar's filesystem. Cannot be updated.
                                            items:
                                              description: VolumeMount describes a
                                                mounting of a Volume within a container.
                                              properties:
                                                mountPath:
                                                  description: Path within the container
                                                    at which the volume should be
                                                    mounted.  Must not contain ':'.
                                                  type: string
                                                mountPropagation:
                                                  description: mountPropagation determines
                                                    how mounts are propagated from
                                                    the host to container and the
                                                    other way around. When not set,
                                                    MountPropagationNone is used.
                                                    This field is beta in 1.10.
                                                  type: string
                                                name:
                                                  description: This must match the
                                                    Name of a Volume.
                                                  type: string
                                                readOnly:
                                                  description: Mounted read-only if
                                                    true, read-write otherwise (false
                                                    or unspecified). Defaults to false.
                                                  type: boolean
                                                subPath:
                                                  description: Path within the volume
                                                    from which the container's volume
                                                    should be mounted. Defaults to
                                                    "" (volume's root).
                                                  type: string
                                                subPathExpr:
                                                  description: Expanded path within
                                                    the volume from which the container's
                                                    volume should be mounted. Behaves
                                                    similarly to SubPath but environment
                                                    variable references $(VAR_NAME)
                                                    are expanded using the container's
                                                    environment. Defaults to "" (volume's
                                                    root). SubPathExpr and SubPath
                                                    are mutually exclusive.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          workingDir:
                                            description: Sidecar's working directory.
                                              If not specified, the container runtime's
                                              default will be used, which might be
                                              configured in the container image. Cannot
                                              be updated.
                                            type: string
                                          workspaces:
                                            description: "This is an alpha field.
                                              You must set the \"enable-api-fields\"
                                              feature flag to \"alpha\" for this field
                                              to be supported. \n Workspaces is a
                                              list of workspaces from the Task that
                                              this Sidecar wants exclusive access
                                              to. Adding a workspace to this list
                                              means that any other Step or Sidecar
                                              that does not also request this Workspace
                                              will not have access to it."
                                            items:
                                              description: WorkspaceUsage is used
                                                by a Step or Sidecar to declare that
                                                it wants isolated access to a Workspace
                                                defined in a Task.
                                              properties:
                                                mountPath:
                                                  description: MountPath is the path
                                                    that the workspace should be mounted
                                                    to inside the Step or Sidecar,
                                                    overriding any MountPath specified
                                                    in the Task's WorkspaceDeclaration.
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    the workspace this Step or Sidecar
                                                    wants access to.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    spec:
                                      description: Spec is a specification of a custom
                                        task
                                      type: object
                                    stepTemplate:
                                      description: StepTemplate can be used as the
                                        basis for all step containers within the Task,
                                        so that the steps inherit settings on the
                                        base container.
                                      properties:
                                        args:
                                          description: 'Arguments to the entrypoint.
                                            The image''s CMD is used if this is not
                                            provided. Variable references $(VAR_NAME)
                                            are expanded using the Step''s environment.
                                            If a variable cannot be resolved, the
                                            reference in the input string will be
                                            unchanged. Double $$ are reduced to a
                                            single $, which allows for escaping the
                                            $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                            will produce the string literal "$(VAR_NAME)".
                                            Escaped references will never be expanded,
                                            regardless of whether the variable exists
                                            or not. Cannot be updated. More info:
                                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        command:
                                          description: 'Entrypoint array. Not executed
                                            within a shell. The docker image''s ENTRYPOINT
                                            is used if this is not provided. Variable
                                            references $(VAR_NAME) are expanded using
                                            the Step''s environment. If a variable
                                            cannot be resolved, the reference in the
                                            input string will be unchanged. Double
                                            $$ are reduced to a single $, which allows
                                            for escaping the $(VAR_NAME) syntax: i.e.
                                            "$$(VAR_NAME)" will produce the string
                                            literal "$(VAR_NAME)". Escaped references
                                            will never be expanded, regardless of
                                            whether the variable exists or not. Cannot
                                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        env:
                                          description: List of environment variables
                                            to set in the container. Cannot be updated.
                                          items:
                                            description: EnvVar represents an environment
                                              variable present in a Container.
                                            properties:
                                              name:
                                                description: Name of the environment
                                                  variable. Must be a C_IDENTIFIER.
                                                type: string
                                              value:
                                                description: 'Variable references
                                                  $(VAR_NAME) are expanded using the
                                                  previously defined environment variables
                                                  in the container and any service
                                                  environment variables. If a variable
                                                  cannot be resolved, the reference
                                                  in the input string will be unchanged.
                                                  Double $$ are reduced to a single
                                                  $, which allows for escaping the
                                                  $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                                  will produce the string literal
                                                  "$(VAR_NAME)". Escaped references
                                                  will never be expanded, regardless
                                                  of whether the variable exists or
                                                  not. Defaults to "".'
                                                type: string
                                              valueFrom:
                                                description: Source for the environment
                                                  variable's value. Cannot be used
                                                  if value is not empty.
                                                properties:
                                                  configMapKeyRef:
                                                    description: Selects a key of
                                                      a ConfigMap.
                                                    properties:
                                                      key:
                                                        description: The key to select.
                                                        type: string
                                                      name:
                                                        description: 'Name of the
                                                          referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                          TODO: Add other useful fields.
                                                          apiVersion, kind, uid?'
                                                        type: string
                                                      optional:
                                                        description: Specify whether
                                                          the ConfigMap or its key
                                                          must be defined
                                                        type: boolean
                                                    required:
                                                    - key
                                                    type: object
                                                  fieldRef:
                                                    description: 'Selects a field
                                                      of the pod: supports metadata.name,
                                                      metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                      `metadata.annotations[''<KEY>'']`,
                                                      spec.nodeName, spec.serviceAccountName,
                                                      status.hostIP, status.podIP,
                                                      status.podIPs.'
                                                    properties:
                                                      apiVersion:
                                                        description: Version of the
                                                          schema the FieldPath is
                                                          written in terms of, defaults
                                                          to "v1".
                                                        type: string
                                                      fieldPath:
                                                        description: Path of the field
                                                          to select in the specified
                                                          API version.
                                                        type: string
                                                    required:
                                                    - fieldPath
                                                    type: object
                                                  resourceFieldRef:
                                                    description: 'Selects a resource
                                                      of the container: only resources
                                                      limits and requests (limits.cpu,
                                                      limits.memory, limits.ephemeral-storage,
                                                      requests.cpu, requests.memory
                                                      and requests.ephemeral-storage)
                                                      are currently supported.'
                                                    properties:
                                                      containerName:
                                                        description: 'Container name:
                                                          required for volumes, optional
                                                          for env vars'
                                                        type: string
                                                      divisor:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Specifies the
                                                          output format of the exposed
                                                          resources, defaults to "1"
                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                        x-kubernetes-int-or-string: true
                                                      resource:
                                                        description: 'Required: resource
                                                          to select'
                                                        type: string
                                                    required:
                                                    - resource
                                                    type: object
                                                  secretKeyRef:
                                                    description: Selects a key of
                                                      a secret in the pod's namespace
                                                    properties:
                                                      key:
                                                        description: The key of the
                                                          secret to select from.  Must
                                                          be a valid secret key.
                                                        type: string
                                                      name:
                                                        description: 'Name of the
                                                          referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                          TODO: Add other useful fields.
                                                          apiVersion, kind, uid?'
                                                        type: string
                                                      optional:
                                                        description: Specify whether
                                                          the Secret or its key must
                                                          be defined
                                                        type: boolean
                                                    required:
                                                    - key
                                                    type: object
                                                type: object
                                            required:
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        envFrom:
                                          description: List of sources to populate
                                            environment variables in the Step. The
                                            keys defined within a source must be a
                                            C_IDENTIFIER. All invalid keys will be
                                            reported as an event when the container
                                            is starting. When a key exists in multiple
                                            sources, the value associated with the
                                            last source will take precedence. Values
                                            defined by an Env with a duplicate key
                                            will take precedence. Cannot be updated.
                                          items:
                                            description: EnvFromSource represents
                                              the source of a set of ConfigMaps
                                            properties:
                                              configMapRef:
                                                description: The ConfigMap to select
                                                  from
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      ConfigMap must be defined
                                                    type: boolean
                                                type: object
                                              prefix:
                                                description: An optional identifier
                                                  to prepend to each key in the ConfigMap.
                                                  Must be a C_IDENTIFIER.
                                                type: string
                                              secretRef:
                                                description: The Secret to select
                                                  from
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      Secret must be defined
                                                    type: boolean
                                                type: object
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        image:
                                          description: 'Default image name to use
                                            for each Step. More info: https://kubernetes.io/docs/concepts/containers/images
                                            This field is optional to allow higher
                                            level config management to default or
                                            override container images in workload
                                            controllers like Deployments and StatefulSets.'
                                          type: string
                                        imagePullPolicy:
                                          description: 'Image pull policy. One of
                                            Always, Never, IfNotPresent. Defaults
                                            to Always if :latest tag is specified,
                                            or IfNotPresent otherwise. Cannot be updated.
                                            More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                          type: string
                                        lifecycle:
                                          description: Deprecated. This field will
                                            be removed in a future release. Actions
                                            that the management system should take
                                            in response to container lifecycle events.
                                            Cannot be updated.
                                          properties:
                                            postStart:
                                              description: 'PostStart is called immediately
                                                after a container is created. If the
                                                handler fails, the container is terminated
                                                and restarted according to its restart
                                                policy. Other management of the container
                                                blocks until the hook completes. More
                                                info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                              properties:
                                                exec:
                                                  description: Exec specifies the
                                                    action to take.
                                                  properties:
                                                    command:
                                                      description: Command is the
                                                        command line to execute inside
                                                        the container, the working
                                                        directory for the command  is
                                                        root ('/') in the container's
                                                        filesystem. The command is
                                                        simply exec'd, it is not run
                                                        inside a shell, so traditional
                                                        shell instructions ('|', etc)
                                                        won't work. To use a shell,
                                                        you need to explicitly call
                                                        out to that shell. Exit status
                                                        of 0 is treated as live/healthy
                                                        and non-zero is unhealthy.
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                httpGet:
                                                  description: HTTPGet specifies the
                                                    http request to perform.
                                                  properties:
                                                    host:
                                                      description: Host name to connect
                                                        to, defaults to the pod IP.
                                                        You probably want to set "Host"
                                                        in httpHeaders instead.
                                                      type: string
                                                    httpHeaders:
                                                      description: Custom headers
                                                        to set in the request. HTTP
                                                        allows repeated headers.
                                                      items:
                                                        description: HTTPHeader describes
                                                          a custom header to be used
                                                          in HTTP probes
                                                        properties:
                                                          name:
                                                            description: The header
                                                              field name
                                                            type: string
                                                          value:
                                                            description: The header
                                                              field value
                                                            type: string
                                                        required:
                                                        - name
                                                        - value
                                                        type: object
                                                      type: array
                                                    path:
                                                      description: Path to access
                                                        on the HTTP server.
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Name or number
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                    scheme:
                                                      description: Scheme to use for
                                                        connecting to the host. Defaults
                                                        to HTTP.
                                                      type: string
                                                  required:
                                                  - port
                                                  type: object
                                                tcpSocket:
                                                  description: Deprecated. TCPSocket
                                                    is NOT supported as a LifecycleHandler
                                                    and kept for the backward compatibility.
                                                    There are no validation of this
                                                    field and lifecycle hooks will
                                                    fail in runtime when tcp handler
                                                    is specified.
                                                  properties:
                                                    host:
                                                      description: 'Optional: Host
                                                        name to connect to, defaults
                                                        to the pod IP.'
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Number or name
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                  required:
                                                  - port
                                                  type: object
                                              type: object
                                            preStop:
                                              description: 'PreStop is called immediately
                                                before a container is terminated due
                                                to an API request or management event
                                                such as liveness/startup probe failure,
                                                preemption, resource contention, etc.
                                                The handler is not called if the container
                                                crashes or exits. The Pod''s termination
                                                grace period countdown begins before
                                                the PreStop hook is executed. Regardless
                                                of the outcome of the handler, the
                                                container will eventually terminate
                                                within the Pod''s termination grace
                                                period (unless delayed by finalizers).
                                                Other management of the container
                                                blocks until the hook completes or
                                                until the termination grace period
                                                is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                              properties:
                                                exec:
                                                  description: Exec specifies the
                                                    action to take.
                                                  properties:
                                                    command:
                                                      description: Command is the
                                                        command line to execute inside
                                                        the container, the working
                                                        directory for the command  is
                                                        root ('/') in the container's
                                                        filesystem. The command is
                                                        simply exec'd, it is not run
                                                        inside a shell, so traditional
                                                        shell instructions ('|', etc)
                                                        won't work. To use a shell,
                                                        you need to explicitly call
                                                        out to that shell. Exit status
                                                        of 0 is treated as live/healthy
                                                        and non-zero is unhealthy.
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                httpGet:
                                                  description: HTTPGet specifies the
                                                    http request to perform.
                                                  properties:
                                                    host:
                                                      description: Host name to connect
                                                        to, defaults to the pod IP.
                                                        You probably want to set "Host"
                                                        in httpHeaders instead.
                                                      type: string
                                                    httpHeaders:
                                                      description: Custom headers
                                                        to set in the request. HTTP
                                                        allows repeated headers.
                                                      items:
                                                        description: HTTPHeader describes
                                                          a custom header to be used
                                                          in HTTP probes
                                                        properties:
                                                          name:
                                                            description: The header
                                                              field name
                                                            type: string
                                                          value:
                                                            description: The header
                                                              field value
                                                            type: string
                                                        required:
                                                        - name
                                                        - value
                                                        type: object
                                                      type: array
                                                    path:
                                                      description: Path to access
                                                        on the HTTP server.
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Name or number
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                    scheme:
                                                      description: Scheme to use for
                                                        connecting to the host. Defaults
                                                        to HTTP.
                                                      type: string
                                                  required:
                                                  - port
                                                  type: object
                                                tcpSocket:
                                                  description: Deprecated. TCPSocket
                                                    is NOT supported as a LifecycleHandler
                                                    and kept for the backward compatibility.
                                                    There are no validation of this
                                                    field and lifecycle hooks will
                                                    fail in runtime when tcp handler
                                                    is specified.
                                                  properties:
                                                    host:
                                                      description: 'Optional: Host
                                                        name to connect to, defaults
                                                        to the pod IP.'
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Number or name
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                  required:
                                                  - port
                                                  type: object
                                              type: object
                                          type: object
                                        livenessProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. Periodic
                                            probe of container liveness. Container
                                            will be restarted if the probe fails.
                                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        name:
                                          description: Deprecated. This field will
                                            be removed in a future release. Default
                                            name for each Step specified as a DNS_LABEL.
                                            Each Step in a Task must have a unique
                                            name. Cannot be updated.
                                          type: string
                                        ports:
                                          description: Deprecated. This field will
                                            be removed in a future release. List of
                                            ports to expose from the Step's container.
                                            Exposing a port here gives the system
                                            additional information about the network
                                            connections a container uses, but is primarily
                                            informational. Not specifying a port here
                                            DOES NOT prevent that port from being
                                            exposed. Any port which is listening on
                                            the default "0.0.0.0" address inside a
                                            container will be accessible from the
                                            network. Cannot be updated.
                                          items:
                                            description: ContainerPort represents
                                              a network port in a single container.
                                            properties:
                                              containerPort:
                                                description: Number of port to expose
                                                  on the pod's IP address. This must
                                                  be a valid port number, 0 < x <
                                                  65536.
                                                format: int32
                                                type: integer
                                              hostIP:
                                                description: What host IP to bind
                                                  the external port to.
                                                type: string
                                              hostPort:
                                                description: Number of port to expose
                                                  on the host. If specified, this
                                                  must be a valid port number, 0 <
                                                  x < 65536. If HostNetwork is specified,
                                                  this must match ContainerPort. Most
                                                  containers do not need this.
                                                format: int32
                                                type: integer
                                              name:
                                                description: If specified, this must
                                                  be an IANA_SVC_NAME and unique within
                                                  the pod. Each named port in a pod
                                                  must have a unique name. Name for
                                                  the port that can be referred to
                                                  by services.
                                                type: string
                                              protocol:
                                                default: TCP
                                                description: Protocol for port. Must
                                                  be UDP, TCP, or SCTP. Defaults to
                                                  "TCP".
                                                type: string
                                            required:
                                            - containerPort
                                            type: object
                                          type: array
                                          x-kubernetes-list-map-keys:
                                          - containerPort
                                          - protocol
                                          x-kubernetes-list-type: map
                                        readinessProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. Periodic
                                            probe of container service readiness.
                                            Container will be removed from service
                                            endpoints if the probe fails. Cannot be
                                            updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        resources:
                                          description: 'Compute Resources required
                                            by this Step. Cannot be updated. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          properties:
                                            limits:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Limits describes the maximum
                                                amount of compute resources allowed.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                            requests:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Requests describes the
                                                minimum amount of compute resources
                                                required. If Requests is omitted for
                                                a container, it defaults to Limits
                                                if that is explicitly specified, otherwise
                                                to an implementation-defined value.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                          type: object
                                        securityContext:
                                          description: 'SecurityContext defines the
                                            security options the Step should be run
                                            with. If set, the fields of SecurityContext
                                            override the equivalent fields of PodSecurityContext.
                                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                          properties:
                                            allowPrivilegeEscalation:
                                              description: 'AllowPrivilegeEscalation
                                                controls whether a process can gain
                                                more privileges than its parent process.
                                                This bool directly controls if the
                                                no_new_privs flag will be set on the
                                                container process. AllowPrivilegeEscalation
                                                is true always when the container
                                                is: 1) run as Privileged 2) has CAP_SYS_ADMIN
                                                Note that this field cannot be set
                                                when spec.os.name is windows.'
                                              type: boolean
                                            capabilities:
                                              description: The capabilities to add/drop
                                                when running containers. Defaults
                                                to the default set of capabilities
                                                granted by the container runtime.
                                                Note that this field cannot be set
                                                when spec.os.name is windows.
                                              properties:
                                                add:
                                                  description: Added capabilities
                                                  items:
                                                    description: Capability represent
                                                      POSIX capabilities type
                                                    type: string
                                                  type: array
                                                drop:
                                                  description: Removed capabilities
                                                  items:
                                                    description: Capability represent
                                                      POSIX capabilities type
                                                    type: string
                                                  type: array
                                              type: object
                                            privileged:
                                              description: Run container in privileged
                                                mode. Processes in privileged containers
                                                are essentially equivalent to root
                                                on the host. Defaults to false. Note
                                                that this field cannot be set when
                                                spec.os.name is windows.
                                              type: boolean
                                            procMount:
                                              description: procMount denotes the type
                                                of proc mount to use for the containers.
                                                The default is DefaultProcMount which
                                                uses the container runtime defaults
                                                for readonly paths and masked paths.
                                                This requires the ProcMountType feature
                                                flag to be enabled. Note that this
                                                field cannot be set when spec.os.name
                                                is windows.
                                              type: string
                                            readOnlyRootFilesystem:
                                              description: Whether this container
                                                has a read-only root filesystem. Default
                                                is false. Note that this field cannot
                                                be set when spec.os.name is windows.
                                              type: boolean
                                            runAsGroup:
                                              description: The GID to run the entrypoint
                                                of the container process. Uses runtime
                                                default if unset. May also be set
                                                in PodSecurityContext.  If set in
                                                both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              format: int64
                                              type: integer
                                            runAsNonRoot:
                                              description: Indicates that the container
                                                must run as a non-root user. If true,
                                                the Kubelet will validate the image
                                                at runtime to ensure that it does
                                                not run as UID 0 (root) and fail to
                                                start the container if it does. If
                                                unset or false, no such validation
                                                will be performed. May also be set
                                                in PodSecurityContext.  If set in
                                                both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence.
                                              type: boolean
                                            runAsUser:
                                              description: The UID to run the entrypoint
                                                of the container process. Defaults
                                                to user specified in image metadata
                                                if unspecified. May also be set in
                                                PodSecurityContext.  If set in both
                                                SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              format: int64
                                              type: integer
                                            seLinuxOptions:
                                              description: The SELinux context to
                                                be applied to the container. If unspecified,
                                                the container runtime will allocate
                                                a random SELinux context for each
                                                container.  May also be set in PodSecurityContext.  If
                                                set in both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              properties:
                                                level:
                                                  description: Level is SELinux level
                                                    label that applies to the container.
                                                  type: string
                                                role:
                                                  description: Role is a SELinux role
                                                    label that applies to the container.
                                                  type: string
                                                type:
                                                  description: Type is a SELinux type
                                                    label that applies to the container.
                                                  type: string
                                                user:
                                                  description: User is a SELinux user
                                                    label that applies to the container.
                                                  type: string
                                              type: object
                                            seccompProfile:
                                              description: The seccomp options to
                                                use by this container. If seccomp
                                                options are provided at both the pod
                                                & container level, the container options
                                                override the pod options. Note that
                                                this field cannot be set when spec.os.name
                                                is windows.
                                              properties:
                                                localhostProfile:
                                                  description: localhostProfile indicates
                                                    a profile defined in a file on
                                                    the node should be used. The profile
                                                    must be preconfigured on the node
                                                    to work. Must be a descending
                                                    path, relative to the kubelet's
                                                    configured seccomp profile location.
                                                    Must only be set if type is "Localhost".
                                                  type: string
                                                type:
                                                  description: "type indicates which
                                                    kind of seccomp profile will be
                                                    applied. Valid options are: \n
                                                    Localhost - a profile defined
                                                    in a file on the node should be
                                                    used. RuntimeDefault - the container
                                                    runtime default profile should
                                                    be used. Unconfined - no profile
                                                    should be applied."
                                                  type: string
                                              required:
                                              - type
                                              type: object
                                            windowsOptions:
                                              description: The Windows specific settings
                                                applied to all containers. If unspecified,
                                                the options from the PodSecurityContext
                                                will be used. If set in both SecurityContext
                                                and PodSecurityContext, the value
                                                specified in SecurityContext takes
                                                precedence. Note that this field cannot
                                                be set when spec.os.name is linux.
                                              properties:
                                                gmsaCredentialSpec:
                                                  description: GMSACredentialSpec
                                                    is where the GMSA admission webhook
                                                    (https://github.com/kubernetes-sigs/windows-gmsa)
                                                    inlines the contents of the GMSA
                                                    credential spec named by the GMSACredentialSpecName
                                                    field.
                                                  type: string
                                                gmsaCredentialSpecName:
                                                  description: GMSACredentialSpecName
                                                    is the name of the GMSA credential
                                                    spec to use.
                                                  type: string
                                                hostProcess:
                                                  description: HostProcess determines
                                                    if a container should be run as
                                                    a 'Host Process' container. This
                                                    field is alpha-level and will
                                                    only be honored by components
                                                    that enable the WindowsHostProcessContainers
                                                    feature flag. Setting this field
                                                    without the feature flag will
                                                    result in errors when validating
                                                    the Pod. All of a Pod's containers
                                                    must have the same effective HostProcess
                                                    value (it is not allowed to have
                                                    a mix of HostProcess containers
                                                    and non-HostProcess containers).  In
                                                    addition, if HostProcess is true
                                                    then HostNetwork must also be
                                                    set to true.
                                                  type: boolean
                                                runAsUserName:
                                                  description: The UserName in Windows
                                                    to run the entrypoint of the container
                                                    process. Defaults to the user
                                                    specified in image metadata if
                                                    unspecified. May also be set in
                                                    PodSecurityContext. If set in
                                                    both SecurityContext and PodSecurityContext,
                                                    the value specified in SecurityContext
                                                    takes precedence.
                                                  type: string
                                              type: object
                                          type: object
                                        startupProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. DeprecatedStartupProbe
                                            indicates that the Pod has successfully
                                            initialized. If specified, no other probes
                                            are executed until this completes successfully.
                                            If this probe fails, the Pod will be restarted,
                                            just as if the livenessProbe failed. This
                                            can be used to provide different probe
                                            parameters at the beginning of a Pod''s
                                            lifecycle, when it might take a long time
                                            to load data or warm a cache, than during
                                            steady-state operation. This cannot be
                                            updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        stdin:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            this Step should allocate a buffer for
                                            stdin in the container runtime. If this
                                            is not set, reads from stdin in the Step
                                            will always result in EOF. Default is
                                            false.
                                          type: boolean
                                        stdinOnce:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            the container runtime should close the
                                            stdin channel after it has been opened
                                            by a single attach. When stdin is true
                                            the stdin stream will remain open across
                                            multiple attach sessions. If stdinOnce
                                            is set to true, stdin is opened on container
                                            start, is empty until the first client
                                            attaches to stdin, and then remains open
                                            and accepts data until the client disconnects,
                                            at which time stdin is closed and remains
                                            closed until the container is restarted.
                                            If this flag is false, a container processes
                                            that reads from stdin will never receive
                                            an EOF. Default is false
                                          type: boolean
                                        terminationMessagePath:
                                          description: Deprecated. This field will
                                            be removed in a future release and cannot
                                            be meaningfully used.
                                          type: string
                                        terminationMessagePolicy:
                                          description: Deprecated. This field will
                                            be removed in a future release and cannot
                                            be meaningfully used.
                                          type: string
                                        tty:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            this Step should allocate a DeprecatedTTY
                                            for itself, also requires 'stdin' to be
                                            true. Default is false.
                                          type: boolean
                                        volumeDevices:
                                          description: volumeDevices is the list of
                                            block devices to be used by the Step.
                                          items:
                                            description: volumeDevice describes a
                                              mapping of a raw block device within
                                              a container.
                                            properties:
                                              devicePath:
                                                description: devicePath is the path
                                                  inside of the container that the
                                                  device will be mapped to.
                                                type: string
                                              name:
                                                description: name must match the name
                                                  of a persistentVolumeClaim in the
                                                  pod
                                                type: string
                                            required:
                                            - devicePath
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        volumeMounts:
                                          description: Volumes to mount into the Step's
                                            filesystem. Cannot be updated.
                                          items:
                                            description: VolumeMount describes a mounting
                                              of a Volume within a container.
                                            properties:
                                              mountPath:
                                                description: Path within the container
                                                  at which the volume should be mounted.  Must
                                                  not contain ':'.
                                                type: string
                                              mountPropagation:
                                                description: mountPropagation determines
                                                  how mounts are propagated from the
                                                  host to container and the other
                                                  way around. When not set, MountPropagationNone
                                                  is used. This field is beta in 1.10.
                                                type: string
                                              name:
                                                description: This must match the Name
                                                  of a Volume.
                                                type: string
                                              readOnly:
                                                description: Mounted read-only if
                                                  true, read-write otherwise (false
                                                  or unspecified). Defaults to false.
                                                type: boolean
                                              subPath:
                                                description: Path within the volume
                                                  from which the container's volume
                                                  should be mounted. Defaults to ""
                                                  (volume's root).
                                                type: string
                                              subPathExpr:
                                                description: Expanded path within
                                                  the volume from which the container's
                                                  volume should be mounted. Behaves
                                                  similarly to SubPath but environment
                                                  variable references $(VAR_NAME)
                                                  are expanded using the container's
                                                  environment. Defaults to "" (volume's
                                                  root). SubPathExpr and SubPath are
                                                  mutually exclusive.
                                                type: string
                                            required:
                                            - mountPath
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        workingDir:
                                          description: Step's working directory. If
                                            not specified, the container runtime's
                                            default will be used, which might be configured
                                            in the container image. Cannot be updated.
                                          type: string
                                      required:
                                      - name
                                      type: object
                                    steps:
                                      description: Steps are the steps of the build;
                                        each step is run sequentially with the source
                                        mounted into /workspace.
                                      items:
                                        description: Step runs a subcomponent of a
                                          Task
                                        properties:
                                          args:
                                            description: 'Arguments to the entrypoint.
                                              The image''s CMD is used if this is
                                              not provided. Variable references $(VAR_NAME)
                                              are expanded using the container''s
                                              environment. If a variable cannot be
                                              resolved, the reference in the input
                                              string will be unchanged. Double $$
                                              are reduced to a single $, which allows
                                              for escaping the $(VAR_NAME) syntax:
                                              i.e. "$$(VAR_NAME)" will produce the
                                              string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          command:
                                            description: 'Entrypoint array. Not executed
                                              within a shell. The image''s ENTRYPOINT
                                              is used if this is not provided. Variable
                                              references $(VAR_NAME) are expanded
                                              using the container''s environment.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Cannot be updated. More info:
                                              https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          env:
                                            description: List of environment variables
                                              to set in the container. Cannot be updated.
                                            items:
                                              description: EnvVar represents an environment
                                                variable present in a Container.
                                              properties:
                                                name:
                                                  description: Name of the environment
                                                    variable. Must be a C_IDENTIFIER.
                                                  type: string
                                                value:
                                                  description: 'Variable references
                                                    $(VAR_NAME) are expanded using
                                                    the previously defined environment
                                                    variables in the container and
                                                    any service environment variables.
                                                    If a variable cannot be resolved,
                                                    the reference in the input string
                                                    will be unchanged. Double $$ are
                                                    reduced to a single $, which allows
                                                    for escaping the $(VAR_NAME) syntax:
                                                    i.e. "$$(VAR_NAME)" will produce
                                                    the string literal "$(VAR_NAME)".
                                                    Escaped references will never
                                                    be expanded, regardless of whether
                                                    the variable exists or not. Defaults
                                                    to "".'
                                                  type: string
                                                valueFrom:
                                                  description: Source for the environment
                                                    variable's value. Cannot be used
                                                    if value is not empty.
                                                  properties:
                                                    configMapKeyRef:
                                                      description: Selects a key of
                                                        a ConfigMap.
                                                      properties:
                                                        key:
                                                          description: The key to
                                                            select.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the ConfigMap or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                    fieldRef:
                                                      description: 'Selects a field
                                                        of the pod: supports metadata.name,
                                                        metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                        `metadata.annotations[''<KEY>'']`,
                                                        spec.nodeName, spec.serviceAccountName,
                                                        status.hostIP, status.podIP,
                                                        status.podIPs.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, limits.ephemeral-storage,
                                                        requests.cpu, requests.memory
                                                        and requests.ephemeral-storage)
                                                        are currently supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                    secretKeyRef:
                                                      description: Selects a key of
                                                        a secret in the pod's namespace
                                                      properties:
                                                        key:
                                                          description: The key of
                                                            the secret to select from.  Must
                                                            be a valid secret key.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the Secret or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                  type: object
                                              required:
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          envFrom:
                                            description: List of sources to populate
                                              environment variables in the container.
                                              The keys defined within a source must
                                              be a C_IDENTIFIER. All invalid keys
                                              will be reported as an event when the
                                              container is starting. When a key exists
                                              in multiple sources, the value associated
                                              with the last source will take precedence.
                                              Values defined by an Env with a duplicate
                                              key will take precedence. Cannot be
                                              updated.
                                            items:
                                              description: EnvFromSource represents
                                                the source of a set of ConfigMaps
                                              properties:
                                                configMapRef:
                                                  description: The ConfigMap to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap must be defined
                                                      type: boolean
                                                  type: object
                                                prefix:
                                                  description: An optional identifier
                                                    to prepend to each key in the
                                                    ConfigMap. Must be a C_IDENTIFIER.
                                                  type: string
                                                secretRef:
                                                  description: The Secret to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret must be defined
                                                      type: boolean
                                                  type: object
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          image:
                                            description: 'Image reference name to
                                              run for this Step. More info: https://kubernetes.io/docs/concepts/containers/images'
                                            type: string
                                          imagePullPolicy:
                                            description: 'Image pull policy. One of
                                              Always, Never, IfNotPresent. Defaults
                                              to Always if :latest tag is specified,
                                              or IfNotPresent otherwise. Cannot be
                                              updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                            type: string
                                          lifecycle:
                                            description: Deprecated. This field will
                                              be removed in a future release. Actions
                                              that the management system should take
                                              in response to container lifecycle events.
                                              Cannot be updated.
                                            properties:
                                              postStart:
                                                description: 'PostStart is called
                                                  immediately after a container is
                                                  created. If the handler fails, the
                                                  container is terminated and restarted
                                                  according to its restart policy.
                                                  Other management of the container
                                                  blocks until the hook completes.
                                                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                              preStop:
                                                description: 'PreStop is called immediately
                                                  before a container is terminated
                                                  due to an API request or management
                                                  event such as liveness/startup probe
                                                  failure, preemption, resource contention,
                                                  etc. The handler is not called if
                                                  the container crashes or exits.
                                                  The Pod''s termination grace period
                                                  countdown begins before the PreStop
                                                  hook is executed. Regardless of
                                                  the outcome of the handler, the
                                                  container will eventually terminate
                                                  within the Pod''s termination grace
                                                  period (unless delayed by finalizers).
                                                  Other management of the container
                                                  blocks until the hook completes
                                                  or until the termination grace period
                                                  is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                            type: object
                                          livenessProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. Periodic
                                              probe of container liveness. Step will
                                              be restarted if the probe fails. Cannot
                                              be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          name:
                                            description: Name of the Step specified
                                              as a DNS_LABEL. Each Step in a Task
                                              must have a unique name.
                                            type: string
                                          onError:
                                            description: OnError defines the exiting
                                              behavior of a container on error can
                                              be set to [ continue | stopAndFail ]
                                            type: string
                                          ports:
                                            description: Deprecated. This field will
                                              be removed in a future release. List
                                              of ports to expose from the Step's container.
                                              Exposing a port here gives the system
                                              additional information about the network
                                              connections a container uses, but is
                                              primarily informational. Not specifying
                                              a port here DOES NOT prevent that port
                                              from being exposed. Any port which is
                                              listening on the default "0.0.0.0" address
                                              inside a container will be accessible
                                              from the network. Cannot be updated.
                                            items:
                                              description: ContainerPort represents
                                                a network port in a single container.
                                              properties:
                                                containerPort:
                                                  description: Number of port to expose
                                                    on the pod's IP address. This
                                                    must be a valid port number, 0
                                                    < x < 65536.
                                                  format: int32
                                                  type: integer
                                                hostIP:
                                                  description: What host IP to bind
                                                    the external port to.
                                                  type: string
                                                hostPort:
                                                  description: Number of port to expose
                                                    on the host. If specified, this
                                                    must be a valid port number, 0
                                                    < x < 65536. If HostNetwork is
                                                    specified, this must match ContainerPort.
                                                    Most containers do not need this.
                                                  format: int32
                                                  type: integer
                                                name:
                                                  description: If specified, this
                                                    must be an IANA_SVC_NAME and unique
                                                    within the pod. Each named port
                                                    in a pod must have a unique name.
                                                    Name for the port that can be
                                                    referred to by services.
                                                  type: string
                                                protocol:
                                                  default: TCP
                                                  description: Protocol for port.
                                                    Must be UDP, TCP, or SCTP. Defaults
                                                    to "TCP".
                                                  type: string
                                              required:
                                              - containerPort
                                              type: object
                                            type: array
                                            x-kubernetes-list-map-keys:
                                            - containerPort
                                            - protocol
                                            x-kubernetes-list-type: map
                                          readinessProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. Periodic
                                              probe of container service readiness.
                                              Step will be removed from service endpoints
                                              if the probe fails. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          resources:
                                            description: 'Compute Resources required
                                              by this Step. Cannot be updated. More
                                              info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            properties:
                                              limits:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Limits describes the
                                                  maximum amount of compute resources
                                                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                              requests:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Requests describes the
                                                  minimum amount of compute resources
                                                  required. If Requests is omitted
                                                  for a container, it defaults to
                                                  Limits if that is explicitly specified,
                                                  otherwise to an implementation-defined
                                                  value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          script:
                                            description: "Script is the contents of
                                              an executable file to execute. \n If
                                              Script is not empty, the Step cannot
                                              have an Command and the Args will be
                                              passed to the Script."
                                            type: string
                                          securityContext:
                                            description: 'SecurityContext defines
                                              the security options the Step should
                                              be run with. If set, the fields of SecurityContext
                                              override the equivalent fields of PodSecurityContext.
                                              More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                            properties:
                                              allowPrivilegeEscalation:
                                                description: 'AllowPrivilegeEscalation
                                                  controls whether a process can gain
                                                  more privileges than its parent
                                                  process. This bool directly controls
                                                  if the no_new_privs flag will be
                                                  set on the container process. AllowPrivilegeEscalation
                                                  is true always when the container
                                                  is: 1) run as Privileged 2) has
                                                  CAP_SYS_ADMIN Note that this field
                                                  cannot be set when spec.os.name
                                                  is windows.'
                                                type: boolean
                                              capabilities:
                                                description: The capabilities to add/drop
                                                  when running containers. Defaults
                                                  to the default set of capabilities
                                                  granted by the container runtime.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  add:
                                                    description: Added capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                  drop:
                                                    description: Removed capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                type: object
                                              privileged:
                                                description: Run container in privileged
                                                  mode. Processes in privileged containers
                                                  are essentially equivalent to root
                                                  on the host. Defaults to false.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                type: boolean
                                              procMount:
                                                description: procMount denotes the
                                                  type of proc mount to use for the
                                                  containers. The default is DefaultProcMount
                                                  which uses the container runtime
                                                  defaults for readonly paths and
                                                  masked paths. This requires the
                                                  ProcMountType feature flag to be
                                                  enabled. Note that this field cannot
                                                  be set when spec.os.name is windows.
                                                type: string
                                              readOnlyRootFilesystem:
                                                description: Whether this container
                                                  has a read-only root filesystem.
                                                  Default is false. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                type: boolean
                                              runAsGroup:
                                                description: The GID to run the entrypoint
                                                  of the container process. Uses runtime
                                                  default if unset. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              runAsNonRoot:
                                                description: Indicates that the container
                                                  must run as a non-root user. If
                                                  true, the Kubelet will validate
                                                  the image at runtime to ensure that
                                                  it does not run as UID 0 (root)
                                                  and fail to start the container
                                                  if it does. If unset or false, no
                                                  such validation will be performed.
                                                  May also be set in PodSecurityContext.  If
                                                  set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: boolean
                                              runAsUser:
                                                description: The UID to run the entrypoint
                                                  of the container process. Defaults
                                                  to user specified in image metadata
                                                  if unspecified. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              seLinuxOptions:
                                                description: The SELinux context to
                                                  be applied to the container. If
                                                  unspecified, the container runtime
                                                  will allocate a random SELinux context
                                                  for each container.  May also be
                                                  set in PodSecurityContext.  If set
                                                  in both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                properties:
                                                  level:
                                                    description: Level is SELinux
                                                      level label that applies to
                                                      the container.
                                                    type: string
                                                  role:
                                                    description: Role is a SELinux
                                                      role label that applies to the
                                                      container.
                                                    type: string
                                                  type:
                                                    description: Type is a SELinux
                                                      type label that applies to the
                                                      container.
                                                    type: string
                                                  user:
                                                    description: User is a SELinux
                                                      user label that applies to the
                                                      container.
                                                    type: string
                                                type: object
                                              seccompProfile:
                                                description: The seccomp options to
                                                  use by this container. If seccomp
                                                  options are provided at both the
                                                  pod & container level, the container
                                                  options override the pod options.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  localhostProfile:
                                                    description: localhostProfile
                                                      indicates a profile defined
                                                      in a file on the node should
                                                      be used. The profile must be
                                                      preconfigured on the node to
                                                      work. Must be a descending path,
                                                      relative to the kubelet's configured
                                                      seccomp profile location. Must
                                                      only be set if type is "Localhost".
                                                    type: string
                                                  type:
                                                    description: "type indicates which
                                                      kind of seccomp profile will
                                                      be applied. Valid options are:
                                                      \n Localhost - a profile defined
                                                      in a file on the node should
                                                      be used. RuntimeDefault - the
                                                      container runtime default profile
                                                      should be used. Unconfined -
                                                      no profile should be applied."
                                                    type: string
                                                required:
                                                - type
                                                type: object
                                              windowsOptions:
                                                description: The Windows specific
                                                  settings applied to all containers.
                                                  If unspecified, the options from
                                                  the PodSecurityContext will be used.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                  Note that this field cannot be set
                                                  when spec.os.name is linux.
                                                properties:
                                                  gmsaCredentialSpec:
                                                    description: GMSACredentialSpec
                                                      is where the GMSA admission
                                                      webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                      inlines the contents of the
                                                      GMSA credential spec named by
                                                      the GMSACredentialSpecName field.
                                                    type: string
                                                  gmsaCredentialSpecName:
                                                    description: GMSACredentialSpecName
                                                      is the name of the GMSA credential
                                                      spec to use.
                                                    type: string
                                                  hostProcess:
                                                    description: HostProcess determines
                                                      if a container should be run
                                                      as a 'Host Process' container.
                                                      This field is alpha-level and
                                                      will only be honored by components
                                                      that enable the WindowsHostProcessContainers
                                                      feature flag. Setting this field
                                                      without the feature flag will
                                                      result in errors when validating
                                                      the Pod. All of a Pod's containers
                                                      must have the same effective
                                                      HostProcess value (it is not
                                                      allowed to have a mix of HostProcess
                                                      containers and non-HostProcess
                                                      containers).  In addition, if
                                                      HostProcess is true then HostNetwork
                                                      must also be set to true.
                                                    type: boolean
                                                  runAsUserName:
                                                    description: The UserName in Windows
                                                      to run the entrypoint of the
                                                      container process. Defaults
                                                      to the user specified in image
                                                      metadata if unspecified. May
                                                      also be set in PodSecurityContext.
                                                      If set in both SecurityContext
                                                      and PodSecurityContext, the
                                                      value specified in SecurityContext
                                                      takes precedence.
                                                    type: string
                                                type: object
                                            type: object
                                          startupProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. DeprecatedStartupProbe
                                              indicates that the Pod this Step runs
                                              in has successfully initialized. If
                                              specified, no other probes are executed
                                              until this completes successfully. If
                                              this probe fails, the Pod will be restarted,
                                              just as if the livenessProbe failed.
                                              This can be used to provide different
                                              probe parameters at the beginning of
                                              a Pod''s lifecycle, when it might take
                                              a long time to load data or warm a cache,
                                              than during steady-state operation.
                                              This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          stderrConfig:
                                            description: Stores configuration for
                                              the stderr stream of the step.
                                            properties:
                                              path:
                                                description: Path to duplicate stdout
                                                  stream to on container's local filesystem.
                                                type: string
                                            type: object
                                          stdin:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              this container should allocate a buffer
                                              for stdin in the container runtime.
                                              If this is not set, reads from stdin
                                              in the container will always result
                                              in EOF. Default is false.
                                            type: boolean
                                          stdinOnce:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              the container runtime should close the
                                              stdin channel after it has been opened
                                              by a single attach. When stdin is true
                                              the stdin stream will remain open across
                                              multiple attach sessions. If stdinOnce
                                              is set to true, stdin is opened on container
                                              start, is empty until the first client
                                              attaches to stdin, and then remains
                                              open and accepts data until the client
                                              disconnects, at which time stdin is
                                              closed and remains closed until the
                                              container is restarted. If this flag
                                              is false, a container processes that
                                              reads from stdin will never receive
                                              an EOF. Default is false
                                            type: boolean
                                          stdoutConfig:
                                            description: Stores configuration for
                                              the stdout stream of the step.
                                            properties:
                                              path:
                                                description: Path to duplicate stdout
                                                  stream to on container's local filesystem.
                                                type: string
                                            type: object
                                          terminationMessagePath:
                                            description: Deprecated. This field will
                                              be removed in a future release and can't
                                              be meaningfully used.
                                            type: string
                                          terminationMessagePolicy:
                                            description: Deprecated. This field will
                                              be removed in a future release and can't
                                              be meaningfully used.
                                            type: string
                                          timeout:
                                            description: 'Timeout is the time after
                                              which the step times out. Defaults to
                                              never. Refer to Go''s ParseDuration
                                              documentation for expected format: https://golang.org/pkg/time/#ParseDuration'
                                            type: string
                                          tty:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              this container should allocate a DeprecatedTTY
                                              for itself, also requires 'stdin' to
                                              be true. Default is false.
                                            type: boolean
                                          volumeDevices:
                                            description: volumeDevices is the list
                                              of block devices to be used by the Step.
                                            items:
                                              description: volumeDevice describes
                                                a mapping of a raw block device within
                                                a container.
                                              properties:
                                                devicePath:
                                                  description: devicePath is the path
                                                    inside of the container that the
                                                    device will be mapped to.
                                                  type: string
                                                name:
                                                  description: name must match the
                                                    name of a persistentVolumeClaim
                                                    in the pod
                                                  type: string
                                              required:
                                              - devicePath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          volumeMounts:
                                            description: Volumes to mount into the
                                              Step's filesystem. Cannot be updated.
                                            items:
                                              description: VolumeMount describes a
                                                mounting of a Volume within a container.
                                              properties:
                                                mountPath:
                                                  description: Path within the container
                                                    at which the volume should be
                                                    mounted.  Must not contain ':'.
                                                  type: string
                                                mountPropagation:
                                                  description: mountPropagation determines
                                                    how mounts are propagated from
                                                    the host to container and the
                                                    other way around. When not set,
                                                    MountPropagationNone is used.
                                                    This field is beta in 1.10.
                                                  type: string
                                                name:
                                                  description: This must match the
                                                    Name of a Volume.
                                                  type: string
                                                readOnly:
                                                  description: Mounted read-only if
                                                    true, read-write otherwise (false
                                                    or unspecified). Defaults to false.
                                                  type: boolean
                                                subPath:
                                                  description: Path within the volume
                                                    from which the container's volume
                                                    should be mounted. Defaults to
                                                    "" (volume's root).
                                                  type: string
                                                subPathExpr:
                                                  description: Expanded path within
                                                    the volume from which the container's
                                                    volume should be mounted. Behaves
                                                    similarly to SubPath but environment
                                                    variable references $(VAR_NAME)
                                                    are expanded using the container's
                                                    environment. Defaults to "" (volume's
                                                    root). SubPathExpr and SubPath
                                                    are mutually exclusive.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          workingDir:
                                            description: Step's working directory.
                                              If not specified, the container runtime's
                                              default will be used, which might be
                                              configured in the container image. Cannot
                                              be updated.
                                            type: string
                                          workspaces:
                                            description: "This is an alpha field.
                                              You must set the \"enable-api-fields\"
                                              feature flag to \"alpha\" for this field
                                              to be supported. \n Workspaces is a
                                              list of workspaces from the Task that
                                              this Step wants exclusive access to.
                                              Adding a workspace to this list means
                                              that any other Step or Sidecar that
                                              does not also request this Workspace
                                              will not have access to it."
                                            items:
                                              description: WorkspaceUsage is used
                                                by a Step or Sidecar to declare that
                                                it wants isolated access to a Workspace
                                                defined in a Task.
                                              properties:
                                                mountPath:
                                                  description: MountPath is the path
                                                    that the workspace should be mounted
                                                    to inside the Step or Sidecar,
                                                    overriding any MountPath specified
                                                    in the Task's WorkspaceDeclaration.
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    the workspace this Step or Sidecar
                                                    wants access to.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    volumes:
                                      description: Volumes is a collection of volumes
                                        that are available to mount into the steps
                                        of the build.
                                      items:
                                        description: Volume represents a named volume
                                          in a pod that may be accessed by any container
                                          in the pod.
                                        properties:
                                          awsElasticBlockStore:
                                            description: 'awsElasticBlockStore represents
                                              an AWS Disk resource that is attached
                                              to a kubelet''s host machine and then
                                              exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              partition:
                                                description: 'partition is the partition
                                                  in the volume that you want to mount.
                                                  If omitted, the default is to mount
                                                  by volume name. Examples: For volume
                                                  /dev/sda1, you specify the partition
                                                  as "1". Similarly, the volume partition
                                                  for /dev/sda is "0" (or you can
                                                  leave the property empty).'
                                                format: int32
                                                type: integer
                                              readOnly:
                                                description: 'readOnly value true
                                                  will force the readOnly setting
                                                  in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                                type: boolean
                                              volumeID:
                                                description: 'volumeID is unique ID
                                                  of the persistent disk resource
                                                  in AWS (Amazon EBS volume). More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          azureDisk:
                                            description: azureDisk represents an Azure
                                              Data Disk mount on the host and bind
                                              mount to the pod.
                                            properties:
                                              cachingMode:
                                                description: 'cachingMode is the Host
                                                  Caching mode: None, Read Only, Read
                                                  Write.'
                                                type: string
                                              diskName:
                                                description: diskName is the Name
                                                  of the data disk in the blob storage
                                                type: string
                                              diskURI:
                                                description: diskURI is the URI of
                                                  data disk in the blob storage
                                                type: string
                                              fsType:
                                                description: fsType is Filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              kind:
                                                description: 'kind expected values
                                                  are Shared: multiple blob disks
                                                  per storage account  Dedicated:
                                                  single blob disk per storage account  Managed:
                                                  azure managed data disk (only in
                                                  managed availability set). defaults
                                                  to shared'
                                                type: string
                                              readOnly:
                                                description: readOnly Defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                            required:
                                            - diskName
                                            - diskURI
                                            type: object
                                          azureFile:
                                            description: azureFile represents an Azure
                                              File Service mount on the host and bind
                                              mount to the pod.
                                            properties:
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretName:
                                                description: secretName is the  name
                                                  of secret that contains Azure Storage
                                                  Account Name and Key
                                                type: string
                                              shareName:
                                                description: shareName is the azure
                                                  share Name
                                                type: string
                                            required:
                                            - secretName
                                            - shareName
                                            type: object
                                          cephfs:
                                            description: cephFS represents a Ceph
                                              FS mount on the host that shares a pod's
                                              lifetime
                                            properties:
                                              monitors:
                                                description: 'monitors is Required:
                                                  Monitors is a collection of Ceph
                                                  monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                items:
                                                  type: string
                                                type: array
                                              path:
                                                description: 'path is Optional: Used
                                                  as the mounted root, rather than
                                                  the full Ceph tree, default is /'
                                                type: string
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  Defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts. More info:
                                                  https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: boolean
                                              secretFile:
                                                description: 'secretFile is Optional:
                                                  SecretFile is the path to key ring
                                                  for User, default is /etc/ceph/user.secret
                                                  More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: string
                                              secretRef:
                                                description: 'secretRef is Optional:
                                                  SecretRef is reference to the authentication
                                                  secret for User, default is empty.
                                                  More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              user:
                                                description: 'user is optional: User
                                                  is the rados user name, default
                                                  is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: string
                                            required:
                                            - monitors
                                            type: object
                                          cinder:
                                            description: 'cinder represents a cinder
                                              volume attached and mounted on kubelets
                                              host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: string
                                              readOnly:
                                                description: 'readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is optional:
                                                  points to a secret object containing
                                                  parameters used to connect to OpenStack.'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              volumeID:
                                                description: 'volumeID used to identify
                                                  the volume in cinder. More info:
                                                  https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          configMap:
                                            description: configMap represents a configMap
                                              that should populate this volume
                                            properties:
                                              defaultMode:
                                                description: 'defaultMode is optional:
                                                  mode bits used to set permissions
                                                  on created files by default. Must
                                                  be an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Defaults
                                                  to 0644. Directories within the
                                                  path are not affected by this setting.
                                                  This might be in conflict with other
                                                  options that affect the file mode,
                                                  like fsGroup, and the result can
                                                  be other mode bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: items if unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced ConfigMap
                                                  will be projected into the volume
                                                  as a file whose name is the key
                                                  and content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the ConfigMap, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: optional specify whether
                                                  the ConfigMap or its keys must be
                                                  defined
                                                type: boolean
                                            type: object
                                          csi:
                                            description: csi (Container Storage Interface)
                                              represents ephemeral storage that is
                                              handled by certain external CSI drivers
                                              (Beta feature).
                                            properties:
                                              driver:
                                                description: driver is the name of
                                                  the CSI driver that handles this
                                                  volume. Consult with your admin
                                                  for the correct name as registered
                                                  in the cluster.
                                                type: string
                                              fsType:
                                                description: fsType to mount. Ex.
                                                  "ext4", "xfs", "ntfs". If not provided,
                                                  the empty value is passed to the
                                                  associated CSI driver which will
                                                  determine the default filesystem
                                                  to apply.
                                                type: string
                                              nodePublishSecretRef:
                                                description: nodePublishSecretRef
                                                  is a reference to the secret object
                                                  containing sensitive information
                                                  to pass to the CSI driver to complete
                                                  the CSI NodePublishVolume and NodeUnpublishVolume
                                                  calls. This field is optional, and  may
                                                  be empty if no secret is required.
                                                  If the secret object contains more
                                                  than one secret, all secret references
                                                  are passed.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              readOnly:
                                                description: readOnly specifies a
                                                  read-only configuration for the
                                                  volume. Defaults to false (read/write).
                                                type: boolean
                                              volumeAttributes:
                                                additionalProperties:
                                                  type: string
                                                description: volumeAttributes stores
                                                  driver-specific properties that
                                                  are passed to the CSI driver. Consult
                                                  your driver's documentation for
                                                  supported values.
                                                type: object
                                            required:
                                            - driver
                                            type: object
                                          downwardAPI:
                                            description: downwardAPI represents downward
                                              API about the pod that should populate
                                              this volume
                                            properties:
                                              defaultMode:
                                                description: 'Optional: mode bits
                                                  to use on created files by default.
                                                  Must be a Optional: mode bits used
                                                  to set permissions on created files
                                                  by default. Must be an octal value
                                                  between 0000 and 0777 or a decimal
                                                  value between 0 and 511. YAML accepts
                                                  both octal and decimal values, JSON
                                                  requires decimal values for mode
                                                  bits. Defaults to 0644. Directories
                                                  within the path are not affected
                                                  by this setting. This might be in
                                                  conflict with other options that
                                                  affect the file mode, like fsGroup,
                                                  and the result can be other mode
                                                  bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: Items is a list of downward
                                                  API volume file
                                                items:
                                                  description: DownwardAPIVolumeFile
                                                    represents information to create
                                                    the file containing the pod field
                                                  properties:
                                                    fieldRef:
                                                      description: 'Required: Selects
                                                        a field of the pod: only annotations,
                                                        labels, name and namespace
                                                        are supported.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    mode:
                                                      description: 'Optional: mode
                                                        bits used to set permissions
                                                        on this file, must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: 'Required: Path
                                                        is  the relative path name
                                                        of the file to be created.
                                                        Must not be absolute or contain
                                                        the ''..'' path. Must be utf-8
                                                        encoded. The first item of
                                                        the relative path must not
                                                        start with ''..'''
                                                      type: string
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, requests.cpu
                                                        and requests.memory) are currently
                                                        supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                  required:
                                                  - path
                                                  type: object
                                                type: array
                                            type: object
                                          emptyDir:
                                            description: 'emptyDir represents a temporary
                                              directory that shares a pod''s lifetime.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            properties:
                                              medium:
                                                description: 'medium represents what
                                                  type of storage medium should back
                                                  this directory. The default is ""
                                                  which means to use the node''s default
                                                  medium. Must be an empty string
                                                  (default) or Memory. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                                type: string
                                              sizeLimit:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: 'sizeLimit is the total
                                                  amount of local storage required
                                                  for this EmptyDir volume. The size
                                                  limit is also applicable for memory
                                                  medium. The maximum usage on memory
                                                  medium EmptyDir would be the minimum
                                                  value between the SizeLimit specified
                                                  here and the sum of memory limits
                                                  of all containers in a pod. The
                                                  default is nil which means that
                                                  the limit is undefined. More info:
                                                  http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                            type: object
                                          ephemeral:
                                            description: "ephemeral represents a volume
                                              that is handled by a cluster storage
                                              driver. The volume's lifecycle is tied
                                              to the pod that defines it - it will
                                              be created before the pod starts, and
                                              deleted when the pod is removed. \n
                                              Use this if: a) the volume is only needed
                                              while the pod runs, b) features of normal
                                              volumes like restoring from snapshot
                                              or capacity    tracking are needed,
                                              c) the storage driver is specified through
                                              a storage class, and d) the storage
                                              driver supports dynamic volume provisioning
                                              through    a PersistentVolumeClaim (see
                                              EphemeralVolumeSource for more    information
                                              on the connection between this volume
                                              type    and PersistentVolumeClaim).
                                              \n Use PersistentVolumeClaim or one
                                              of the vendor-specific APIs for volumes
                                              that persist for longer than the lifecycle
                                              of an individual pod. \n Use CSI for
                                              light-weight local ephemeral volumes
                                              if the CSI driver is meant to be used
                                              that way - see the documentation of
                                              the driver for more information. \n
                                              A pod can use both types of ephemeral
                                              volumes and persistent volumes at the
                                              same time."
                                            properties:
                                              volumeClaimTemplate:
                                                description: "Will be used to create
                                                  a stand-alone PVC to provision the
                                                  volume. The pod in which this EphemeralVolumeSource
                                                  is embedded will be the owner of
                                                  the PVC, i.e. the PVC will be deleted
                                                  together with the pod.  The name
                                                  of the PVC will be `<pod name>-<volume
                                                  name>` where `<volume name>` is
                                                  the name from the `PodSpec.Volumes`
                                                  array entry. Pod validation will
                                                  reject the pod if the concatenated
                                                  name is not valid for a PVC (for
                                                  example, too long). \n An existing
                                                  PVC with that name that is not owned
                                                  by the pod will *not* be used for
                                                  the pod to avoid using an unrelated
                                                  volume by mistake. Starting the
                                                  pod is then blocked until the unrelated
                                                  PVC is removed. If such a pre-created
                                                  PVC is meant to be used by the pod,
                                                  the PVC has to updated with an owner
                                                  reference to the pod once the pod
                                                  exists. Normally this should not
                                                  be necessary, but it may be useful
                                                  when manually reconstructing a broken
                                                  cluster. \n This field is read-only
                                                  and no changes will be made by Kubernetes
                                                  to the PVC after it has been created.
                                                  \n Required, must not be nil."
                                                properties:
                                                  metadata:
                                                    description: May contain labels
                                                      and annotations that will be
                                                      copied into the PVC when creating
                                                      it. No other fields are allowed
                                                      and will be rejected during
                                                      validation.
                                                    type: object
                                                  spec:
                                                    description: The specification
                                                      for the PersistentVolumeClaim.
                                                      The entire content is copied
                                                      unchanged into the PVC that
                                                      gets created from this template.
                                                      The same fields as in a PersistentVolumeClaim
                                                      are also valid here.
                                                    properties:
                                                      accessModes:
                                                        description: 'accessModes
                                                          contains the desired access
                                                          modes the volume should
                                                          have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                        items:
                                                          type: string
                                                        type: array
                                                      dataSource:
                                                        description: 'dataSource field
                                                          can be used to specify either:
                                                          * An existing VolumeSnapshot
                                                          object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                          * An existing PVC (PersistentVolumeClaim)
                                                          If the provisioner or an
                                                          external controller can
                                                          support the specified data
                                                          source, it will create a
                                                          new volume based on the
                                                          contents of the specified
                                                          data source. If the AnyVolumeDataSource
                                                          feature gate is enabled,
                                                          this field will always have
                                                          the same contents as the
                                                          DataSourceRef field.'
                                                        properties:
                                                          apiGroup:
                                                            description: APIGroup
                                                              is the group for the
                                                              resource being referenced.
                                                              If APIGroup is not specified,
                                                              the specified Kind must
                                                              be in the core API group.
                                                              For any other third-party
                                                              types, APIGroup is required.
                                                            type: string
                                                          kind:
                                                            description: Kind is the
                                                              type of resource being
                                                              referenced
                                                            type: string
                                                          name:
                                                            description: Name is the
                                                              name of resource being
                                                              referenced
                                                            type: string
                                                        required:
                                                        - kind
                                                        - name
                                                        type: object
                                                      dataSourceRef:
                                                        description: 'dataSourceRef
                                                          specifies the object from
                                                          which to populate the volume
                                                          with data, if a non-empty
                                                          volume is desired. This
                                                          may be any local object
                                                          from a non-empty API group
                                                          (non core object) or a PersistentVolumeClaim
                                                          object. When this field
                                                          is specified, volume binding
                                                          will only succeed if the
                                                          type of the specified object
                                                          matches some installed volume
                                                          populator or dynamic provisioner.
                                                          This field will replace
                                                          the functionality of the
                                                          DataSource field and as
                                                          such if both fields are
                                                          non-empty, they must have
                                                          the same value. For backwards
                                                          compatibility, both fields
                                                          (DataSource and DataSourceRef)
                                                          will be set to the same
                                                          value automatically if one
                                                          of them is empty and the
                                                          other is non-empty. There
                                                          are two important differences
                                                          between DataSource and DataSourceRef:
                                                          * While DataSource only
                                                          allows two specific types
                                                          of objects, DataSourceRef   allows
                                                          any non-core object, as
                                                          well as PersistentVolumeClaim
                                                          objects. * While DataSource
                                                          ignores disallowed values
                                                          (dropping them), DataSourceRef   preserves
                                                          all values, and generates
                                                          an error if a disallowed
                                                          value is   specified. (Beta)
                                                          Using this field requires
                                                          the AnyVolumeDataSource
                                                          feature gate to be enabled.'
                                                        properties:
                                                          apiGroup:
                                                            description: APIGroup
                                                              is the group for the
                                                              resource being referenced.
                                                              If APIGroup is not specified,
                                                              the specified Kind must
                                                              be in the core API group.
                                                              For any other third-party
                                                              types, APIGroup is required.
                                                            type: string
                                                          kind:
                                                            description: Kind is the
                                                              type of resource being
                                                              referenced
                                                            type: string
                                                          name:
                                                            description: Name is the
                                                              name of resource being
                                                              referenced
                                                            type: string
                                                        required:
                                                        - kind
                                                        - name
                                                        type: object
                                                      resources:
                                                        description: 'resources represents
                                                          the minimum resources the
                                                          volume should have. If RecoverVolumeExpansionFailure
                                                          feature is enabled users
                                                          are allowed to specify resource
                                                          requirements that are lower
                                                          than previous value but
                                                          must still be higher than
                                                          capacity recorded in the
                                                          status field of the claim.
                                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                        properties:
                                                          limits:
                                                            additionalProperties:
                                                              anyOf:
                                                              - type: integer
                                                              - type: string
                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                              x-kubernetes-int-or-string: true
                                                            description: 'Limits describes
                                                              the maximum amount of
                                                              compute resources allowed.
                                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                            type: object
                                                          requests:
                                                            additionalProperties:
                                                              anyOf:
                                                              - type: integer
                                                              - type: string
                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                              x-kubernetes-int-or-string: true
                                                            description: 'Requests
                                                              describes the minimum
                                                              amount of compute resources
                                                              required. If Requests
                                                              is omitted for a container,
                                                              it defaults to Limits
                                                              if that is explicitly
                                                              specified, otherwise
                                                              to an implementation-defined
                                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                            type: object
                                                        type: object
                                                      selector:
                                                        description: selector is a
                                                          label query over volumes
                                                          to consider for binding.
                                                        properties:
                                                          matchExpressions:
                                                            description: matchExpressions
                                                              is a list of label selector
                                                              requirements. The requirements
                                                              are ANDed.
                                                            items:
                                                              description: A label
                                                                selector requirement
                                                                is a selector that
                                                                contains values, a
                                                                key, and an operator
                                                                that relates the key
                                                                and values.
                                                              properties:
                                                                key:
                                                                  description: key
                                                                    is the label key
                                                                    that the selector
                                                                    applies to.
                                                                  type: string
                                                                operator:
                                                                  description: operator
                                                                    represents a key's
                                                                    relationship to
                                                                    a set of values.
                                                                    Valid operators
                                                                    are In, NotIn,
                                                                    Exists and DoesNotExist.
                                                                  type: string
                                                                values:
                                                                  description: values
                                                                    is an array of
                                                                    string values.
                                                                    If the operator
                                                                    is In or NotIn,
                                                                    the values array
                                                                    must be non-empty.
                                                                    If the operator
                                                                    is Exists or DoesNotExist,
                                                                    the values array
                                                                    must be empty.
                                                                    This array is
                                                                    replaced during
                                                                    a strategic merge
                                                                    patch.
                                                                  items:
                                                                    type: string
                                                                  type: array
                                                              required:
                                                              - key
                                                              - operator
                                                              type: object
                                                            type: array
                                                          matchLabels:
                                                            additionalProperties:
                                                              type: string
                                                            description: matchLabels
                                                              is a map of {key,value}
                                                              pairs. A single {key,value}
                                                              in the matchLabels map
                                                              is equivalent to an
                                                              element of matchExpressions,
                                                              whose key field is "key",
                                                              the operator is "In",
                                                              and the values array
                                                              contains only "value".
                                                              The requirements are
                                                              ANDed.
                                                            type: object
                                                        type: object
                                                      storageClassName:
                                                        description: 'storageClassName
                                                          is the name of the StorageClass
                                                          required by the claim. More
                                                          info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                        type: string
                                                      volumeMode:
                                                        description: volumeMode defines
                                                          what type of volume is required
                                                          by the claim. Value of Filesystem
                                                          is implied when not included
                                                          in claim spec.
                                                        type: string
                                                      volumeName:
                                                        description: volumeName is
                                                          the binding reference to
                                                          the PersistentVolume backing
                                                          this claim.
                                                        type: string
                                                    type: object
                                                required:
                                                - spec
                                                type: object
                                            type: object
                                          fc:
                                            description: fc represents a Fibre Channel
                                              resource that is attached to a kubelet's
                                              host machine and then exposed to the
                                              pod.
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified. TODO: how do we
                                                  prevent errors in the filesystem
                                                  from compromising the machine'
                                                type: string
                                              lun:
                                                description: 'lun is Optional: FC
                                                  target lun number'
                                                format: int32
                                                type: integer
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  Defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts.'
                                                type: boolean
                                              targetWWNs:
                                                description: 'targetWWNs is Optional:
                                                  FC target worldwide names (WWNs)'
                                                items:
                                                  type: string
                                                type: array
                                              wwids:
                                                description: 'wwids Optional: FC volume
                                                  world wide identifiers (wwids) Either
                                                  wwids or combination of targetWWNs
                                                  and lun must be set, but not both
                                                  simultaneously.'
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          flexVolume:
                                            description: flexVolume represents a generic
                                              volume resource that is provisioned/attached
                                              using an exec based plugin.
                                            properties:
                                              driver:
                                                description: driver is the name of
                                                  the driver to use for this volume.
                                                type: string
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  The default filesystem depends on
                                                  FlexVolume script.
                                                type: string
                                              options:
                                                additionalProperties:
                                                  type: string
                                                description: 'options is Optional:
                                                  this field holds extra command options
                                                  if any.'
                                                type: object
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts.'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is Optional:
                                                  secretRef is reference to the secret
                                                  object containing sensitive information
                                                  to pass to the plugin scripts. This
                                                  may be empty if no secret object
                                                  is specified. If the secret object
                                                  contains more than one secret, all
                                                  secrets are passed to the plugin
                                                  scripts.'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                            required:
                                            - driver
                                            type: object
                                          flocker:
                                            description: flocker represents a Flocker
                                              volume attached to a kubelet's host
                                              machine. This depends on the Flocker
                                              control service being running
                                            properties:
                                              datasetName:
                                                description: datasetName is Name of
                                                  the dataset stored as metadata ->
                                                  name on the dataset for Flocker
                                                  should be considered as deprecated
                                                type: string
                                              datasetUUID:
                                                description: datasetUUID is the UUID
                                                  of the dataset. This is unique identifier
                                                  of a Flocker dataset
                                                type: string
                                            type: object
                                          gcePersistentDisk:
                                            description: 'gcePersistentDisk represents
                                              a GCE Disk resource that is attached
                                              to a kubelet''s host machine and then
                                              exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            properties:
                                              fsType:
                                                description: 'fsType is filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              partition:
                                                description: 'partition is the partition
                                                  in the volume that you want to mount.
                                                  If omitted, the default is to mount
                                                  by volume name. Examples: For volume
                                                  /dev/sda1, you specify the partition
                                                  as "1". Similarly, the volume partition
                                                  for /dev/sda is "0" (or you can
                                                  leave the property empty). More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                format: int32
                                                type: integer
                                              pdName:
                                                description: 'pdName is unique name
                                                  of the PD resource in GCE. Used
                                                  to identify the disk in GCE. More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                type: boolean
                                            required:
                                            - pdName
                                            type: object
                                          gitRepo:
                                            description: 'gitRepo represents a git
                                              repository at a particular revision.
                                              DEPRECATED: GitRepo is deprecated. To
                                              provision a container with a git repo,
                                              mount an EmptyDir into an InitContainer
                                              that clones the repo using git, then
                                              mount the EmptyDir into the Pod''s container.'
                                            properties:
                                              directory:
                                                description: directory is the target
                                                  directory name. Must not contain
                                                  or start with '..'.  If '.' is supplied,
                                                  the volume directory will be the
                                                  git repository.  Otherwise, if specified,
                                                  the volume will contain the git
                                                  repository in the subdirectory with
                                                  the given name.
                                                type: string
                                              repository:
                                                description: repository is the URL
                                                type: string
                                              revision:
                                                description: revision is the commit
                                                  hash for the specified revision.
                                                type: string
                                            required:
                                            - repository
                                            type: object
                                          glusterfs:
                                            description: 'glusterfs represents a Glusterfs
                                              mount on the host that shares a pod''s
                                              lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                            properties:
                                              endpoints:
                                                description: 'endpoints is the endpoint
                                                  name that details Glusterfs topology.
                                                  More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: string
                                              path:
                                                description: 'path is the Glusterfs
                                                  volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the Glusterfs volume to be mounted
                                                  with read-only permissions. Defaults
                                                  to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: boolean
                                            required:
                                            - endpoints
                                            - path
                                            type: object
                                          hostPath:
                                            description: 'hostPath represents a pre-existing
                                              file or directory on the host machine
                                              that is directly exposed to the container.
                                              This is generally used for system agents
                                              or other privileged things that are
                                              allowed to see the host machine. Most
                                              containers will NOT need this. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                              --- TODO(jonesdl) We need to restrict
                                              who can use host directory mounts and
                                              who can/can not mount host directories
                                              as read/write.'
                                            properties:
                                              path:
                                                description: 'path of the directory
                                                  on the host. If the path is a symlink,
                                                  it will follow the link to the real
                                                  path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                                type: string
                                              type:
                                                description: 'type for HostPath Volume
                                                  Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                                type: string
                                            required:
                                            - path
                                            type: object
                                          iscsi:
                                            description: 'iscsi represents an ISCSI
                                              Disk resource that is attached to a
                                              kubelet''s host machine and then exposed
                                              to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                            properties:
                                              chapAuthDiscovery:
                                                description: chapAuthDiscovery defines
                                                  whether support iSCSI Discovery
                                                  CHAP authentication
                                                type: boolean
                                              chapAuthSession:
                                                description: chapAuthSession defines
                                                  whether support iSCSI Session CHAP
                                                  authentication
                                                type: boolean
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              initiatorName:
                                                description: initiatorName is the
                                                  custom iSCSI Initiator Name. If
                                                  initiatorName is specified with
                                                  iscsiInterface simultaneously, new
                                                  iSCSI interface <target portal>:<volume
                                                  name> will be created for the connection.
                                                type: string
                                              iqn:
                                                description: iqn is the target iSCSI
                                                  Qualified Name.
                                                type: string
                                              iscsiInterface:
                                                description: iscsiInterface is the
                                                  interface Name that uses an iSCSI
                                                  transport. Defaults to 'default'
                                                  (tcp).
                                                type: string
                                              lun:
                                                description: lun represents iSCSI
                                                  Target Lun number.
                                                format: int32
                                                type: integer
                                              portals:
                                                description: portals is the iSCSI
                                                  Target Portal List. The portal is
                                                  either an IP or ip_addr:port if
                                                  the port is other than default (typically
                                                  TCP ports 860 and 3260).
                                                items:
                                                  type: string
                                                type: array
                                              readOnly:
                                                description: readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false.
                                                type: boolean
                                              secretRef:
                                                description: secretRef is the CHAP
                                                  Secret for iSCSI target and initiator
                                                  authentication
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              targetPortal:
                                                description: targetPortal is iSCSI
                                                  Target Portal. The Portal is either
                                                  an IP or ip_addr:port if the port
                                                  is other than default (typically
                                                  TCP ports 860 and 3260).
                                                type: string
                                            required:
                                            - iqn
                                            - lun
                                            - targetPortal
                                            type: object
                                          name:
                                            description: 'name of the volume. Must
                                              be a DNS_LABEL and unique within the
                                              pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                            type: string
                                          nfs:
                                            description: 'nfs represents an NFS mount
                                              on the host that shares a pod''s lifetime
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            properties:
                                              path:
                                                description: 'path that is exported
                                                  by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the NFS export to be mounted with
                                                  read-only permissions. Defaults
                                                  to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: boolean
                                              server:
                                                description: 'server is the hostname
                                                  or IP address of the NFS server.
                                                  More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: string
                                            required:
                                            - path
                                            - server
                                            type: object
                                          persistentVolumeClaim:
                                            description: 'persistentVolumeClaimVolumeSource
                                              represents a reference to a PersistentVolumeClaim
                                              in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            properties:
                                              claimName:
                                                description: 'claimName is the name
                                                  of a PersistentVolumeClaim in the
                                                  same namespace as the pod using
                                                  this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                                type: string
                                              readOnly:
                                                description: readOnly Will force the
                                                  ReadOnly setting in VolumeMounts.
                                                  Default false.
                                                type: boolean
                                            required:
                                            - claimName
                                            type: object
                                          photonPersistentDisk:
                                            description: photonPersistentDisk represents
                                              a PhotonController persistent disk attached
                                              and mounted on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              pdID:
                                                description: pdID is the ID that identifies
                                                  Photon Controller persistent disk
                                                type: string
                                            required:
                                            - pdID
                                            type: object
                                          portworxVolume:
                                            description: portworxVolume represents
                                              a portworx volume attached and mounted
                                              on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fSType represents the
                                                  filesystem type to mount Must be
                                                  a filesystem type supported by the
                                                  host operating system. Ex. "ext4",
                                                  "xfs". Implicitly inferred to be
                                                  "ext4" if unspecified.
                                                type: string
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              volumeID:
                                                description: volumeID uniquely identifies
                                                  a Portworx volume
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          projected:
                                            description: projected items for all in
                                              one resources secrets, configmaps, and
                                              downward API
                                            properties:
                                              defaultMode:
                                                description: defaultMode are the mode
                                                  bits used to set permissions on
                                                  created files by default. Must be
                                                  an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Directories
                                                  within the path are not affected
                                                  by this setting. This might be in
                                                  conflict with other options that
                                                  affect the file mode, like fsGroup,
                                                  and the result can be other mode
                                                  bits set.
                                                format: int32
                                                type: integer
                                              sources:
                                                description: sources is the list of
                                                  volume projections
                                                items:
                                                  description: Projection that may
                                                    be projected along with other
                                                    supported volume types
                                                  properties:
                                                    configMap:
                                                      description: configMap information
                                                        about the configMap data to
                                                        project
                                                      properties:
                                                        items:
                                                          description: items if unspecified,
                                                            each key-value pair in
                                                            the Data field of the
                                                            referenced ConfigMap will
                                                            be projected into the
                                                            volume as a file whose
                                                            name is the key and content
                                                            is the value. If specified,
                                                            the listed keys will be
                                                            projected into the specified
                                                            paths, and unlisted keys
                                                            will not be present. If
                                                            a key is specified which
                                                            is not present in the
                                                            ConfigMap, the volume
                                                            setup will error unless
                                                            it is marked optional.
                                                            Paths must be relative
                                                            and may not contain the
                                                            '..' path or start with
                                                            '..'.
                                                          items:
                                                            description: Maps a string
                                                              key to a path within
                                                              a volume.
                                                            properties:
                                                              key:
                                                                description: key is
                                                                  the key to project.
                                                                type: string
                                                              mode:
                                                                description: 'mode
                                                                  is Optional: mode
                                                                  bits used to set
                                                                  permissions on this
                                                                  file. Must be an
                                                                  octal value between
                                                                  0000 and 0777 or
                                                                  a decimal value
                                                                  between 0 and 511.
                                                                  YAML accepts both
                                                                  octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: path
                                                                  is the relative
                                                                  path of the file
                                                                  to map the key to.
                                                                  May not be an absolute
                                                                  path. May not contain
                                                                  the path element
                                                                  '..'. May not start
                                                                  with the string
                                                                  '..'.
                                                                type: string
                                                            required:
                                                            - key
                                                            - path
                                                            type: object
                                                          type: array
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: optional specify
                                                            whether the ConfigMap
                                                            or its keys must be defined
                                                          type: boolean
                                                      type: object
                                                    downwardAPI:
                                                      description: downwardAPI information
                                                        about the downwardAPI data
                                                        to project
                                                      properties:
                                                        items:
                                                          description: Items is a
                                                            list of DownwardAPIVolume
                                                            file
                                                          items:
                                                            description: DownwardAPIVolumeFile
                                                              represents information
                                                              to create the file containing
                                                              the pod field
                                                            properties:
                                                              fieldRef:
                                                                description: 'Required:
                                                                  Selects a field
                                                                  of the pod: only
                                                                  annotations, labels,
                                                                  name and namespace
                                                                  are supported.'
                                                                properties:
                                                                  apiVersion:
                                                                    description: Version
                                                                      of the schema
                                                                      the FieldPath
                                                                      is written in
                                                                      terms of, defaults
                                                                      to "v1".
                                                                    type: string
                                                                  fieldPath:
                                                                    description: Path
                                                                      of the field
                                                                      to select in
                                                                      the specified
                                                                      API version.
                                                                    type: string
                                                                required:
                                                                - fieldPath
                                                                type: object
                                                              mode:
                                                                description: 'Optional:
                                                                  mode bits used to
                                                                  set permissions
                                                                  on this file, must
                                                                  be an octal value
                                                                  between 0000 and
                                                                  0777 or a decimal
                                                                  value between 0
                                                                  and 511. YAML accepts
                                                                  both octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: 'Required:
                                                                  Path is  the relative
                                                                  path name of the
                                                                  file to be created.
                                                                  Must not be absolute
                                                                  or contain the ''..''
                                                                  path. Must be utf-8
                                                                  encoded. The first
                                                                  item of the relative
                                                                  path must not start
                                                                  with ''..'''
                                                                type: string
                                                              resourceFieldRef:
                                                                description: 'Selects
                                                                  a resource of the
                                                                  container: only
                                                                  resources limits
                                                                  and requests (limits.cpu,
                                                                  limits.memory, requests.cpu
                                                                  and requests.memory)
                                                                  are currently supported.'
                                                                properties:
                                                                  containerName:
                                                                    description: 'Container
                                                                      name: required
                                                                      for volumes,
                                                                      optional for
                                                                      env vars'
                                                                    type: string
                                                                  divisor:
                                                                    anyOf:
                                                                    - type: integer
                                                                    - type: string
                                                                    description: Specifies
                                                                      the output format
                                                                      of the exposed
                                                                      resources, defaults
                                                                      to "1"
                                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                    x-kubernetes-int-or-string: true
                                                                  resource:
                                                                    description: 'Required:
                                                                      resource to
                                                                      select'
                                                                    type: string
                                                                required:
                                                                - resource
                                                                type: object
                                                            required:
                                                            - path
                                                            type: object
                                                          type: array
                                                      type: object
                                                    secret:
                                                      description: secret information
                                                        about the secret data to project
                                                      properties:
                                                        items:
                                                          description: items if unspecified,
                                                            each key-value pair in
                                                            the Data field of the
                                                            referenced Secret will
                                                            be projected into the
                                                            volume as a file whose
                                                            name is the key and content
                                                            is the value. If specified,
                                                            the listed keys will be
                                                            projected into the specified
                                                            paths, and unlisted keys
                                                            will not be present. If
                                                            a key is specified which
                                                            is not present in the
                                                            Secret, the volume setup
                                                            will error unless it is
                                                            marked optional. Paths
                                                            must be relative and may
                                                            not contain the '..' path
                                                            or start with '..'.
                                                          items:
                                                            description: Maps a string
                                                              key to a path within
                                                              a volume.
                                                            properties:
                                                              key:
                                                                description: key is
                                                                  the key to project.
                                                                type: string
                                                              mode:
                                                                description: 'mode
                                                                  is Optional: mode
                                                                  bits used to set
                                                                  permissions on this
                                                                  file. Must be an
                                                                  octal value between
                                                                  0000 and 0777 or
                                                                  a decimal value
                                                                  between 0 and 511.
                                                                  YAML accepts both
                                                                  octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: path
                                                                  is the relative
                                                                  path of the file
                                                                  to map the key to.
                                                                  May not be an absolute
                                                                  path. May not contain
                                                                  the path element
                                                                  '..'. May not start
                                                                  with the string
                                                                  '..'.
                                                                type: string
                                                            required:
                                                            - key
                                                            - path
                                                            type: object
                                                          type: array
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: optional field
                                                            specify whether the Secret
                                                            or its key must be defined
                                                          type: boolean
                                                      type: object
                                                    serviceAccountToken:
                                                      description: serviceAccountToken
                                                        is information about the serviceAccountToken
                                                        data to project
                                                      properties:
                                                        audience:
                                                          description: audience is
                                                            the intended audience
                                                            of the token. A recipient
                                                            of a token must identify
                                                            itself with an identifier
                                                            specified in the audience
                                                            of the token, and otherwise
                                                            should reject the token.
                                                            The audience defaults
                                                            to the identifier of the
                                                            apiserver.
                                                          type: string
                                                        expirationSeconds:
                                                          description: expirationSeconds
                                                            is the requested duration
                                                            of validity of the service
                                                            account token. As the
                                                            token approaches expiration,
                                                            the kubelet volume plugin
                                                            will proactively rotate
                                                            the service account token.
                                                            The kubelet will start
                                                            trying to rotate the token
                                                            if the token is older
                                                            than 80 percent of its
                                                            time to live or if the
                                                            token is older than 24
                                                            hours.Defaults to 1 hour
                                                            and must be at least 10
                                                            minutes.
                                                          format: int64
                                                          type: integer
                                                        path:
                                                          description: path is the
                                                            path relative to the mount
                                                            point of the file to project
                                                            the token into.
                                                          type: string
                                                      required:
                                                      - path
                                                      type: object
                                                  type: object
                                                type: array
                                            type: object
                                          quobyte:
                                            description: quobyte represents a Quobyte
                                              mount on the host that shares a pod's
                                              lifetime
                                            properties:
                                              group:
                                                description: group to map volume access
                                                  to Default is no group
                                                type: string
                                              readOnly:
                                                description: readOnly here will force
                                                  the Quobyte volume to be mounted
                                                  with read-only permissions. Defaults
                                                  to false.
                                                type: boolean
                                              registry:
                                                description: registry represents a
                                                  single or multiple Quobyte Registry
                                                  services specified as a string as
                                                  host:port pair (multiple entries
                                                  are separated with commas) which
                                                  acts as the central registry for
                                                  volumes
                                                type: string
                                              tenant:
                                                description: tenant owning the given
                                                  Quobyte volume in the Backend Used
                                                  with dynamically provisioned Quobyte
                                                  volumes, value is set by the plugin
                                                type: string
                                              user:
                                                description: user to map volume access
                                                  to Defaults to serivceaccount user
                                                type: string
                                              volume:
                                                description: volume is a string that
                                                  references an already created Quobyte
                                                  volume by name.
                                                type: string
                                            required:
                                            - registry
                                            - volume
                                            type: object
                                          rbd:
                                            description: 'rbd represents a Rados Block
                                              Device mount on the host that shares
                                              a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              image:
                                                description: 'image is the rados image
                                                  name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              keyring:
                                                description: 'keyring is the path
                                                  to key ring for RBDUser. Default
                                                  is /etc/ceph/keyring. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              monitors:
                                                description: 'monitors is a collection
                                                  of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                items:
                                                  type: string
                                                type: array
                                              pool:
                                                description: 'pool is the rados pool
                                                  name. Default is rbd. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is name of
                                                  the authentication secret for RBDUser.
                                                  If provided overrides keyring. Default
                                                  is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              user:
                                                description: 'user is the rados user
                                                  name. Default is admin. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                            required:
                                            - image
                                            - monitors
                                            type: object
                                          scaleIO:
                                            description: scaleIO represents a ScaleIO
                                              persistent volume attached and mounted
                                              on Kubernetes nodes.
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Default is "xfs".
                                                type: string
                                              gateway:
                                                description: gateway is the host address
                                                  of the ScaleIO API Gateway.
                                                type: string
                                              protectionDomain:
                                                description: protectionDomain is the
                                                  name of the ScaleIO Protection Domain
                                                  for the configured storage.
                                                type: string
                                              readOnly:
                                                description: readOnly Defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretRef:
                                                description: secretRef references
                                                  to the secret for ScaleIO user and
                                                  other sensitive information. If
                                                  this is not provided, Login operation
                                                  will fail.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              sslEnabled:
                                                description: sslEnabled Flag enable/disable
                                                  SSL communication with Gateway,
                                                  default false
                                                type: boolean
                                              storageMode:
                                                description: storageMode indicates
                                                  whether the storage for a volume
                                                  should be ThickProvisioned or ThinProvisioned.
                                                  Default is ThinProvisioned.
                                                type: string
                                              storagePool:
                                                description: storagePool is the ScaleIO
                                                  Storage Pool associated with the
                                                  protection domain.
                                                type: string
                                              system:
                                                description: system is the name of
                                                  the storage system as configured
                                                  in ScaleIO.
                                                type: string
                                              volumeName:
                                                description: volumeName is the name
                                                  of a volume already created in the
                                                  ScaleIO system that is associated
                                                  with this volume source.
                                                type: string
                                            required:
                                            - gateway
                                            - secretRef
                                            - system
                                            type: object
                                          secret:
                                            description: 'secret represents a secret
                                              that should populate this volume. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            properties:
                                              defaultMode:
                                                description: 'defaultMode is Optional:
                                                  mode bits used to set permissions
                                                  on created files by default. Must
                                                  be an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Defaults
                                                  to 0644. Directories within the
                                                  path are not affected by this setting.
                                                  This might be in conflict with other
                                                  options that affect the file mode,
                                                  like fsGroup, and the result can
                                                  be other mode bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: items If unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced Secret will
                                                  be projected into the volume as
                                                  a file whose name is the key and
                                                  content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the Secret, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              optional:
                                                description: optional field specify
                                                  whether the Secret or its keys must
                                                  be defined
                                                type: boolean
                                              secretName:
                                                description: 'secretName is the name
                                                  of the secret in the pod''s namespace
                                                  to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                                type: string
                                            type: object
                                          storageos:
                                            description: storageOS represents a StorageOS
                                              volume attached and mounted on Kubernetes
                                              nodes.
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretRef:
                                                description: secretRef specifies the
                                                  secret to use for obtaining the
                                                  StorageOS API credentials.  If not
                                                  specified, default values will be
                                                  attempted.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              volumeName:
                                                description: volumeName is the human-readable
                                                  name of the StorageOS volume.  Volume
                                                  names are only unique within a namespace.
                                                type: string
                                              volumeNamespace:
                                                description: volumeNamespace specifies
                                                  the scope of the volume within StorageOS.  If
                                                  no namespace is specified then the
                                                  Pod's namespace will be used.  This
                                                  allows the Kubernetes name scoping
                                                  to be mirrored within StorageOS
                                                  for tighter integration. Set VolumeName
                                                  to any name to override the default
                                                  behaviour. Set to "default" if you
                                                  are not using namespaces within
                                                  StorageOS. Namespaces that do not
                                                  pre-exist within StorageOS will
                                                  be created.
                                                type: string
                                            type: object
                                          vsphereVolume:
                                            description: vsphereVolume represents
                                              a vSphere volume attached and mounted
                                              on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fsType is filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              storagePolicyID:
                                                description: storagePolicyID is the
                                                  storage Policy Based Management
                                                  (SPBM) profile ID associated with
                                                  the StoragePolicyName.
                                                type: string
                                              storagePolicyName:
                                                description: storagePolicyName is
                                                  the storage Policy Based Management
                                                  (SPBM) profile name.
                                                type: string
                                              volumePath:
                                                description: volumePath is the path
                                                  that identifies vSphere volume vmdk
                                                type: string
                                            required:
                                            - volumePath
                                            type: object
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    workspaces:
                                      description: Workspaces are the volumes that
                                        this Task requires.
                                      items:
                                        description: WorkspaceDeclaration is a declaration
                                          of a volume that a Task requires.
                                        properties:
                                          description:
                                            description: Description is an optional
                                              human readable description of this volume.
                                            type: string
                                          mountPath:
                                            description: MountPath overrides the directory
                                              that the volume will be made available
                                              at.
                                            type: string
                                          name:
                                            description: Name is the name by which
                                              you can bind the volume at runtime.
                                            type: string
                                          optional:
                                            description: Optional marks a Workspace
                                              as not being required in TaskRuns. By
                                              default this field is false and so declared
                                              workspaces are required.
                                            type: boolean
                                          readOnly:
                                            description: ReadOnly dictates whether
                                              a mounted volume is writable. By default
                                              this field is false and so mounted volumes
                                              are writable.
                                            type: boolean
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                timeout:
                                  description: 'Time after which the TaskRun times
                                    out. Defaults to 1 hour. Specified TaskRun timeout
                                    should be less than 24h. Refer Go''s ParseDuration
                                    documentation for expected format: https://golang.org/pkg/time/#ParseDuration'
                                  type: string
                                when:
                                  description: WhenExpressions is a list of when expressions
                                    that need to be true for the task to run
                                  items:
                                    description: WhenExpression allows a PipelineTask
                                      to declare expressions to be evaluated before
                                      the Task is run to determine whether the Task
                                      should be executed or skipped
                                    properties:
                                      input:
                                        description: Input is the string for guard
                                          checking which can be a static input or
                                          an output from a parent Task
                                        type: string
                                      operator:
                                        description: Operator that represents an Input's
                                          relationship to the values
                                        type: string
                                      values:
                                        description: Values is an array of strings,
                                          which is compared against the input, for
                                          guard checking It must be non-empty
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - input
                                    - operator
                                    - values
                                    type: object
                                  type: array
                                workspaces:
                                  description: Workspaces maps workspaces from the
                                    pipeline spec to the workspaces declared in the
                                    Task.
                                  items:
                                    description: WorkspacePipelineTaskBinding describes
                                      how a workspace passed into the pipeline should
                                      be mapped to a task's declared workspace.
                                    properties:
                                      name:
                                        description: Name is the name of the workspace
                                          as declared by the task
                                        type: string
                                      subPath:
                                        description: SubPath is optionally a directory
                                          on the volume which should be used for this
                                          binding (i.e. the volume will be mounted
                                          at this sub directory).
                                        type: string
                                      workspace:
                                        description: Workspace is the name of the
                                          workspace declared by the pipeline
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          params:
                            description: Params declares a list of input parameters
                              that must be supplied when this Pipeline is run.
                            items:
                              description: ParamSpec defines arbitrary parameters
                                needed beyond typed inputs (such as resources). Parameter
                                values are provided by users as inputs on a TaskRun
                                or PipelineRun.
                              properties:
                                default:
                                  description: Default is the value a parameter takes
                                    if no input value is supplied. If default is set,
                                    a Task may be executed without a supplied value
                                    for the parameter.
                                  properties:
                                    arrayVal:
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    objectVal:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    stringVal:
                                      type: string
                                    type:
                                      description: ParamType indicates the type of
                                        an input parameter; Used to distinguish between
                                        a single string and an array of strings.
                                      type: string
                                  required:
                                  - arrayVal
                                  - objectVal
                                  - stringVal
                                  - type
                                  type: object
                                description:
                                  description: Description is a user-facing description
                                    of the parameter that may be used to populate
                                    a UI.
                                  type: string
                                name:
                                  description: Name declares the name by which a parameter
                                    is referenced.
                                  type: string
                                properties:
                                  additionalProperties:
                                    description: PropertySpec defines the struct for
                                      object keys
                                    properties:
                                      type:
                                        description: ParamType indicates the type
                                          of an input parameter; Used to distinguish
                                          between a single string and an array of
                                          strings.
                                        type: string
                                    type: object
                                  description: Properties is the JSON Schema properties
                                    to support key-value pairs parameter.
                                  type: object
                                type:
                                  description: Type is the user-specified type of
                                    the parameter. The possible types are currently
                                    "string", "array" and "object", and "string" is
                                    the default.
                                  type: string
                              required:
                              - name
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          resources:
                            description: Resources declares the names and types of
                              the resources given to the Pipeline's tasks as inputs
                              and outputs.
                            items:
                              description: PipelineDeclaredResource is used by a Pipeline
                                to declare the types of the PipelineResources that
                                it will required to run and names which can be used
                                to refer to these PipelineResources in PipelineTaskResourceBindings.
                              properties:
                                name:
                                  description: Name is the name that will be used
                                    by the Pipeline to refer to this resource. It
                                    does not directly correspond to the name of any
                                    PipelineResources Task inputs or outputs, and
                                    it does not correspond to the actual names of
                                    the PipelineResources that will be bound in the
                                    PipelineRun.
                                  type: string
                                optional:
                                  description: 'Optional declares the resource as
                                    optional. optional: true - the resource is considered
                                    optional optional: false - the resource is considered
                                    required (default/equivalent of not specifying
                                    it)'
                                  type: boolean
                                type:
                                  description: Type is the type of the PipelineResource.
                                  type: string
                              required:
                              - name
                              - type
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          results:
                            description: Results are values that this pipeline can
                              output once run
                            items:
                              description: PipelineResult used to describe the results
                                of a pipeline
                              properties:
                                description:
                                  description: Description is a human-readable description
                                    of the result
                                  type: string
                                name:
                                  description: Name the given name
                                  type: string
                                type:
                                  description: Type is the user-specified type of
                                    the result. The possible types are 'string', 'array',
                                    and 'object', with 'string' as the default. 'array'
                                    and 'object' types are alpha features.
                                  type: string
                                value:
                                  description: Value the expression used to retrieve
                                    the value
                                  properties:
                                    arrayVal:
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    objectVal:
                                      additionalProperties:
                                        type: string
                                      type: object
                                    stringVal:
                                      type: string
                                    type:
                                      description: ParamType indicates the type of
                                        an input parameter; Used to distinguish between
                                        a single string and an array of strings.
                                      type: string
                                  required:
                                  - arrayVal
                                  - objectVal
                                  - stringVal
                                  - type
                                  type: object
                              required:
                              - name
                              - value
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          tasks:
                            description: Tasks declares the graph of Tasks that execute
                              when this Pipeline is run.
                            items:
                              description: PipelineTask defines a task in a Pipeline,
                                passing inputs from both Params and from the output
                                of previous tasks.
                              properties:
                                matrix:
                                  description: Matrix declares parameters used to
                                    fan out this task.
                                  properties:
                                    params:
                                      description: Params is a list of parameters
                                        used to fan out the pipelineTask Params takes
                                        only `Parameters` of type `"array"` Each array
                                        element is supplied to the `PipelineTask`
                                        by substituting `params` of type `"string"`
                                        in the underlying `Task`. The names of the
                                        `params` in the `Matrix` must match the names
                                        of the `params` in the underlying `Task` that
                                        they will be substituting.
                                      items:
                                        description: Param declares an ParamValues
                                          to use for the parameter called name.
                                        properties:
                                          name:
                                            type: string
                                          value:
                                            description: ParamValue is a type that
                                              can hold a single string or string array.
                                              Used in JSON unmarshalling so that a
                                              single JSON field can accept either
                                              an individual string or an array of
                                              strings.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                name:
                                  description: Name is the name of this task within
                                    the context of a Pipeline. Name is used as a coordinate
                                    with the `from` and `runAfter` fields to establish
                                    the execution order of tasks relative to one another.
                                  type: string
                                params:
                                  description: Parameters declares parameters passed
                                    to this task.
                                  items:
                                    description: Param declares an ParamValues to
                                      use for the parameter called name.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        description: ParamValue is a type that can
                                          hold a single string or string array. Used
                                          in JSON unmarshalling so that a single JSON
                                          field can accept either an individual string
                                          or an array of strings.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resources:
                                  description: Resources declares the resources given
                                    to this task as inputs and outputs.
                                  properties:
                                    inputs:
                                      description: Inputs holds the mapping from the
                                        PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: PipelineTaskInputResource maps
                                          the name of a declared PipelineResource
                                          input dependency in a Task to the resource
                                          in the Pipeline's DeclaredPipelineResources
                                          that should be used. This input may come
                                          from a previous task.
                                        properties:
                                          from:
                                            description: From is the list of PipelineTask
                                              names that the resource has to come
                                              from. (Implies an ordering in the execution
                                              graph.)
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          name:
                                            description: Name is the name of the PipelineResource
                                              as declared by the Task.
                                            type: string
                                          resource:
                                            description: Resource is the name of the
                                              DeclaredPipelineResource to use.
                                            type: string
                                        required:
                                        - name
                                        - resource
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    outputs:
                                      description: Outputs holds the mapping from
                                        the PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: PipelineTaskOutputResource maps
                                          the name of a declared PipelineResource
                                          output dependency in a Task to the resource
                                          in the Pipeline's DeclaredPipelineResources
                                          that should be used.
                                        properties:
                                          name:
                                            description: Name is the name of the PipelineResource
                                              as declared by the Task.
                                            type: string
                                          resource:
                                            description: Resource is the name of the
                                              DeclaredPipelineResource to use.
                                            type: string
                                        required:
                                        - name
                                        - resource
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                retries:
                                  description: 'Retries represents how many times
                                    this task should be retried in case of task failure:
                                    ConditionSucceeded set to False'
                                  type: integer
                                runAfter:
                                  description: RunAfter is the list of PipelineTask
                                    names that should be executed before this Task
                                    executes. (Used to force a specific ordering in
                                    graph execution.)
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                taskRef:
                                  description: TaskRef is a reference to a task definition.
                                  properties:
                                    apiVersion:
                                      description: API version of the referent
                                      type: string
                                    bundle:
                                      description: 'Bundle url reference to a Tekton
                                        Bundle. Deprecated: Please use ResolverRef
                                        with the bundles resolver instead.'
                                      type: string
                                    kind:
                                      description: TaskKind indicates the kind of
                                        the task, namespaced or cluster scoped.
                                      type: string
                                    name:
                                      description: 'Name of the referent; More info:
                                        http://kubernetes.io/docs/user-guide/identifiers#names'
                                      type: string
                                    params:
                                      description: Params contains the parameters
                                        used to identify the referenced Tekton resource.
                                        Example entries might include "repo" or "path"
                                        but the set of params ultimately depends on
                                        the chosen resolver.
                                      items:
                                        description: Param declares an ParamValues
                                          to use for the parameter called name.
                                        properties:
                                          name:
                                            type: string
                                          value:
                                            description: ParamValue is a type that
                                              can hold a single string or string array.
                                              Used in JSON unmarshalling so that a
                                              single JSON field can accept either
                                              an individual string or an array of
                                              strings.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    resolver:
                                      description: Resolver is the name of the resolver
                                        that should perform resolution of the referenced
                                        Tekton resource, such as "git".
                                      type: string
                                  type: object
                                taskSpec:
                                  description: TaskSpec is a specification of a task
                                  properties:
                                    apiVersion:
                                      type: string
                                    description:
                                      description: Description is a user-facing description
                                        of the task that may be used to populate a
                                        UI.
                                      type: string
                                    kind:
                                      type: string
                                    metadata:
                                      description: PipelineTaskMetadata contains the
                                        labels or annotations for an EmbeddedTask
                                      properties:
                                        annotations:
                                          additionalProperties:
                                            type: string
                                          type: object
                                        labels:
                                          additionalProperties:
                                            type: string
                                          type: object
                                      type: object
                                    params:
                                      description: Params is a list of input parameters
                                        required to run the task. Params must be supplied
                                        as inputs in TaskRuns unless they declare
                                        a default value.
                                      items:
                                        description: ParamSpec defines arbitrary parameters
                                          needed beyond typed inputs (such as resources).
                                          Parameter values are provided by users as
                                          inputs on a TaskRun or PipelineRun.
                                        properties:
                                          default:
                                            description: Default is the value a parameter
                                              takes if no input value is supplied.
                                              If default is set, a Task may be executed
                                              without a supplied value for the parameter.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                          description:
                                            description: Description is a user-facing
                                              description of the parameter that may
                                              be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a parameter is referenced.
                                            type: string
                                          properties:
                                            additionalProperties:
                                              description: PropertySpec defines the
                                                struct for object keys
                                              properties:
                                                type:
                                                  description: ParamType indicates
                                                    the type of an input parameter;
                                                    Used to distinguish between a
                                                    single string and an array of
                                                    strings.
                                                  type: string
                                              type: object
                                            description: Properties is the JSON Schema
                                              properties to support key-value pairs
                                              parameter.
                                            type: object
                                          type:
                                            description: Type is the user-specified
                                              type of the parameter. The possible
                                              types are currently "string", "array"
                                              and "object", and "string" is the default.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    resources:
                                      description: Resources is a list input and output
                                        resource to run the task Resources are represented
                                        in TaskRuns as bindings to instances of PipelineResources.
                                      properties:
                                        inputs:
                                          description: Inputs holds the mapping from
                                            the PipelineResources declared in DeclaredPipelineResources
                                            to the input PipelineResources required
                                            by the Task.
                                          items:
                                            description: TaskResource defines an input
                                              or output Resource declared as a requirement
                                              by a Task. The Name field will be used
                                              to refer to these Resources within the
                                              Task definition, and when provided as
                                              an Input, the Name will be the path
                                              to the volume mounted containing this
                                              Resource as an input (e.g. an input
                                              Resource named `workspace` will be mounted
                                              at `/workspace`).
                                            properties:
                                              description:
                                                description: Description is a user-facing
                                                  description of the declared resource
                                                  that may be used to populate a UI.
                                                type: string
                                              name:
                                                description: Name declares the name
                                                  by which a resource is referenced
                                                  in the definition. Resources may
                                                  be referenced by name in the definition
                                                  of a Task's steps.
                                                type: string
                                              optional:
                                                description: 'Optional declares the
                                                  resource as optional. By default
                                                  optional is set to false which makes
                                                  a resource required. optional: true
                                                  - the resource is considered optional
                                                  optional: false - the resource is
                                                  considered required (equivalent
                                                  of not specifying it)'
                                                type: boolean
                                              targetPath:
                                                description: TargetPath is the path
                                                  in workspace directory where the
                                                  resource will be copied.
                                                type: string
                                              type:
                                                description: Type is the type of this
                                                  resource;
                                                type: string
                                            required:
                                            - name
                                            - type
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        outputs:
                                          description: Outputs holds the mapping from
                                            the PipelineResources declared in DeclaredPipelineResources
                                            to the input PipelineResources required
                                            by the Task.
                                          items:
                                            description: TaskResource defines an input
                                              or output Resource declared as a requirement
                                              by a Task. The Name field will be used
                                              to refer to these Resources within the
                                              Task definition, and when provided as
                                              an Input, the Name will be the path
                                              to the volume mounted containing this
                                              Resource as an input (e.g. an input
                                              Resource named `workspace` will be mounted
                                              at `/workspace`).
                                            properties:
                                              description:
                                                description: Description is a user-facing
                                                  description of the declared resource
                                                  that may be used to populate a UI.
                                                type: string
                                              name:
                                                description: Name declares the name
                                                  by which a resource is referenced
                                                  in the definition. Resources may
                                                  be referenced by name in the definition
                                                  of a Task's steps.
                                                type: string
                                              optional:
                                                description: 'Optional declares the
                                                  resource as optional. By default
                                                  optional is set to false which makes
                                                  a resource required. optional: true
                                                  - the resource is considered optional
                                                  optional: false - the resource is
                                                  considered required (equivalent
                                                  of not specifying it)'
                                                type: boolean
                                              targetPath:
                                                description: TargetPath is the path
                                                  in workspace directory where the
                                                  resource will be copied.
                                                type: string
                                              type:
                                                description: Type is the type of this
                                                  resource;
                                                type: string
                                            required:
                                            - name
                                            - type
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                      type: object
                                    results:
                                      description: Results are values that this Task
                                        can output
                                      items:
                                        description: TaskResult used to describe the
                                          results of a task
                                        properties:
                                          description:
                                            description: Description is a human-readable
                                              description of the result
                                            type: string
                                          name:
                                            description: Name the given name
                                            type: string
                                          properties:
                                            additionalProperties:
                                              description: PropertySpec defines the
                                                struct for object keys
                                              properties:
                                                type:
                                                  description: ParamType indicates
                                                    the type of an input parameter;
                                                    Used to distinguish between a
                                                    single string and an array of
                                                    strings.
                                                  type: string
                                              type: object
                                            description: Properties is the JSON Schema
                                              properties to support key-value pairs
                                              results.
                                            type: object
                                          type:
                                            description: Type is the user-specified
                                              type of the result. The possible type
                                              is currently "string" and will support
                                              "array" in following work.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    sidecars:
                                      description: Sidecars are run alongside the
                                        Task's step containers. They begin before
                                        the steps start and end after the steps complete.
                                      items:
                                        description: Sidecar has nearly the same data
                                          structure as Step but does not have the
                                          ability to timeout.
                                        properties:
                                          args:
                                            description: 'Arguments to the entrypoint.
                                              The image''s CMD is used if this is
                                              not provided. Variable references $(VAR_NAME)
                                              are expanded using the container''s
                                              environment. If a variable cannot be
                                              resolved, the reference in the input
                                              string will be unchanged. Double $$
                                              are reduced to a single $, which allows
                                              for escaping the $(VAR_NAME) syntax:
                                              i.e. "$$(VAR_NAME)" will produce the
                                              string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          command:
                                            description: 'Entrypoint array. Not executed
                                              within a shell. The image''s ENTRYPOINT
                                              is used if this is not provided. Variable
                                              references $(VAR_NAME) are expanded
                                              using the Sidecar''s environment. If
                                              a variable cannot be resolved, the reference
                                              in the input string will be unchanged.
                                              Double $$ are reduced to a single $,
                                              which allows for escaping the $(VAR_NAME)
                                              syntax: i.e. "$$(VAR_NAME)" will produce
                                              the string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          env:
                                            description: List of environment variables
                                              to set in the Sidecar. Cannot be updated.
                                            items:
                                              description: EnvVar represents an environment
                                                variable present in a Container.
                                              properties:
                                                name:
                                                  description: Name of the environment
                                                    variable. Must be a C_IDENTIFIER.
                                                  type: string
                                                value:
                                                  description: 'Variable references
                                                    $(VAR_NAME) are expanded using
                                                    the previously defined environment
                                                    variables in the container and
                                                    any service environment variables.
                                                    If a variable cannot be resolved,
                                                    the reference in the input string
                                                    will be unchanged. Double $$ are
                                                    reduced to a single $, which allows
                                                    for escaping the $(VAR_NAME) syntax:
                                                    i.e. "$$(VAR_NAME)" will produce
                                                    the string literal "$(VAR_NAME)".
                                                    Escaped references will never
                                                    be expanded, regardless of whether
                                                    the variable exists or not. Defaults
                                                    to "".'
                                                  type: string
                                                valueFrom:
                                                  description: Source for the environment
                                                    variable's value. Cannot be used
                                                    if value is not empty.
                                                  properties:
                                                    configMapKeyRef:
                                                      description: Selects a key of
                                                        a ConfigMap.
                                                      properties:
                                                        key:
                                                          description: The key to
                                                            select.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the ConfigMap or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                    fieldRef:
                                                      description: 'Selects a field
                                                        of the pod: supports metadata.name,
                                                        metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                        `metadata.annotations[''<KEY>'']`,
                                                        spec.nodeName, spec.serviceAccountName,
                                                        status.hostIP, status.podIP,
                                                        status.podIPs.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, limits.ephemeral-storage,
                                                        requests.cpu, requests.memory
                                                        and requests.ephemeral-storage)
                                                        are currently supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                    secretKeyRef:
                                                      description: Selects a key of
                                                        a secret in the pod's namespace
                                                      properties:
                                                        key:
                                                          description: The key of
                                                            the secret to select from.  Must
                                                            be a valid secret key.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the Secret or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                  type: object
                                              required:
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          envFrom:
                                            description: List of sources to populate
                                              environment variables in the Sidecar.
                                              The keys defined within a source must
                                              be a C_IDENTIFIER. All invalid keys
                                              will be reported as an event when the
                                              Sidecar is starting. When a key exists
                                              in multiple sources, the value associated
                                              with the last source will take precedence.
                                              Values defined by an Env with a duplicate
                                              key will take precedence. Cannot be
                                              updated.
                                            items:
                                              description: EnvFromSource represents
                                                the source of a set of ConfigMaps
                                              properties:
                                                configMapRef:
                                                  description: The ConfigMap to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap must be defined
                                                      type: boolean
                                                  type: object
                                                prefix:
                                                  description: An optional identifier
                                                    to prepend to each key in the
                                                    ConfigMap. Must be a C_IDENTIFIER.
                                                  type: string
                                                secretRef:
                                                  description: The Secret to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret must be defined
                                                      type: boolean
                                                  type: object
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          image:
                                            description: 'Image name to be used by
                                              the Sidecar. More info: https://kubernetes.io/docs/concepts/containers/images'
                                            type: string
                                          imagePullPolicy:
                                            description: 'Image pull policy. One of
                                              Always, Never, IfNotPresent. Defaults
                                              to Always if :latest tag is specified,
                                              or IfNotPresent otherwise. Cannot be
                                              updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                            type: string
                                          lifecycle:
                                            description: Actions that the management
                                              system should take in response to Sidecar
                                              lifecycle events. Cannot be updated.
                                            properties:
                                              postStart:
                                                description: 'PostStart is called
                                                  immediately after a container is
                                                  created. If the handler fails, the
                                                  container is terminated and restarted
                                                  according to its restart policy.
                                                  Other management of the container
                                                  blocks until the hook completes.
                                                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                              preStop:
                                                description: 'PreStop is called immediately
                                                  before a container is terminated
                                                  due to an API request or management
                                                  event such as liveness/startup probe
                                                  failure, preemption, resource contention,
                                                  etc. The handler is not called if
                                                  the container crashes or exits.
                                                  The Pod''s termination grace period
                                                  countdown begins before the PreStop
                                                  hook is executed. Regardless of
                                                  the outcome of the handler, the
                                                  container will eventually terminate
                                                  within the Pod''s termination grace
                                                  period (unless delayed by finalizers).
                                                  Other management of the container
                                                  blocks until the hook completes
                                                  or until the termination grace period
                                                  is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                            type: object
                                          livenessProbe:
                                            description: 'Periodic probe of Sidecar
                                              liveness. Container will be restarted
                                              if the probe fails. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          name:
                                            description: Name of the Sidecar specified
                                              as a DNS_LABEL. Each Sidecar in a Task
                                              must have a unique name (DNS_LABEL).
                                              Cannot be updated.
                                            type: string
                                          ports:
                                            description: List of ports to expose from
                                              the Sidecar. Exposing a port here gives
                                              the system additional information about
                                              the network connections a container
                                              uses, but is primarily informational.
                                              Not specifying a port here DOES NOT
                                              prevent that port from being exposed.
                                              Any port which is listening on the default
                                              "0.0.0.0" address inside a container
                                              will be accessible from the network.
                                              Cannot be updated.
                                            items:
                                              description: ContainerPort represents
                                                a network port in a single container.
                                              properties:
                                                containerPort:
                                                  description: Number of port to expose
                                                    on the pod's IP address. This
                                                    must be a valid port number, 0
                                                    < x < 65536.
                                                  format: int32
                                                  type: integer
                                                hostIP:
                                                  description: What host IP to bind
                                                    the external port to.
                                                  type: string
                                                hostPort:
                                                  description: Number of port to expose
                                                    on the host. If specified, this
                                                    must be a valid port number, 0
                                                    < x < 65536. If HostNetwork is
                                                    specified, this must match ContainerPort.
                                                    Most containers do not need this.
                                                  format: int32
                                                  type: integer
                                                name:
                                                  description: If specified, this
                                                    must be an IANA_SVC_NAME and unique
                                                    within the pod. Each named port
                                                    in a pod must have a unique name.
                                                    Name for the port that can be
                                                    referred to by services.
                                                  type: string
                                                protocol:
                                                  default: TCP
                                                  description: Protocol for port.
                                                    Must be UDP, TCP, or SCTP. Defaults
                                                    to "TCP".
                                                  type: string
                                              required:
                                              - containerPort
                                              type: object
                                            type: array
                                            x-kubernetes-list-map-keys:
                                            - containerPort
                                            - protocol
                                            x-kubernetes-list-type: map
                                          readinessProbe:
                                            description: 'Periodic probe of Sidecar
                                              service readiness. Container will be
                                              removed from service endpoints if the
                                              probe fails. Cannot be updated. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          resources:
                                            description: 'Compute Resources required
                                              by this Sidecar. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            properties:
                                              limits:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Limits describes the
                                                  maximum amount of compute resources
                                                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                              requests:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Requests describes the
                                                  minimum amount of compute resources
                                                  required. If Requests is omitted
                                                  for a container, it defaults to
                                                  Limits if that is explicitly specified,
                                                  otherwise to an implementation-defined
                                                  value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          script:
                                            description: "Script is the contents of
                                              an executable file to execute. \n If
                                              Script is not empty, the Step cannot
                                              have an Command or Args."
                                            type: string
                                          securityContext:
                                            description: 'SecurityContext defines
                                              the security options the Sidecar should
                                              be run with. If set, the fields of SecurityContext
                                              override the equivalent fields of PodSecurityContext.
                                              More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                            properties:
                                              allowPrivilegeEscalation:
                                                description: 'AllowPrivilegeEscalation
                                                  controls whether a process can gain
                                                  more privileges than its parent
                                                  process. This bool directly controls
                                                  if the no_new_privs flag will be
                                                  set on the container process. AllowPrivilegeEscalation
                                                  is true always when the container
                                                  is: 1) run as Privileged 2) has
                                                  CAP_SYS_ADMIN Note that this field
                                                  cannot be set when spec.os.name
                                                  is windows.'
                                                type: boolean
                                              capabilities:
                                                description: The capabilities to add/drop
                                                  when running containers. Defaults
                                                  to the default set of capabilities
                                                  granted by the container runtime.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  add:
                                                    description: Added capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                  drop:
                                                    description: Removed capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                type: object
                                              privileged:
                                                description: Run container in privileged
                                                  mode. Processes in privileged containers
                                                  are essentially equivalent to root
                                                  on the host. Defaults to false.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                type: boolean
                                              procMount:
                                                description: procMount denotes the
                                                  type of proc mount to use for the
                                                  containers. The default is DefaultProcMount
                                                  which uses the container runtime
                                                  defaults for readonly paths and
                                                  masked paths. This requires the
                                                  ProcMountType feature flag to be
                                                  enabled. Note that this field cannot
                                                  be set when spec.os.name is windows.
                                                type: string
                                              readOnlyRootFilesystem:
                                                description: Whether this container
                                                  has a read-only root filesystem.
                                                  Default is false. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                type: boolean
                                              runAsGroup:
                                                description: The GID to run the entrypoint
                                                  of the container process. Uses runtime
                                                  default if unset. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              runAsNonRoot:
                                                description: Indicates that the container
                                                  must run as a non-root user. If
                                                  true, the Kubelet will validate
                                                  the image at runtime to ensure that
                                                  it does not run as UID 0 (root)
                                                  and fail to start the container
                                                  if it does. If unset or false, no
                                                  such validation will be performed.
                                                  May also be set in PodSecurityContext.  If
                                                  set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: boolean
                                              runAsUser:
                                                description: The UID to run the entrypoint
                                                  of the container process. Defaults
                                                  to user specified in image metadata
                                                  if unspecified. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              seLinuxOptions:
                                                description: The SELinux context to
                                                  be applied to the container. If
                                                  unspecified, the container runtime
                                                  will allocate a random SELinux context
                                                  for each container.  May also be
                                                  set in PodSecurityContext.  If set
                                                  in both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                properties:
                                                  level:
                                                    description: Level is SELinux
                                                      level label that applies to
                                                      the container.
                                                    type: string
                                                  role:
                                                    description: Role is a SELinux
                                                      role label that applies to the
                                                      container.
                                                    type: string
                                                  type:
                                                    description: Type is a SELinux
                                                      type label that applies to the
                                                      container.
                                                    type: string
                                                  user:
                                                    description: User is a SELinux
                                                      user label that applies to the
                                                      container.
                                                    type: string
                                                type: object
                                              seccompProfile:
                                                description: The seccomp options to
                                                  use by this container. If seccomp
                                                  options are provided at both the
                                                  pod & container level, the container
                                                  options override the pod options.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  localhostProfile:
                                                    description: localhostProfile
                                                      indicates a profile defined
                                                      in a file on the node should
                                                      be used. The profile must be
                                                      preconfigured on the node to
                                                      work. Must be a descending path,
                                                      relative to the kubelet's configured
                                                      seccomp profile location. Must
                                                      only be set if type is "Localhost".
                                                    type: string
                                                  type:
                                                    description: "type indicates which
                                                      kind of seccomp profile will
                                                      be applied. Valid options are:
                                                      \n Localhost - a profile defined
                                                      in a file on the node should
                                                      be used. RuntimeDefault - the
                                                      container runtime default profile
                                                      should be used. Unconfined -
                                                      no profile should be applied."
                                                    type: string
                                                required:
                                                - type
                                                type: object
                                              windowsOptions:
                                                description: The Windows specific
                                                  settings applied to all containers.
                                                  If unspecified, the options from
                                                  the PodSecurityContext will be used.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                  Note that this field cannot be set
                                                  when spec.os.name is linux.
                                                properties:
                                                  gmsaCredentialSpec:
                                                    description: GMSACredentialSpec
                                                      is where the GMSA admission
                                                      webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                      inlines the contents of the
                                                      GMSA credential spec named by
                                                      the GMSACredentialSpecName field.
                                                    type: string
                                                  gmsaCredentialSpecName:
                                                    description: GMSACredentialSpecName
                                                      is the name of the GMSA credential
                                                      spec to use.
                                                    type: string
                                                  hostProcess:
                                                    description: HostProcess determines
                                                      if a container should be run
                                                      as a 'Host Process' container.
                                                      This field is alpha-level and
                                                      will only be honored by components
                                                      that enable the WindowsHostProcessContainers
                                                      feature flag. Setting this field
                                                      without the feature flag will
                                                      result in errors when validating
                                                      the Pod. All of a Pod's containers
                                                      must have the same effective
                                                      HostProcess value (it is not
                                                      allowed to have a mix of HostProcess
                                                      containers and non-HostProcess
                                                      containers).  In addition, if
                                                      HostProcess is true then HostNetwork
                                                      must also be set to true.
                                                    type: boolean
                                                  runAsUserName:
                                                    description: The UserName in Windows
                                                      to run the entrypoint of the
                                                      container process. Defaults
                                                      to the user specified in image
                                                      metadata if unspecified. May
                                                      also be set in PodSecurityContext.
                                                      If set in both SecurityContext
                                                      and PodSecurityContext, the
                                                      value specified in SecurityContext
                                                      takes precedence.
                                                    type: string
                                                type: object
                                            type: object
                                          startupProbe:
                                            description: 'StartupProbe indicates that
                                              the Pod the Sidecar is running in has
                                              successfully initialized. If specified,
                                              no other probes are executed until this
                                              completes successfully. If this probe
                                              fails, the Pod will be restarted, just
                                              as if the livenessProbe failed. This
                                              can be used to provide different probe
                                              parameters at the beginning of a Pod''s
                                              lifecycle, when it might take a long
                                              time to load data or warm a cache, than
                                              during steady-state operation. This
                                              cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          stdin:
                                            description: Whether this Sidecar should
                                              allocate a buffer for stdin in the container
                                              runtime. If this is not set, reads from
                                              stdin in the Sidecar will always result
                                              in EOF. Default is false.
                                            type: boolean
                                          stdinOnce:
                                            description: Whether the container runtime
                                              should close the stdin channel after
                                              it has been opened by a single attach.
                                              When stdin is true the stdin stream
                                              will remain open across multiple attach
                                              sessions. If stdinOnce is set to true,
                                              stdin is opened on Sidecar start, is
                                              empty until the first client attaches
                                              to stdin, and then remains open and
                                              accepts data until the client disconnects,
                                              at which time stdin is closed and remains
                                              closed until the Sidecar is restarted.
                                              If this flag is false, a container processes
                                              that reads from stdin will never receive
                                              an EOF. Default is false
                                            type: boolean
                                          terminationMessagePath:
                                            description: 'Optional: Path at which
                                              the file to which the Sidecar''s termination
                                              message will be written is mounted into
                                              the Sidecar''s filesystem. Message written
                                              is intended to be brief final status,
                                              such as an assertion failure message.
                                              Will be truncated by the node if greater
                                              than 4096 bytes. The total message length
                                              across all containers will be limited
                                              to 12kb. Defaults to /dev/termination-log.
                                              Cannot be updated.'
                                            type: string
                                          terminationMessagePolicy:
                                            description: Indicate how the termination
                                              message should be populated. File will
                                              use the contents of terminationMessagePath
                                              to populate the Sidecar status message
                                              on both success and failure. FallbackToLogsOnError
                                              will use the last chunk of Sidecar log
                                              output if the termination message file
                                              is empty and the Sidecar exited with
                                              an error. The log output is limited
                                              to 2048 bytes or 80 lines, whichever
                                              is smaller. Defaults to File. Cannot
                                              be updated.
                                            type: string
                                          tty:
                                            description: Whether this Sidecar should
                                              allocate a TTY for itself, also requires
                                              'stdin' to be true. Default is false.
                                            type: boolean
                                          volumeDevices:
                                            description: volumeDevices is the list
                                              of block devices to be used by the Sidecar.
                                            items:
                                              description: volumeDevice describes
                                                a mapping of a raw block device within
                                                a container.
                                              properties:
                                                devicePath:
                                                  description: devicePath is the path
                                                    inside of the container that the
                                                    device will be mapped to.
                                                  type: string
                                                name:
                                                  description: name must match the
                                                    name of a persistentVolumeClaim
                                                    in the pod
                                                  type: string
                                              required:
                                              - devicePath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          volumeMounts:
                                            description: Volumes to mount into the
                                              Sidecar's filesystem. Cannot be updated.
                                            items:
                                              description: VolumeMount describes a
                                                mounting of a Volume within a container.
                                              properties:
                                                mountPath:
                                                  description: Path within the container
                                                    at which the volume should be
                                                    mounted.  Must not contain ':'.
                                                  type: string
                                                mountPropagation:
                                                  description: mountPropagation determines
                                                    how mounts are propagated from
                                                    the host to container and the
                                                    other way around. When not set,
                                                    MountPropagationNone is used.
                                                    This field is beta in 1.10.
                                                  type: string
                                                name:
                                                  description: This must match the
                                                    Name of a Volume.
                                                  type: string
                                                readOnly:
                                                  description: Mounted read-only if
                                                    true, read-write otherwise (false
                                                    or unspecified). Defaults to false.
                                                  type: boolean
                                                subPath:
                                                  description: Path within the volume
                                                    from which the container's volume
                                                    should be mounted. Defaults to
                                                    "" (volume's root).
                                                  type: string
                                                subPathExpr:
                                                  description: Expanded path within
                                                    the volume from which the container's
                                                    volume should be mounted. Behaves
                                                    similarly to SubPath but environment
                                                    variable references $(VAR_NAME)
                                                    are expanded using the container's
                                                    environment. Defaults to "" (volume's
                                                    root). SubPathExpr and SubPath
                                                    are mutually exclusive.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          workingDir:
                                            description: Sidecar's working directory.
                                              If not specified, the container runtime's
                                              default will be used, which might be
                                              configured in the container image. Cannot
                                              be updated.
                                            type: string
                                          workspaces:
                                            description: "This is an alpha field.
                                              You must set the \"enable-api-fields\"
                                              feature flag to \"alpha\" for this field
                                              to be supported. \n Workspaces is a
                                              list of workspaces from the Task that
                                              this Sidecar wants exclusive access
                                              to. Adding a workspace to this list
                                              means that any other Step or Sidecar
                                              that does not also request this Workspace
                                              will not have access to it."
                                            items:
                                              description: WorkspaceUsage is used
                                                by a Step or Sidecar to declare that
                                                it wants isolated access to a Workspace
                                                defined in a Task.
                                              properties:
                                                mountPath:
                                                  description: MountPath is the path
                                                    that the workspace should be mounted
                                                    to inside the Step or Sidecar,
                                                    overriding any MountPath specified
                                                    in the Task's WorkspaceDeclaration.
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    the workspace this Step or Sidecar
                                                    wants access to.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    spec:
                                      description: Spec is a specification of a custom
                                        task
                                      type: object
                                    stepTemplate:
                                      description: StepTemplate can be used as the
                                        basis for all step containers within the Task,
                                        so that the steps inherit settings on the
                                        base container.
                                      properties:
                                        args:
                                          description: 'Arguments to the entrypoint.
                                            The image''s CMD is used if this is not
                                            provided. Variable references $(VAR_NAME)
                                            are expanded using the Step''s environment.
                                            If a variable cannot be resolved, the
                                            reference in the input string will be
                                            unchanged. Double $$ are reduced to a
                                            single $, which allows for escaping the
                                            $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                            will produce the string literal "$(VAR_NAME)".
                                            Escaped references will never be expanded,
                                            regardless of whether the variable exists
                                            or not. Cannot be updated. More info:
                                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        command:
                                          description: 'Entrypoint array. Not executed
                                            within a shell. The docker image''s ENTRYPOINT
                                            is used if this is not provided. Variable
                                            references $(VAR_NAME) are expanded using
                                            the Step''s environment. If a variable
                                            cannot be resolved, the reference in the
                                            input string will be unchanged. Double
                                            $$ are reduced to a single $, which allows
                                            for escaping the $(VAR_NAME) syntax: i.e.
                                            "$$(VAR_NAME)" will produce the string
                                            literal "$(VAR_NAME)". Escaped references
                                            will never be expanded, regardless of
                                            whether the variable exists or not. Cannot
                                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        env:
                                          description: List of environment variables
                                            to set in the container. Cannot be updated.
                                          items:
                                            description: EnvVar represents an environment
                                              variable present in a Container.
                                            properties:
                                              name:
                                                description: Name of the environment
                                                  variable. Must be a C_IDENTIFIER.
                                                type: string
                                              value:
                                                description: 'Variable references
                                                  $(VAR_NAME) are expanded using the
                                                  previously defined environment variables
                                                  in the container and any service
                                                  environment variables. If a variable
                                                  cannot be resolved, the reference
                                                  in the input string will be unchanged.
                                                  Double $$ are reduced to a single
                                                  $, which allows for escaping the
                                                  $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                                  will produce the string literal
                                                  "$(VAR_NAME)". Escaped references
                                                  will never be expanded, regardless
                                                  of whether the variable exists or
                                                  not. Defaults to "".'
                                                type: string
                                              valueFrom:
                                                description: Source for the environment
                                                  variable's value. Cannot be used
                                                  if value is not empty.
                                                properties:
                                                  configMapKeyRef:
                                                    description: Selects a key of
                                                      a ConfigMap.
                                                    properties:
                                                      key:
                                                        description: The key to select.
                                                        type: string
                                                      name:
                                                        description: 'Name of the
                                                          referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                          TODO: Add other useful fields.
                                                          apiVersion, kind, uid?'
                                                        type: string
                                                      optional:
                                                        description: Specify whether
                                                          the ConfigMap or its key
                                                          must be defined
                                                        type: boolean
                                                    required:
                                                    - key
                                                    type: object
                                                  fieldRef:
                                                    description: 'Selects a field
                                                      of the pod: supports metadata.name,
                                                      metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                      `metadata.annotations[''<KEY>'']`,
                                                      spec.nodeName, spec.serviceAccountName,
                                                      status.hostIP, status.podIP,
                                                      status.podIPs.'
                                                    properties:
                                                      apiVersion:
                                                        description: Version of the
                                                          schema the FieldPath is
                                                          written in terms of, defaults
                                                          to "v1".
                                                        type: string
                                                      fieldPath:
                                                        description: Path of the field
                                                          to select in the specified
                                                          API version.
                                                        type: string
                                                    required:
                                                    - fieldPath
                                                    type: object
                                                  resourceFieldRef:
                                                    description: 'Selects a resource
                                                      of the container: only resources
                                                      limits and requests (limits.cpu,
                                                      limits.memory, limits.ephemeral-storage,
                                                      requests.cpu, requests.memory
                                                      and requests.ephemeral-storage)
                                                      are currently supported.'
                                                    properties:
                                                      containerName:
                                                        description: 'Container name:
                                                          required for volumes, optional
                                                          for env vars'
                                                        type: string
                                                      divisor:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Specifies the
                                                          output format of the exposed
                                                          resources, defaults to "1"
                                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                        x-kubernetes-int-or-string: true
                                                      resource:
                                                        description: 'Required: resource
                                                          to select'
                                                        type: string
                                                    required:
                                                    - resource
                                                    type: object
                                                  secretKeyRef:
                                                    description: Selects a key of
                                                      a secret in the pod's namespace
                                                    properties:
                                                      key:
                                                        description: The key of the
                                                          secret to select from.  Must
                                                          be a valid secret key.
                                                        type: string
                                                      name:
                                                        description: 'Name of the
                                                          referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                          TODO: Add other useful fields.
                                                          apiVersion, kind, uid?'
                                                        type: string
                                                      optional:
                                                        description: Specify whether
                                                          the Secret or its key must
                                                          be defined
                                                        type: boolean
                                                    required:
                                                    - key
                                                    type: object
                                                type: object
                                            required:
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        envFrom:
                                          description: List of sources to populate
                                            environment variables in the Step. The
                                            keys defined within a source must be a
                                            C_IDENTIFIER. All invalid keys will be
                                            reported as an event when the container
                                            is starting. When a key exists in multiple
                                            sources, the value associated with the
                                            last source will take precedence. Values
                                            defined by an Env with a duplicate key
                                            will take precedence. Cannot be updated.
                                          items:
                                            description: EnvFromSource represents
                                              the source of a set of ConfigMaps
                                            properties:
                                              configMapRef:
                                                description: The ConfigMap to select
                                                  from
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      ConfigMap must be defined
                                                    type: boolean
                                                type: object
                                              prefix:
                                                description: An optional identifier
                                                  to prepend to each key in the ConfigMap.
                                                  Must be a C_IDENTIFIER.
                                                type: string
                                              secretRef:
                                                description: The Secret to select
                                                  from
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      Secret must be defined
                                                    type: boolean
                                                type: object
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        image:
                                          description: 'Default image name to use
                                            for each Step. More info: https://kubernetes.io/docs/concepts/containers/images
                                            This field is optional to allow higher
                                            level config management to default or
                                            override container images in workload
                                            controllers like Deployments and StatefulSets.'
                                          type: string
                                        imagePullPolicy:
                                          description: 'Image pull policy. One of
                                            Always, Never, IfNotPresent. Defaults
                                            to Always if :latest tag is specified,
                                            or IfNotPresent otherwise. Cannot be updated.
                                            More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                          type: string
                                        lifecycle:
                                          description: Deprecated. This field will
                                            be removed in a future release. Actions
                                            that the management system should take
                                            in response to container lifecycle events.
                                            Cannot be updated.
                                          properties:
                                            postStart:
                                              description: 'PostStart is called immediately
                                                after a container is created. If the
                                                handler fails, the container is terminated
                                                and restarted according to its restart
                                                policy. Other management of the container
                                                blocks until the hook completes. More
                                                info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                              properties:
                                                exec:
                                                  description: Exec specifies the
                                                    action to take.
                                                  properties:
                                                    command:
                                                      description: Command is the
                                                        command line to execute inside
                                                        the container, the working
                                                        directory for the command  is
                                                        root ('/') in the container's
                                                        filesystem. The command is
                                                        simply exec'd, it is not run
                                                        inside a shell, so traditional
                                                        shell instructions ('|', etc)
                                                        won't work. To use a shell,
                                                        you need to explicitly call
                                                        out to that shell. Exit status
                                                        of 0 is treated as live/healthy
                                                        and non-zero is unhealthy.
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                httpGet:
                                                  description: HTTPGet specifies the
                                                    http request to perform.
                                                  properties:
                                                    host:
                                                      description: Host name to connect
                                                        to, defaults to the pod IP.
                                                        You probably want to set "Host"
                                                        in httpHeaders instead.
                                                      type: string
                                                    httpHeaders:
                                                      description: Custom headers
                                                        to set in the request. HTTP
                                                        allows repeated headers.
                                                      items:
                                                        description: HTTPHeader describes
                                                          a custom header to be used
                                                          in HTTP probes
                                                        properties:
                                                          name:
                                                            description: The header
                                                              field name
                                                            type: string
                                                          value:
                                                            description: The header
                                                              field value
                                                            type: string
                                                        required:
                                                        - name
                                                        - value
                                                        type: object
                                                      type: array
                                                    path:
                                                      description: Path to access
                                                        on the HTTP server.
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Name or number
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                    scheme:
                                                      description: Scheme to use for
                                                        connecting to the host. Defaults
                                                        to HTTP.
                                                      type: string
                                                  required:
                                                  - port
                                                  type: object
                                                tcpSocket:
                                                  description: Deprecated. TCPSocket
                                                    is NOT supported as a LifecycleHandler
                                                    and kept for the backward compatibility.
                                                    There are no validation of this
                                                    field and lifecycle hooks will
                                                    fail in runtime when tcp handler
                                                    is specified.
                                                  properties:
                                                    host:
                                                      description: 'Optional: Host
                                                        name to connect to, defaults
                                                        to the pod IP.'
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Number or name
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                  required:
                                                  - port
                                                  type: object
                                              type: object
                                            preStop:
                                              description: 'PreStop is called immediately
                                                before a container is terminated due
                                                to an API request or management event
                                                such as liveness/startup probe failure,
                                                preemption, resource contention, etc.
                                                The handler is not called if the container
                                                crashes or exits. The Pod''s termination
                                                grace period countdown begins before
                                                the PreStop hook is executed. Regardless
                                                of the outcome of the handler, the
                                                container will eventually terminate
                                                within the Pod''s termination grace
                                                period (unless delayed by finalizers).
                                                Other management of the container
                                                blocks until the hook completes or
                                                until the termination grace period
                                                is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                              properties:
                                                exec:
                                                  description: Exec specifies the
                                                    action to take.
                                                  properties:
                                                    command:
                                                      description: Command is the
                                                        command line to execute inside
                                                        the container, the working
                                                        directory for the command  is
                                                        root ('/') in the container's
                                                        filesystem. The command is
                                                        simply exec'd, it is not run
                                                        inside a shell, so traditional
                                                        shell instructions ('|', etc)
                                                        won't work. To use a shell,
                                                        you need to explicitly call
                                                        out to that shell. Exit status
                                                        of 0 is treated as live/healthy
                                                        and non-zero is unhealthy.
                                                      items:
                                                        type: string
                                                      type: array
                                                  type: object
                                                httpGet:
                                                  description: HTTPGet specifies the
                                                    http request to perform.
                                                  properties:
                                                    host:
                                                      description: Host name to connect
                                                        to, defaults to the pod IP.
                                                        You probably want to set "Host"
                                                        in httpHeaders instead.
                                                      type: string
                                                    httpHeaders:
                                                      description: Custom headers
                                                        to set in the request. HTTP
                                                        allows repeated headers.
                                                      items:
                                                        description: HTTPHeader describes
                                                          a custom header to be used
                                                          in HTTP probes
                                                        properties:
                                                          name:
                                                            description: The header
                                                              field name
                                                            type: string
                                                          value:
                                                            description: The header
                                                              field value
                                                            type: string
                                                        required:
                                                        - name
                                                        - value
                                                        type: object
                                                      type: array
                                                    path:
                                                      description: Path to access
                                                        on the HTTP server.
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Name or number
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                    scheme:
                                                      description: Scheme to use for
                                                        connecting to the host. Defaults
                                                        to HTTP.
                                                      type: string
                                                  required:
                                                  - port
                                                  type: object
                                                tcpSocket:
                                                  description: Deprecated. TCPSocket
                                                    is NOT supported as a LifecycleHandler
                                                    and kept for the backward compatibility.
                                                    There are no validation of this
                                                    field and lifecycle hooks will
                                                    fail in runtime when tcp handler
                                                    is specified.
                                                  properties:
                                                    host:
                                                      description: 'Optional: Host
                                                        name to connect to, defaults
                                                        to the pod IP.'
                                                      type: string
                                                    port:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Number or name
                                                        of the port to access on the
                                                        container. Number must be
                                                        in the range 1 to 65535. Name
                                                        must be an IANA_SVC_NAME.
                                                      x-kubernetes-int-or-string: true
                                                  required:
                                                  - port
                                                  type: object
                                              type: object
                                          type: object
                                        livenessProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. Periodic
                                            probe of container liveness. Container
                                            will be restarted if the probe fails.
                                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        name:
                                          description: Deprecated. This field will
                                            be removed in a future release. Default
                                            name for each Step specified as a DNS_LABEL.
                                            Each Step in a Task must have a unique
                                            name. Cannot be updated.
                                          type: string
                                        ports:
                                          description: Deprecated. This field will
                                            be removed in a future release. List of
                                            ports to expose from the Step's container.
                                            Exposing a port here gives the system
                                            additional information about the network
                                            connections a container uses, but is primarily
                                            informational. Not specifying a port here
                                            DOES NOT prevent that port from being
                                            exposed. Any port which is listening on
                                            the default "0.0.0.0" address inside a
                                            container will be accessible from the
                                            network. Cannot be updated.
                                          items:
                                            description: ContainerPort represents
                                              a network port in a single container.
                                            properties:
                                              containerPort:
                                                description: Number of port to expose
                                                  on the pod's IP address. This must
                                                  be a valid port number, 0 < x <
                                                  65536.
                                                format: int32
                                                type: integer
                                              hostIP:
                                                description: What host IP to bind
                                                  the external port to.
                                                type: string
                                              hostPort:
                                                description: Number of port to expose
                                                  on the host. If specified, this
                                                  must be a valid port number, 0 <
                                                  x < 65536. If HostNetwork is specified,
                                                  this must match ContainerPort. Most
                                                  containers do not need this.
                                                format: int32
                                                type: integer
                                              name:
                                                description: If specified, this must
                                                  be an IANA_SVC_NAME and unique within
                                                  the pod. Each named port in a pod
                                                  must have a unique name. Name for
                                                  the port that can be referred to
                                                  by services.
                                                type: string
                                              protocol:
                                                default: TCP
                                                description: Protocol for port. Must
                                                  be UDP, TCP, or SCTP. Defaults to
                                                  "TCP".
                                                type: string
                                            required:
                                            - containerPort
                                            type: object
                                          type: array
                                          x-kubernetes-list-map-keys:
                                          - containerPort
                                          - protocol
                                          x-kubernetes-list-type: map
                                        readinessProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. Periodic
                                            probe of container service readiness.
                                            Container will be removed from service
                                            endpoints if the probe fails. Cannot be
                                            updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        resources:
                                          description: 'Compute Resources required
                                            by this Step. Cannot be updated. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          properties:
                                            limits:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Limits describes the maximum
                                                amount of compute resources allowed.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                            requests:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Requests describes the
                                                minimum amount of compute resources
                                                required. If Requests is omitted for
                                                a container, it defaults to Limits
                                                if that is explicitly specified, otherwise
                                                to an implementation-defined value.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                          type: object
                                        securityContext:
                                          description: 'SecurityContext defines the
                                            security options the Step should be run
                                            with. If set, the fields of SecurityContext
                                            override the equivalent fields of PodSecurityContext.
                                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                          properties:
                                            allowPrivilegeEscalation:
                                              description: 'AllowPrivilegeEscalation
                                                controls whether a process can gain
                                                more privileges than its parent process.
                                                This bool directly controls if the
                                                no_new_privs flag will be set on the
                                                container process. AllowPrivilegeEscalation
                                                is true always when the container
                                                is: 1) run as Privileged 2) has CAP_SYS_ADMIN
                                                Note that this field cannot be set
                                                when spec.os.name is windows.'
                                              type: boolean
                                            capabilities:
                                              description: The capabilities to add/drop
                                                when running containers. Defaults
                                                to the default set of capabilities
                                                granted by the container runtime.
                                                Note that this field cannot be set
                                                when spec.os.name is windows.
                                              properties:
                                                add:
                                                  description: Added capabilities
                                                  items:
                                                    description: Capability represent
                                                      POSIX capabilities type
                                                    type: string
                                                  type: array
                                                drop:
                                                  description: Removed capabilities
                                                  items:
                                                    description: Capability represent
                                                      POSIX capabilities type
                                                    type: string
                                                  type: array
                                              type: object
                                            privileged:
                                              description: Run container in privileged
                                                mode. Processes in privileged containers
                                                are essentially equivalent to root
                                                on the host. Defaults to false. Note
                                                that this field cannot be set when
                                                spec.os.name is windows.
                                              type: boolean
                                            procMount:
                                              description: procMount denotes the type
                                                of proc mount to use for the containers.
                                                The default is DefaultProcMount which
                                                uses the container runtime defaults
                                                for readonly paths and masked paths.
                                                This requires the ProcMountType feature
                                                flag to be enabled. Note that this
                                                field cannot be set when spec.os.name
                                                is windows.
                                              type: string
                                            readOnlyRootFilesystem:
                                              description: Whether this container
                                                has a read-only root filesystem. Default
                                                is false. Note that this field cannot
                                                be set when spec.os.name is windows.
                                              type: boolean
                                            runAsGroup:
                                              description: The GID to run the entrypoint
                                                of the container process. Uses runtime
                                                default if unset. May also be set
                                                in PodSecurityContext.  If set in
                                                both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              format: int64
                                              type: integer
                                            runAsNonRoot:
                                              description: Indicates that the container
                                                must run as a non-root user. If true,
                                                the Kubelet will validate the image
                                                at runtime to ensure that it does
                                                not run as UID 0 (root) and fail to
                                                start the container if it does. If
                                                unset or false, no such validation
                                                will be performed. May also be set
                                                in PodSecurityContext.  If set in
                                                both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence.
                                              type: boolean
                                            runAsUser:
                                              description: The UID to run the entrypoint
                                                of the container process. Defaults
                                                to user specified in image metadata
                                                if unspecified. May also be set in
                                                PodSecurityContext.  If set in both
                                                SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              format: int64
                                              type: integer
                                            seLinuxOptions:
                                              description: The SELinux context to
                                                be applied to the container. If unspecified,
                                                the container runtime will allocate
                                                a random SELinux context for each
                                                container.  May also be set in PodSecurityContext.  If
                                                set in both SecurityContext and PodSecurityContext,
                                                the value specified in SecurityContext
                                                takes precedence. Note that this field
                                                cannot be set when spec.os.name is
                                                windows.
                                              properties:
                                                level:
                                                  description: Level is SELinux level
                                                    label that applies to the container.
                                                  type: string
                                                role:
                                                  description: Role is a SELinux role
                                                    label that applies to the container.
                                                  type: string
                                                type:
                                                  description: Type is a SELinux type
                                                    label that applies to the container.
                                                  type: string
                                                user:
                                                  description: User is a SELinux user
                                                    label that applies to the container.
                                                  type: string
                                              type: object
                                            seccompProfile:
                                              description: The seccomp options to
                                                use by this container. If seccomp
                                                options are provided at both the pod
                                                & container level, the container options
                                                override the pod options. Note that
                                                this field cannot be set when spec.os.name
                                                is windows.
                                              properties:
                                                localhostProfile:
                                                  description: localhostProfile indicates
                                                    a profile defined in a file on
                                                    the node should be used. The profile
                                                    must be preconfigured on the node
                                                    to work. Must be a descending
                                                    path, relative to the kubelet's
                                                    configured seccomp profile location.
                                                    Must only be set if type is "Localhost".
                                                  type: string
                                                type:
                                                  description: "type indicates which
                                                    kind of seccomp profile will be
                                                    applied. Valid options are: \n
                                                    Localhost - a profile defined
                                                    in a file on the node should be
                                                    used. RuntimeDefault - the container
                                                    runtime default profile should
                                                    be used. Unconfined - no profile
                                                    should be applied."
                                                  type: string
                                              required:
                                              - type
                                              type: object
                                            windowsOptions:
                                              description: The Windows specific settings
                                                applied to all containers. If unspecified,
                                                the options from the PodSecurityContext
                                                will be used. If set in both SecurityContext
                                                and PodSecurityContext, the value
                                                specified in SecurityContext takes
                                                precedence. Note that this field cannot
                                                be set when spec.os.name is linux.
                                              properties:
                                                gmsaCredentialSpec:
                                                  description: GMSACredentialSpec
                                                    is where the GMSA admission webhook
                                                    (https://github.com/kubernetes-sigs/windows-gmsa)
                                                    inlines the contents of the GMSA
                                                    credential spec named by the GMSACredentialSpecName
                                                    field.
                                                  type: string
                                                gmsaCredentialSpecName:
                                                  description: GMSACredentialSpecName
                                                    is the name of the GMSA credential
                                                    spec to use.
                                                  type: string
                                                hostProcess:
                                                  description: HostProcess determines
                                                    if a container should be run as
                                                    a 'Host Process' container. This
                                                    field is alpha-level and will
                                                    only be honored by components
                                                    that enable the WindowsHostProcessContainers
                                                    feature flag. Setting this field
                                                    without the feature flag will
                                                    result in errors when validating
                                                    the Pod. All of a Pod's containers
                                                    must have the same effective HostProcess
                                                    value (it is not allowed to have
                                                    a mix of HostProcess containers
                                                    and non-HostProcess containers).  In
                                                    addition, if HostProcess is true
                                                    then HostNetwork must also be
                                                    set to true.
                                                  type: boolean
                                                runAsUserName:
                                                  description: The UserName in Windows
                                                    to run the entrypoint of the container
                                                    process. Defaults to the user
                                                    specified in image metadata if
                                                    unspecified. May also be set in
                                                    PodSecurityContext. If set in
                                                    both SecurityContext and PodSecurityContext,
                                                    the value specified in SecurityContext
                                                    takes precedence.
                                                  type: string
                                              type: object
                                          type: object
                                        startupProbe:
                                          description: 'Deprecated. This field will
                                            be removed in a future release. DeprecatedStartupProbe
                                            indicates that the Pod has successfully
                                            initialized. If specified, no other probes
                                            are executed until this completes successfully.
                                            If this probe fails, the Pod will be restarted,
                                            just as if the livenessProbe failed. This
                                            can be used to provide different probe
                                            parameters at the beginning of a Pod''s
                                            lifecycle, when it might take a long time
                                            to load data or warm a cache, than during
                                            steady-state operation. This cannot be
                                            updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            failureThreshold:
                                              description: Minimum consecutive failures
                                                for the probe to be considered failed
                                                after having succeeded. Defaults to
                                                3. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            grpc:
                                              description: GRPC specifies an action
                                                involving a GRPC port. This is a beta
                                                field and requires enabling GRPCContainerProbe
                                                feature gate.
                                              properties:
                                                port:
                                                  description: Port number of the
                                                    gRPC service. Number must be in
                                                    the range 1 to 65535.
                                                  format: int32
                                                  type: integer
                                                service:
                                                  description: "Service is the name
                                                    of the service to place in the
                                                    gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                    \n If this is not specified, the
                                                    default behavior is defined by
                                                    gRPC."
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            initialDelaySeconds:
                                              description: 'Number of seconds after
                                                the container has started before liveness
                                                probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                            periodSeconds:
                                              description: How often (in seconds)
                                                to perform the probe. Default to 10
                                                seconds. Minimum value is 1.
                                              format: int32
                                              type: integer
                                            successThreshold:
                                              description: Minimum consecutive successes
                                                for the probe to be considered successful
                                                after having failed. Defaults to 1.
                                                Must be 1 for liveness and startup.
                                                Minimum value is 1.
                                              format: int32
                                              type: integer
                                            tcpSocket:
                                              description: TCPSocket specifies an
                                                action involving a TCP port.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                            terminationGracePeriodSeconds:
                                              description: Optional duration in seconds
                                                the pod needs to terminate gracefully
                                                upon probe failure. The grace period
                                                is the duration in seconds after the
                                                processes running in the pod are sent
                                                a termination signal and the time
                                                when the processes are forcibly halted
                                                with a kill signal. Set this value
                                                longer than the expected cleanup time
                                                for your process. If this value is
                                                nil, the pod's terminationGracePeriodSeconds
                                                will be used. Otherwise, this value
                                                overrides the value provided by the
                                                pod spec. Value must be non-negative
                                                integer. The value zero indicates
                                                stop immediately via the kill signal
                                                (no opportunity to shut down). This
                                                is a beta field and requires enabling
                                                ProbeTerminationGracePeriod feature
                                                gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                is used if unset.
                                              format: int64
                                              type: integer
                                            timeoutSeconds:
                                              description: 'Number of seconds after
                                                which the probe times out. Defaults
                                                to 1 second. Minimum value is 1. More
                                                info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                              format: int32
                                              type: integer
                                          type: object
                                        stdin:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            this Step should allocate a buffer for
                                            stdin in the container runtime. If this
                                            is not set, reads from stdin in the Step
                                            will always result in EOF. Default is
                                            false.
                                          type: boolean
                                        stdinOnce:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            the container runtime should close the
                                            stdin channel after it has been opened
                                            by a single attach. When stdin is true
                                            the stdin stream will remain open across
                                            multiple attach sessions. If stdinOnce
                                            is set to true, stdin is opened on container
                                            start, is empty until the first client
                                            attaches to stdin, and then remains open
                                            and accepts data until the client disconnects,
                                            at which time stdin is closed and remains
                                            closed until the container is restarted.
                                            If this flag is false, a container processes
                                            that reads from stdin will never receive
                                            an EOF. Default is false
                                          type: boolean
                                        terminationMessagePath:
                                          description: Deprecated. This field will
                                            be removed in a future release and cannot
                                            be meaningfully used.
                                          type: string
                                        terminationMessagePolicy:
                                          description: Deprecated. This field will
                                            be removed in a future release and cannot
                                            be meaningfully used.
                                          type: string
                                        tty:
                                          description: Deprecated. This field will
                                            be removed in a future release. Whether
                                            this Step should allocate a DeprecatedTTY
                                            for itself, also requires 'stdin' to be
                                            true. Default is false.
                                          type: boolean
                                        volumeDevices:
                                          description: volumeDevices is the list of
                                            block devices to be used by the Step.
                                          items:
                                            description: volumeDevice describes a
                                              mapping of a raw block device within
                                              a container.
                                            properties:
                                              devicePath:
                                                description: devicePath is the path
                                                  inside of the container that the
                                                  device will be mapped to.
                                                type: string
                                              name:
                                                description: name must match the name
                                                  of a persistentVolumeClaim in the
                                                  pod
                                                type: string
                                            required:
                                            - devicePath
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        volumeMounts:
                                          description: Volumes to mount into the Step's
                                            filesystem. Cannot be updated.
                                          items:
                                            description: VolumeMount describes a mounting
                                              of a Volume within a container.
                                            properties:
                                              mountPath:
                                                description: Path within the container
                                                  at which the volume should be mounted.  Must
                                                  not contain ':'.
                                                type: string
                                              mountPropagation:
                                                description: mountPropagation determines
                                                  how mounts are propagated from the
                                                  host to container and the other
                                                  way around. When not set, MountPropagationNone
                                                  is used. This field is beta in 1.10.
                                                type: string
                                              name:
                                                description: This must match the Name
                                                  of a Volume.
                                                type: string
                                              readOnly:
                                                description: Mounted read-only if
                                                  true, read-write otherwise (false
                                                  or unspecified). Defaults to false.
                                                type: boolean
                                              subPath:
                                                description: Path within the volume
                                                  from which the container's volume
                                                  should be mounted. Defaults to ""
                                                  (volume's root).
                                                type: string
                                              subPathExpr:
                                                description: Expanded path within
                                                  the volume from which the container's
                                                  volume should be mounted. Behaves
                                                  similarly to SubPath but environment
                                                  variable references $(VAR_NAME)
                                                  are expanded using the container's
                                                  environment. Defaults to "" (volume's
                                                  root). SubPathExpr and SubPath are
                                                  mutually exclusive.
                                                type: string
                                            required:
                                            - mountPath
                                            - name
                                            type: object
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        workingDir:
                                          description: Step's working directory. If
                                            not specified, the container runtime's
                                            default will be used, which might be configured
                                            in the container image. Cannot be updated.
                                          type: string
                                      required:
                                      - name
                                      type: object
                                    steps:
                                      description: Steps are the steps of the build;
                                        each step is run sequentially with the source
                                        mounted into /workspace.
                                      items:
                                        description: Step runs a subcomponent of a
                                          Task
                                        properties:
                                          args:
                                            description: 'Arguments to the entrypoint.
                                              The image''s CMD is used if this is
                                              not provided. Variable references $(VAR_NAME)
                                              are expanded using the container''s
                                              environment. If a variable cannot be
                                              resolved, the reference in the input
                                              string will be unchanged. Double $$
                                              are reduced to a single $, which allows
                                              for escaping the $(VAR_NAME) syntax:
                                              i.e. "$$(VAR_NAME)" will produce the
                                              string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          command:
                                            description: 'Entrypoint array. Not executed
                                              within a shell. The image''s ENTRYPOINT
                                              is used if this is not provided. Variable
                                              references $(VAR_NAME) are expanded
                                              using the container''s environment.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Cannot be updated. More info:
                                              https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          env:
                                            description: List of environment variables
                                              to set in the container. Cannot be updated.
                                            items:
                                              description: EnvVar represents an environment
                                                variable present in a Container.
                                              properties:
                                                name:
                                                  description: Name of the environment
                                                    variable. Must be a C_IDENTIFIER.
                                                  type: string
                                                value:
                                                  description: 'Variable references
                                                    $(VAR_NAME) are expanded using
                                                    the previously defined environment
                                                    variables in the container and
                                                    any service environment variables.
                                                    If a variable cannot be resolved,
                                                    the reference in the input string
                                                    will be unchanged. Double $$ are
                                                    reduced to a single $, which allows
                                                    for escaping the $(VAR_NAME) syntax:
                                                    i.e. "$$(VAR_NAME)" will produce
                                                    the string literal "$(VAR_NAME)".
                                                    Escaped references will never
                                                    be expanded, regardless of whether
                                                    the variable exists or not. Defaults
                                                    to "".'
                                                  type: string
                                                valueFrom:
                                                  description: Source for the environment
                                                    variable's value. Cannot be used
                                                    if value is not empty.
                                                  properties:
                                                    configMapKeyRef:
                                                      description: Selects a key of
                                                        a ConfigMap.
                                                      properties:
                                                        key:
                                                          description: The key to
                                                            select.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the ConfigMap or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                    fieldRef:
                                                      description: 'Selects a field
                                                        of the pod: supports metadata.name,
                                                        metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                        `metadata.annotations[''<KEY>'']`,
                                                        spec.nodeName, spec.serviceAccountName,
                                                        status.hostIP, status.podIP,
                                                        status.podIPs.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, limits.ephemeral-storage,
                                                        requests.cpu, requests.memory
                                                        and requests.ephemeral-storage)
                                                        are currently supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                    secretKeyRef:
                                                      description: Selects a key of
                                                        a secret in the pod's namespace
                                                      properties:
                                                        key:
                                                          description: The key of
                                                            the secret to select from.  Must
                                                            be a valid secret key.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the Secret or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                  type: object
                                              required:
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          envFrom:
                                            description: List of sources to populate
                                              environment variables in the container.
                                              The keys defined within a source must
                                              be a C_IDENTIFIER. All invalid keys
                                              will be reported as an event when the
                                              container is starting. When a key exists
                                              in multiple sources, the value associated
                                              with the last source will take precedence.
                                              Values defined by an Env with a duplicate
                                              key will take precedence. Cannot be
                                              updated.
                                            items:
                                              description: EnvFromSource represents
                                                the source of a set of ConfigMaps
                                              properties:
                                                configMapRef:
                                                  description: The ConfigMap to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap must be defined
                                                      type: boolean
                                                  type: object
                                                prefix:
                                                  description: An optional identifier
                                                    to prepend to each key in the
                                                    ConfigMap. Must be a C_IDENTIFIER.
                                                  type: string
                                                secretRef:
                                                  description: The Secret to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret must be defined
                                                      type: boolean
                                                  type: object
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          image:
                                            description: 'Image reference name to
                                              run for this Step. More info: https://kubernetes.io/docs/concepts/containers/images'
                                            type: string
                                          imagePullPolicy:
                                            description: 'Image pull policy. One of
                                              Always, Never, IfNotPresent. Defaults
                                              to Always if :latest tag is specified,
                                              or IfNotPresent otherwise. Cannot be
                                              updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                            type: string
                                          lifecycle:
                                            description: Deprecated. This field will
                                              be removed in a future release. Actions
                                              that the management system should take
                                              in response to container lifecycle events.
                                              Cannot be updated.
                                            properties:
                                              postStart:
                                                description: 'PostStart is called
                                                  immediately after a container is
                                                  created. If the handler fails, the
                                                  container is terminated and restarted
                                                  according to its restart policy.
                                                  Other management of the container
                                                  blocks until the hook completes.
                                                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                              preStop:
                                                description: 'PreStop is called immediately
                                                  before a container is terminated
                                                  due to an API request or management
                                                  event such as liveness/startup probe
                                                  failure, preemption, resource contention,
                                                  etc. The handler is not called if
                                                  the container crashes or exits.
                                                  The Pod''s termination grace period
                                                  countdown begins before the PreStop
                                                  hook is executed. Regardless of
                                                  the outcome of the handler, the
                                                  container will eventually terminate
                                                  within the Pod''s termination grace
                                                  period (unless delayed by finalizers).
                                                  Other management of the container
                                                  blocks until the hook completes
                                                  or until the termination grace period
                                                  is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                            type: object
                                          livenessProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. Periodic
                                              probe of container liveness. Step will
                                              be restarted if the probe fails. Cannot
                                              be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          name:
                                            description: Name of the Step specified
                                              as a DNS_LABEL. Each Step in a Task
                                              must have a unique name.
                                            type: string
                                          onError:
                                            description: OnError defines the exiting
                                              behavior of a container on error can
                                              be set to [ continue | stopAndFail ]
                                            type: string
                                          ports:
                                            description: Deprecated. This field will
                                              be removed in a future release. List
                                              of ports to expose from the Step's container.
                                              Exposing a port here gives the system
                                              additional information about the network
                                              connections a container uses, but is
                                              primarily informational. Not specifying
                                              a port here DOES NOT prevent that port
                                              from being exposed. Any port which is
                                              listening on the default "0.0.0.0" address
                                              inside a container will be accessible
                                              from the network. Cannot be updated.
                                            items:
                                              description: ContainerPort represents
                                                a network port in a single container.
                                              properties:
                                                containerPort:
                                                  description: Number of port to expose
                                                    on the pod's IP address. This
                                                    must be a valid port number, 0
                                                    < x < 65536.
                                                  format: int32
                                                  type: integer
                                                hostIP:
                                                  description: What host IP to bind
                                                    the external port to.
                                                  type: string
                                                hostPort:
                                                  description: Number of port to expose
                                                    on the host. If specified, this
                                                    must be a valid port number, 0
                                                    < x < 65536. If HostNetwork is
                                                    specified, this must match ContainerPort.
                                                    Most containers do not need this.
                                                  format: int32
                                                  type: integer
                                                name:
                                                  description: If specified, this
                                                    must be an IANA_SVC_NAME and unique
                                                    within the pod. Each named port
                                                    in a pod must have a unique name.
                                                    Name for the port that can be
                                                    referred to by services.
                                                  type: string
                                                protocol:
                                                  default: TCP
                                                  description: Protocol for port.
                                                    Must be UDP, TCP, or SCTP. Defaults
                                                    to "TCP".
                                                  type: string
                                              required:
                                              - containerPort
                                              type: object
                                            type: array
                                            x-kubernetes-list-map-keys:
                                            - containerPort
                                            - protocol
                                            x-kubernetes-list-type: map
                                          readinessProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. Periodic
                                              probe of container service readiness.
                                              Step will be removed from service endpoints
                                              if the probe fails. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          resources:
                                            description: 'Compute Resources required
                                              by this Step. Cannot be updated. More
                                              info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            properties:
                                              limits:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Limits describes the
                                                  maximum amount of compute resources
                                                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                              requests:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Requests describes the
                                                  minimum amount of compute resources
                                                  required. If Requests is omitted
                                                  for a container, it defaults to
                                                  Limits if that is explicitly specified,
                                                  otherwise to an implementation-defined
                                                  value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          script:
                                            description: "Script is the contents of
                                              an executable file to execute. \n If
                                              Script is not empty, the Step cannot
                                              have an Command and the Args will be
                                              passed to the Script."
                                            type: string
                                          securityContext:
                                            description: 'SecurityContext defines
                                              the security options the Step should
                                              be run with. If set, the fields of SecurityContext
                                              override the equivalent fields of PodSecurityContext.
                                              More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                            properties:
                                              allowPrivilegeEscalation:
                                                description: 'AllowPrivilegeEscalation
                                                  controls whether a process can gain
                                                  more privileges than its parent
                                                  process. This bool directly controls
                                                  if the no_new_privs flag will be
                                                  set on the container process. AllowPrivilegeEscalation
                                                  is true always when the container
                                                  is: 1) run as Privileged 2) has
                                                  CAP_SYS_ADMIN Note that this field
                                                  cannot be set when spec.os.name
                                                  is windows.'
                                                type: boolean
                                              capabilities:
                                                description: The capabilities to add/drop
                                                  when running containers. Defaults
                                                  to the default set of capabilities
                                                  granted by the container runtime.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  add:
                                                    description: Added capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                  drop:
                                                    description: Removed capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                type: object
                                              privileged:
                                                description: Run container in privileged
                                                  mode. Processes in privileged containers
                                                  are essentially equivalent to root
                                                  on the host. Defaults to false.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                type: boolean
                                              procMount:
                                                description: procMount denotes the
                                                  type of proc mount to use for the
                                                  containers. The default is DefaultProcMount
                                                  which uses the container runtime
                                                  defaults for readonly paths and
                                                  masked paths. This requires the
                                                  ProcMountType feature flag to be
                                                  enabled. Note that this field cannot
                                                  be set when spec.os.name is windows.
                                                type: string
                                              readOnlyRootFilesystem:
                                                description: Whether this container
                                                  has a read-only root filesystem.
                                                  Default is false. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                type: boolean
                                              runAsGroup:
                                                description: The GID to run the entrypoint
                                                  of the container process. Uses runtime
                                                  default if unset. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              runAsNonRoot:
                                                description: Indicates that the container
                                                  must run as a non-root user. If
                                                  true, the Kubelet will validate
                                                  the image at runtime to ensure that
                                                  it does not run as UID 0 (root)
                                                  and fail to start the container
                                                  if it does. If unset or false, no
                                                  such validation will be performed.
                                                  May also be set in PodSecurityContext.  If
                                                  set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: boolean
                                              runAsUser:
                                                description: The UID to run the entrypoint
                                                  of the container process. Defaults
                                                  to user specified in image metadata
                                                  if unspecified. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              seLinuxOptions:
                                                description: The SELinux context to
                                                  be applied to the container. If
                                                  unspecified, the container runtime
                                                  will allocate a random SELinux context
                                                  for each container.  May also be
                                                  set in PodSecurityContext.  If set
                                                  in both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                properties:
                                                  level:
                                                    description: Level is SELinux
                                                      level label that applies to
                                                      the container.
                                                    type: string
                                                  role:
                                                    description: Role is a SELinux
                                                      role label that applies to the
                                                      container.
                                                    type: string
                                                  type:
                                                    description: Type is a SELinux
                                                      type label that applies to the
                                                      container.
                                                    type: string
                                                  user:
                                                    description: User is a SELinux
                                                      user label that applies to the
                                                      container.
                                                    type: string
                                                type: object
                                              seccompProfile:
                                                description: The seccomp options to
                                                  use by this container. If seccomp
                                                  options are provided at both the
                                                  pod & container level, the container
                                                  options override the pod options.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  localhostProfile:
                                                    description: localhostProfile
                                                      indicates a profile defined
                                                      in a file on the node should
                                                      be used. The profile must be
                                                      preconfigured on the node to
                                                      work. Must be a descending path,
                                                      relative to the kubelet's configured
                                                      seccomp profile location. Must
                                                      only be set if type is "Localhost".
                                                    type: string
                                                  type:
                                                    description: "type indicates which
                                                      kind of seccomp profile will
                                                      be applied. Valid options are:
                                                      \n Localhost - a profile defined
                                                      in a file on the node should
                                                      be used. RuntimeDefault - the
                                                      container runtime default profile
                                                      should be used. Unconfined -
                                                      no profile should be applied."
                                                    type: string
                                                required:
                                                - type
                                                type: object
                                              windowsOptions:
                                                description: The Windows specific
                                                  settings applied to all containers.
                                                  If unspecified, the options from
                                                  the PodSecurityContext will be used.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                  Note that this field cannot be set
                                                  when spec.os.name is linux.
                                                properties:
                                                  gmsaCredentialSpec:
                                                    description: GMSACredentialSpec
                                                      is where the GMSA admission
                                                      webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                      inlines the contents of the
                                                      GMSA credential spec named by
                                                      the GMSACredentialSpecName field.
                                                    type: string
                                                  gmsaCredentialSpecName:
                                                    description: GMSACredentialSpecName
                                                      is the name of the GMSA credential
                                                      spec to use.
                                                    type: string
                                                  hostProcess:
                                                    description: HostProcess determines
                                                      if a container should be run
                                                      as a 'Host Process' container.
                                                      This field is alpha-level and
                                                      will only be honored by components
                                                      that enable the WindowsHostProcessContainers
                                                      feature flag. Setting this field
                                                      without the feature flag will
                                                      result in errors when validating
                                                      the Pod. All of a Pod's containers
                                                      must have the same effective
                                                      HostProcess value (it is not
                                                      allowed to have a mix of HostProcess
                                                      containers and non-HostProcess
                                                      containers).  In addition, if
                                                      HostProcess is true then HostNetwork
                                                      must also be set to true.
                                                    type: boolean
                                                  runAsUserName:
                                                    description: The UserName in Windows
                                                      to run the entrypoint of the
                                                      container process. Defaults
                                                      to the user specified in image
                                                      metadata if unspecified. May
                                                      also be set in PodSecurityContext.
                                                      If set in both SecurityContext
                                                      and PodSecurityContext, the
                                                      value specified in SecurityContext
                                                      takes precedence.
                                                    type: string
                                                type: object
                                            type: object
                                          startupProbe:
                                            description: 'Deprecated. This field will
                                              be removed in a future release. DeprecatedStartupProbe
                                              indicates that the Pod this Step runs
                                              in has successfully initialized. If
                                              specified, no other probes are executed
                                              until this completes successfully. If
                                              this probe fails, the Pod will be restarted,
                                              just as if the livenessProbe failed.
                                              This can be used to provide different
                                              probe parameters at the beginning of
                                              a Pod''s lifecycle, when it might take
                                              a long time to load data or warm a cache,
                                              than during steady-state operation.
                                              This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          stderrConfig:
                                            description: Stores configuration for
                                              the stderr stream of the step.
                                            properties:
                                              path:
                                                description: Path to duplicate stdout
                                                  stream to on container's local filesystem.
                                                type: string
                                            type: object
                                          stdin:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              this container should allocate a buffer
                                              for stdin in the container runtime.
                                              If this is not set, reads from stdin
                                              in the container will always result
                                              in EOF. Default is false.
                                            type: boolean
                                          stdinOnce:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              the container runtime should close the
                                              stdin channel after it has been opened
                                              by a single attach. When stdin is true
                                              the stdin stream will remain open across
                                              multiple attach sessions. If stdinOnce
                                              is set to true, stdin is opened on container
                                              start, is empty until the first client
                                              attaches to stdin, and then remains
                                              open and accepts data until the client
                                              disconnects, at which time stdin is
                                              closed and remains closed until the
                                              container is restarted. If this flag
                                              is false, a container processes that
                                              reads from stdin will never receive
                                              an EOF. Default is false
                                            type: boolean
                                          stdoutConfig:
                                            description: Stores configuration for
                                              the stdout stream of the step.
                                            properties:
                                              path:
                                                description: Path to duplicate stdout
                                                  stream to on container's local filesystem.
                                                type: string
                                            type: object
                                          terminationMessagePath:
                                            description: Deprecated. This field will
                                              be removed in a future release and can't
                                              be meaningfully used.
                                            type: string
                                          terminationMessagePolicy:
                                            description: Deprecated. This field will
                                              be removed in a future release and can't
                                              be meaningfully used.
                                            type: string
                                          timeout:
                                            description: 'Timeout is the time after
                                              which the step times out. Defaults to
                                              never. Refer to Go''s ParseDuration
                                              documentation for expected format: https://golang.org/pkg/time/#ParseDuration'
                                            type: string
                                          tty:
                                            description: Deprecated. This field will
                                              be removed in a future release. Whether
                                              this container should allocate a DeprecatedTTY
                                              for itself, also requires 'stdin' to
                                              be true. Default is false.
                                            type: boolean
                                          volumeDevices:
                                            description: volumeDevices is the list
                                              of block devices to be used by the Step.
                                            items:
                                              description: volumeDevice describes
                                                a mapping of a raw block device within
                                                a container.
                                              properties:
                                                devicePath:
                                                  description: devicePath is the path
                                                    inside of the container that the
                                                    device will be mapped to.
                                                  type: string
                                                name:
                                                  description: name must match the
                                                    name of a persistentVolumeClaim
                                                    in the pod
                                                  type: string
                                              required:
                                              - devicePath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          volumeMounts:
                                            description: Volumes to mount into the
                                              Step's filesystem. Cannot be updated.
                                            items:
                                              description: VolumeMount describes a
                                                mounting of a Volume within a container.
                                              properties:
                                                mountPath:
                                                  description: Path within the container
                                                    at which the volume should be
                                                    mounted.  Must not contain ':'.
                                                  type: string
                                                mountPropagation:
                                                  description: mountPropagation determines
                                                    how mounts are propagated from
                                                    the host to container and the
                                                    other way around. When not set,
                                                    MountPropagationNone is used.
                                                    This field is beta in 1.10.
                                                  type: string
                                                name:
                                                  description: This must match the
                                                    Name of a Volume.
                                                  type: string
                                                readOnly:
                                                  description: Mounted read-only if
                                                    true, read-write otherwise (false
                                                    or unspecified). Defaults to false.
                                                  type: boolean
                                                subPath:
                                                  description: Path within the volume
                                                    from which the container's volume
                                                    should be mounted. Defaults to
                                                    "" (volume's root).
                                                  type: string
                                                subPathExpr:
                                                  description: Expanded path within
                                                    the volume from which the container's
                                                    volume should be mounted. Behaves
                                                    similarly to SubPath but environment
                                                    variable references $(VAR_NAME)
                                                    are expanded using the container's
                                                    environment. Defaults to "" (volume's
                                                    root). SubPathExpr and SubPath
                                                    are mutually exclusive.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          workingDir:
                                            description: Step's working directory.
                                              If not specified, the container runtime's
                                              default will be used, which might be
                                              configured in the container image. Cannot
                                              be updated.
                                            type: string
                                          workspaces:
                                            description: "This is an alpha field.
                                              You must set the \"enable-api-fields\"
                                              feature flag to \"alpha\" for this field
                                              to be supported. \n Workspaces is a
                                              list of workspaces from the Task that
                                              this Step wants exclusive access to.
                                              Adding a workspace to this list means
                                              that any other Step or Sidecar that
                                              does not also request this Workspace
                                              will not have access to it."
                                            items:
                                              description: WorkspaceUsage is used
                                                by a Step or Sidecar to declare that
                                                it wants isolated access to a Workspace
                                                defined in a Task.
                                              properties:
                                                mountPath:
                                                  description: MountPath is the path
                                                    that the workspace should be mounted
                                                    to inside the Step or Sidecar,
                                                    overriding any MountPath specified
                                                    in the Task's WorkspaceDeclaration.
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    the workspace this Step or Sidecar
                                                    wants access to.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                            x-kubernetes-list-type: atomic
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    volumes:
                                      description: Volumes is a collection of volumes
                                        that are available to mount into the steps
                                        of the build.
                                      items:
                                        description: Volume represents a named volume
                                          in a pod that may be accessed by any container
                                          in the pod.
                                        properties:
                                          awsElasticBlockStore:
                                            description: 'awsElasticBlockStore represents
                                              an AWS Disk resource that is attached
                                              to a kubelet''s host machine and then
                                              exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              partition:
                                                description: 'partition is the partition
                                                  in the volume that you want to mount.
                                                  If omitted, the default is to mount
                                                  by volume name. Examples: For volume
                                                  /dev/sda1, you specify the partition
                                                  as "1". Similarly, the volume partition
                                                  for /dev/sda is "0" (or you can
                                                  leave the property empty).'
                                                format: int32
                                                type: integer
                                              readOnly:
                                                description: 'readOnly value true
                                                  will force the readOnly setting
                                                  in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                                type: boolean
                                              volumeID:
                                                description: 'volumeID is unique ID
                                                  of the persistent disk resource
                                                  in AWS (Amazon EBS volume). More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          azureDisk:
                                            description: azureDisk represents an Azure
                                              Data Disk mount on the host and bind
                                              mount to the pod.
                                            properties:
                                              cachingMode:
                                                description: 'cachingMode is the Host
                                                  Caching mode: None, Read Only, Read
                                                  Write.'
                                                type: string
                                              diskName:
                                                description: diskName is the Name
                                                  of the data disk in the blob storage
                                                type: string
                                              diskURI:
                                                description: diskURI is the URI of
                                                  data disk in the blob storage
                                                type: string
                                              fsType:
                                                description: fsType is Filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              kind:
                                                description: 'kind expected values
                                                  are Shared: multiple blob disks
                                                  per storage account  Dedicated:
                                                  single blob disk per storage account  Managed:
                                                  azure managed data disk (only in
                                                  managed availability set). defaults
                                                  to shared'
                                                type: string
                                              readOnly:
                                                description: readOnly Defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                            required:
                                            - diskName
                                            - diskURI
                                            type: object
                                          azureFile:
                                            description: azureFile represents an Azure
                                              File Service mount on the host and bind
                                              mount to the pod.
                                            properties:
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretName:
                                                description: secretName is the  name
                                                  of secret that contains Azure Storage
                                                  Account Name and Key
                                                type: string
                                              shareName:
                                                description: shareName is the azure
                                                  share Name
                                                type: string
                                            required:
                                            - secretName
                                            - shareName
                                            type: object
                                          cephfs:
                                            description: cephFS represents a Ceph
                                              FS mount on the host that shares a pod's
                                              lifetime
                                            properties:
                                              monitors:
                                                description: 'monitors is Required:
                                                  Monitors is a collection of Ceph
                                                  monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                items:
                                                  type: string
                                                type: array
                                              path:
                                                description: 'path is Optional: Used
                                                  as the mounted root, rather than
                                                  the full Ceph tree, default is /'
                                                type: string
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  Defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts. More info:
                                                  https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: boolean
                                              secretFile:
                                                description: 'secretFile is Optional:
                                                  SecretFile is the path to key ring
                                                  for User, default is /etc/ceph/user.secret
                                                  More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: string
                                              secretRef:
                                                description: 'secretRef is Optional:
                                                  SecretRef is reference to the authentication
                                                  secret for User, default is empty.
                                                  More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              user:
                                                description: 'user is optional: User
                                                  is the rados user name, default
                                                  is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                                type: string
                                            required:
                                            - monitors
                                            type: object
                                          cinder:
                                            description: 'cinder represents a cinder
                                              volume attached and mounted on kubelets
                                              host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: string
                                              readOnly:
                                                description: 'readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is optional:
                                                  points to a secret object containing
                                                  parameters used to connect to OpenStack.'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              volumeID:
                                                description: 'volumeID used to identify
                                                  the volume in cinder. More info:
                                                  https://examples.k8s.io/mysql-cinder-pd/README.md'
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          configMap:
                                            description: configMap represents a configMap
                                              that should populate this volume
                                            properties:
                                              defaultMode:
                                                description: 'defaultMode is optional:
                                                  mode bits used to set permissions
                                                  on created files by default. Must
                                                  be an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Defaults
                                                  to 0644. Directories within the
                                                  path are not affected by this setting.
                                                  This might be in conflict with other
                                                  options that affect the file mode,
                                                  like fsGroup, and the result can
                                                  be other mode bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: items if unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced ConfigMap
                                                  will be projected into the volume
                                                  as a file whose name is the key
                                                  and content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the ConfigMap, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: optional specify whether
                                                  the ConfigMap or its keys must be
                                                  defined
                                                type: boolean
                                            type: object
                                          csi:
                                            description: csi (Container Storage Interface)
                                              represents ephemeral storage that is
                                              handled by certain external CSI drivers
                                              (Beta feature).
                                            properties:
                                              driver:
                                                description: driver is the name of
                                                  the CSI driver that handles this
                                                  volume. Consult with your admin
                                                  for the correct name as registered
                                                  in the cluster.
                                                type: string
                                              fsType:
                                                description: fsType to mount. Ex.
                                                  "ext4", "xfs", "ntfs". If not provided,
                                                  the empty value is passed to the
                                                  associated CSI driver which will
                                                  determine the default filesystem
                                                  to apply.
                                                type: string
                                              nodePublishSecretRef:
                                                description: nodePublishSecretRef
                                                  is a reference to the secret object
                                                  containing sensitive information
                                                  to pass to the CSI driver to complete
                                                  the CSI NodePublishVolume and NodeUnpublishVolume
                                                  calls. This field is optional, and  may
                                                  be empty if no secret is required.
                                                  If the secret object contains more
                                                  than one secret, all secret references
                                                  are passed.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              readOnly:
                                                description: readOnly specifies a
                                                  read-only configuration for the
                                                  volume. Defaults to false (read/write).
                                                type: boolean
                                              volumeAttributes:
                                                additionalProperties:
                                                  type: string
                                                description: volumeAttributes stores
                                                  driver-specific properties that
                                                  are passed to the CSI driver. Consult
                                                  your driver's documentation for
                                                  supported values.
                                                type: object
                                            required:
                                            - driver
                                            type: object
                                          downwardAPI:
                                            description: downwardAPI represents downward
                                              API about the pod that should populate
                                              this volume
                                            properties:
                                              defaultMode:
                                                description: 'Optional: mode bits
                                                  to use on created files by default.
                                                  Must be a Optional: mode bits used
                                                  to set permissions on created files
                                                  by default. Must be an octal value
                                                  between 0000 and 0777 or a decimal
                                                  value between 0 and 511. YAML accepts
                                                  both octal and decimal values, JSON
                                                  requires decimal values for mode
                                                  bits. Defaults to 0644. Directories
                                                  within the path are not affected
                                                  by this setting. This might be in
                                                  conflict with other options that
                                                  affect the file mode, like fsGroup,
                                                  and the result can be other mode
                                                  bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: Items is a list of downward
                                                  API volume file
                                                items:
                                                  description: DownwardAPIVolumeFile
                                                    represents information to create
                                                    the file containing the pod field
                                                  properties:
                                                    fieldRef:
                                                      description: 'Required: Selects
                                                        a field of the pod: only annotations,
                                                        labels, name and namespace
                                                        are supported.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    mode:
                                                      description: 'Optional: mode
                                                        bits used to set permissions
                                                        on this file, must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: 'Required: Path
                                                        is  the relative path name
                                                        of the file to be created.
                                                        Must not be absolute or contain
                                                        the ''..'' path. Must be utf-8
                                                        encoded. The first item of
                                                        the relative path must not
                                                        start with ''..'''
                                                      type: string
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, requests.cpu
                                                        and requests.memory) are currently
                                                        supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                  required:
                                                  - path
                                                  type: object
                                                type: array
                                            type: object
                                          emptyDir:
                                            description: 'emptyDir represents a temporary
                                              directory that shares a pod''s lifetime.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            properties:
                                              medium:
                                                description: 'medium represents what
                                                  type of storage medium should back
                                                  this directory. The default is ""
                                                  which means to use the node''s default
                                                  medium. Must be an empty string
                                                  (default) or Memory. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                                type: string
                                              sizeLimit:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: 'sizeLimit is the total
                                                  amount of local storage required
                                                  for this EmptyDir volume. The size
                                                  limit is also applicable for memory
                                                  medium. The maximum usage on memory
                                                  medium EmptyDir would be the minimum
                                                  value between the SizeLimit specified
                                                  here and the sum of memory limits
                                                  of all containers in a pod. The
                                                  default is nil which means that
                                                  the limit is undefined. More info:
                                                  http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                            type: object
                                          ephemeral:
                                            description: "ephemeral represents a volume
                                              that is handled by a cluster storage
                                              driver. The volume's lifecycle is tied
                                              to the pod that defines it - it will
                                              be created before the pod starts, and
                                              deleted when the pod is removed. \n
                                              Use this if: a) the volume is only needed
                                              while the pod runs, b) features of normal
                                              volumes like restoring from snapshot
                                              or capacity    tracking are needed,
                                              c) the storage driver is specified through
                                              a storage class, and d) the storage
                                              driver supports dynamic volume provisioning
                                              through    a PersistentVolumeClaim (see
                                              EphemeralVolumeSource for more    information
                                              on the connection between this volume
                                              type    and PersistentVolumeClaim).
                                              \n Use PersistentVolumeClaim or one
                                              of the vendor-specific APIs for volumes
                                              that persist for longer than the lifecycle
                                              of an individual pod. \n Use CSI for
                                              light-weight local ephemeral volumes
                                              if the CSI driver is meant to be used
                                              that way - see the documentation of
                                              the driver for more information. \n
                                              A pod can use both types of ephemeral
                                              volumes and persistent volumes at the
                                              same time."
                                            properties:
                                              volumeClaimTemplate:
                                                description: "Will be used to create
                                                  a stand-alone PVC to provision the
                                                  volume. The pod in which this EphemeralVolumeSource
                                                  is embedded will be the owner of
                                                  the PVC, i.e. the PVC will be deleted
                                                  together with the pod.  The name
                                                  of the PVC will be `<pod name>-<volume
                                                  name>` where `<volume name>` is
                                                  the name from the `PodSpec.Volumes`
                                                  array entry. Pod validation will
                                                  reject the pod if the concatenated
                                                  name is not valid for a PVC (for
                                                  example, too long). \n An existing
                                                  PVC with that name that is not owned
                                                  by the pod will *not* be used for
                                                  the pod to avoid using an unrelated
                                                  volume by mistake. Starting the
                                                  pod is then blocked until the unrelated
                                                  PVC is removed. If such a pre-created
                                                  PVC is meant to be used by the pod,
                                                  the PVC has to updated with an owner
                                                  reference to the pod once the pod
                                                  exists. Normally this should not
                                                  be necessary, but it may be useful
                                                  when manually reconstructing a broken
                                                  cluster. \n This field is read-only
                                                  and no changes will be made by Kubernetes
                                                  to the PVC after it has been created.
                                                  \n Required, must not be nil."
                                                properties:
                                                  metadata:
                                                    description: May contain labels
                                                      and annotations that will be
                                                      copied into the PVC when creating
                                                      it. No other fields are allowed
                                                      and will be rejected during
                                                      validation.
                                                    type: object
                                                  spec:
                                                    description: The specification
                                                      for the PersistentVolumeClaim.
                                                      The entire content is copied
                                                      unchanged into the PVC that
                                                      gets created from this template.
                                                      The same fields as in a PersistentVolumeClaim
                                                      are also valid here.
                                                    properties:
                                                      accessModes:
                                                        description: 'accessModes
                                                          contains the desired access
                                                          modes the volume should
                                                          have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                        items:
                                                          type: string
                                                        type: array
                                                      dataSource:
                                                        description: 'dataSource field
                                                          can be used to specify either:
                                                          * An existing VolumeSnapshot
                                                          object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                          * An existing PVC (PersistentVolumeClaim)
                                                          If the provisioner or an
                                                          external controller can
                                                          support the specified data
                                                          source, it will create a
                                                          new volume based on the
                                                          contents of the specified
                                                          data source. If the AnyVolumeDataSource
                                                          feature gate is enabled,
                                                          this field will always have
                                                          the same contents as the
                                                          DataSourceRef field.'
                                                        properties:
                                                          apiGroup:
                                                            description: APIGroup
                                                              is the group for the
                                                              resource being referenced.
                                                              If APIGroup is not specified,
                                                              the specified Kind must
                                                              be in the core API group.
                                                              For any other third-party
                                                              types, APIGroup is required.
                                                            type: string
                                                          kind:
                                                            description: Kind is the
                                                              type of resource being
                                                              referenced
                                                            type: string
                                                          name:
                                                            description: Name is the
                                                              name of resource being
                                                              referenced
                                                            type: string
                                                        required:
                                                        - kind
                                                        - name
                                                        type: object
                                                      dataSourceRef:
                                                        description: 'dataSourceRef
                                                          specifies the object from
                                                          which to populate the volume
                                                          with data, if a non-empty
                                                          volume is desired. This
                                                          may be any local object
                                                          from a non-empty API group
                                                          (non core object) or a PersistentVolumeClaim
                                                          object. When this field
                                                          is specified, volume binding
                                                          will only succeed if the
                                                          type of the specified object
                                                          matches some installed volume
                                                          populator or dynamic provisioner.
                                                          This field will replace
                                                          the functionality of the
                                                          DataSource field and as
                                                          such if both fields are
                                                          non-empty, they must have
                                                          the same value. For backwards
                                                          compatibility, both fields
                                                          (DataSource and DataSourceRef)
                                                          will be set to the same
                                                          value automatically if one
                                                          of them is empty and the
                                                          other is non-empty. There
                                                          are two important differences
                                                          between DataSource and DataSourceRef:
                                                          * While DataSource only
                                                          allows two specific types
                                                          of objects, DataSourceRef   allows
                                                          any non-core object, as
                                                          well as PersistentVolumeClaim
                                                          objects. * While DataSource
                                                          ignores disallowed values
                                                          (dropping them), DataSourceRef   preserves
                                                          all values, and generates
                                                          an error if a disallowed
                                                          value is   specified. (Beta)
                                                          Using this field requires
                                                          the AnyVolumeDataSource
                                                          feature gate to be enabled.'
                                                        properties:
                                                          apiGroup:
                                                            description: APIGroup
                                                              is the group for the
                                                              resource being referenced.
                                                              If APIGroup is not specified,
                                                              the specified Kind must
                                                              be in the core API group.
                                                              For any other third-party
                                                              types, APIGroup is required.
                                                            type: string
                                                          kind:
                                                            description: Kind is the
                                                              type of resource being
                                                              referenced
                                                            type: string
                                                          name:
                                                            description: Name is the
                                                              name of resource being
                                                              referenced
                                                            type: string
                                                        required:
                                                        - kind
                                                        - name
                                                        type: object
                                                      resources:
                                                        description: 'resources represents
                                                          the minimum resources the
                                                          volume should have. If RecoverVolumeExpansionFailure
                                                          feature is enabled users
                                                          are allowed to specify resource
                                                          requirements that are lower
                                                          than previous value but
                                                          must still be higher than
                                                          capacity recorded in the
                                                          status field of the claim.
                                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                        properties:
                                                          limits:
                                                            additionalProperties:
                                                              anyOf:
                                                              - type: integer
                                                              - type: string
                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                              x-kubernetes-int-or-string: true
                                                            description: 'Limits describes
                                                              the maximum amount of
                                                              compute resources allowed.
                                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                            type: object
                                                          requests:
                                                            additionalProperties:
                                                              anyOf:
                                                              - type: integer
                                                              - type: string
                                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                              x-kubernetes-int-or-string: true
                                                            description: 'Requests
                                                              describes the minimum
                                                              amount of compute resources
                                                              required. If Requests
                                                              is omitted for a container,
                                                              it defaults to Limits
                                                              if that is explicitly
                                                              specified, otherwise
                                                              to an implementation-defined
                                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                            type: object
                                                        type: object
                                                      selector:
                                                        description: selector is a
                                                          label query over volumes
                                                          to consider for binding.
                                                        properties:
                                                          matchExpressions:
                                                            description: matchExpressions
                                                              is a list of label selector
                                                              requirements. The requirements
                                                              are ANDed.
                                                            items:
                                                              description: A label
                                                                selector requirement
                                                                is a selector that
                                                                contains values, a
                                                                key, and an operator
                                                                that relates the key
                                                                and values.
                                                              properties:
                                                                key:
                                                                  description: key
                                                                    is the label key
                                                                    that the selector
                                                                    applies to.
                                                                  type: string
                                                                operator:
                                                                  description: operator
                                                                    represents a key's
                                                                    relationship to
                                                                    a set of values.
                                                                    Valid operators
                                                                    are In, NotIn,
                                                                    Exists and DoesNotExist.
                                                                  type: string
                                                                values:
                                                                  description: values
                                                                    is an array of
                                                                    string values.
                                                                    If the operator
                                                                    is In or NotIn,
                                                                    the values array
                                                                    must be non-empty.
                                                                    If the operator
                                                                    is Exists or DoesNotExist,
                                                                    the values array
                                                                    must be empty.
                                                                    This array is
                                                                    replaced during
                                                                    a strategic merge
                                                                    patch.
                                                                  items:
                                                                    type: string
                                                                  type: array
                                                              required:
                                                              - key
                                                              - operator
                                                              type: object
                                                            type: array
                                                          matchLabels:
                                                            additionalProperties:
                                                              type: string
                                                            description: matchLabels
                                                              is a map of {key,value}
                                                              pairs. A single {key,value}
                                                              in the matchLabels map
                                                              is equivalent to an
                                                              element of matchExpressions,
                                                              whose key field is "key",
                                                              the operator is "In",
                                                              and the values array
                                                              contains only "value".
                                                              The requirements are
                                                              ANDed.
                                                            type: object
                                                        type: object
                                                      storageClassName:
                                                        description: 'storageClassName
                                                          is the name of the StorageClass
                                                          required by the claim. More
                                                          info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                        type: string
                                                      volumeMode:
                                                        description: volumeMode defines
                                                          what type of volume is required
                                                          by the claim. Value of Filesystem
                                                          is implied when not included
                                                          in claim spec.
                                                        type: string
                                                      volumeName:
                                                        description: volumeName is
                                                          the binding reference to
                                                          the PersistentVolume backing
                                                          this claim.
                                                        type: string
                                                    type: object
                                                required:
                                                - spec
                                                type: object
                                            type: object
                                          fc:
                                            description: fc represents a Fibre Channel
                                              resource that is attached to a kubelet's
                                              host machine and then exposed to the
                                              pod.
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified. TODO: how do we
                                                  prevent errors in the filesystem
                                                  from compromising the machine'
                                                type: string
                                              lun:
                                                description: 'lun is Optional: FC
                                                  target lun number'
                                                format: int32
                                                type: integer
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  Defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts.'
                                                type: boolean
                                              targetWWNs:
                                                description: 'targetWWNs is Optional:
                                                  FC target worldwide names (WWNs)'
                                                items:
                                                  type: string
                                                type: array
                                              wwids:
                                                description: 'wwids Optional: FC volume
                                                  world wide identifiers (wwids) Either
                                                  wwids or combination of targetWWNs
                                                  and lun must be set, but not both
                                                  simultaneously.'
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          flexVolume:
                                            description: flexVolume represents a generic
                                              volume resource that is provisioned/attached
                                              using an exec based plugin.
                                            properties:
                                              driver:
                                                description: driver is the name of
                                                  the driver to use for this volume.
                                                type: string
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  The default filesystem depends on
                                                  FlexVolume script.
                                                type: string
                                              options:
                                                additionalProperties:
                                                  type: string
                                                description: 'options is Optional:
                                                  this field holds extra command options
                                                  if any.'
                                                type: object
                                              readOnly:
                                                description: 'readOnly is Optional:
                                                  defaults to false (read/write).
                                                  ReadOnly here will force the ReadOnly
                                                  setting in VolumeMounts.'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is Optional:
                                                  secretRef is reference to the secret
                                                  object containing sensitive information
                                                  to pass to the plugin scripts. This
                                                  may be empty if no secret object
                                                  is specified. If the secret object
                                                  contains more than one secret, all
                                                  secrets are passed to the plugin
                                                  scripts.'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                            required:
                                            - driver
                                            type: object
                                          flocker:
                                            description: flocker represents a Flocker
                                              volume attached to a kubelet's host
                                              machine. This depends on the Flocker
                                              control service being running
                                            properties:
                                              datasetName:
                                                description: datasetName is Name of
                                                  the dataset stored as metadata ->
                                                  name on the dataset for Flocker
                                                  should be considered as deprecated
                                                type: string
                                              datasetUUID:
                                                description: datasetUUID is the UUID
                                                  of the dataset. This is unique identifier
                                                  of a Flocker dataset
                                                type: string
                                            type: object
                                          gcePersistentDisk:
                                            description: 'gcePersistentDisk represents
                                              a GCE Disk resource that is attached
                                              to a kubelet''s host machine and then
                                              exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            properties:
                                              fsType:
                                                description: 'fsType is filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              partition:
                                                description: 'partition is the partition
                                                  in the volume that you want to mount.
                                                  If omitted, the default is to mount
                                                  by volume name. Examples: For volume
                                                  /dev/sda1, you specify the partition
                                                  as "1". Similarly, the volume partition
                                                  for /dev/sda is "0" (or you can
                                                  leave the property empty). More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                format: int32
                                                type: integer
                                              pdName:
                                                description: 'pdName is unique name
                                                  of the PD resource in GCE. Used
                                                  to identify the disk in GCE. More
                                                  info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                                type: boolean
                                            required:
                                            - pdName
                                            type: object
                                          gitRepo:
                                            description: 'gitRepo represents a git
                                              repository at a particular revision.
                                              DEPRECATED: GitRepo is deprecated. To
                                              provision a container with a git repo,
                                              mount an EmptyDir into an InitContainer
                                              that clones the repo using git, then
                                              mount the EmptyDir into the Pod''s container.'
                                            properties:
                                              directory:
                                                description: directory is the target
                                                  directory name. Must not contain
                                                  or start with '..'.  If '.' is supplied,
                                                  the volume directory will be the
                                                  git repository.  Otherwise, if specified,
                                                  the volume will contain the git
                                                  repository in the subdirectory with
                                                  the given name.
                                                type: string
                                              repository:
                                                description: repository is the URL
                                                type: string
                                              revision:
                                                description: revision is the commit
                                                  hash for the specified revision.
                                                type: string
                                            required:
                                            - repository
                                            type: object
                                          glusterfs:
                                            description: 'glusterfs represents a Glusterfs
                                              mount on the host that shares a pod''s
                                              lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                            properties:
                                              endpoints:
                                                description: 'endpoints is the endpoint
                                                  name that details Glusterfs topology.
                                                  More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: string
                                              path:
                                                description: 'path is the Glusterfs
                                                  volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the Glusterfs volume to be mounted
                                                  with read-only permissions. Defaults
                                                  to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                                type: boolean
                                            required:
                                            - endpoints
                                            - path
                                            type: object
                                          hostPath:
                                            description: 'hostPath represents a pre-existing
                                              file or directory on the host machine
                                              that is directly exposed to the container.
                                              This is generally used for system agents
                                              or other privileged things that are
                                              allowed to see the host machine. Most
                                              containers will NOT need this. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                              --- TODO(jonesdl) We need to restrict
                                              who can use host directory mounts and
                                              who can/can not mount host directories
                                              as read/write.'
                                            properties:
                                              path:
                                                description: 'path of the directory
                                                  on the host. If the path is a symlink,
                                                  it will follow the link to the real
                                                  path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                                type: string
                                              type:
                                                description: 'type for HostPath Volume
                                                  Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                                type: string
                                            required:
                                            - path
                                            type: object
                                          iscsi:
                                            description: 'iscsi represents an ISCSI
                                              Disk resource that is attached to a
                                              kubelet''s host machine and then exposed
                                              to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                            properties:
                                              chapAuthDiscovery:
                                                description: chapAuthDiscovery defines
                                                  whether support iSCSI Discovery
                                                  CHAP authentication
                                                type: boolean
                                              chapAuthSession:
                                                description: chapAuthSession defines
                                                  whether support iSCSI Session CHAP
                                                  authentication
                                                type: boolean
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              initiatorName:
                                                description: initiatorName is the
                                                  custom iSCSI Initiator Name. If
                                                  initiatorName is specified with
                                                  iscsiInterface simultaneously, new
                                                  iSCSI interface <target portal>:<volume
                                                  name> will be created for the connection.
                                                type: string
                                              iqn:
                                                description: iqn is the target iSCSI
                                                  Qualified Name.
                                                type: string
                                              iscsiInterface:
                                                description: iscsiInterface is the
                                                  interface Name that uses an iSCSI
                                                  transport. Defaults to 'default'
                                                  (tcp).
                                                type: string
                                              lun:
                                                description: lun represents iSCSI
                                                  Target Lun number.
                                                format: int32
                                                type: integer
                                              portals:
                                                description: portals is the iSCSI
                                                  Target Portal List. The portal is
                                                  either an IP or ip_addr:port if
                                                  the port is other than default (typically
                                                  TCP ports 860 and 3260).
                                                items:
                                                  type: string
                                                type: array
                                              readOnly:
                                                description: readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false.
                                                type: boolean
                                              secretRef:
                                                description: secretRef is the CHAP
                                                  Secret for iSCSI target and initiator
                                                  authentication
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              targetPortal:
                                                description: targetPortal is iSCSI
                                                  Target Portal. The Portal is either
                                                  an IP or ip_addr:port if the port
                                                  is other than default (typically
                                                  TCP ports 860 and 3260).
                                                type: string
                                            required:
                                            - iqn
                                            - lun
                                            - targetPortal
                                            type: object
                                          name:
                                            description: 'name of the volume. Must
                                              be a DNS_LABEL and unique within the
                                              pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                            type: string
                                          nfs:
                                            description: 'nfs represents an NFS mount
                                              on the host that shares a pod''s lifetime
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            properties:
                                              path:
                                                description: 'path that is exported
                                                  by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the NFS export to be mounted with
                                                  read-only permissions. Defaults
                                                  to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: boolean
                                              server:
                                                description: 'server is the hostname
                                                  or IP address of the NFS server.
                                                  More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                                type: string
                                            required:
                                            - path
                                            - server
                                            type: object
                                          persistentVolumeClaim:
                                            description: 'persistentVolumeClaimVolumeSource
                                              represents a reference to a PersistentVolumeClaim
                                              in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            properties:
                                              claimName:
                                                description: 'claimName is the name
                                                  of a PersistentVolumeClaim in the
                                                  same namespace as the pod using
                                                  this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                                type: string
                                              readOnly:
                                                description: readOnly Will force the
                                                  ReadOnly setting in VolumeMounts.
                                                  Default false.
                                                type: boolean
                                            required:
                                            - claimName
                                            type: object
                                          photonPersistentDisk:
                                            description: photonPersistentDisk represents
                                              a PhotonController persistent disk attached
                                              and mounted on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              pdID:
                                                description: pdID is the ID that identifies
                                                  Photon Controller persistent disk
                                                type: string
                                            required:
                                            - pdID
                                            type: object
                                          portworxVolume:
                                            description: portworxVolume represents
                                              a portworx volume attached and mounted
                                              on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fSType represents the
                                                  filesystem type to mount Must be
                                                  a filesystem type supported by the
                                                  host operating system. Ex. "ext4",
                                                  "xfs". Implicitly inferred to be
                                                  "ext4" if unspecified.
                                                type: string
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              volumeID:
                                                description: volumeID uniquely identifies
                                                  a Portworx volume
                                                type: string
                                            required:
                                            - volumeID
                                            type: object
                                          projected:
                                            description: projected items for all in
                                              one resources secrets, configmaps, and
                                              downward API
                                            properties:
                                              defaultMode:
                                                description: defaultMode are the mode
                                                  bits used to set permissions on
                                                  created files by default. Must be
                                                  an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Directories
                                                  within the path are not affected
                                                  by this setting. This might be in
                                                  conflict with other options that
                                                  affect the file mode, like fsGroup,
                                                  and the result can be other mode
                                                  bits set.
                                                format: int32
                                                type: integer
                                              sources:
                                                description: sources is the list of
                                                  volume projections
                                                items:
                                                  description: Projection that may
                                                    be projected along with other
                                                    supported volume types
                                                  properties:
                                                    configMap:
                                                      description: configMap information
                                                        about the configMap data to
                                                        project
                                                      properties:
                                                        items:
                                                          description: items if unspecified,
                                                            each key-value pair in
                                                            the Data field of the
                                                            referenced ConfigMap will
                                                            be projected into the
                                                            volume as a file whose
                                                            name is the key and content
                                                            is the value. If specified,
                                                            the listed keys will be
                                                            projected into the specified
                                                            paths, and unlisted keys
                                                            will not be present. If
                                                            a key is specified which
                                                            is not present in the
                                                            ConfigMap, the volume
                                                            setup will error unless
                                                            it is marked optional.
                                                            Paths must be relative
                                                            and may not contain the
                                                            '..' path or start with
                                                            '..'.
                                                          items:
                                                            description: Maps a string
                                                              key to a path within
                                                              a volume.
                                                            properties:
                                                              key:
                                                                description: key is
                                                                  the key to project.
                                                                type: string
                                                              mode:
                                                                description: 'mode
                                                                  is Optional: mode
                                                                  bits used to set
                                                                  permissions on this
                                                                  file. Must be an
                                                                  octal value between
                                                                  0000 and 0777 or
                                                                  a decimal value
                                                                  between 0 and 511.
                                                                  YAML accepts both
                                                                  octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: path
                                                                  is the relative
                                                                  path of the file
                                                                  to map the key to.
                                                                  May not be an absolute
                                                                  path. May not contain
                                                                  the path element
                                                                  '..'. May not start
                                                                  with the string
                                                                  '..'.
                                                                type: string
                                                            required:
                                                            - key
                                                            - path
                                                            type: object
                                                          type: array
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: optional specify
                                                            whether the ConfigMap
                                                            or its keys must be defined
                                                          type: boolean
                                                      type: object
                                                    downwardAPI:
                                                      description: downwardAPI information
                                                        about the downwardAPI data
                                                        to project
                                                      properties:
                                                        items:
                                                          description: Items is a
                                                            list of DownwardAPIVolume
                                                            file
                                                          items:
                                                            description: DownwardAPIVolumeFile
                                                              represents information
                                                              to create the file containing
                                                              the pod field
                                                            properties:
                                                              fieldRef:
                                                                description: 'Required:
                                                                  Selects a field
                                                                  of the pod: only
                                                                  annotations, labels,
                                                                  name and namespace
                                                                  are supported.'
                                                                properties:
                                                                  apiVersion:
                                                                    description: Version
                                                                      of the schema
                                                                      the FieldPath
                                                                      is written in
                                                                      terms of, defaults
                                                                      to "v1".
                                                                    type: string
                                                                  fieldPath:
                                                                    description: Path
                                                                      of the field
                                                                      to select in
                                                                      the specified
                                                                      API version.
                                                                    type: string
                                                                required:
                                                                - fieldPath
                                                                type: object
                                                              mode:
                                                                description: 'Optional:
                                                                  mode bits used to
                                                                  set permissions
                                                                  on this file, must
                                                                  be an octal value
                                                                  between 0000 and
                                                                  0777 or a decimal
                                                                  value between 0
                                                                  and 511. YAML accepts
                                                                  both octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: 'Required:
                                                                  Path is  the relative
                                                                  path name of the
                                                                  file to be created.
                                                                  Must not be absolute
                                                                  or contain the ''..''
                                                                  path. Must be utf-8
                                                                  encoded. The first
                                                                  item of the relative
                                                                  path must not start
                                                                  with ''..'''
                                                                type: string
                                                              resourceFieldRef:
                                                                description: 'Selects
                                                                  a resource of the
                                                                  container: only
                                                                  resources limits
                                                                  and requests (limits.cpu,
                                                                  limits.memory, requests.cpu
                                                                  and requests.memory)
                                                                  are currently supported.'
                                                                properties:
                                                                  containerName:
                                                                    description: 'Container
                                                                      name: required
                                                                      for volumes,
                                                                      optional for
                                                                      env vars'
                                                                    type: string
                                                                  divisor:
                                                                    anyOf:
                                                                    - type: integer
                                                                    - type: string
                                                                    description: Specifies
                                                                      the output format
                                                                      of the exposed
                                                                      resources, defaults
                                                                      to "1"
                                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                    x-kubernetes-int-or-string: true
                                                                  resource:
                                                                    description: 'Required:
                                                                      resource to
                                                                      select'
                                                                    type: string
                                                                required:
                                                                - resource
                                                                type: object
                                                            required:
                                                            - path
                                                            type: object
                                                          type: array
                                                      type: object
                                                    secret:
                                                      description: secret information
                                                        about the secret data to project
                                                      properties:
                                                        items:
                                                          description: items if unspecified,
                                                            each key-value pair in
                                                            the Data field of the
                                                            referenced Secret will
                                                            be projected into the
                                                            volume as a file whose
                                                            name is the key and content
                                                            is the value. If specified,
                                                            the listed keys will be
                                                            projected into the specified
                                                            paths, and unlisted keys
                                                            will not be present. If
                                                            a key is specified which
                                                            is not present in the
                                                            Secret, the volume setup
                                                            will error unless it is
                                                            marked optional. Paths
                                                            must be relative and may
                                                            not contain the '..' path
                                                            or start with '..'.
                                                          items:
                                                            description: Maps a string
                                                              key to a path within
                                                              a volume.
                                                            properties:
                                                              key:
                                                                description: key is
                                                                  the key to project.
                                                                type: string
                                                              mode:
                                                                description: 'mode
                                                                  is Optional: mode
                                                                  bits used to set
                                                                  permissions on this
                                                                  file. Must be an
                                                                  octal value between
                                                                  0000 and 0777 or
                                                                  a decimal value
                                                                  between 0 and 511.
                                                                  YAML accepts both
                                                                  octal and decimal
                                                                  values, JSON requires
                                                                  decimal values for
                                                                  mode bits. If not
                                                                  specified, the volume
                                                                  defaultMode will
                                                                  be used. This might
                                                                  be in conflict with
                                                                  other options that
                                                                  affect the file
                                                                  mode, like fsGroup,
                                                                  and the result can
                                                                  be other mode bits
                                                                  set.'
                                                                format: int32
                                                                type: integer
                                                              path:
                                                                description: path
                                                                  is the relative
                                                                  path of the file
                                                                  to map the key to.
                                                                  May not be an absolute
                                                                  path. May not contain
                                                                  the path element
                                                                  '..'. May not start
                                                                  with the string
                                                                  '..'.
                                                                type: string
                                                            required:
                                                            - key
                                                            - path
                                                            type: object
                                                          type: array
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: optional field
                                                            specify whether the Secret
                                                            or its key must be defined
                                                          type: boolean
                                                      type: object
                                                    serviceAccountToken:
                                                      description: serviceAccountToken
                                                        is information about the serviceAccountToken
                                                        data to project
                                                      properties:
                                                        audience:
                                                          description: audience is
                                                            the intended audience
                                                            of the token. A recipient
                                                            of a token must identify
                                                            itself with an identifier
                                                            specified in the audience
                                                            of the token, and otherwise
                                                            should reject the token.
                                                            The audience defaults
                                                            to the identifier of the
                                                            apiserver.
                                                          type: string
                                                        expirationSeconds:
                                                          description: expirationSeconds
                                                            is the requested duration
                                                            of validity of the service
                                                            account token. As the
                                                            token approaches expiration,
                                                            the kubelet volume plugin
                                                            will proactively rotate
                                                            the service account token.
                                                            The kubelet will start
                                                            trying to rotate the token
                                                            if the token is older
                                                            than 80 percent of its
                                                            time to live or if the
                                                            token is older than 24
                                                            hours.Defaults to 1 hour
                                                            and must be at least 10
                                                            minutes.
                                                          format: int64
                                                          type: integer
                                                        path:
                                                          description: path is the
                                                            path relative to the mount
                                                            point of the file to project
                                                            the token into.
                                                          type: string
                                                      required:
                                                      - path
                                                      type: object
                                                  type: object
                                                type: array
                                            type: object
                                          quobyte:
                                            description: quobyte represents a Quobyte
                                              mount on the host that shares a pod's
                                              lifetime
                                            properties:
                                              group:
                                                description: group to map volume access
                                                  to Default is no group
                                                type: string
                                              readOnly:
                                                description: readOnly here will force
                                                  the Quobyte volume to be mounted
                                                  with read-only permissions. Defaults
                                                  to false.
                                                type: boolean
                                              registry:
                                                description: registry represents a
                                                  single or multiple Quobyte Registry
                                                  services specified as a string as
                                                  host:port pair (multiple entries
                                                  are separated with commas) which
                                                  acts as the central registry for
                                                  volumes
                                                type: string
                                              tenant:
                                                description: tenant owning the given
                                                  Quobyte volume in the Backend Used
                                                  with dynamically provisioned Quobyte
                                                  volumes, value is set by the plugin
                                                type: string
                                              user:
                                                description: user to map volume access
                                                  to Defaults to serivceaccount user
                                                type: string
                                              volume:
                                                description: volume is a string that
                                                  references an already created Quobyte
                                                  volume by name.
                                                type: string
                                            required:
                                            - registry
                                            - volume
                                            type: object
                                          rbd:
                                            description: 'rbd represents a Rados Block
                                              Device mount on the host that shares
                                              a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                            properties:
                                              fsType:
                                                description: 'fsType is the filesystem
                                                  type of the volume that you want
                                                  to mount. Tip: Ensure that the filesystem
                                                  type is supported by the host operating
                                                  system. Examples: "ext4", "xfs",
                                                  "ntfs". Implicitly inferred to be
                                                  "ext4" if unspecified. More info:
                                                  https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                                  TODO: how do we prevent errors in
                                                  the filesystem from compromising
                                                  the machine'
                                                type: string
                                              image:
                                                description: 'image is the rados image
                                                  name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              keyring:
                                                description: 'keyring is the path
                                                  to key ring for RBDUser. Default
                                                  is /etc/ceph/keyring. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              monitors:
                                                description: 'monitors is a collection
                                                  of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                items:
                                                  type: string
                                                type: array
                                              pool:
                                                description: 'pool is the rados pool
                                                  name. Default is rbd. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                              readOnly:
                                                description: 'readOnly here will force
                                                  the ReadOnly setting in VolumeMounts.
                                                  Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: boolean
                                              secretRef:
                                                description: 'secretRef is name of
                                                  the authentication secret for RBDUser.
                                                  If provided overrides keyring. Default
                                                  is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              user:
                                                description: 'user is the rados user
                                                  name. Default is admin. More info:
                                                  https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                                type: string
                                            required:
                                            - image
                                            - monitors
                                            type: object
                                          scaleIO:
                                            description: scaleIO represents a ScaleIO
                                              persistent volume attached and mounted
                                              on Kubernetes nodes.
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Default is "xfs".
                                                type: string
                                              gateway:
                                                description: gateway is the host address
                                                  of the ScaleIO API Gateway.
                                                type: string
                                              protectionDomain:
                                                description: protectionDomain is the
                                                  name of the ScaleIO Protection Domain
                                                  for the configured storage.
                                                type: string
                                              readOnly:
                                                description: readOnly Defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretRef:
                                                description: secretRef references
                                                  to the secret for ScaleIO user and
                                                  other sensitive information. If
                                                  this is not provided, Login operation
                                                  will fail.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              sslEnabled:
                                                description: sslEnabled Flag enable/disable
                                                  SSL communication with Gateway,
                                                  default false
                                                type: boolean
                                              storageMode:
                                                description: storageMode indicates
                                                  whether the storage for a volume
                                                  should be ThickProvisioned or ThinProvisioned.
                                                  Default is ThinProvisioned.
                                                type: string
                                              storagePool:
                                                description: storagePool is the ScaleIO
                                                  Storage Pool associated with the
                                                  protection domain.
                                                type: string
                                              system:
                                                description: system is the name of
                                                  the storage system as configured
                                                  in ScaleIO.
                                                type: string
                                              volumeName:
                                                description: volumeName is the name
                                                  of a volume already created in the
                                                  ScaleIO system that is associated
                                                  with this volume source.
                                                type: string
                                            required:
                                            - gateway
                                            - secretRef
                                            - system
                                            type: object
                                          secret:
                                            description: 'secret represents a secret
                                              that should populate this volume. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            properties:
                                              defaultMode:
                                                description: 'defaultMode is Optional:
                                                  mode bits used to set permissions
                                                  on created files by default. Must
                                                  be an octal value between 0000 and
                                                  0777 or a decimal value between
                                                  0 and 511. YAML accepts both octal
                                                  and decimal values, JSON requires
                                                  decimal values for mode bits. Defaults
                                                  to 0644. Directories within the
                                                  path are not affected by this setting.
                                                  This might be in conflict with other
                                                  options that affect the file mode,
                                                  like fsGroup, and the result can
                                                  be other mode bits set.'
                                                format: int32
                                                type: integer
                                              items:
                                                description: items If unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced Secret will
                                                  be projected into the volume as
                                                  a file whose name is the key and
                                                  content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the Secret, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              optional:
                                                description: optional field specify
                                                  whether the Secret or its keys must
                                                  be defined
                                                type: boolean
                                              secretName:
                                                description: 'secretName is the name
                                                  of the secret in the pod''s namespace
                                                  to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                                type: string
                                            type: object
                                          storageos:
                                            description: storageOS represents a StorageOS
                                              volume attached and mounted on Kubernetes
                                              nodes.
                                            properties:
                                              fsType:
                                                description: fsType is the filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              readOnly:
                                                description: readOnly defaults to
                                                  false (read/write). ReadOnly here
                                                  will force the ReadOnly setting
                                                  in VolumeMounts.
                                                type: boolean
                                              secretRef:
                                                description: secretRef specifies the
                                                  secret to use for obtaining the
                                                  StorageOS API credentials.  If not
                                                  specified, default values will be
                                                  attempted.
                                                properties:
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                type: object
                                              volumeName:
                                                description: volumeName is the human-readable
                                                  name of the StorageOS volume.  Volume
                                                  names are only unique within a namespace.
                                                type: string
                                              volumeNamespace:
                                                description: volumeNamespace specifies
                                                  the scope of the volume within StorageOS.  If
                                                  no namespace is specified then the
                                                  Pod's namespace will be used.  This
                                                  allows the Kubernetes name scoping
                                                  to be mirrored within StorageOS
                                                  for tighter integration. Set VolumeName
                                                  to any name to override the default
                                                  behaviour. Set to "default" if you
                                                  are not using namespaces within
                                                  StorageOS. Namespaces that do not
                                                  pre-exist within StorageOS will
                                                  be created.
                                                type: string
                                            type: object
                                          vsphereVolume:
                                            description: vsphereVolume represents
                                              a vSphere volume attached and mounted
                                              on kubelets host machine
                                            properties:
                                              fsType:
                                                description: fsType is filesystem
                                                  type to mount. Must be a filesystem
                                                  type supported by the host operating
                                                  system. Ex. "ext4", "xfs", "ntfs".
                                                  Implicitly inferred to be "ext4"
                                                  if unspecified.
                                                type: string
                                              storagePolicyID:
                                                description: storagePolicyID is the
                                                  storage Policy Based Management
                                                  (SPBM) profile ID associated with
                                                  the StoragePolicyName.
                                                type: string
                                              storagePolicyName:
                                                description: storagePolicyName is
                                                  the storage Policy Based Management
                                                  (SPBM) profile name.
                                                type: string
                                              volumePath:
                                                description: volumePath is the path
                                                  that identifies vSphere volume vmdk
                                                type: string
                                            required:
                                            - volumePath
                                            type: object
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    workspaces:
                                      description: Workspaces are the volumes that
                                        this Task requires.
                                      items:
                                        description: WorkspaceDeclaration is a declaration
                                          of a volume that a Task requires.
                                        properties:
                                          description:
                                            description: Description is an optional
                                              human readable description of this volume.
                                            type: string
                                          mountPath:
                                            description: MountPath overrides the directory
                                              that the volume will be made available
                                              at.
                                            type: string
                                          name:
                                            description: Name is the name by which
                                              you can bind the volume at runtime.
                                            type: string
                                          optional:
                                            description: Optional marks a Workspace
                                              as not being required in TaskRuns. By
                                              default this field is false and so declared
                                              workspaces are required.
                                            type: boolean
                                          readOnly:
                                            description: ReadOnly dictates whether
                                              a mounted volume is writable. By default
                                              this field is false and so mounted volumes
                                              are writable.
                                            type: boolean
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                timeout:
                                  description: 'Time after which the TaskRun times
                                    out. Defaults to 1 hour. Specified TaskRun timeout
                                    should be less than 24h. Refer Go''s ParseDuration
                                    documentation for expected format: https://golang.org/pkg/time/#ParseDuration'
                                  type: string
                                when:
                                  description: WhenExpressions is a list of when expressions
                                    that need to be true for the task to run
                                  items:
                                    description: WhenExpression allows a PipelineTask
                                      to declare expressions to be evaluated before
                                      the Task is run to determine whether the Task
                                      should be executed or skipped
                                    properties:
                                      input:
                                        description: Input is the string for guard
                                          checking which can be a static input or
                                          an output from a parent Task
                                        type: string
                                      operator:
                                        description: Operator that represents an Input's
                                          relationship to the values
                                        type: string
                                      values:
                                        description: Values is an array of strings,
                                          which is compared against the input, for
                                          guard checking It must be non-empty
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - input
                                    - operator
                                    - values
                                    type: object
                                  type: array
                                workspaces:
                                  description: Workspaces maps workspaces from the
                                    pipeline spec to the workspaces declared in the
                                    Task.
                                  items:
                                    description: WorkspacePipelineTaskBinding describes
                                      how a workspace passed into the pipeline should
                                      be mapped to a task's declared workspace.
                                    properties:
                                      name:
                                        description: Name is the name of the workspace
                                          as declared by the task
                                        type: string
                                      subPath:
                                        description: SubPath is optionally a directory
                                          on the volume which should be used for this
                                          binding (i.e. the volume will be mounted
                                          at this sub directory).
                                        type: string
                                      workspace:
                                        description: Workspace is the name of the
                                          workspace declared by the pipeline
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          workspaces:
                            description: Workspaces declares a set of named workspaces
                              that are expected to be provided by a PipelineRun.
                            items:
                              description: PipelineWorkspaceDeclaration creates a
                                named slot in a Pipeline that a PipelineRun is expected
                                to populate with a workspace binding.
                              properties:
                                description:
                                  description: Description is a human readable string
                                    describing how the workspace will be used in the
                                    Pipeline. It can be useful to include a bit of
                                    detail about which tasks are intended to have
                                    access to the data on the workspace.
                                  type: string
                                name:
                                  description: Name is the name of a workspace to
                                    be provided by a PipelineRun.
                                  type: string
                                optional:
                                  description: Optional marks a Workspace as not being
                                    required in PipelineRuns. By default this field
                                    is false and so declared workspaces are required.
                                  type: boolean
                              required:
                              - name
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                        type: object
                      podTemplate:
                        description: PodTemplate holds pod specific configuration
                        properties:
                          affinity:
                            description: If specified, the pod's scheduling constraints
                            properties:
                              nodeAffinity:
                                description: Describes node affinity scheduling rules
                                  for the pod.
                                properties:
                                  preferredDuringSchedulingIgnoredDuringExecution:
                                    description: The scheduler will prefer to schedule
                                      pods to nodes that satisfy the affinity expressions
                                      specified by this field, but it may choose a
                                      node that violates one or more of the expressions.
                                      The node that is most preferred is the one with
                                      the greatest sum of weights, i.e. for each node
                                      that meets all of the scheduling requirements
                                      (resource request, requiredDuringScheduling
                                      affinity expressions, etc.), compute a sum by
                                      iterating through the elements of this field
                                      and adding "weight" to the sum if the node matches
                                      the corresponding matchExpressions; the node(s)
                                      with the highest sum are the most preferred.
                                    items:
                                      description: An empty preferred scheduling term
                                        matches all objects with implicit weight 0
                                        (i.e. it's a no-op). A null preferred scheduling
                                        term matches no objects (i.e. is also a no-op).
                                      properties:
                                        preference:
                                          description: A node selector term, associated
                                            with the corresponding weight.
                                          properties:
                                            matchExpressions:
                                              description: A list of node selector
                                                requirements by node's labels.
                                              items:
                                                description: A node selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: The label key that
                                                      the selector applies to.
                                                    type: string
                                                  operator:
                                                    description: Represents a key's
                                                      relationship to a set of values.
                                                      Valid operators are In, NotIn,
                                                      Exists, DoesNotExist. Gt, and
                                                      Lt.
                                                    type: string
                                                  values:
                                                    description: An array of string
                                                      values. If the operator is In
                                                      or NotIn, the values array must
                                                      be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      If the operator is Gt or Lt,
                                                      the values array must have a
                                                      single element, which will be
                                                      interpreted as an integer. This
                                                      array is replaced during a strategic
                                                      merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchFields:
                                              description: A list of node selector
                                                requirements by node's fields.
                                              items:
                                                description: A node selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: The label key that
                                                      the selector applies to.
                                                    type: string
                                                  operator:
                                                    description: Represents a key's
                                                      relationship to a set of values.
                                                      Valid operators are In, NotIn,
                                                      Exists, DoesNotExist. Gt, and
                                                      Lt.
                                                    type: string
                                                  values:
                                                    description: An array of string
                                                      values. If the operator is In
                                                      or NotIn, the values array must
                                                      be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      If the operator is Gt or Lt,
                                                      the values array must have a
                                                      single element, which will be
                                                      interpreted as an integer. This
                                                      array is replaced during a strategic
                                                      merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                          type: object
                                        weight:
                                          description: Weight associated with matching
                                            the corresponding nodeSelectorTerm, in
                                            the range 1-100.
                                          format: int32
                                          type: integer
                                      required:
                                      - preference
                                      - weight
                                      type: object
                                    type: array
                                  requiredDuringSchedulingIgnoredDuringExecution:
                                    description: If the affinity requirements specified
                                      by this field are not met at scheduling time,
                                      the pod will not be scheduled onto the node.
                                      If the affinity requirements specified by this
                                      field cease to be met at some point during pod
                                      execution (e.g. due to an update), the system
                                      may or may not try to eventually evict the pod
                                      from its node.
                                    properties:
                                      nodeSelectorTerms:
                                        description: Required. A list of node selector
                                          terms. The terms are ORed.
                                        items:
                                          description: A null or empty node selector
                                            term matches no objects. The requirements
                                            of them are ANDed. The TopologySelectorTerm
                                            type implements a subset of the NodeSelectorTerm.
                                          properties:
                                            matchExpressions:
                                              description: A list of node selector
                                                requirements by node's labels.
                                              items:
                                                description: A node selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: The label key that
                                                      the selector applies to.
                                                    type: string
                                                  operator:
                                                    description: Represents a key's
                                                      relationship to a set of values.
                                                      Valid operators are In, NotIn,
                                                      Exists, DoesNotExist. Gt, and
                                                      Lt.
                                                    type: string
                                                  values:
                                                    description: An array of string
                                                      values. If the operator is In
                                                      or NotIn, the values array must
                                                      be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      If the operator is Gt or Lt,
                                                      the values array must have a
                                                      single element, which will be
                                                      interpreted as an integer. This
                                                      array is replaced during a strategic
                                                      merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchFields:
                                              description: A list of node selector
                                                requirements by node's fields.
                                              items:
                                                description: A node selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: The label key that
                                                      the selector applies to.
                                                    type: string
                                                  operator:
                                                    description: Represents a key's
                                                      relationship to a set of values.
                                                      Valid operators are In, NotIn,
                                                      Exists, DoesNotExist. Gt, and
                                                      Lt.
                                                    type: string
                                                  values:
                                                    description: An array of string
                                                      values. If the operator is In
                                                      or NotIn, the values array must
                                                      be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      If the operator is Gt or Lt,
                                                      the values array must have a
                                                      single element, which will be
                                                      interpreted as an integer. This
                                                      array is replaced during a strategic
                                                      merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                          type: object
                                        type: array
                                    required:
                                    - nodeSelectorTerms
                                    type: object
                                type: object
                              podAffinity:
                                description: Describes pod affinity scheduling rules
                                  (e.g. co-locate this pod in the same node, zone,
                                  etc. as some other pod(s)).
                                properties:
                                  preferredDuringSchedulingIgnoredDuringExecution:
                                    description: The scheduler will prefer to schedule
                                      pods to nodes that satisfy the affinity expressions
                                      specified by this field, but it may choose a
                                      node that violates one or more of the expressions.
                                      The node that is most preferred is the one with
                                      the greatest sum of weights, i.e. for each node
                                      that meets all of the scheduling requirements
                                      (resource request, requiredDuringScheduling
                                      affinity expressions, etc.), compute a sum by
                                      iterating through the elements of this field
                                      and adding "weight" to the sum if the node has
                                      pods which matches the corresponding podAffinityTerm;
                                      the node(s) with the highest sum are the most
                                      preferred.
                                    items:
                                      description: The weights of all of the matched
                                        WeightedPodAffinityTerm fields are added per-node
                                        to find the most preferred node(s)
                                      properties:
                                        podAffinityTerm:
                                          description: Required. A pod affinity term,
                                            associated with the corresponding weight.
                                          properties:
                                            labelSelector:
                                              description: A label query over a set
                                                of resources, in this case pods.
                                              properties:
                                                matchExpressions:
                                                  description: matchExpressions is
                                                    a list of label selector requirements.
                                                    The requirements are ANDed.
                                                  items:
                                                    description: A label selector
                                                      requirement is a selector that
                                                      contains values, a key, and
                                                      an operator that relates the
                                                      key and values.
                                                    properties:
                                                      key:
                                                        description: key is the label
                                                          key that the selector applies
                                                          to.
                                                        type: string
                                                      operator:
                                                        description: operator represents
                                                          a key's relationship to
                                                          a set of values. Valid operators
                                                          are In, NotIn, Exists and
                                                          DoesNotExist.
                                                        type: string
                                                      values:
                                                        description: values is an
                                                          array of string values.
                                                          If the operator is In or
                                                          NotIn, the values array
                                                          must be non-empty. If the
                                                          operator is Exists or DoesNotExist,
                                                          the values array must be
                                                          empty. This array is replaced
                                                          during a strategic merge
                                                          patch.
                                                        items:
                                                          type: string
                                                        type: array
                                                    required:
                                                    - key
                                                    - operator
                                                    type: object
                                                  type: array
                                                matchLabels:
                                                  additionalProperties:
                                                    type: string
                                                  description: matchLabels is a map
                                                    of {key,value} pairs. A single
                                                    {key,value} in the matchLabels
                                                    map is equivalent to an element
                                                    of matchExpressions, whose key
                                                    field is "key", the operator is
                                                    "In", and the values array contains
                                                    only "value". The requirements
                                                    are ANDed.
                                                  type: object
                                              type: object
                                            namespaceSelector:
                                              description: A label query over the
                                                set of namespaces that the term applies
                                                to. The term is applied to the union
                                                of the namespaces selected by this
                                                field and the ones listed in the namespaces
                                                field. null selector and null or empty
                                                namespaces list means "this pod's
                                                namespace". An empty selector ({})
                                                matches all namespaces.
                                              properties:
                                                matchExpressions:
                                                  description: matchExpressions is
                                                    a list of label selector requirements.
                                                    The requirements are ANDed.
                                                  items:
                                                    description: A label selector
                                                      requirement is a selector that
                                                      contains values, a key, and
                                                      an operator that relates the
                                                      key and values.
                                                    properties:
                                                      key:
                                                        description: key is the label
                                                          key that the selector applies
                                                          to.
                                                        type: string
                                                      operator:
                                                        description: operator represents
                                                          a key's relationship to
                                                          a set of values. Valid operators
                                                          are In, NotIn, Exists and
                                                          DoesNotExist.
                                                        type: string
                                                      values:
                                                        description: values is an
                                                          array of string values.
                                                          If the operator is In or
                                                          NotIn, the values array
                                                          must be non-empty. If the
                                                          operator is Exists or DoesNotExist,
                                                          the values array must be
                                                          empty. This array is replaced
                                                          during a strategic merge
                                                          patch.
                                                        items:
                                                          type: string
                                                        type: array
                                                    required:
                                                    - key
                                                    - operator
                                                    type: object
                                                  type: array
                                                matchLabels:
                                                  additionalProperties:
                                                    type: string
                                                  description: matchLabels is a map
                                                    of {key,value} pairs. A single
                                                    {key,value} in the matchLabels
                                                    map is equivalent to an element
                                                    of matchExpressions, whose key
                                                    field is "key", the operator is
                                                    "In", and the values array contains
                                                    only "value". The requirements
                                                    are ANDed.
                                                  type: object
                                              type: object
                                            namespaces:
                                              description: namespaces specifies a
                                                static list of namespace names that
                                                the term applies to. The term is applied
                                                to the union of the namespaces listed
                                                in this field and the ones selected
                                                by namespaceSelector. null or empty
                                                namespaces list and null namespaceSelector
                                                means "this pod's namespace".
                                              items:
                                                type: string
                                              type: array
                                            topologyKey:
                                              description: This pod should be co-located
                                                (affinity) or not co-located (anti-affinity)
                                                with the pods matching the labelSelector
                                                in the specified namespaces, where
                                                co-located is defined as running on
                                                a node whose value of the label with
                                                key topologyKey matches that of any
                                                node on which any of the selected
                                                pods is running. Empty topologyKey
                                                is not allowed.
                                              type: string
                                          required:
                                          - topologyKey
                                          type: object
                                        weight:
                                          description: weight associated with matching
                                            the corresponding podAffinityTerm, in
                                            the range 1-100.
                                          format: int32
                                          type: integer
                                      required:
                                      - podAffinityTerm
                                      - weight
                                      type: object
                                    type: array
                                  requiredDuringSchedulingIgnoredDuringExecution:
                                    description: If the affinity requirements specified
                                      by this field are not met at scheduling time,
                                      the pod will not be scheduled onto the node.
                                      If the affinity requirements specified by this
                                      field cease to be met at some point during pod
                                      execution (e.g. due to a pod label update),
                                      the system may or may not try to eventually
                                      evict the pod from its node. When there are
                                      multiple elements, the lists of nodes corresponding
                                      to each podAffinityTerm are intersected, i.e.
                                      all terms must be satisfied.
                                    items:
                                      description: Defines a set of pods (namely those
                                        matching the labelSelector relative to the
                                        given namespace(s)) that this pod should be
                                        co-located (affinity) or not co-located (anti-affinity)
                                        with, where co-located is defined as running
                                        on a node whose value of the label with key
                                        <topologyKey> matches that of any node on
                                        which a pod of the set of pods is running
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    type: array
                                type: object
                              podAntiAffinity:
                                description: Describes pod anti-affinity scheduling
                                  rules (e.g. avoid putting this pod in the same node,
                                  zone, etc. as some other pod(s)).
                                properties:
                                  preferredDuringSchedulingIgnoredDuringExecution:
                                    description: The scheduler will prefer to schedule
                                      pods to nodes that satisfy the anti-affinity
                                      expressions specified by this field, but it
                                      may choose a node that violates one or more
                                      of the expressions. The node that is most preferred
                                      is the one with the greatest sum of weights,
                                      i.e. for each node that meets all of the scheduling
                                      requirements (resource request, requiredDuringScheduling
                                      anti-affinity expressions, etc.), compute a
                                      sum by iterating through the elements of this
                                      field and adding "weight" to the sum if the
                                      node has pods which matches the corresponding
                                      podAffinityTerm; the node(s) with the highest
                                      sum are the most preferred.
                                    items:
                                      description: The weights of all of the matched
                                        WeightedPodAffinityTerm fields are added per-node
                                        to find the most preferred node(s)
                                      properties:
                                        podAffinityTerm:
                                          description: Required. A pod affinity term,
                                            associated with the corresponding weight.
                                          properties:
                                            labelSelector:
                                              description: A label query over a set
                                                of resources, in this case pods.
                                              properties:
                                                matchExpressions:
                                                  description: matchExpressions is
                                                    a list of label selector requirements.
                                                    The requirements are ANDed.
                                                  items:
                                                    description: A label selector
                                                      requirement is a selector that
                                                      contains values, a key, and
                                                      an operator that relates the
                                                      key and values.
                                                    properties:
                                                      key:
                                                        description: key is the label
                                                          key that the selector applies
                                                          to.
                                                        type: string
                                                      operator:
                                                        description: operator represents
                                                          a key's relationship to
                                                          a set of values. Valid operators
                                                          are In, NotIn, Exists and
                                                          DoesNotExist.
                                                        type: string
                                                      values:
                                                        description: values is an
                                                          array of string values.
                                                          If the operator is In or
                                                          NotIn, the values array
                                                          must be non-empty. If the
                                                          operator is Exists or DoesNotExist,
                                                          the values array must be
                                                          empty. This array is replaced
                                                          during a strategic merge
                                                          patch.
                                                        items:
                                                          type: string
                                                        type: array
                                                    required:
                                                    - key
                                                    - operator
                                                    type: object
                                                  type: array
                                                matchLabels:
                                                  additionalProperties:
                                                    type: string
                                                  description: matchLabels is a map
                                                    of {key,value} pairs. A single
                                                    {key,value} in the matchLabels
                                                    map is equivalent to an element
                                                    of matchExpressions, whose key
                                                    field is "key", the operator is
                                                    "In", and the values array contains
                                                    only "value". The requirements
                                                    are ANDed.
                                                  type: object
                                              type: object
                                            namespaceSelector:
                                              description: A label query over the
                                                set of namespaces that the term applies
                                                to. The term is applied to the union
                                                of the namespaces selected by this
                                                field and the ones listed in the namespaces
                                                field. null selector and null or empty
                                                namespaces list means "this pod's
                                                namespace". An empty selector ({})
                                                matches all namespaces.
                                              properties:
                                                matchExpressions:
                                                  description: matchExpressions is
                                                    a list of label selector requirements.
                                                    The requirements are ANDed.
                                                  items:
                                                    description: A label selector
                                                      requirement is a selector that
                                                      contains values, a key, and
                                                      an operator that relates the
                                                      key and values.
                                                    properties:
                                                      key:
                                                        description: key is the label
                                                          key that the selector applies
                                                          to.
                                                        type: string
                                                      operator:
                                                        description: operator represents
                                                          a key's relationship to
                                                          a set of values. Valid operators
                                                          are In, NotIn, Exists and
                                                          DoesNotExist.
                                                        type: string
                                                      values:
                                                        description: values is an
                                                          array of string values.
                                                          If the operator is In or
                                                          NotIn, the values array
                                                          must be non-empty. If the
                                                          operator is Exists or DoesNotExist,
                                                          the values array must be
                                                          empty. This array is replaced
                                                          during a strategic merge
                                                          patch.
                                                        items:
                                                          type: string
                                                        type: array
                                                    required:
                                                    - key
                                                    - operator
                                                    type: object
                                                  type: array
                                                matchLabels:
                                                  additionalProperties:
                                                    type: string
                                                  description: matchLabels is a map
                                                    of {key,value} pairs. A single
                                                    {key,value} in the matchLabels
                                                    map is equivalent to an element
                                                    of matchExpressions, whose key
                                                    field is "key", the operator is
                                                    "In", and the values array contains
                                                    only "value". The requirements
                                                    are ANDed.
                                                  type: object
                                              type: object
                                            namespaces:
                                              description: namespaces specifies a
                                                static list of namespace names that
                                                the term applies to. The term is applied
                                                to the union of the namespaces listed
                                                in this field and the ones selected
                                                by namespaceSelector. null or empty
                                                namespaces list and null namespaceSelector
                                                means "this pod's namespace".
                                              items:
                                                type: string
                                              type: array
                                            topologyKey:
                                              description: This pod should be co-located
                                                (affinity) or not co-located (anti-affinity)
                                                with the pods matching the labelSelector
                                                in the specified namespaces, where
                                                co-located is defined as running on
                                                a node whose value of the label with
                                                key topologyKey matches that of any
                                                node on which any of the selected
                                                pods is running. Empty topologyKey
                                                is not allowed.
                                              type: string
                                          required:
                                          - topologyKey
                                          type: object
                                        weight:
                                          description: weight associated with matching
                                            the corresponding podAffinityTerm, in
                                            the range 1-100.
                                          format: int32
                                          type: integer
                                      required:
                                      - podAffinityTerm
                                      - weight
                                      type: object
                                    type: array
                                  requiredDuringSchedulingIgnoredDuringExecution:
                                    description: If the anti-affinity requirements
                                      specified by this field are not met at scheduling
                                      time, the pod will not be scheduled onto the
                                      node. If the anti-affinity requirements specified
                                      by this field cease to be met at some point
                                      during pod execution (e.g. due to a pod label
                                      update), the system may or may not try to eventually
                                      evict the pod from its node. When there are
                                      multiple elements, the lists of nodes corresponding
                                      to each podAffinityTerm are intersected, i.e.
                                      all terms must be satisfied.
                                    items:
                                      description: Defines a set of pods (namely those
                                        matching the labelSelector relative to the
                                        given namespace(s)) that this pod should be
                                        co-located (affinity) or not co-located (anti-affinity)
                                        with, where co-located is defined as running
                                        on a node whose value of the label with key
                                        <topologyKey> matches that of any node on
                                        which a pod of the set of pods is running
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    type: array
                                type: object
                            type: object
                          automountServiceAccountToken:
                            description: AutomountServiceAccountToken indicates whether
                              pods running as this service account should have an
                              API token automatically mounted.
                            type: boolean
                          dnsConfig:
                            description: Specifies the DNS parameters of a pod. Parameters
                              specified here will be merged to the generated DNS configuration
                              based on DNSPolicy.
                            properties:
                              nameservers:
                                description: A list of DNS name server IP addresses.
                                  This will be appended to the base nameservers generated
                                  from DNSPolicy. Duplicated nameservers will be removed.
                                items:
                                  type: string
                                type: array
                              options:
                                description: A list of DNS resolver options. This
                                  will be merged with the base options generated from
                                  DNSPolicy. Duplicated entries will be removed. Resolution
                                  options given in Options will override those that
                                  appear in the base DNSPolicy.
                                items:
                                  description: PodDNSConfigOption defines DNS resolver
                                    options of a pod.
                                  properties:
                                    name:
                                      description: Required.
                                      type: string
                                    value:
                                      type: string
                                  type: object
                                type: array
                              searches:
                                description: A list of DNS search domains for host-name
                                  lookup. This will be appended to the base search
                                  paths generated from DNSPolicy. Duplicated search
                                  paths will be removed.
                                items:
                                  type: string
                                type: array
                            type: object
                          dnsPolicy:
                            description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                              Valid values are 'ClusterFirst', 'Default' or 'None'.
                              DNS parameters given in DNSConfig will be merged with
                              the policy selected with DNSPolicy.
                            type: string
                          enableServiceLinks:
                            description: 'EnableServiceLinks indicates whether information
                              about services should be injected into pod''s environment
                              variables, matching the syntax of Docker links. Optional:
                              Defaults to true.'
                            type: boolean
                          env:
                            description: List of environment variables that can be
                              provided to the containers belonging to the pod.
                            items:
                              description: EnvVar represents an environment variable
                                present in a Container.
                              properties:
                                name:
                                  description: Name of the environment variable. Must
                                    be a C_IDENTIFIER.
                                  type: string
                                value:
                                  description: 'Variable references $(VAR_NAME) are
                                    expanded using the previously defined environment
                                    variables in the container and any service environment
                                    variables. If a variable cannot be resolved, the
                                    reference in the input string will be unchanged.
                                    Double $$ are reduced to a single $, which allows
                                    for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                    will produce the string literal "$(VAR_NAME)".
                                    Escaped references will never be expanded, regardless
                                    of whether the variable exists or not. Defaults
                                    to "".'
                                  type: string
                                valueFrom:
                                  description: Source for the environment variable's
                                    value. Cannot be used if value is not empty.
                                  properties:
                                    configMapKeyRef:
                                      description: Selects a key of a ConfigMap.
                                      properties:
                                        key:
                                          description: The key to select.
                                          type: string
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the ConfigMap
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                    fieldRef:
                                      description: 'Selects a field of the pod: supports
                                        metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                        `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                        spec.serviceAccountName, status.hostIP, status.podIP,
                                        status.podIPs.'
                                      properties:
                                        apiVersion:
                                          description: Version of the schema the FieldPath
                                            is written in terms of, defaults to "v1".
                                          type: string
                                        fieldPath:
                                          description: Path of the field to select
                                            in the specified API version.
                                          type: string
                                      required:
                                      - fieldPath
                                      type: object
                                    resourceFieldRef:
                                      description: 'Selects a resource of the container:
                                        only resources limits and requests (limits.cpu,
                                        limits.memory, limits.ephemeral-storage, requests.cpu,
                                        requests.memory and requests.ephemeral-storage)
                                        are currently supported.'
                                      properties:
                                        containerName:
                                          description: 'Container name: required for
                                            volumes, optional for env vars'
                                          type: string
                                        divisor:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          description: Specifies the output format
                                            of the exposed resources, defaults to
                                            "1"
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        resource:
                                          description: 'Required: resource to select'
                                          type: string
                                      required:
                                      - resource
                                      type: object
                                    secretKeyRef:
                                      description: Selects a key of a secret in the
                                        pod's namespace
                                      properties:
                                        key:
                                          description: The key of the secret to select
                                            from.  Must be a valid secret key.
                                          type: string
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                        optional:
                                          description: Specify whether the Secret
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                  type: object
                              required:
                              - name
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          hostAliases:
                            description: HostAliases is an optional list of hosts
                              and IPs that will be injected into the pod's hosts file
                              if specified. This is only valid for non-hostNetwork
                              pods.
                            items:
                              description: HostAlias holds the mapping between IP
                                and hostnames that will be injected as an entry in
                                the pod's hosts file.
                              properties:
                                hostnames:
                                  description: Hostnames for the above IP address.
                                  items:
                                    type: string
                                  type: array
                                ip:
                                  description: IP address of the host file entry.
                                  type: string
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          hostNetwork:
                            description: HostNetwork specifies whether the pod may
                              use the node network namespace
                            type: boolean
                          imagePullSecrets:
                            description: ImagePullSecrets gives the name of the secret
                              used by the pod to pull the image if specified
                            items:
                              description: LocalObjectReference contains enough information
                                to let you locate the referenced object inside the
                                same namespace.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          nodeSelector:
                            additionalProperties:
                              type: string
                            description: 'NodeSelector is a selector which must be
                              true for the pod to fit on a node. Selector which must
                              match a node''s labels for the pod to be scheduled on
                              that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                            type: object
                          priorityClassName:
                            description: If specified, indicates the pod's priority.
                              "system-node-critical" and "system-cluster-critical"
                              are two special keywords which indicate the highest
                              priorities with the former being the highest priority.
                              Any other name must be defined by creating a PriorityClass
                              object with that name. If not specified, the pod priority
                              will be default or zero if there is no default.
                            type: string
                          runtimeClassName:
                            description: 'RuntimeClassName refers to a RuntimeClass
                              object in the node.k8s.io group, which should be used
                              to run this pod. If no RuntimeClass resource matches
                              the named class, the pod will not be run. If unset or
                              empty, the "legacy" RuntimeClass will be used, which
                              is an implicit class with an empty definition that uses
                              the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                              This is a beta feature as of Kubernetes v1.14.'
                            type: string
                          schedulerName:
                            description: SchedulerName specifies the scheduler to
                              be used to dispatch the Pod
                            type: string
                          securityContext:
                            description: 'SecurityContext holds pod-level security
                              attributes and common container settings. Optional:
                              Defaults to empty.  See type description for default
                              values of each field.'
                            properties:
                              fsGroup:
                                description: "A special supplemental group that applies
                                  to all containers in a pod. Some volume types allow
                                  the Kubelet to change the ownership of that volume
                                  to be owned by the pod: \n 1. The owning GID will
                                  be the FSGroup 2. The setgid bit is set (new files
                                  created in the volume will be owned by FSGroup)
                                  3. The permission bits are OR'd with rw-rw---- \n
                                  If unset, the Kubelet will not modify the ownership
                                  and permissions of any volume. Note that this field
                                  cannot be set when spec.os.name is windows."
                                format: int64
                                type: integer
                              fsGroupChangePolicy:
                                description: 'fsGroupChangePolicy defines behavior
                                  of changing ownership and permission of the volume
                                  before being exposed inside Pod. This field will
                                  only apply to volume types which support fsGroup
                                  based ownership(and permissions). It will have no
                                  effect on ephemeral volume types such as: secret,
                                  configmaps and emptydir. Valid values are "OnRootMismatch"
                                  and "Always". If not specified, "Always" is used.
                                  Note that this field cannot be set when spec.os.name
                                  is windows.'
                                type: string
                              runAsGroup:
                                description: The GID to run the entrypoint of the
                                  container process. Uses runtime default if unset.
                                  May also be set in SecurityContext.  If set in both
                                  SecurityContext and PodSecurityContext, the value
                                  specified in SecurityContext takes precedence for
                                  that container. Note that this field cannot be set
                                  when spec.os.name is windows.
                                format: int64
                                type: integer
                              runAsNonRoot:
                                description: Indicates that the container must run
                                  as a non-root user. If true, the Kubelet will validate
                                  the image at runtime to ensure that it does not
                                  run as UID 0 (root) and fail to start the container
                                  if it does. If unset or false, no such validation
                                  will be performed. May also be set in SecurityContext.  If
                                  set in both SecurityContext and PodSecurityContext,
                                  the value specified in SecurityContext takes precedence.
                                type: boolean
                              runAsUser:
                                description: The UID to run the entrypoint of the
                                  container process. Defaults to user specified in
                                  image metadata if unspecified. May also be set in
                                  SecurityContext.  If set in both SecurityContext
                                  and PodSecurityContext, the value specified in SecurityContext
                                  takes precedence for that container. Note that this
                                  field cannot be set when spec.os.name is windows.
                                format: int64
                                type: integer
                              seLinuxOptions:
                                description: The SELinux context to be applied to
                                  all containers. If unspecified, the container runtime
                                  will allocate a random SELinux context for each
                                  container.  May also be set in SecurityContext.  If
                                  set in both SecurityContext and PodSecurityContext,
                                  the value specified in SecurityContext takes precedence
                                  for that container. Note that this field cannot
                                  be set when spec.os.name is windows.
                                properties:
                                  level:
                                    description: Level is SELinux level label that
                                      applies to the container.
                                    type: string
                                  role:
                                    description: Role is a SELinux role label that
                                      applies to the container.
                                    type: string
                                  type:
                                    description: Type is a SELinux type label that
                                      applies to the container.
                                    type: string
                                  user:
                                    description: User is a SELinux user label that
                                      applies to the container.
                                    type: string
                                type: object
                              seccompProfile:
                                description: The seccomp options to use by the containers
                                  in this pod. Note that this field cannot be set
                                  when spec.os.name is windows.
                                properties:
                                  localhostProfile:
                                    description: localhostProfile indicates a profile
                                      defined in a file on the node should be used.
                                      The profile must be preconfigured on the node
                                      to work. Must be a descending path, relative
                                      to the kubelet's configured seccomp profile
                                      location. Must only be set if type is "Localhost".
                                    type: string
                                  type:
                                    description: "type indicates which kind of seccomp
                                      profile will be applied. Valid options are:
                                      \n Localhost - a profile defined in a file on
                                      the node should be used. RuntimeDefault - the
                                      container runtime default profile should be
                                      used. Unconfined - no profile should be applied."
                                    type: string
                                required:
                                - type
                                type: object
                              supplementalGroups:
                                description: A list of groups applied to the first
                                  process run in each container, in addition to the
                                  container's primary GID.  If unspecified, no groups
                                  will be added to any container. Note that this field
                                  cannot be set when spec.os.name is windows.
                                items:
                                  format: int64
                                  type: integer
                                type: array
                              sysctls:
                                description: Sysctls hold a list of namespaced sysctls
                                  used for the pod. Pods with unsupported sysctls
                                  (by the container runtime) might fail to launch.
                                  Note that this field cannot be set when spec.os.name
                                  is windows.
                                items:
                                  description: Sysctl defines a kernel parameter to
                                    be set
                                  properties:
                                    name:
                                      description: Name of a property to set
                                      type: string
                                    value:
                                      description: Value of a property to set
                                      type: string
                                  required:
                                  - name
                                  - value
                                  type: object
                                type: array
                              windowsOptions:
                                description: The Windows specific settings applied
                                  to all containers. If unspecified, the options within
                                  a container's SecurityContext will be used. If set
                                  in both SecurityContext and PodSecurityContext,
                                  the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name
                                  is linux.
                                properties:
                                  gmsaCredentialSpec:
                                    description: GMSACredentialSpec is where the GMSA
                                      admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                      inlines the contents of the GMSA credential
                                      spec named by the GMSACredentialSpecName field.
                                    type: string
                                  gmsaCredentialSpecName:
                                    description: GMSACredentialSpecName is the name
                                      of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
                                    description: HostProcess determines if a container
                                      should be run as a 'Host Process' container.
                                      This field is alpha-level and will only be honored
                                      by components that enable the WindowsHostProcessContainers
                                      feature flag. Setting this field without the
                                      feature flag will result in errors when validating
                                      the Pod. All of a Pod's containers must have
                                      the same effective HostProcess value (it is
                                      not allowed to have a mix of HostProcess containers
                                      and non-HostProcess containers).  In addition,
                                      if HostProcess is true then HostNetwork must
                                      also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: The UserName in Windows to run the
                                      entrypoint of the container process. Defaults
                                      to the user specified in image metadata if unspecified.
                                      May also be set in PodSecurityContext. If set
                                      in both SecurityContext and PodSecurityContext,
                                      the value specified in SecurityContext takes
                                      precedence.
                                    type: string
                                type: object
                            type: object
                          tolerations:
                            description: If specified, the pod's tolerations.
                            items:
                              description: The pod this Toleration is attached to
                                tolerates any taint that matches the triple <key,value,effect>
                                using the matching operator <operator>.
                              properties:
                                effect:
                                  description: Effect indicates the taint effect to
                                    match. Empty means match all taint effects. When
                                    specified, allowed values are NoSchedule, PreferNoSchedule
                                    and NoExecute.
                                  type: string
                                key:
                                  description: Key is the taint key that the toleration
                                    applies to. Empty means match all taint keys.
                                    If the key is empty, operator must be Exists;
                                    this combination means to match all values and
                                    all keys.
                                  type: string
                                operator:
                                  description: Operator represents a key's relationship
                                    to the value. Valid operators are Exists and Equal.
                                    Defaults to Equal. Exists is equivalent to wildcard
                                    for value, so that a pod can tolerate all taints
                                    of a particular category.
                                  type: string
                                tolerationSeconds:
                                  description: TolerationSeconds represents the period
                                    of time the toleration (which must be of effect
                                    NoExecute, otherwise this field is ignored) tolerates
                                    the taint. By default, it is not set, which means
                                    tolerate the taint forever (do not evict). Zero
                                    and negative values will be treated as 0 (evict
                                    immediately) by the system.
                                  format: int64
                                  type: integer
                                value:
                                  description: Value is the taint value the toleration
                                    matches to. If the operator is Exists, the value
                                    should be empty, otherwise just a regular string.
                                  type: string
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          topologySpreadConstraints:
                            description: TopologySpreadConstraints controls how Pods
                              are spread across your cluster among failure-domains
                              such as regions, zones, nodes, and other user-defined
                              topology domains.
                            items:
                              description: TopologySpreadConstraint specifies how
                                to spread matching pods among the given topology.
                              properties:
                                labelSelector:
                                  description: LabelSelector is used to find matching
                                    pods. Pods that match this label selector are
                                    counted to determine the number of pods in their
                                    corresponding topology domain.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                matchLabelKeys:
                                  description: MatchLabelKeys is a set of pod label
                                    keys to select the pods over which spreading will
                                    be calculated. The keys are used to lookup values
                                    from the incoming pod labels, those key-value
                                    labels are ANDed with labelSelector to select
                                    the group of existing pods over which spreading
                                    will be calculated for the incoming pod. Keys
                                    that don't exist in the incoming pod labels will
                                    be ignored. A null or empty list means only match
                                    against labelSelector.
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                maxSkew:
                                  description: 'MaxSkew describes the degree to which
                                    pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
                                    it is the maximum permitted difference between
                                    the number of matching pods in the target topology
                                    and the global minimum. The global minimum is
                                    the minimum number of matching pods in an eligible
                                    domain or zero if the number of eligible domains
                                    is less than MinDomains. For example, in a 3-zone
                                    cluster, MaxSkew is set to 1, and pods with the
                                    same labelSelector spread as 2/2/1: In this case,
                                    the global minimum is 1. | zone1 | zone2 | zone3
                                    | |  P P  |  P P  |   P   | - if MaxSkew is 1,
                                    incoming pod can only be scheduled to zone3 to
                                    become 2/2/2; scheduling it onto zone1(zone2)
                                    would make the ActualSkew(3-1) on zone1(zone2)
                                    violate MaxSkew(1). - if MaxSkew is 2, incoming
                                    pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                                    it is used to give higher precedence to topologies
                                    that satisfy it. It''s a required field. Default
                                    value is 1 and 0 is not allowed.'
                                  format: int32
                                  type: integer
                                minDomains:
                                  description: "MinDomains indicates a minimum number
                                    of eligible domains. When the number of eligible
                                    domains with matching topology keys is less than
                                    minDomains, Pod Topology Spread treats \"global
                                    minimum\" as 0, and then the calculation of Skew
                                    is performed. And when the number of eligible
                                    domains with matching topology keys equals or
                                    greater than minDomains, this value has no effect
                                    on scheduling. As a result, when the number of
                                    eligible domains is less than minDomains, scheduler
                                    won't schedule more than maxSkew Pods to those
                                    domains. If value is nil, the constraint behaves
                                    as if MinDomains is equal to 1. Valid values are
                                    integers greater than 0. When value is not nil,
                                    WhenUnsatisfiable must be DoNotSchedule. \n For
                                    example, in a 3-zone cluster, MaxSkew is set to
                                    2, MinDomains is set to 5 and pods with the same
                                    labelSelector spread as 2/2/2: | zone1 | zone2
                                    | zone3 | |  P P  |  P P  |  P P  | The number
                                    of domains is less than 5(MinDomains), so \"global
                                    minimum\" is treated as 0. In this situation,
                                    new pod with the same labelSelector cannot be
                                    scheduled, because computed skew will be 3(3 -
                                    0) if new Pod is scheduled to any of the three
                                    zones, it will violate MaxSkew. \n This is a beta
                                    field and requires the MinDomainsInPodTopologySpread
                                    feature gate to be enabled (enabled by default)."
                                  format: int32
                                  type: integer
                                nodeAffinityPolicy:
                                  description: "NodeAffinityPolicy indicates how we
                                    will treat Pod's nodeAffinity/nodeSelector when
                                    calculating pod topology spread skew. Options
                                    are: - Honor: only nodes matching nodeAffinity/nodeSelector
                                    are included in the calculations. - Ignore: nodeAffinity/nodeSelector
                                    are ignored. All nodes are included in the calculations.
                                    \n If this value is nil, the behavior is equivalent
                                    to the Honor policy. This is a alpha-level feature
                                    enabled by the NodeInclusionPolicyInPodTopologySpread
                                    feature flag."
                                  type: string
                                nodeTaintsPolicy:
                                  description: "NodeTaintsPolicy indicates how we
                                    will treat node taints when calculating pod topology
                                    spread skew. Options are: - Honor: nodes without
                                    taints, along with tainted nodes for which the
                                    incoming pod has a toleration, are included. -
                                    Ignore: node taints are ignored. All nodes are
                                    included. \n If this value is nil, the behavior
                                    is equivalent to the Ignore policy. This is a
                                    alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
                                    feature flag."
                                  type: string
                                topologyKey:
                                  description: TopologyKey is the key of node labels.
                                    Nodes that have a label with this key and identical
                                    values are considered to be in the same topology.
                                    We consider each <key, value> as a "bucket", and
                                    try to put balanced number of pods into each bucket.
                                    We define a domain as a particular instance of
                                    a topology. Also, we define an eligible domain
                                    as a domain whose nodes meet the requirements
                                    of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
                                    If TopologyKey is "kubernetes.io/hostname", each
                                    Node is a domain of that topology. And, if TopologyKey
                                    is "topology.kubernetes.io/zone", each zone is
                                    a domain of that topology. It's a required field.
                                  type: string
                                whenUnsatisfiable:
                                  description: 'WhenUnsatisfiable indicates how to
                                    deal with a pod if it doesn''t satisfy the spread
                                    constraint. - DoNotSchedule (default) tells the
                                    scheduler not to schedule it. - ScheduleAnyway
                                    tells the scheduler to schedule the pod in any
                                    location,   but giving higher precedence to topologies
                                    that would help reduce the   skew. A constraint
                                    is considered "Unsatisfiable" for an incoming
                                    pod if and only if every possible node assignment
                                    for that pod would violate "MaxSkew" on some topology.
                                    For example, in a 3-zone cluster, MaxSkew is set
                                    to 1, and pods with the same labelSelector spread
                                    as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
                                    If WhenUnsatisfiable is set to DoNotSchedule,
                                    incoming pod can only be scheduled to zone2(zone3)
                                    to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
                                    satisfies MaxSkew(1). In other words, the cluster
                                    can still be imbalanced, but scheduler won''t
                                    make it *more* imbalanced. It''s a required field.'
                                  type: string
                              required:
                              - maxSkew
                              - topologyKey
                              - whenUnsatisfiable
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          volumes:
                            description: 'List of volumes that can be mounted by containers
                              belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                            items:
                              description: Volume represents a named volume in a pod
                                that may be accessed by any container in the pod.
                              properties:
                                awsElasticBlockStore:
                                  description: 'awsElasticBlockStore represents an
                                    AWS Disk resource that is attached to a kubelet''s
                                    host machine and then exposed to the pod. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                  properties:
                                    fsType:
                                      description: 'fsType is the filesystem type
                                        of the volume that you want to mount. Tip:
                                        Ensure that the filesystem type is supported
                                        by the host operating system. Examples: "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                        TODO: how do we prevent errors in the filesystem
                                        from compromising the machine'
                                      type: string
                                    partition:
                                      description: 'partition is the partition in
                                        the volume that you want to mount. If omitted,
                                        the default is to mount by volume name. Examples:
                                        For volume /dev/sda1, you specify the partition
                                        as "1". Similarly, the volume partition for
                                        /dev/sda is "0" (or you can leave the property
                                        empty).'
                                      format: int32
                                      type: integer
                                    readOnly:
                                      description: 'readOnly value true will force
                                        the readOnly setting in VolumeMounts. More
                                        info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                      type: boolean
                                    volumeID:
                                      description: 'volumeID is unique ID of the persistent
                                        disk resource in AWS (Amazon EBS volume).
                                        More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                      type: string
                                  required:
                                  - volumeID
                                  type: object
                                azureDisk:
                                  description: azureDisk represents an Azure Data
                                    Disk mount on the host and bind mount to the pod.
                                  properties:
                                    cachingMode:
                                      description: 'cachingMode is the Host Caching
                                        mode: None, Read Only, Read Write.'
                                      type: string
                                    diskName:
                                      description: diskName is the Name of the data
                                        disk in the blob storage
                                      type: string
                                    diskURI:
                                      description: diskURI is the URI of data disk
                                        in the blob storage
                                      type: string
                                    fsType:
                                      description: fsType is Filesystem type to mount.
                                        Must be a filesystem type supported by the
                                        host operating system. Ex. "ext4", "xfs",
                                        "ntfs". Implicitly inferred to be "ext4" if
                                        unspecified.
                                      type: string
                                    kind:
                                      description: 'kind expected values are Shared:
                                        multiple blob disks per storage account  Dedicated:
                                        single blob disk per storage account  Managed:
                                        azure managed data disk (only in managed availability
                                        set). defaults to shared'
                                      type: string
                                    readOnly:
                                      description: readOnly Defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts.
                                      type: boolean
                                  required:
                                  - diskName
                                  - diskURI
                                  type: object
                                azureFile:
                                  description: azureFile represents an Azure File
                                    Service mount on the host and bind mount to the
                                    pod.
                                  properties:
                                    readOnly:
                                      description: readOnly defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts.
                                      type: boolean
                                    secretName:
                                      description: secretName is the  name of secret
                                        that contains Azure Storage Account Name and
                                        Key
                                      type: string
                                    shareName:
                                      description: shareName is the azure share Name
                                      type: string
                                  required:
                                  - secretName
                                  - shareName
                                  type: object
                                cephfs:
                                  description: cephFS represents a Ceph FS mount on
                                    the host that shares a pod's lifetime
                                  properties:
                                    monitors:
                                      description: 'monitors is Required: Monitors
                                        is a collection of Ceph monitors More info:
                                        https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                      items:
                                        type: string
                                      type: array
                                    path:
                                      description: 'path is Optional: Used as the
                                        mounted root, rather than the full Ceph tree,
                                        default is /'
                                      type: string
                                    readOnly:
                                      description: 'readOnly is Optional: Defaults
                                        to false (read/write). ReadOnly here will
                                        force the ReadOnly setting in VolumeMounts.
                                        More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                      type: boolean
                                    secretFile:
                                      description: 'secretFile is Optional: SecretFile
                                        is the path to key ring for User, default
                                        is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                      type: string
                                    secretRef:
                                      description: 'secretRef is Optional: SecretRef
                                        is reference to the authentication secret
                                        for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    user:
                                      description: 'user is optional: User is the
                                        rados user name, default is admin More info:
                                        https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                      type: string
                                  required:
                                  - monitors
                                  type: object
                                cinder:
                                  description: 'cinder represents a cinder volume
                                    attached and mounted on kubelets host machine.
                                    More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  properties:
                                    fsType:
                                      description: 'fsType is the filesystem type
                                        to mount. Must be a filesystem type supported
                                        by the host operating system. Examples: "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                      type: string
                                    readOnly:
                                      description: 'readOnly defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                      type: boolean
                                    secretRef:
                                      description: 'secretRef is optional: points
                                        to a secret object containing parameters used
                                        to connect to OpenStack.'
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    volumeID:
                                      description: 'volumeID used to identify the
                                        volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                      type: string
                                  required:
                                  - volumeID
                                  type: object
                                configMap:
                                  description: configMap represents a configMap that
                                    should populate this volume
                                  properties:
                                    defaultMode:
                                      description: 'defaultMode is optional: mode
                                        bits used to set permissions on created files
                                        by default. Must be an octal value between
                                        0000 and 0777 or a decimal value between 0
                                        and 511. YAML accepts both octal and decimal
                                        values, JSON requires decimal values for mode
                                        bits. Defaults to 0644. Directories within
                                        the path are not affected by this setting.
                                        This might be in conflict with other options
                                        that affect the file mode, like fsGroup, and
                                        the result can be other mode bits set.'
                                      format: int32
                                      type: integer
                                    items:
                                      description: items if unspecified, each key-value
                                        pair in the Data field of the referenced ConfigMap
                                        will be projected into the volume as a file
                                        whose name is the key and content is the value.
                                        If specified, the listed keys will be projected
                                        into the specified paths, and unlisted keys
                                        will not be present. If a key is specified
                                        which is not present in the ConfigMap, the
                                        volume setup will error unless it is marked
                                        optional. Paths must be relative and may not
                                        contain the '..' path or start with '..'.
                                      items:
                                        description: Maps a string key to a path within
                                          a volume.
                                        properties:
                                          key:
                                            description: key is the key to project.
                                            type: string
                                          mode:
                                            description: 'mode is Optional: mode bits
                                              used to set permissions on this file.
                                              Must be an octal value between 0000
                                              and 0777 or a decimal value between
                                              0 and 511. YAML accepts both octal and
                                              decimal values, JSON requires decimal
                                              values for mode bits. If not specified,
                                              the volume defaultMode will be used.
                                              This might be in conflict with other
                                              options that affect the file mode, like
                                              fsGroup, and the result can be other
                                              mode bits set.'
                                            format: int32
                                            type: integer
                                          path:
                                            description: path is the relative path
                                              of the file to map the key to. May not
                                              be an absolute path. May not contain
                                              the path element '..'. May not start
                                              with the string '..'.
                                            type: string
                                        required:
                                        - key
                                        - path
                                        type: object
                                      type: array
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                    optional:
                                      description: optional specify whether the ConfigMap
                                        or its keys must be defined
                                      type: boolean
                                  type: object
                                csi:
                                  description: csi (Container Storage Interface) represents
                                    ephemeral storage that is handled by certain external
                                    CSI drivers (Beta feature).
                                  properties:
                                    driver:
                                      description: driver is the name of the CSI driver
                                        that handles this volume. Consult with your
                                        admin for the correct name as registered in
                                        the cluster.
                                      type: string
                                    fsType:
                                      description: fsType to mount. Ex. "ext4", "xfs",
                                        "ntfs". If not provided, the empty value is
                                        passed to the associated CSI driver which
                                        will determine the default filesystem to apply.
                                      type: string
                                    nodePublishSecretRef:
                                      description: nodePublishSecretRef is a reference
                                        to the secret object containing sensitive
                                        information to pass to the CSI driver to complete
                                        the CSI NodePublishVolume and NodeUnpublishVolume
                                        calls. This field is optional, and  may be
                                        empty if no secret is required. If the secret
                                        object contains more than one secret, all
                                        secret references are passed.
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    readOnly:
                                      description: readOnly specifies a read-only
                                        configuration for the volume. Defaults to
                                        false (read/write).
                                      type: boolean
                                    volumeAttributes:
                                      additionalProperties:
                                        type: string
                                      description: volumeAttributes stores driver-specific
                                        properties that are passed to the CSI driver.
                                        Consult your driver's documentation for supported
                                        values.
                                      type: object
                                  required:
                                  - driver
                                  type: object
                                downwardAPI:
                                  description: downwardAPI represents downward API
                                    about the pod that should populate this volume
                                  properties:
                                    defaultMode:
                                      description: 'Optional: mode bits to use on
                                        created files by default. Must be a Optional:
                                        mode bits used to set permissions on created
                                        files by default. Must be an octal value between
                                        0000 and 0777 or a decimal value between 0
                                        and 511. YAML accepts both octal and decimal
                                        values, JSON requires decimal values for mode
                                        bits. Defaults to 0644. Directories within
                                        the path are not affected by this setting.
                                        This might be in conflict with other options
                                        that affect the file mode, like fsGroup, and
                                        the result can be other mode bits set.'
                                      format: int32
                                      type: integer
                                    items:
                                      description: Items is a list of downward API
                                        volume file
                                      items:
                                        description: DownwardAPIVolumeFile represents
                                          information to create the file containing
                                          the pod field
                                        properties:
                                          fieldRef:
                                            description: 'Required: Selects a field
                                              of the pod: only annotations, labels,
                                              name and namespace are supported.'
                                            properties:
                                              apiVersion:
                                                description: Version of the schema
                                                  the FieldPath is written in terms
                                                  of, defaults to "v1".
                                                type: string
                                              fieldPath:
                                                description: Path of the field to
                                                  select in the specified API version.
                                                type: string
                                            required:
                                            - fieldPath
                                            type: object
                                          mode:
                                            description: 'Optional: mode bits used
                                              to set permissions on this file, must
                                              be an octal value between 0000 and 0777
                                              or a decimal value between 0 and 511.
                                              YAML accepts both octal and decimal
                                              values, JSON requires decimal values
                                              for mode bits. If not specified, the
                                              volume defaultMode will be used. This
                                              might be in conflict with other options
                                              that affect the file mode, like fsGroup,
                                              and the result can be other mode bits
                                              set.'
                                            format: int32
                                            type: integer
                                          path:
                                            description: 'Required: Path is  the relative
                                              path name of the file to be created.
                                              Must not be absolute or contain the
                                              ''..'' path. Must be utf-8 encoded.
                                              The first item of the relative path
                                              must not start with ''..'''
                                            type: string
                                          resourceFieldRef:
                                            description: 'Selects a resource of the
                                              container: only resources limits and
                                              requests (limits.cpu, limits.memory,
                                              requests.cpu and requests.memory) are
                                              currently supported.'
                                            properties:
                                              containerName:
                                                description: 'Container name: required
                                                  for volumes, optional for env vars'
                                                type: string
                                              divisor:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Specifies the output
                                                  format of the exposed resources,
                                                  defaults to "1"
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              resource:
                                                description: 'Required: resource to
                                                  select'
                                                type: string
                                            required:
                                            - resource
                                            type: object
                                        required:
                                        - path
                                        type: object
                                      type: array
                                  type: object
                                emptyDir:
                                  description: 'emptyDir represents a temporary directory
                                    that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                  properties:
                                    medium:
                                      description: 'medium represents what type of
                                        storage medium should back this directory.
                                        The default is "" which means to use the node''s
                                        default medium. Must be an empty string (default)
                                        or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                      type: string
                                    sizeLimit:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: 'sizeLimit is the total amount
                                        of local storage required for this EmptyDir
                                        volume. The size limit is also applicable
                                        for memory medium. The maximum usage on memory
                                        medium EmptyDir would be the minimum value
                                        between the SizeLimit specified here and the
                                        sum of memory limits of all containers in
                                        a pod. The default is nil which means that
                                        the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                      x-kubernetes-int-or-string: true
                                  type: object
                                ephemeral:
                                  description: "ephemeral represents a volume that
                                    is handled by a cluster storage driver. The volume's
                                    lifecycle is tied to the pod that defines it -
                                    it will be created before the pod starts, and
                                    deleted when the pod is removed. \n Use this if:
                                    a) the volume is only needed while the pod runs,
                                    b) features of normal volumes like restoring from
                                    snapshot or capacity    tracking are needed, c)
                                    the storage driver is specified through a storage
                                    class, and d) the storage driver supports dynamic
                                    volume provisioning through    a PersistentVolumeClaim
                                    (see EphemeralVolumeSource for more    information
                                    on the connection between this volume type    and
                                    PersistentVolumeClaim). \n Use PersistentVolumeClaim
                                    or one of the vendor-specific APIs for volumes
                                    that persist for longer than the lifecycle of
                                    an individual pod. \n Use CSI for light-weight
                                    local ephemeral volumes if the CSI driver is meant
                                    to be used that way - see the documentation of
                                    the driver for more information. \n A pod can
                                    use both types of ephemeral volumes and persistent
                                    volumes at the same time."
                                  properties:
                                    volumeClaimTemplate:
                                      description: "Will be used to create a stand-alone
                                        PVC to provision the volume. The pod in which
                                        this EphemeralVolumeSource is embedded will
                                        be the owner of the PVC, i.e. the PVC will
                                        be deleted together with the pod.  The name
                                        of the PVC will be `<pod name>-<volume name>`
                                        where `<volume name>` is the name from the
                                        `PodSpec.Volumes` array entry. Pod validation
                                        will reject the pod if the concatenated name
                                        is not valid for a PVC (for example, too long).
                                        \n An existing PVC with that name that is
                                        not owned by the pod will *not* be used for
                                        the pod to avoid using an unrelated volume
                                        by mistake. Starting the pod is then blocked
                                        until the unrelated PVC is removed. If such
                                        a pre-created PVC is meant to be used by the
                                        pod, the PVC has to updated with an owner
                                        reference to the pod once the pod exists.
                                        Normally this should not be necessary, but
                                        it may be useful when manually reconstructing
                                        a broken cluster. \n This field is read-only
                                        and no changes will be made by Kubernetes
                                        to the PVC after it has been created. \n Required,
                                        must not be nil."
                                      properties:
                                        metadata:
                                          description: May contain labels and annotations
                                            that will be copied into the PVC when
                                            creating it. No other fields are allowed
                                            and will be rejected during validation.
                                          type: object
                                        spec:
                                          description: The specification for the PersistentVolumeClaim.
                                            The entire content is copied unchanged
                                            into the PVC that gets created from this
                                            template. The same fields as in a PersistentVolumeClaim
                                            are also valid here.
                                          properties:
                                            accessModes:
                                              description: 'accessModes contains the
                                                desired access modes the volume should
                                                have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                              items:
                                                type: string
                                              type: array
                                            dataSource:
                                              description: 'dataSource field can be
                                                used to specify either: * An existing
                                                VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                * An existing PVC (PersistentVolumeClaim)
                                                If the provisioner or an external
                                                controller can support the specified
                                                data source, it will create a new
                                                volume based on the contents of the
                                                specified data source. If the AnyVolumeDataSource
                                                feature gate is enabled, this field
                                                will always have the same contents
                                                as the DataSourceRef field.'
                                              properties:
                                                apiGroup:
                                                  description: APIGroup is the group
                                                    for the resource being referenced.
                                                    If APIGroup is not specified,
                                                    the specified Kind must be in
                                                    the core API group. For any other
                                                    third-party types, APIGroup is
                                                    required.
                                                  type: string
                                                kind:
                                                  description: Kind is the type of
                                                    resource being referenced
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    resource being referenced
                                                  type: string
                                              required:
                                              - kind
                                              - name
                                              type: object
                                            dataSourceRef:
                                              description: 'dataSourceRef specifies
                                                the object from which to populate
                                                the volume with data, if a non-empty
                                                volume is desired. This may be any
                                                local object from a non-empty API
                                                group (non core object) or a PersistentVolumeClaim
                                                object. When this field is specified,
                                                volume binding will only succeed if
                                                the type of the specified object matches
                                                some installed volume populator or
                                                dynamic provisioner. This field will
                                                replace the functionality of the DataSource
                                                field and as such if both fields are
                                                non-empty, they must have the same
                                                value. For backwards compatibility,
                                                both fields (DataSource and DataSourceRef)
                                                will be set to the same value automatically
                                                if one of them is empty and the other
                                                is non-empty. There are two important
                                                differences between DataSource and
                                                DataSourceRef: * While DataSource
                                                only allows two specific types of
                                                objects, DataSourceRef   allows any
                                                non-core object, as well as PersistentVolumeClaim
                                                objects. * While DataSource ignores
                                                disallowed values (dropping them),
                                                DataSourceRef   preserves all values,
                                                and generates an error if a disallowed
                                                value is   specified. (Beta) Using
                                                this field requires the AnyVolumeDataSource
                                                feature gate to be enabled.'
                                              properties:
                                                apiGroup:
                                                  description: APIGroup is the group
                                                    for the resource being referenced.
                                                    If APIGroup is not specified,
                                                    the specified Kind must be in
                                                    the core API group. For any other
                                                    third-party types, APIGroup is
                                                    required.
                                                  type: string
                                                kind:
                                                  description: Kind is the type of
                                                    resource being referenced
                                                  type: string
                                                name:
                                                  description: Name is the name of
                                                    resource being referenced
                                                  type: string
                                              required:
                                              - kind
                                              - name
                                              type: object
                                            resources:
                                              description: 'resources represents the
                                                minimum resources the volume should
                                                have. If RecoverVolumeExpansionFailure
                                                feature is enabled users are allowed
                                                to specify resource requirements that
                                                are lower than previous value but
                                                must still be higher than capacity
                                                recorded in the status field of the
                                                claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                              properties:
                                                limits:
                                                  additionalProperties:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                    x-kubernetes-int-or-string: true
                                                  description: 'Limits describes the
                                                    maximum amount of compute resources
                                                    allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                  type: object
                                                requests:
                                                  additionalProperties:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                    x-kubernetes-int-or-string: true
                                                  description: 'Requests describes
                                                    the minimum amount of compute
                                                    resources required. If Requests
                                                    is omitted for a container, it
                                                    defaults to Limits if that is
                                                    explicitly specified, otherwise
                                                    to an implementation-defined value.
                                                    More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                  type: object
                                              type: object
                                            selector:
                                              description: selector is a label query
                                                over volumes to consider for binding.
                                              properties:
                                                matchExpressions:
                                                  description: matchExpressions is
                                                    a list of label selector requirements.
                                                    The requirements are ANDed.
                                                  items:
                                                    description: A label selector
                                                      requirement is a selector that
                                                      contains values, a key, and
                                                      an operator that relates the
                                                      key and values.
                                                    properties:
                                                      key:
                                                        description: key is the label
                                                          key that the selector applies
                                                          to.
                                                        type: string
                                                      operator:
                                                        description: operator represents
                                                          a key's relationship to
                                                          a set of values. Valid operators
                                                          are In, NotIn, Exists and
                                                          DoesNotExist.
                                                        type: string
                                                      values:
                                                        description: values is an
                                                          array of string values.
                                                          If the operator is In or
                                                          NotIn, the values array
                                                          must be non-empty. If the
                                                          operator is Exists or DoesNotExist,
                                                          the values array must be
                                                          empty. This array is replaced
                                                          during a strategic merge
                                                          patch.
                                                        items:
                                                          type: string
                                                        type: array
                                                    required:
                                                    - key
                                                    - operator
                                                    type: object
                                                  type: array
                                                matchLabels:
                                                  additionalProperties:
                                                    type: string
                                                  description: matchLabels is a map
                                                    of {key,value} pairs. A single
                                                    {key,value} in the matchLabels
                                                    map is equivalent to an element
                                                    of matchExpressions, whose key
                                                    field is "key", the operator is
                                                    "In", and the values array contains
                                                    only "value". The requirements
                                                    are ANDed.
                                                  type: object
                                              type: object
                                            storageClassName:
                                              description: 'storageClassName is the
                                                name of the StorageClass required
                                                by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                              type: string
                                            volumeMode:
                                              description: volumeMode defines what
                                                type of volume is required by the
                                                claim. Value of Filesystem is implied
                                                when not included in claim spec.
                                              type: string
                                            volumeName:
                                              description: volumeName is the binding
                                                reference to the PersistentVolume
                                                backing this claim.
                                              type: string
                                          type: object
                                      required:
                                      - spec
                                      type: object
                                  type: object
                                fc:
                                  description: fc represents a Fibre Channel resource
                                    that is attached to a kubelet's host machine and
                                    then exposed to the pod.
                                  properties:
                                    fsType:
                                      description: 'fsType is the filesystem type
                                        to mount. Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified. TODO: how do we prevent errors
                                        in the filesystem from compromising the machine'
                                      type: string
                                    lun:
                                      description: 'lun is Optional: FC target lun
                                        number'
                                      format: int32
                                      type: integer
                                    readOnly:
                                      description: 'readOnly is Optional: Defaults
                                        to false (read/write). ReadOnly here will
                                        force the ReadOnly setting in VolumeMounts.'
                                      type: boolean
                                    targetWWNs:
                                      description: 'targetWWNs is Optional: FC target
                                        worldwide names (WWNs)'
                                      items:
                                        type: string
                                      type: array
                                    wwids:
                                      description: 'wwids Optional: FC volume world
                                        wide identifiers (wwids) Either wwids or combination
                                        of targetWWNs and lun must be set, but not
                                        both simultaneously.'
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                flexVolume:
                                  description: flexVolume represents a generic volume
                                    resource that is provisioned/attached using an
                                    exec based plugin.
                                  properties:
                                    driver:
                                      description: driver is the name of the driver
                                        to use for this volume.
                                      type: string
                                    fsType:
                                      description: fsType is the filesystem type to
                                        mount. Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs", "ntfs". The default filesystem depends
                                        on FlexVolume script.
                                      type: string
                                    options:
                                      additionalProperties:
                                        type: string
                                      description: 'options is Optional: this field
                                        holds extra command options if any.'
                                      type: object
                                    readOnly:
                                      description: 'readOnly is Optional: defaults
                                        to false (read/write). ReadOnly here will
                                        force the ReadOnly setting in VolumeMounts.'
                                      type: boolean
                                    secretRef:
                                      description: 'secretRef is Optional: secretRef
                                        is reference to the secret object containing
                                        sensitive information to pass to the plugin
                                        scripts. This may be empty if no secret object
                                        is specified. If the secret object contains
                                        more than one secret, all secrets are passed
                                        to the plugin scripts.'
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                  required:
                                  - driver
                                  type: object
                                flocker:
                                  description: flocker represents a Flocker volume
                                    attached to a kubelet's host machine. This depends
                                    on the Flocker control service being running
                                  properties:
                                    datasetName:
                                      description: datasetName is Name of the dataset
                                        stored as metadata -> name on the dataset
                                        for Flocker should be considered as deprecated
                                      type: string
                                    datasetUUID:
                                      description: datasetUUID is the UUID of the
                                        dataset. This is unique identifier of a Flocker
                                        dataset
                                      type: string
                                  type: object
                                gcePersistentDisk:
                                  description: 'gcePersistentDisk represents a GCE
                                    Disk resource that is attached to a kubelet''s
                                    host machine and then exposed to the pod. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  properties:
                                    fsType:
                                      description: 'fsType is filesystem type of the
                                        volume that you want to mount. Tip: Ensure
                                        that the filesystem type is supported by the
                                        host operating system. Examples: "ext4", "xfs",
                                        "ntfs". Implicitly inferred to be "ext4" if
                                        unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                        TODO: how do we prevent errors in the filesystem
                                        from compromising the machine'
                                      type: string
                                    partition:
                                      description: 'partition is the partition in
                                        the volume that you want to mount. If omitted,
                                        the default is to mount by volume name. Examples:
                                        For volume /dev/sda1, you specify the partition
                                        as "1". Similarly, the volume partition for
                                        /dev/sda is "0" (or you can leave the property
                                        empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                      format: int32
                                      type: integer
                                    pdName:
                                      description: 'pdName is unique name of the PD
                                        resource in GCE. Used to identify the disk
                                        in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                      type: string
                                    readOnly:
                                      description: 'readOnly here will force the ReadOnly
                                        setting in VolumeMounts. Defaults to false.
                                        More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                      type: boolean
                                  required:
                                  - pdName
                                  type: object
                                gitRepo:
                                  description: 'gitRepo represents a git repository
                                    at a particular revision. DEPRECATED: GitRepo
                                    is deprecated. To provision a container with a
                                    git repo, mount an EmptyDir into an InitContainer
                                    that clones the repo using git, then mount the
                                    EmptyDir into the Pod''s container.'
                                  properties:
                                    directory:
                                      description: directory is the target directory
                                        name. Must not contain or start with '..'.  If
                                        '.' is supplied, the volume directory will
                                        be the git repository.  Otherwise, if specified,
                                        the volume will contain the git repository
                                        in the subdirectory with the given name.
                                      type: string
                                    repository:
                                      description: repository is the URL
                                      type: string
                                    revision:
                                      description: revision is the commit hash for
                                        the specified revision.
                                      type: string
                                  required:
                                  - repository
                                  type: object
                                glusterfs:
                                  description: 'glusterfs represents a Glusterfs mount
                                    on the host that shares a pod''s lifetime. More
                                    info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                  properties:
                                    endpoints:
                                      description: 'endpoints is the endpoint name
                                        that details Glusterfs topology. More info:
                                        https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                      type: string
                                    path:
                                      description: 'path is the Glusterfs volume path.
                                        More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                      type: string
                                    readOnly:
                                      description: 'readOnly here will force the Glusterfs
                                        volume to be mounted with read-only permissions.
                                        Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                      type: boolean
                                  required:
                                  - endpoints
                                  - path
                                  type: object
                                hostPath:
                                  description: 'hostPath represents a pre-existing
                                    file or directory on the host machine that is
                                    directly exposed to the container. This is generally
                                    used for system agents or other privileged things
                                    that are allowed to see the host machine. Most
                                    containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                    --- TODO(jonesdl) We need to restrict who can
                                    use host directory mounts and who can/can not
                                    mount host directories as read/write.'
                                  properties:
                                    path:
                                      description: 'path of the directory on the host.
                                        If the path is a symlink, it will follow the
                                        link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                      type: string
                                    type:
                                      description: 'type for HostPath Volume Defaults
                                        to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                      type: string
                                  required:
                                  - path
                                  type: object
                                iscsi:
                                  description: 'iscsi represents an ISCSI Disk resource
                                    that is attached to a kubelet''s host machine
                                    and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                  properties:
                                    chapAuthDiscovery:
                                      description: chapAuthDiscovery defines whether
                                        support iSCSI Discovery CHAP authentication
                                      type: boolean
                                    chapAuthSession:
                                      description: chapAuthSession defines whether
                                        support iSCSI Session CHAP authentication
                                      type: boolean
                                    fsType:
                                      description: 'fsType is the filesystem type
                                        of the volume that you want to mount. Tip:
                                        Ensure that the filesystem type is supported
                                        by the host operating system. Examples: "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                        TODO: how do we prevent errors in the filesystem
                                        from compromising the machine'
                                      type: string
                                    initiatorName:
                                      description: initiatorName is the custom iSCSI
                                        Initiator Name. If initiatorName is specified
                                        with iscsiInterface simultaneously, new iSCSI
                                        interface <target portal>:<volume name> will
                                        be created for the connection.
                                      type: string
                                    iqn:
                                      description: iqn is the target iSCSI Qualified
                                        Name.
                                      type: string
                                    iscsiInterface:
                                      description: iscsiInterface is the interface
                                        Name that uses an iSCSI transport. Defaults
                                        to 'default' (tcp).
                                      type: string
                                    lun:
                                      description: lun represents iSCSI Target Lun
                                        number.
                                      format: int32
                                      type: integer
                                    portals:
                                      description: portals is the iSCSI Target Portal
                                        List. The portal is either an IP or ip_addr:port
                                        if the port is other than default (typically
                                        TCP ports 860 and 3260).
                                      items:
                                        type: string
                                      type: array
                                    readOnly:
                                      description: readOnly here will force the ReadOnly
                                        setting in VolumeMounts. Defaults to false.
                                      type: boolean
                                    secretRef:
                                      description: secretRef is the CHAP Secret for
                                        iSCSI target and initiator authentication
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    targetPortal:
                                      description: targetPortal is iSCSI Target Portal.
                                        The Portal is either an IP or ip_addr:port
                                        if the port is other than default (typically
                                        TCP ports 860 and 3260).
                                      type: string
                                  required:
                                  - iqn
                                  - lun
                                  - targetPortal
                                  type: object
                                name:
                                  description: 'name of the volume. Must be a DNS_LABEL
                                    and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                  type: string
                                nfs:
                                  description: 'nfs represents an NFS mount on the
                                    host that shares a pod''s lifetime More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  properties:
                                    path:
                                      description: 'path that is exported by the NFS
                                        server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                      type: string
                                    readOnly:
                                      description: 'readOnly here will force the NFS
                                        export to be mounted with read-only permissions.
                                        Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                      type: boolean
                                    server:
                                      description: 'server is the hostname or IP address
                                        of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                      type: string
                                  required:
                                  - path
                                  - server
                                  type: object
                                persistentVolumeClaim:
                                  description: 'persistentVolumeClaimVolumeSource
                                    represents a reference to a PersistentVolumeClaim
                                    in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  properties:
                                    claimName:
                                      description: 'claimName is the name of a PersistentVolumeClaim
                                        in the same namespace as the pod using this
                                        volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                      type: string
                                    readOnly:
                                      description: readOnly Will force the ReadOnly
                                        setting in VolumeMounts. Default false.
                                      type: boolean
                                  required:
                                  - claimName
                                  type: object
                                photonPersistentDisk:
                                  description: photonPersistentDisk represents a PhotonController
                                    persistent disk attached and mounted on kubelets
                                    host machine
                                  properties:
                                    fsType:
                                      description: fsType is the filesystem type to
                                        mount. Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified.
                                      type: string
                                    pdID:
                                      description: pdID is the ID that identifies
                                        Photon Controller persistent disk
                                      type: string
                                  required:
                                  - pdID
                                  type: object
                                portworxVolume:
                                  description: portworxVolume represents a portworx
                                    volume attached and mounted on kubelets host machine
                                  properties:
                                    fsType:
                                      description: fSType represents the filesystem
                                        type to mount Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs". Implicitly inferred to be "ext4" if
                                        unspecified.
                                      type: string
                                    readOnly:
                                      description: readOnly defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts.
                                      type: boolean
                                    volumeID:
                                      description: volumeID uniquely identifies a
                                        Portworx volume
                                      type: string
                                  required:
                                  - volumeID
                                  type: object
                                projected:
                                  description: projected items for all in one resources
                                    secrets, configmaps, and downward API
                                  properties:
                                    defaultMode:
                                      description: defaultMode are the mode bits used
                                        to set permissions on created files by default.
                                        Must be an octal value between 0000 and 0777
                                        or a decimal value between 0 and 511. YAML
                                        accepts both octal and decimal values, JSON
                                        requires decimal values for mode bits. Directories
                                        within the path are not affected by this setting.
                                        This might be in conflict with other options
                                        that affect the file mode, like fsGroup, and
                                        the result can be other mode bits set.
                                      format: int32
                                      type: integer
                                    sources:
                                      description: sources is the list of volume projections
                                      items:
                                        description: Projection that may be projected
                                          along with other supported volume types
                                        properties:
                                          configMap:
                                            description: configMap information about
                                              the configMap data to project
                                            properties:
                                              items:
                                                description: items if unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced ConfigMap
                                                  will be projected into the volume
                                                  as a file whose name is the key
                                                  and content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the ConfigMap, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: optional specify whether
                                                  the ConfigMap or its keys must be
                                                  defined
                                                type: boolean
                                            type: object
                                          downwardAPI:
                                            description: downwardAPI information about
                                              the downwardAPI data to project
                                            properties:
                                              items:
                                                description: Items is a list of DownwardAPIVolume
                                                  file
                                                items:
                                                  description: DownwardAPIVolumeFile
                                                    represents information to create
                                                    the file containing the pod field
                                                  properties:
                                                    fieldRef:
                                                      description: 'Required: Selects
                                                        a field of the pod: only annotations,
                                                        labels, name and namespace
                                                        are supported.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    mode:
                                                      description: 'Optional: mode
                                                        bits used to set permissions
                                                        on this file, must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: 'Required: Path
                                                        is  the relative path name
                                                        of the file to be created.
                                                        Must not be absolute or contain
                                                        the ''..'' path. Must be utf-8
                                                        encoded. The first item of
                                                        the relative path must not
                                                        start with ''..'''
                                                      type: string
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, requests.cpu
                                                        and requests.memory) are currently
                                                        supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                  required:
                                                  - path
                                                  type: object
                                                type: array
                                            type: object
                                          secret:
                                            description: secret information about
                                              the secret data to project
                                            properties:
                                              items:
                                                description: items if unspecified,
                                                  each key-value pair in the Data
                                                  field of the referenced Secret will
                                                  be projected into the volume as
                                                  a file whose name is the key and
                                                  content is the value. If specified,
                                                  the listed keys will be projected
                                                  into the specified paths, and unlisted
                                                  keys will not be present. If a key
                                                  is specified which is not present
                                                  in the Secret, the volume setup
                                                  will error unless it is marked optional.
                                                  Paths must be relative and may not
                                                  contain the '..' path or start with
                                                  '..'.
                                                items:
                                                  description: Maps a string key to
                                                    a path within a volume.
                                                  properties:
                                                    key:
                                                      description: key is the key
                                                        to project.
                                                      type: string
                                                    mode:
                                                      description: 'mode is Optional:
                                                        mode bits used to set permissions
                                                        on this file. Must be an octal
                                                        value between 0000 and 0777
                                                        or a decimal value between
                                                        0 and 511. YAML accepts both
                                                        octal and decimal values,
                                                        JSON requires decimal values
                                                        for mode bits. If not specified,
                                                        the volume defaultMode will
                                                        be used. This might be in
                                                        conflict with other options
                                                        that affect the file mode,
                                                        like fsGroup, and the result
                                                        can be other mode bits set.'
                                                      format: int32
                                                      type: integer
                                                    path:
                                                      description: path is the relative
                                                        path of the file to map the
                                                        key to. May not be an absolute
                                                        path. May not contain the
                                                        path element '..'. May not
                                                        start with the string '..'.
                                                      type: string
                                                  required:
                                                  - key
                                                  - path
                                                  type: object
                                                type: array
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: optional field specify
                                                  whether the Secret or its key must
                                                  be defined
                                                type: boolean
                                            type: object
                                          serviceAccountToken:
                                            description: serviceAccountToken is information
                                              about the serviceAccountToken data to
                                              project
                                            properties:
                                              audience:
                                                description: audience is the intended
                                                  audience of the token. A recipient
                                                  of a token must identify itself
                                                  with an identifier specified in
                                                  the audience of the token, and otherwise
                                                  should reject the token. The audience
                                                  defaults to the identifier of the
                                                  apiserver.
                                                type: string
                                              expirationSeconds:
                                                description: expirationSeconds is
                                                  the requested duration of validity
                                                  of the service account token. As
                                                  the token approaches expiration,
                                                  the kubelet volume plugin will proactively
                                                  rotate the service account token.
                                                  The kubelet will start trying to
                                                  rotate the token if the token is
                                                  older than 80 percent of its time
                                                  to live or if the token is older
                                                  than 24 hours.Defaults to 1 hour
                                                  and must be at least 10 minutes.
                                                format: int64
                                                type: integer
                                              path:
                                                description: path is the path relative
                                                  to the mount point of the file to
                                                  project the token into.
                                                type: string
                                            required:
                                            - path
                                            type: object
                                        type: object
                                      type: array
                                  type: object
                                quobyte:
                                  description: quobyte represents a Quobyte mount
                                    on the host that shares a pod's lifetime
                                  properties:
                                    group:
                                      description: group to map volume access to Default
                                        is no group
                                      type: string
                                    readOnly:
                                      description: readOnly here will force the Quobyte
                                        volume to be mounted with read-only permissions.
                                        Defaults to false.
                                      type: boolean
                                    registry:
                                      description: registry represents a single or
                                        multiple Quobyte Registry services specified
                                        as a string as host:port pair (multiple entries
                                        are separated with commas) which acts as the
                                        central registry for volumes
                                      type: string
                                    tenant:
                                      description: tenant owning the given Quobyte
                                        volume in the Backend Used with dynamically
                                        provisioned Quobyte volumes, value is set
                                        by the plugin
                                      type: string
                                    user:
                                      description: user to map volume access to Defaults
                                        to serivceaccount user
                                      type: string
                                    volume:
                                      description: volume is a string that references
                                        an already created Quobyte volume by name.
                                      type: string
                                  required:
                                  - registry
                                  - volume
                                  type: object
                                rbd:
                                  description: 'rbd represents a Rados Block Device
                                    mount on the host that shares a pod''s lifetime.
                                    More info: https://examples.k8s.io/volumes/rbd/README.md'
                                  properties:
                                    fsType:
                                      description: 'fsType is the filesystem type
                                        of the volume that you want to mount. Tip:
                                        Ensure that the filesystem type is supported
                                        by the host operating system. Examples: "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                        TODO: how do we prevent errors in the filesystem
                                        from compromising the machine'
                                      type: string
                                    image:
                                      description: 'image is the rados image name.
                                        More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      type: string
                                    keyring:
                                      description: 'keyring is the path to key ring
                                        for RBDUser. Default is /etc/ceph/keyring.
                                        More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      type: string
                                    monitors:
                                      description: 'monitors is a collection of Ceph
                                        monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      items:
                                        type: string
                                      type: array
                                    pool:
                                      description: 'pool is the rados pool name. Default
                                        is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      type: string
                                    readOnly:
                                      description: 'readOnly here will force the ReadOnly
                                        setting in VolumeMounts. Defaults to false.
                                        More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      type: boolean
                                    secretRef:
                                      description: 'secretRef is name of the authentication
                                        secret for RBDUser. If provided overrides
                                        keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    user:
                                      description: 'user is the rados user name. Default
                                        is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                      type: string
                                  required:
                                  - image
                                  - monitors
                                  type: object
                                scaleIO:
                                  description: scaleIO represents a ScaleIO persistent
                                    volume attached and mounted on Kubernetes nodes.
                                  properties:
                                    fsType:
                                      description: fsType is the filesystem type to
                                        mount. Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs", "ntfs". Default is "xfs".
                                      type: string
                                    gateway:
                                      description: gateway is the host address of
                                        the ScaleIO API Gateway.
                                      type: string
                                    protectionDomain:
                                      description: protectionDomain is the name of
                                        the ScaleIO Protection Domain for the configured
                                        storage.
                                      type: string
                                    readOnly:
                                      description: readOnly Defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts.
                                      type: boolean
                                    secretRef:
                                      description: secretRef references to the secret
                                        for ScaleIO user and other sensitive information.
                                        If this is not provided, Login operation will
                                        fail.
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    sslEnabled:
                                      description: sslEnabled Flag enable/disable
                                        SSL communication with Gateway, default false
                                      type: boolean
                                    storageMode:
                                      description: storageMode indicates whether the
                                        storage for a volume should be ThickProvisioned
                                        or ThinProvisioned. Default is ThinProvisioned.
                                      type: string
                                    storagePool:
                                      description: storagePool is the ScaleIO Storage
                                        Pool associated with the protection domain.
                                      type: string
                                    system:
                                      description: system is the name of the storage
                                        system as configured in ScaleIO.
                                      type: string
                                    volumeName:
                                      description: volumeName is the name of a volume
                                        already created in the ScaleIO system that
                                        is associated with this volume source.
                                      type: string
                                  required:
                                  - gateway
                                  - secretRef
                                  - system
                                  type: object
                                secret:
                                  description: 'secret represents a secret that should
                                    populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                  properties:
                                    defaultMode:
                                      description: 'defaultMode is Optional: mode
                                        bits used to set permissions on created files
                                        by default. Must be an octal value between
                                        0000 and 0777 or a decimal value between 0
                                        and 511. YAML accepts both octal and decimal
                                        values, JSON requires decimal values for mode
                                        bits. Defaults to 0644. Directories within
                                        the path are not affected by this setting.
                                        This might be in conflict with other options
                                        that affect the file mode, like fsGroup, and
                                        the result can be other mode bits set.'
                                      format: int32
                                      type: integer
                                    items:
                                      description: items If unspecified, each key-value
                                        pair in the Data field of the referenced Secret
                                        will be projected into the volume as a file
                                        whose name is the key and content is the value.
                                        If specified, the listed keys will be projected
                                        into the specified paths, and unlisted keys
                                        will not be present. If a key is specified
                                        which is not present in the Secret, the volume
                                        setup will error unless it is marked optional.
                                        Paths must be relative and may not contain
                                        the '..' path or start with '..'.
                                      items:
                                        description: Maps a string key to a path within
                                          a volume.
                                        properties:
                                          key:
                                            description: key is the key to project.
                                            type: string
                                          mode:
                                            description: 'mode is Optional: mode bits
                                              used to set permissions on this file.
                                              Must be an octal value between 0000
                                              and 0777 or a decimal value between
                                              0 and 511. YAML accepts both octal and
                                              decimal values, JSON requires decimal
                                              values for mode bits. If not specified,
                                              the volume defaultMode will be used.
                                              This might be in conflict with other
                                              options that affect the file mode, like
                                              fsGroup, and the result can be other
                                              mode bits set.'
                                            format: int32
                                            type: integer
                                          path:
                                            description: path is the relative path
                                              of the file to map the key to. May not
                                              be an absolute path. May not contain
                                              the path element '..'. May not start
                                              with the string '..'.
                                            type: string
                                        required:
                                        - key
                                        - path
                                        type: object
                                      type: array
                                    optional:
                                      description: optional field specify whether
                                        the Secret or its keys must be defined
                                      type: boolean
                                    secretName:
                                      description: 'secretName is the name of the
                                        secret in the pod''s namespace to use. More
                                        info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                      type: string
                                  type: object
                                storageos:
                                  description: storageOS represents a StorageOS volume
                                    attached and mounted on Kubernetes nodes.
                                  properties:
                                    fsType:
                                      description: fsType is the filesystem type to
                                        mount. Must be a filesystem type supported
                                        by the host operating system. Ex. "ext4",
                                        "xfs", "ntfs". Implicitly inferred to be "ext4"
                                        if unspecified.
                                      type: string
                                    readOnly:
                                      description: readOnly defaults to false (read/write).
                                        ReadOnly here will force the ReadOnly setting
                                        in VolumeMounts.
                                      type: boolean
                                    secretRef:
                                      description: secretRef specifies the secret
                                        to use for obtaining the StorageOS API credentials.  If
                                        not specified, default values will be attempted.
                                      properties:
                                        name:
                                          description: 'Name of the referent. More
                                            info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                            TODO: Add other useful fields. apiVersion,
                                            kind, uid?'
                                          type: string
                                      type: object
                                    volumeName:
                                      description: volumeName is the human-readable
                                        name of the StorageOS volume.  Volume names
                                        are only unique within a namespace.
                                      type: string
                                    volumeNamespace:
                                      description: volumeNamespace specifies the scope
                                        of the volume within StorageOS.  If no namespace
                                        is specified then the Pod's namespace will
                                        be used.  This allows the Kubernetes name
                                        scoping to be mirrored within StorageOS for
                                        tighter integration. Set VolumeName to any
                                        name to override the default behaviour. Set
                                        to "default" if you are not using namespaces
                                        within StorageOS. Namespaces that do not pre-exist
                                        within StorageOS will be created.
                                      type: string
                                  type: object
                                vsphereVolume:
                                  description: vsphereVolume represents a vSphere
                                    volume attached and mounted on kubelets host machine
                                  properties:
                                    fsType:
                                      description: fsType is filesystem type to mount.
                                        Must be a filesystem type supported by the
                                        host operating system. Ex. "ext4", "xfs",
                                        "ntfs". Implicitly inferred to be "ext4" if
                                        unspecified.
                                      type: string
                                    storagePolicyID:
                                      description: storagePolicyID is the storage
                                        Policy Based Management (SPBM) profile ID
                                        associated with the StoragePolicyName.
                                      type: string
                                    storagePolicyName:
                                      description: storagePolicyName is the storage
                                        Policy Based Management (SPBM) profile name.
                                      type: string
                                    volumePath:
                                      description: volumePath is the path that identifies
                                        vSphere volume vmdk
                                      type: string
                                  required:
                                  - volumePath
                                  type: object
                              required:
                              - name
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                        type: object
                      resources:
                        description: Resources is a list of bindings specifying which
                          actual instances of PipelineResources to use for the resources
                          the Pipeline has declared it needs.
                        items:
                          description: PipelineResourceBinding connects a reference
                            to an instance of a PipelineResource with a PipelineResource
                            dependency that the Pipeline has declared
                          properties:
                            name:
                              description: Name is the name of the PipelineResource
                                in the Pipeline's declaration
                              type: string
                            resourceRef:
                              description: ResourceRef is a reference to the instance
                                of the actual PipelineResource that should be used
                              properties:
                                apiVersion:
                                  description: API version of the referent
                                  type: string
                                name:
                                  description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                                  type: string
                              type: object
                            resourceSpec:
                              description: ResourceSpec is specification of a resource
                                that should be created and consumed by the task
                              properties:
                                description:
                                  description: Description is a user-facing description
                                    of the resource that may be used to populate a
                                    UI.
                                  type: string
                                params:
                                  items:
                                    description: ResourceParam declares a string value
                                      to use for the parameter called Name, and is
                                      used in the specific context of PipelineResources.
                                    properties:
                                      name:
                                        type: string
                                      value:
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                secrets:
                                  description: Secrets to fetch to populate some of
                                    resource fields
                                  items:
                                    description: SecretParam indicates which secret
                                      can be used to populate a field of the resource
                                    properties:
                                      fieldName:
                                        type: string
                                      secretKey:
                                        type: string
                                      secretName:
                                        type: string
                                    required:
                                    - fieldName
                                    - secretKey
                                    - secretName
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                type:
                                  type: string
                              required:
                              - params
                              - type
                              type: object
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      serviceAccountName:
                        type: string
                      status:
                        description: Used for cancelling a pipelinerun (and maybe
                          more later on)
                        type: string
                      taskRunSpecs:
                        description: TaskRunSpecs holds a set of runtime specs
                        items:
                          description: PipelineTaskRunSpec  can be used to configure
                            specific specs for a concrete Task
                          properties:
                            computeResources:
                              description: Compute resources to use for this TaskRun
                              properties:
                                limits:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: 'Limits describes the maximum amount
                                    of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                  type: object
                                requests:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: 'Requests describes the minimum amount
                                    of compute resources required. If Requests is
                                    omitted for a container, it defaults to Limits
                                    if that is explicitly specified, otherwise to
                                    an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                  type: object
                              type: object
                            metadata:
                              description: PipelineTaskMetadata contains the labels
                                or annotations for an EmbeddedTask
                              properties:
                                annotations:
                                  additionalProperties:
                                    type: string
                                  type: object
                                labels:
                                  additionalProperties:
                                    type: string
                                  type: object
                              type: object
                            pipelineTaskName:
                              type: string
                            sidecarOverrides:
                              items:
                                description: TaskRunSidecarOverride is used to override
                                  the values of a Sidecar in the corresponding Task.
                                properties:
                                  name:
                                    description: The name of the Sidecar to override.
                                    type: string
                                  resources:
                                    description: The resource requirements to apply
                                      to the Sidecar.
                                    properties:
                                      limits:
                                        additionalProperties:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        description: 'Limits describes the maximum
                                          amount of compute resources allowed. More
                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        type: object
                                      requests:
                                        additionalProperties:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        description: 'Requests describes the minimum
                                          amount of compute resources required. If
                                          Requests is omitted for a container, it
                                          defaults to Limits if that is explicitly
                                          specified, otherwise to an implementation-defined
                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        type: object
                                    type: object
                                required:
                                - name
                                - resources
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            stepOverrides:
                              items:
                                description: TaskRunStepOverride is used to override
                                  the values of a Step in the corresponding Task.
                                properties:
                                  name:
                                    description: The name of the Step to override.
                                    type: string
                                  resources:
                                    description: The resource requirements to apply
                                      to the Step.
                                    properties:
                                      limits:
                                        additionalProperties:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        description: 'Limits describes the maximum
                                          amount of compute resources allowed. More
                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        type: object
                                      requests:
                                        additionalProperties:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        description: 'Requests describes the minimum
                                          amount of compute resources required. If
                                          Requests is omitted for a container, it
                                          defaults to Limits if that is explicitly
                                          specified, otherwise to an implementation-defined
                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        type: object
                                    type: object
                                required:
                                - name
                                - resources
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            taskPodTemplate:
                              description: Template holds pod specific configuration
                              properties:
                                affinity:
                                  description: If specified, the pod's scheduling
                                    constraints
                                  properties:
                                    nodeAffinity:
                                      description: Describes node affinity scheduling
                                        rules for the pod.
                                      properties:
                                        preferredDuringSchedulingIgnoredDuringExecution:
                                          description: The scheduler will prefer to
                                            schedule pods to nodes that satisfy the
                                            affinity expressions specified by this
                                            field, but it may choose a node that violates
                                            one or more of the expressions. The node
                                            that is most preferred is the one with
                                            the greatest sum of weights, i.e. for
                                            each node that meets all of the scheduling
                                            requirements (resource request, requiredDuringScheduling
                                            affinity expressions, etc.), compute a
                                            sum by iterating through the elements
                                            of this field and adding "weight" to the
                                            sum if the node matches the corresponding
                                            matchExpressions; the node(s) with the
                                            highest sum are the most preferred.
                                          items:
                                            description: An empty preferred scheduling
                                              term matches all objects with implicit
                                              weight 0 (i.e. it's a no-op). A null
                                              preferred scheduling term matches no
                                              objects (i.e. is also a no-op).
                                            properties:
                                              preference:
                                                description: A node selector term,
                                                  associated with the corresponding
                                                  weight.
                                                properties:
                                                  matchExpressions:
                                                    description: A list of node selector
                                                      requirements by node's labels.
                                                    items:
                                                      description: A node selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: The label key
                                                            that the selector applies
                                                            to.
                                                          type: string
                                                        operator:
                                                          description: Represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists, DoesNotExist.
                                                            Gt, and Lt.
                                                          type: string
                                                        values:
                                                          description: An array of
                                                            string values. If the
                                                            operator is In or NotIn,
                                                            the values array must
                                                            be non-empty. If the operator
                                                            is Exists or DoesNotExist,
                                                            the values array must
                                                            be empty. If the operator
                                                            is Gt or Lt, the values
                                                            array must have a single
                                                            element, which will be
                                                            interpreted as an integer.
                                                            This array is replaced
                                                            during a strategic merge
                                                            patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchFields:
                                                    description: A list of node selector
                                                      requirements by node's fields.
                                                    items:
                                                      description: A node selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: The label key
                                                            that the selector applies
                                                            to.
                                                          type: string
                                                        operator:
                                                          description: Represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists, DoesNotExist.
                                                            Gt, and Lt.
                                                          type: string
                                                        values:
                                                          description: An array of
                                                            string values. If the
                                                            operator is In or NotIn,
                                                            the values array must
                                                            be non-empty. If the operator
                                                            is Exists or DoesNotExist,
                                                            the values array must
                                                            be empty. If the operator
                                                            is Gt or Lt, the values
                                                            array must have a single
                                                            element, which will be
                                                            interpreted as an integer.
                                                            This array is replaced
                                                            during a strategic merge
                                                            patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                type: object
                                              weight:
                                                description: Weight associated with
                                                  matching the corresponding nodeSelectorTerm,
                                                  in the range 1-100.
                                                format: int32
                                                type: integer
                                            required:
                                            - preference
                                            - weight
                                            type: object
                                          type: array
                                        requiredDuringSchedulingIgnoredDuringExecution:
                                          description: If the affinity requirements
                                            specified by this field are not met at
                                            scheduling time, the pod will not be scheduled
                                            onto the node. If the affinity requirements
                                            specified by this field cease to be met
                                            at some point during pod execution (e.g.
                                            due to an update), the system may or may
                                            not try to eventually evict the pod from
                                            its node.
                                          properties:
                                            nodeSelectorTerms:
                                              description: Required. A list of node
                                                selector terms. The terms are ORed.
                                              items:
                                                description: A null or empty node
                                                  selector term matches no objects.
                                                  The requirements of them are ANDed.
                                                  The TopologySelectorTerm type implements
                                                  a subset of the NodeSelectorTerm.
                                                properties:
                                                  matchExpressions:
                                                    description: A list of node selector
                                                      requirements by node's labels.
                                                    items:
                                                      description: A node selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: The label key
                                                            that the selector applies
                                                            to.
                                                          type: string
                                                        operator:
                                                          description: Represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists, DoesNotExist.
                                                            Gt, and Lt.
                                                          type: string
                                                        values:
                                                          description: An array of
                                                            string values. If the
                                                            operator is In or NotIn,
                                                            the values array must
                                                            be non-empty. If the operator
                                                            is Exists or DoesNotExist,
                                                            the values array must
                                                            be empty. If the operator
                                                            is Gt or Lt, the values
                                                            array must have a single
                                                            element, which will be
                                                            interpreted as an integer.
                                                            This array is replaced
                                                            during a strategic merge
                                                            patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchFields:
                                                    description: A list of node selector
                                                      requirements by node's fields.
                                                    items:
                                                      description: A node selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: The label key
                                                            that the selector applies
                                                            to.
                                                          type: string
                                                        operator:
                                                          description: Represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists, DoesNotExist.
                                                            Gt, and Lt.
                                                          type: string
                                                        values:
                                                          description: An array of
                                                            string values. If the
                                                            operator is In or NotIn,
                                                            the values array must
                                                            be non-empty. If the operator
                                                            is Exists or DoesNotExist,
                                                            the values array must
                                                            be empty. If the operator
                                                            is Gt or Lt, the values
                                                            array must have a single
                                                            element, which will be
                                                            interpreted as an integer.
                                                            This array is replaced
                                                            during a strategic merge
                                                            patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                type: object
                                              type: array
                                          required:
                                          - nodeSelectorTerms
                                          type: object
                                      type: object
                                    podAffinity:
                                      description: Describes pod affinity scheduling
                                        rules (e.g. co-locate this pod in the same
                                        node, zone, etc. as some other pod(s)).
                                      properties:
                                        preferredDuringSchedulingIgnoredDuringExecution:
                                          description: The scheduler will prefer to
                                            schedule pods to nodes that satisfy the
                                            affinity expressions specified by this
                                            field, but it may choose a node that violates
                                            one or more of the expressions. The node
                                            that is most preferred is the one with
                                            the greatest sum of weights, i.e. for
                                            each node that meets all of the scheduling
                                            requirements (resource request, requiredDuringScheduling
                                            affinity expressions, etc.), compute a
                                            sum by iterating through the elements
                                            of this field and adding "weight" to the
                                            sum if the node has pods which matches
                                            the corresponding podAffinityTerm; the
                                            node(s) with the highest sum are the most
                                            preferred.
                                          items:
                                            description: The weights of all of the
                                              matched WeightedPodAffinityTerm fields
                                              are added per-node to find the most
                                              preferred node(s)
                                            properties:
                                              podAffinityTerm:
                                                description: Required. A pod affinity
                                                  term, associated with the corresponding
                                                  weight.
                                                properties:
                                                  labelSelector:
                                                    description: A label query over
                                                      a set of resources, in this
                                                      case pods.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  namespaceSelector:
                                                    description: A label query over
                                                      the set of namespaces that the
                                                      term applies to. The term is
                                                      applied to the union of the
                                                      namespaces selected by this
                                                      field and the ones listed in
                                                      the namespaces field. null selector
                                                      and null or empty namespaces
                                                      list means "this pod's namespace".
                                                      An empty selector ({}) matches
                                                      all namespaces.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  namespaces:
                                                    description: namespaces specifies
                                                      a static list of namespace names
                                                      that the term applies to. The
                                                      term is applied to the union
                                                      of the namespaces listed in
                                                      this field and the ones selected
                                                      by namespaceSelector. null or
                                                      empty namespaces list and null
                                                      namespaceSelector means "this
                                                      pod's namespace".
                                                    items:
                                                      type: string
                                                    type: array
                                                  topologyKey:
                                                    description: This pod should be
                                                      co-located (affinity) or not
                                                      co-located (anti-affinity) with
                                                      the pods matching the labelSelector
                                                      in the specified namespaces,
                                                      where co-located is defined
                                                      as running on a node whose value
                                                      of the label with key topologyKey
                                                      matches that of any node on
                                                      which any of the selected pods
                                                      is running. Empty topologyKey
                                                      is not allowed.
                                                    type: string
                                                required:
                                                - topologyKey
                                                type: object
                                              weight:
                                                description: weight associated with
                                                  matching the corresponding podAffinityTerm,
                                                  in the range 1-100.
                                                format: int32
                                                type: integer
                                            required:
                                            - podAffinityTerm
                                            - weight
                                            type: object
                                          type: array
                                        requiredDuringSchedulingIgnoredDuringExecution:
                                          description: If the affinity requirements
                                            specified by this field are not met at
                                            scheduling time, the pod will not be scheduled
                                            onto the node. If the affinity requirements
                                            specified by this field cease to be met
                                            at some point during pod execution (e.g.
                                            due to a pod label update), the system
                                            may or may not try to eventually evict
                                            the pod from its node. When there are
                                            multiple elements, the lists of nodes
                                            corresponding to each podAffinityTerm
                                            are intersected, i.e. all terms must be
                                            satisfied.
                                          items:
                                            description: Defines a set of pods (namely
                                              those matching the labelSelector relative
                                              to the given namespace(s)) that this
                                              pod should be co-located (affinity)
                                              or not co-located (anti-affinity) with,
                                              where co-located is defined as running
                                              on a node whose value of the label with
                                              key <topologyKey> matches that of any
                                              node on which a pod of the set of pods
                                              is running
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          type: array
                                      type: object
                                    podAntiAffinity:
                                      description: Describes pod anti-affinity scheduling
                                        rules (e.g. avoid putting this pod in the
                                        same node, zone, etc. as some other pod(s)).
                                      properties:
                                        preferredDuringSchedulingIgnoredDuringExecution:
                                          description: The scheduler will prefer to
                                            schedule pods to nodes that satisfy the
                                            anti-affinity expressions specified by
                                            this field, but it may choose a node that
                                            violates one or more of the expressions.
                                            The node that is most preferred is the
                                            one with the greatest sum of weights,
                                            i.e. for each node that meets all of the
                                            scheduling requirements (resource request,
                                            requiredDuringScheduling anti-affinity
                                            expressions, etc.), compute a sum by iterating
                                            through the elements of this field and
                                            adding "weight" to the sum if the node
                                            has pods which matches the corresponding
                                            podAffinityTerm; the node(s) with the
                                            highest sum are the most preferred.
                                          items:
                                            description: The weights of all of the
                                              matched WeightedPodAffinityTerm fields
                                              are added per-node to find the most
                                              preferred node(s)
                                            properties:
                                              podAffinityTerm:
                                                description: Required. A pod affinity
                                                  term, associated with the corresponding
                                                  weight.
                                                properties:
                                                  labelSelector:
                                                    description: A label query over
                                                      a set of resources, in this
                                                      case pods.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  namespaceSelector:
                                                    description: A label query over
                                                      the set of namespaces that the
                                                      term applies to. The term is
                                                      applied to the union of the
                                                      namespaces selected by this
                                                      field and the ones listed in
                                                      the namespaces field. null selector
                                                      and null or empty namespaces
                                                      list means "this pod's namespace".
                                                      An empty selector ({}) matches
                                                      all namespaces.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  namespaces:
                                                    description: namespaces specifies
                                                      a static list of namespace names
                                                      that the term applies to. The
                                                      term is applied to the union
                                                      of the namespaces listed in
                                                      this field and the ones selected
                                                      by namespaceSelector. null or
                                                      empty namespaces list and null
                                                      namespaceSelector means "this
                                                      pod's namespace".
                                                    items:
                                                      type: string
                                                    type: array
                                                  topologyKey:
                                                    description: This pod should be
                                                      co-located (affinity) or not
                                                      co-located (anti-affinity) with
                                                      the pods matching the labelSelector
                                                      in the specified namespaces,
                                                      where co-located is defined
                                                      as running on a node whose value
                                                      of the label with key topologyKey
                                                      matches that of any node on
                                                      which any of the selected pods
                                                      is running. Empty topologyKey
                                                      is not allowed.
                                                    type: string
                                                required:
                                                - topologyKey
                                                type: object
                                              weight:
                                                description: weight associated with
                                                  matching the corresponding podAffinityTerm,
                                                  in the range 1-100.
                                                format: int32
                                                type: integer
                                            required:
                                            - podAffinityTerm
                                            - weight
                                            type: object
                                          type: array
                                        requiredDuringSchedulingIgnoredDuringExecution:
                                          description: If the anti-affinity requirements
                                            specified by this field are not met at
                                            scheduling time, the pod will not be scheduled
                                            onto the node. If the anti-affinity requirements
                                            specified by this field cease to be met
                                            at some point during pod execution (e.g.
                                            due to a pod label update), the system
                                            may or may not try to eventually evict
                                            the pod from its node. When there are
                                            multiple elements, the lists of nodes
                                            corresponding to each podAffinityTerm
                                            are intersected, i.e. all terms must be
                                            satisfied.
                                          items:
                                            description: Defines a set of pods (namely
                                              those matching the labelSelector relative
                                              to the given namespace(s)) that this
                                              pod should be co-located (affinity)
                                              or not co-located (anti-affinity) with,
                                              where co-located is defined as running
                                              on a node whose value of the label with
                                              key <topologyKey> matches that of any
                                              node on which a pod of the set of pods
                                              is running
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          type: array
                                      type: object
                                  type: object
                                automountServiceAccountToken:
                                  description: AutomountServiceAccountToken indicates
                                    whether pods running as this service account should
                                    have an API token automatically mounted.
                                  type: boolean
                                dnsConfig:
                                  description: Specifies the DNS parameters of a pod.
                                    Parameters specified here will be merged to the
                                    generated DNS configuration based on DNSPolicy.
                                  properties:
                                    nameservers:
                                      description: A list of DNS name server IP addresses.
                                        This will be appended to the base nameservers
                                        generated from DNSPolicy. Duplicated nameservers
                                        will be removed.
                                      items:
                                        type: string
                                      type: array
                                    options:
                                      description: A list of DNS resolver options.
                                        This will be merged with the base options
                                        generated from DNSPolicy. Duplicated entries
                                        will be removed. Resolution options given
                                        in Options will override those that appear
                                        in the base DNSPolicy.
                                      items:
                                        description: PodDNSConfigOption defines DNS
                                          resolver options of a pod.
                                        properties:
                                          name:
                                            description: Required.
                                            type: string
                                          value:
                                            type: string
                                        type: object
                                      type: array
                                    searches:
                                      description: A list of DNS search domains for
                                        host-name lookup. This will be appended to
                                        the base search paths generated from DNSPolicy.
                                        Duplicated search paths will be removed.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                dnsPolicy:
                                  description: Set DNS policy for the pod. Defaults
                                    to "ClusterFirst". Valid values are 'ClusterFirst',
                                    'Default' or 'None'. DNS parameters given in DNSConfig
                                    will be merged with the policy selected with DNSPolicy.
                                  type: string
                                enableServiceLinks:
                                  description: 'EnableServiceLinks indicates whether
                                    information about services should be injected
                                    into pod''s environment variables, matching the
                                    syntax of Docker links. Optional: Defaults to
                                    true.'
                                  type: boolean
                                env:
                                  description: List of environment variables that
                                    can be provided to the containers belonging to
                                    the pod.
                                  items:
                                    description: EnvVar represents an environment
                                      variable present in a Container.
                                    properties:
                                      name:
                                        description: Name of the environment variable.
                                          Must be a C_IDENTIFIER.
                                        type: string
                                      value:
                                        description: 'Variable references $(VAR_NAME)
                                          are expanded using the previously defined
                                          environment variables in the container and
                                          any service environment variables. If a
                                          variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Defaults to "".'
                                        type: string
                                      valueFrom:
                                        description: Source for the environment variable's
                                          value. Cannot be used if value is not empty.
                                        properties:
                                          configMapKeyRef:
                                            description: Selects a key of a ConfigMap.
                                            properties:
                                              key:
                                                description: The key to select.
                                                type: string
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the ConfigMap
                                                  or its key must be defined
                                                type: boolean
                                            required:
                                            - key
                                            type: object
                                          fieldRef:
                                            description: 'Selects a field of the pod:
                                              supports metadata.name, metadata.namespace,
                                              `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
                                              spec.nodeName, spec.serviceAccountName,
                                              status.hostIP, status.podIP, status.podIPs.'
                                            properties:
                                              apiVersion:
                                                description: Version of the schema
                                                  the FieldPath is written in terms
                                                  of, defaults to "v1".
                                                type: string
                                              fieldPath:
                                                description: Path of the field to
                                                  select in the specified API version.
                                                type: string
                                            required:
                                            - fieldPath
                                            type: object
                                          resourceFieldRef:
                                            description: 'Selects a resource of the
                                              container: only resources limits and
                                              requests (limits.cpu, limits.memory,
                                              limits.ephemeral-storage, requests.cpu,
                                              requests.memory and requests.ephemeral-storage)
                                              are currently supported.'
                                            properties:
                                              containerName:
                                                description: 'Container name: required
                                                  for volumes, optional for env vars'
                                                type: string
                                              divisor:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Specifies the output
                                                  format of the exposed resources,
                                                  defaults to "1"
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              resource:
                                                description: 'Required: resource to
                                                  select'
                                                type: string
                                            required:
                                            - resource
                                            type: object
                                          secretKeyRef:
                                            description: Selects a key of a secret
                                              in the pod's namespace
                                            properties:
                                              key:
                                                description: The key of the secret
                                                  to select from.  Must be a valid
                                                  secret key.
                                                type: string
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the Secret
                                                  or its key must be defined
                                                type: boolean
                                            required:
                                            - key
                                            type: object
                                        type: object
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                hostAliases:
                                  description: HostAliases is an optional list of
                                    hosts and IPs that will be injected into the pod's
                                    hosts file if specified. This is only valid for
                                    non-hostNetwork pods.
                                  items:
                                    description: HostAlias holds the mapping between
                                      IP and hostnames that will be injected as an
                                      entry in the pod's hosts file.
                                    properties:
                                      hostnames:
                                        description: Hostnames for the above IP address.
                                        items:
                                          type: string
                                        type: array
                                      ip:
                                        description: IP address of the host file entry.
                                        type: string
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                hostNetwork:
                                  description: HostNetwork specifies whether the pod
                                    may use the node network namespace
                                  type: boolean
                                imagePullSecrets:
                                  description: ImagePullSecrets gives the name of
                                    the secret used by the pod to pull the image if
                                    specified
                                  items:
                                    description: LocalObjectReference contains enough
                                      information to let you locate the referenced
                                      object inside the same namespace.
                                    properties:
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                nodeSelector:
                                  additionalProperties:
                                    type: string
                                  description: 'NodeSelector is a selector which must
                                    be true for the pod to fit on a node. Selector
                                    which must match a node''s labels for the pod
                                    to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                                  type: object
                                priorityClassName:
                                  description: If specified, indicates the pod's priority.
                                    "system-node-critical" and "system-cluster-critical"
                                    are two special keywords which indicate the highest
                                    priorities with the former being the highest priority.
                                    Any other name must be defined by creating a PriorityClass
                                    object with that name. If not specified, the pod
                                    priority will be default or zero if there is no
                                    default.
                                  type: string
                                runtimeClassName:
                                  description: 'RuntimeClassName refers to a RuntimeClass
                                    object in the node.k8s.io group, which should
                                    be used to run this pod. If no RuntimeClass resource
                                    matches the named class, the pod will not be run.
                                    If unset or empty, the "legacy" RuntimeClass will
                                    be used, which is an implicit class with an empty
                                    definition that uses the default runtime handler.
                                    More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                                    This is a beta feature as of Kubernetes v1.14.'
                                  type: string
                                schedulerName:
                                  description: SchedulerName specifies the scheduler
                                    to be used to dispatch the Pod
                                  type: string
                                securityContext:
                                  description: 'SecurityContext holds pod-level security
                                    attributes and common container settings. Optional:
                                    Defaults to empty.  See type description for default
                                    values of each field.'
                                  properties:
                                    fsGroup:
                                      description: "A special supplemental group that
                                        applies to all containers in a pod. Some volume
                                        types allow the Kubelet to change the ownership
                                        of that volume to be owned by the pod: \n
                                        1. The owning GID will be the FSGroup 2. The
                                        setgid bit is set (new files created in the
                                        volume will be owned by FSGroup) 3. The permission
                                        bits are OR'd with rw-rw---- \n If unset,
                                        the Kubelet will not modify the ownership
                                        and permissions of any volume. Note that this
                                        field cannot be set when spec.os.name is windows."
                                      format: int64
                                      type: integer
                                    fsGroupChangePolicy:
                                      description: 'fsGroupChangePolicy defines behavior
                                        of changing ownership and permission of the
                                        volume before being exposed inside Pod. This
                                        field will only apply to volume types which
                                        support fsGroup based ownership(and permissions).
                                        It will have no effect on ephemeral volume
                                        types such as: secret, configmaps and emptydir.
                                        Valid values are "OnRootMismatch" and "Always".
                                        If not specified, "Always" is used. Note that
                                        this field cannot be set when spec.os.name
                                        is windows.'
                                      type: string
                                    runAsGroup:
                                      description: The GID to run the entrypoint of
                                        the container process. Uses runtime default
                                        if unset. May also be set in SecurityContext.  If
                                        set in both SecurityContext and PodSecurityContext,
                                        the value specified in SecurityContext takes
                                        precedence for that container. Note that this
                                        field cannot be set when spec.os.name is windows.
                                      format: int64
                                      type: integer
                                    runAsNonRoot:
                                      description: Indicates that the container must
                                        run as a non-root user. If true, the Kubelet
                                        will validate the image at runtime to ensure
                                        that it does not run as UID 0 (root) and fail
                                        to start the container if it does. If unset
                                        or false, no such validation will be performed.
                                        May also be set in SecurityContext.  If set
                                        in both SecurityContext and PodSecurityContext,
                                        the value specified in SecurityContext takes
                                        precedence.
                                      type: boolean
                                    runAsUser:
                                      description: The UID to run the entrypoint of
                                        the container process. Defaults to user specified
                                        in image metadata if unspecified. May also
                                        be set in SecurityContext.  If set in both
                                        SecurityContext and PodSecurityContext, the
                                        value specified in SecurityContext takes precedence
                                        for that container. Note that this field cannot
                                        be set when spec.os.name is windows.
                                      format: int64
                                      type: integer
                                    seLinuxOptions:
                                      description: The SELinux context to be applied
                                        to all containers. If unspecified, the container
                                        runtime will allocate a random SELinux context
                                        for each container.  May also be set in SecurityContext.  If
                                        set in both SecurityContext and PodSecurityContext,
                                        the value specified in SecurityContext takes
                                        precedence for that container. Note that this
                                        field cannot be set when spec.os.name is windows.
                                      properties:
                                        level:
                                          description: Level is SELinux level label
                                            that applies to the container.
                                          type: string
                                        role:
                                          description: Role is a SELinux role label
                                            that applies to the container.
                                          type: string
                                        type:
                                          description: Type is a SELinux type label
                                            that applies to the container.
                                          type: string
                                        user:
                                          description: User is a SELinux user label
                                            that applies to the container.
                                          type: string
                                      type: object
                                    seccompProfile:
                                      description: The seccomp options to use by the
                                        containers in this pod. Note that this field
                                        cannot be set when spec.os.name is windows.
                                      properties:
                                        localhostProfile:
                                          description: localhostProfile indicates
                                            a profile defined in a file on the node
                                            should be used. The profile must be preconfigured
                                            on the node to work. Must be a descending
                                            path, relative to the kubelet's configured
                                            seccomp profile location. Must only be
                                            set if type is "Localhost".
                                          type: string
                                        type:
                                          description: "type indicates which kind
                                            of seccomp profile will be applied. Valid
                                            options are: \n Localhost - a profile
                                            defined in a file on the node should be
                                            used. RuntimeDefault - the container runtime
                                            default profile should be used. Unconfined
                                            - no profile should be applied."
                                          type: string
                                      required:
                                      - type
                                      type: object
                                    supplementalGroups:
                                      description: A list of groups applied to the
                                        first process run in each container, in addition
                                        to the container's primary GID.  If unspecified,
                                        no groups will be added to any container.
                                        Note that this field cannot be set when spec.os.name
                                        is windows.
                                      items:
                                        format: int64
                                        type: integer
                                      type: array
                                    sysctls:
                                      description: Sysctls hold a list of namespaced
                                        sysctls used for the pod. Pods with unsupported
                                        sysctls (by the container runtime) might fail
                                        to launch. Note that this field cannot be
                                        set when spec.os.name is windows.
                                      items:
                                        description: Sysctl defines a kernel parameter
                                          to be set
                                        properties:
                                          name:
                                            description: Name of a property to set
                                            type: string
                                          value:
                                            description: Value of a property to set
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    windowsOptions:
                                      description: The Windows specific settings applied
                                        to all containers. If unspecified, the options
                                        within a container's SecurityContext will
                                        be used. If set in both SecurityContext and
                                        PodSecurityContext, the value specified in
                                        SecurityContext takes precedence. Note that
                                        this field cannot be set when spec.os.name
                                        is linux.
                                      properties:
                                        gmsaCredentialSpec:
                                          description: GMSACredentialSpec is where
                                            the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                            inlines the contents of the GMSA credential
                                            spec named by the GMSACredentialSpecName
                                            field.
                                          type: string
                                        gmsaCredentialSpecName:
                                          description: GMSACredentialSpecName is the
                                            name of the GMSA credential spec to use.
                                          type: string
                                        hostProcess:
                                          description: HostProcess determines if a
                                            container should be run as a 'Host Process'
                                            container. This field is alpha-level and
                                            will only be honored by components that
                                            enable the WindowsHostProcessContainers
                                            feature flag. Setting this field without
                                            the feature flag will result in errors
                                            when validating the Pod. All of a Pod's
                                            containers must have the same effective
                                            HostProcess value (it is not allowed to
                                            have a mix of HostProcess containers and
                                            non-HostProcess containers).  In addition,
                                            if HostProcess is true then HostNetwork
                                            must also be set to true.
                                          type: boolean
                                        runAsUserName:
                                          description: The UserName in Windows to
                                            run the entrypoint of the container process.
                                            Defaults to the user specified in image
                                            metadata if unspecified. May also be set
                                            in PodSecurityContext. If set in both
                                            SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence.
                                          type: string
                                      type: object
                                  type: object
                                tolerations:
                                  description: If specified, the pod's tolerations.
                                  items:
                                    description: The pod this Toleration is attached
                                      to tolerates any taint that matches the triple
                                      <key,value,effect> using the matching operator
                                      <operator>.
                                    properties:
                                      effect:
                                        description: Effect indicates the taint effect
                                          to match. Empty means match all taint effects.
                                          When specified, allowed values are NoSchedule,
                                          PreferNoSchedule and NoExecute.
                                        type: string
                                      key:
                                        description: Key is the taint key that the
                                          toleration applies to. Empty means match
                                          all taint keys. If the key is empty, operator
                                          must be Exists; this combination means to
                                          match all values and all keys.
                                        type: string
                                      operator:
                                        description: Operator represents a key's relationship
                                          to the value. Valid operators are Exists
                                          and Equal. Defaults to Equal. Exists is
                                          equivalent to wildcard for value, so that
                                          a pod can tolerate all taints of a particular
                                          category.
                                        type: string
                                      tolerationSeconds:
                                        description: TolerationSeconds represents
                                          the period of time the toleration (which
                                          must be of effect NoExecute, otherwise this
                                          field is ignored) tolerates the taint. By
                                          default, it is not set, which means tolerate
                                          the taint forever (do not evict). Zero and
                                          negative values will be treated as 0 (evict
                                          immediately) by the system.
                                        format: int64
                                        type: integer
                                      value:
                                        description: Value is the taint value the
                                          toleration matches to. If the operator is
                                          Exists, the value should be empty, otherwise
                                          just a regular string.
                                        type: string
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                topologySpreadConstraints:
                                  description: TopologySpreadConstraints controls
                                    how Pods are spread across your cluster among
                                    failure-domains such as regions, zones, nodes,
                                    and other user-defined topology domains.
                                  items:
                                    description: TopologySpreadConstraint specifies
                                      how to spread matching pods among the given
                                      topology.
                                    properties:
                                      labelSelector:
                                        description: LabelSelector is used to find
                                          matching pods. Pods that match this label
                                          selector are counted to determine the number
                                          of pods in their corresponding topology
                                          domain.
                                        properties:
                                          matchExpressions:
                                            description: matchExpressions is a list
                                              of label selector requirements. The
                                              requirements are ANDed.
                                            items:
                                              description: A label selector requirement
                                                is a selector that contains values,
                                                a key, and an operator that relates
                                                the key and values.
                                              properties:
                                                key:
                                                  description: key is the label key
                                                    that the selector applies to.
                                                  type: string
                                                operator:
                                                  description: operator represents
                                                    a key's relationship to a set
                                                    of values. Valid operators are
                                                    In, NotIn, Exists and DoesNotExist.
                                                  type: string
                                                values:
                                                  description: values is an array
                                                    of string values. If the operator
                                                    is In or NotIn, the values array
                                                    must be non-empty. If the operator
                                                    is Exists or DoesNotExist, the
                                                    values array must be empty. This
                                                    array is replaced during a strategic
                                                    merge patch.
                                                  items:
                                                    type: string
                                                  type: array
                                              required:
                                              - key
                                              - operator
                                              type: object
                                            type: array
                                          matchLabels:
                                            additionalProperties:
                                              type: string
                                            description: matchLabels is a map of {key,value}
                                              pairs. A single {key,value} in the matchLabels
                                              map is equivalent to an element of matchExpressions,
                                              whose key field is "key", the operator
                                              is "In", and the values array contains
                                              only "value". The requirements are ANDed.
                                            type: object
                                        type: object
                                      matchLabelKeys:
                                        description: MatchLabelKeys is a set of pod
                                          label keys to select the pods over which
                                          spreading will be calculated. The keys are
                                          used to lookup values from the incoming
                                          pod labels, those key-value labels are ANDed
                                          with labelSelector to select the group of
                                          existing pods over which spreading will
                                          be calculated for the incoming pod. Keys
                                          that don't exist in the incoming pod labels
                                          will be ignored. A null or empty list means
                                          only match against labelSelector.
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      maxSkew:
                                        description: 'MaxSkew describes the degree
                                          to which pods may be unevenly distributed.
                                          When `whenUnsatisfiable=DoNotSchedule`,
                                          it is the maximum permitted difference between
                                          the number of matching pods in the target
                                          topology and the global minimum. The global
                                          minimum is the minimum number of matching
                                          pods in an eligible domain or zero if the
                                          number of eligible domains is less than
                                          MinDomains. For example, in a 3-zone cluster,
                                          MaxSkew is set to 1, and pods with the same
                                          labelSelector spread as 2/2/1: In this case,
                                          the global minimum is 1. | zone1 | zone2
                                          | zone3 | |  P P  |  P P  |   P   | - if
                                          MaxSkew is 1, incoming pod can only be scheduled
                                          to zone3 to become 2/2/2; scheduling it
                                          onto zone1(zone2) would make the ActualSkew(3-1)
                                          on zone1(zone2) violate MaxSkew(1). - if
                                          MaxSkew is 2, incoming pod can be scheduled
                                          onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                                          it is used to give higher precedence to
                                          topologies that satisfy it. It''s a required
                                          field. Default value is 1 and 0 is not allowed.'
                                        format: int32
                                        type: integer
                                      minDomains:
                                        description: "MinDomains indicates a minimum
                                          number of eligible domains. When the number
                                          of eligible domains with matching topology
                                          keys is less than minDomains, Pod Topology
                                          Spread treats \"global minimum\" as 0, and
                                          then the calculation of Skew is performed.
                                          And when the number of eligible domains
                                          with matching topology keys equals or greater
                                          than minDomains, this value has no effect
                                          on scheduling. As a result, when the number
                                          of eligible domains is less than minDomains,
                                          scheduler won't schedule more than maxSkew
                                          Pods to those domains. If value is nil,
                                          the constraint behaves as if MinDomains
                                          is equal to 1. Valid values are integers
                                          greater than 0. When value is not nil, WhenUnsatisfiable
                                          must be DoNotSchedule. \n For example, in
                                          a 3-zone cluster, MaxSkew is set to 2, MinDomains
                                          is set to 5 and pods with the same labelSelector
                                          spread as 2/2/2: | zone1 | zone2 | zone3
                                          | |  P P  |  P P  |  P P  | The number of
                                          domains is less than 5(MinDomains), so \"global
                                          minimum\" is treated as 0. In this situation,
                                          new pod with the same labelSelector cannot
                                          be scheduled, because computed skew will
                                          be 3(3 - 0) if new Pod is scheduled to any
                                          of the three zones, it will violate MaxSkew.
                                          \n This is a beta field and requires the
                                          MinDomainsInPodTopologySpread feature gate
                                          to be enabled (enabled by default)."
                                        format: int32
                                        type: integer
                                      nodeAffinityPolicy:
                                        description: "NodeAffinityPolicy indicates
                                          how we will treat Pod's nodeAffinity/nodeSelector
                                          when calculating pod topology spread skew.
                                          Options are: - Honor: only nodes matching
                                          nodeAffinity/nodeSelector are included in
                                          the calculations. - Ignore: nodeAffinity/nodeSelector
                                          are ignored. All nodes are included in the
                                          calculations. \n If this value is nil, the
                                          behavior is equivalent to the Honor policy.
                                          This is a alpha-level feature enabled by
                                          the NodeInclusionPolicyInPodTopologySpread
                                          feature flag."
                                        type: string
                                      nodeTaintsPolicy:
                                        description: "NodeTaintsPolicy indicates how
                                          we will treat node taints when calculating
                                          pod topology spread skew. Options are: -
                                          Honor: nodes without taints, along with
                                          tainted nodes for which the incoming pod
                                          has a toleration, are included. - Ignore:
                                          node taints are ignored. All nodes are included.
                                          \n If this value is nil, the behavior is
                                          equivalent to the Ignore policy. This is
                                          a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
                                          feature flag."
                                        type: string
                                      topologyKey:
                                        description: TopologyKey is the key of node
                                          labels. Nodes that have a label with this
                                          key and identical values are considered
                                          to be in the same topology. We consider
                                          each <key, value> as a "bucket", and try
                                          to put balanced number of pods into each
                                          bucket. We define a domain as a particular
                                          instance of a topology. Also, we define
                                          an eligible domain as a domain whose nodes
                                          meet the requirements of nodeAffinityPolicy
                                          and nodeTaintsPolicy. e.g. If TopologyKey
                                          is "kubernetes.io/hostname", each Node is
                                          a domain of that topology. And, if TopologyKey
                                          is "topology.kubernetes.io/zone", each zone
                                          is a domain of that topology. It's a required
                                          field.
                                        type: string
                                      whenUnsatisfiable:
                                        description: 'WhenUnsatisfiable indicates
                                          how to deal with a pod if it doesn''t satisfy
                                          the spread constraint. - DoNotSchedule (default)
                                          tells the scheduler not to schedule it.
                                          - ScheduleAnyway tells the scheduler to
                                          schedule the pod in any location,   but
                                          giving higher precedence to topologies that
                                          would help reduce the   skew. A constraint
                                          is considered "Unsatisfiable" for an incoming
                                          pod if and only if every possible node assignment
                                          for that pod would violate "MaxSkew" on
                                          some topology. For example, in a 3-zone
                                          cluster, MaxSkew is set to 1, and pods with
                                          the same labelSelector spread as 3/1/1:
                                          | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
                                          If WhenUnsatisfiable is set to DoNotSchedule,
                                          incoming pod can only be scheduled to zone2(zone3)
                                          to become 3/2/1(3/1/2) as ActualSkew(2-1)
                                          on zone2(zone3) satisfies MaxSkew(1). In
                                          other words, the cluster can still be imbalanced,
                                          but scheduler won''t make it *more* imbalanced.
                                          It''s a required field.'
                                        type: string
                                    required:
                                    - maxSkew
                                    - topologyKey
                                    - whenUnsatisfiable
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                volumes:
                                  description: 'List of volumes that can be mounted
                                    by containers belonging to the pod. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes'
                                  items:
                                    description: Volume represents a named volume
                                      in a pod that may be accessed by any container
                                      in the pod.
                                    properties:
                                      awsElasticBlockStore:
                                        description: 'awsElasticBlockStore represents
                                          an AWS Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty).'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly value true will
                                              force the readOnly setting in VolumeMounts.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: boolean
                                          volumeID:
                                            description: 'volumeID is unique ID of
                                              the persistent disk resource in AWS
                                              (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      azureDisk:
                                        description: azureDisk represents an Azure
                                          Data Disk mount on the host and bind mount
                                          to the pod.
                                        properties:
                                          cachingMode:
                                            description: 'cachingMode is the Host
                                              Caching mode: None, Read Only, Read
                                              Write.'
                                            type: string
                                          diskName:
                                            description: diskName is the Name of the
                                              data disk in the blob storage
                                            type: string
                                          diskURI:
                                            description: diskURI is the URI of data
                                              disk in the blob storage
                                            type: string
                                          fsType:
                                            description: fsType is Filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          kind:
                                            description: 'kind expected values are
                                              Shared: multiple blob disks per storage
                                              account  Dedicated: single blob disk
                                              per storage account  Managed: azure
                                              managed data disk (only in managed availability
                                              set). defaults to shared'
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                        required:
                                        - diskName
                                        - diskURI
                                        type: object
                                      azureFile:
                                        description: azureFile represents an Azure
                                          File Service mount on the host and bind
                                          mount to the pod.
                                        properties:
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretName:
                                            description: secretName is the  name of
                                              secret that contains Azure Storage Account
                                              Name and Key
                                            type: string
                                          shareName:
                                            description: shareName is the azure share
                                              Name
                                            type: string
                                        required:
                                        - secretName
                                        - shareName
                                        type: object
                                      cephfs:
                                        description: cephFS represents a Ceph FS mount
                                          on the host that shares a pod's lifetime
                                        properties:
                                          monitors:
                                            description: 'monitors is Required: Monitors
                                              is a collection of Ceph monitors More
                                              info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          path:
                                            description: 'path is Optional: Used as
                                              the mounted root, rather than the full
                                              Ceph tree, default is /'
                                            type: string
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: boolean
                                          secretFile:
                                            description: 'secretFile is Optional:
                                              SecretFile is the path to key ring for
                                              User, default is /etc/ceph/user.secret
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                          secretRef:
                                            description: 'secretRef is Optional: SecretRef
                                              is reference to the authentication secret
                                              for User, default is empty. More info:
                                              https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is optional: User is
                                              the rados user name, default is admin
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - monitors
                                        type: object
                                      cinder:
                                        description: 'cinder represents a cinder volume
                                          attached and mounted on kubelets host machine.
                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                          readOnly:
                                            description: 'readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is optional: points
                                              to a secret object containing parameters
                                              used to connect to OpenStack.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeID:
                                            description: 'volumeID used to identify
                                              the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      configMap:
                                        description: configMap represents a configMap
                                          that should populate this volume
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      csi:
                                        description: csi (Container Storage Interface)
                                          represents ephemeral storage that is handled
                                          by certain external CSI drivers (Beta feature).
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              CSI driver that handles this volume.
                                              Consult with your admin for the correct
                                              name as registered in the cluster.
                                            type: string
                                          fsType:
                                            description: fsType to mount. Ex. "ext4",
                                              "xfs", "ntfs". If not provided, the
                                              empty value is passed to the associated
                                              CSI driver which will determine the
                                              default filesystem to apply.
                                            type: string
                                          nodePublishSecretRef:
                                            description: nodePublishSecretRef is a
                                              reference to the secret object containing
                                              sensitive information to pass to the
                                              CSI driver to complete the CSI NodePublishVolume
                                              and NodeUnpublishVolume calls. This
                                              field is optional, and  may be empty
                                              if no secret is required. If the secret
                                              object contains more than one secret,
                                              all secret references are passed.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          readOnly:
                                            description: readOnly specifies a read-only
                                              configuration for the volume. Defaults
                                              to false (read/write).
                                            type: boolean
                                          volumeAttributes:
                                            additionalProperties:
                                              type: string
                                            description: volumeAttributes stores driver-specific
                                              properties that are passed to the CSI
                                              driver. Consult your driver's documentation
                                              for supported values.
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI represents downward
                                          API about the pod that should populate this
                                          volume
                                        properties:
                                          defaultMode:
                                            description: 'Optional: mode bits to use
                                              on created files by default. Must be
                                              a Optional: mode bits used to set permissions
                                              on created files by default. Must be
                                              an octal value between 0000 and 0777
                                              or a decimal value between 0 and 511.
                                              YAML accepts both octal and decimal
                                              values, JSON requires decimal values
                                              for mode bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: Items is a list of downward
                                              API volume file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      emptyDir:
                                        description: 'emptyDir represents a temporary
                                          directory that shares a pod''s lifetime.
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        properties:
                                          medium:
                                            description: 'medium represents what type
                                              of storage medium should back this directory.
                                              The default is "" which means to use
                                              the node''s default medium. Must be
                                              an empty string (default) or Memory.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            type: string
                                          sizeLimit:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: 'sizeLimit is the total amount
                                              of local storage required for this EmptyDir
                                              volume. The size limit is also applicable
                                              for memory medium. The maximum usage
                                              on memory medium EmptyDir would be the
                                              minimum value between the SizeLimit
                                              specified here and the sum of memory
                                              limits of all containers in a pod. The
                                              default is nil which means that the
                                              limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                        type: object
                                      ephemeral:
                                        description: "ephemeral represents a volume
                                          that is handled by a cluster storage driver.
                                          The volume's lifecycle is tied to the pod
                                          that defines it - it will be created before
                                          the pod starts, and deleted when the pod
                                          is removed. \n Use this if: a) the volume
                                          is only needed while the pod runs, b) features
                                          of normal volumes like restoring from snapshot
                                          or capacity    tracking are needed, c) the
                                          storage driver is specified through a storage
                                          class, and d) the storage driver supports
                                          dynamic volume provisioning through    a
                                          PersistentVolumeClaim (see EphemeralVolumeSource
                                          for more    information on the connection
                                          between this volume type    and PersistentVolumeClaim).
                                          \n Use PersistentVolumeClaim or one of the
                                          vendor-specific APIs for volumes that persist
                                          for longer than the lifecycle of an individual
                                          pod. \n Use CSI for light-weight local ephemeral
                                          volumes if the CSI driver is meant to be
                                          used that way - see the documentation of
                                          the driver for more information. \n A pod
                                          can use both types of ephemeral volumes
                                          and persistent volumes at the same time."
                                        properties:
                                          volumeClaimTemplate:
                                            description: "Will be used to create a
                                              stand-alone PVC to provision the volume.
                                              The pod in which this EphemeralVolumeSource
                                              is embedded will be the owner of the
                                              PVC, i.e. the PVC will be deleted together
                                              with the pod.  The name of the PVC will
                                              be `<pod name>-<volume name>` where
                                              `<volume name>` is the name from the
                                              `PodSpec.Volumes` array entry. Pod validation
                                              will reject the pod if the concatenated
                                              name is not valid for a PVC (for example,
                                              too long). \n An existing PVC with that
                                              name that is not owned by the pod will
                                              *not* be used for the pod to avoid using
                                              an unrelated volume by mistake. Starting
                                              the pod is then blocked until the unrelated
                                              PVC is removed. If such a pre-created
                                              PVC is meant to be used by the pod,
                                              the PVC has to updated with an owner
                                              reference to the pod once the pod exists.
                                              Normally this should not be necessary,
                                              but it may be useful when manually reconstructing
                                              a broken cluster. \n This field is read-only
                                              and no changes will be made by Kubernetes
                                              to the PVC after it has been created.
                                              \n Required, must not be nil."
                                            properties:
                                              metadata:
                                                description: May contain labels and
                                                  annotations that will be copied
                                                  into the PVC when creating it. No
                                                  other fields are allowed and will
                                                  be rejected during validation.
                                                type: object
                                              spec:
                                                description: The specification for
                                                  the PersistentVolumeClaim. The entire
                                                  content is copied unchanged into
                                                  the PVC that gets created from this
                                                  template. The same fields as in
                                                  a PersistentVolumeClaim are also
                                                  valid here.
                                                properties:
                                                  accessModes:
                                                    description: 'accessModes contains
                                                      the desired access modes the
                                                      volume should have. More info:
                                                      https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                    items:
                                                      type: string
                                                    type: array
                                                  dataSource:
                                                    description: 'dataSource field
                                                      can be used to specify either:
                                                      * An existing VolumeSnapshot
                                                      object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                      * An existing PVC (PersistentVolumeClaim)
                                                      If the provisioner or an external
                                                      controller can support the specified
                                                      data source, it will create
                                                      a new volume based on the contents
                                                      of the specified data source.
                                                      If the AnyVolumeDataSource feature
                                                      gate is enabled, this field
                                                      will always have the same contents
                                                      as the DataSourceRef field.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  dataSourceRef:
                                                    description: 'dataSourceRef specifies
                                                      the object from which to populate
                                                      the volume with data, if a non-empty
                                                      volume is desired. This may
                                                      be any local object from a non-empty
                                                      API group (non core object)
                                                      or a PersistentVolumeClaim object.
                                                      When this field is specified,
                                                      volume binding will only succeed
                                                      if the type of the specified
                                                      object matches some installed
                                                      volume populator or dynamic
                                                      provisioner. This field will
                                                      replace the functionality of
                                                      the DataSource field and as
                                                      such if both fields are non-empty,
                                                      they must have the same value.
                                                      For backwards compatibility,
                                                      both fields (DataSource and
                                                      DataSourceRef) will be set to
                                                      the same value automatically
                                                      if one of them is empty and
                                                      the other is non-empty. There
                                                      are two important differences
                                                      between DataSource and DataSourceRef:
                                                      * While DataSource only allows
                                                      two specific types of objects,
                                                      DataSourceRef   allows any non-core
                                                      object, as well as PersistentVolumeClaim
                                                      objects. * While DataSource
                                                      ignores disallowed values (dropping
                                                      them), DataSourceRef   preserves
                                                      all values, and generates an
                                                      error if a disallowed value
                                                      is   specified. (Beta) Using
                                                      this field requires the AnyVolumeDataSource
                                                      feature gate to be enabled.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  resources:
                                                    description: 'resources represents
                                                      the minimum resources the volume
                                                      should have. If RecoverVolumeExpansionFailure
                                                      feature is enabled users are
                                                      allowed to specify resource
                                                      requirements that are lower
                                                      than previous value but must
                                                      still be higher than capacity
                                                      recorded in the status field
                                                      of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                    properties:
                                                      limits:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Limits describes
                                                          the maximum amount of compute
                                                          resources allowed. More
                                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                      requests:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Requests describes
                                                          the minimum amount of compute
                                                          resources required. If Requests
                                                          is omitted for a container,
                                                          it defaults to Limits if
                                                          that is explicitly specified,
                                                          otherwise to an implementation-defined
                                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                    type: object
                                                  selector:
                                                    description: selector is a label
                                                      query over volumes to consider
                                                      for binding.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  storageClassName:
                                                    description: 'storageClassName
                                                      is the name of the StorageClass
                                                      required by the claim. More
                                                      info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                    type: string
                                                  volumeMode:
                                                    description: volumeMode defines
                                                      what type of volume is required
                                                      by the claim. Value of Filesystem
                                                      is implied when not included
                                                      in claim spec.
                                                    type: string
                                                  volumeName:
                                                    description: volumeName is the
                                                      binding reference to the PersistentVolume
                                                      backing this claim.
                                                    type: string
                                                type: object
                                            required:
                                            - spec
                                            type: object
                                        type: object
                                      fc:
                                        description: fc represents a Fibre Channel
                                          resource that is attached to a kubelet's
                                          host machine and then exposed to the pod.
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          lun:
                                            description: 'lun is Optional: FC target
                                              lun number'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          targetWWNs:
                                            description: 'targetWWNs is Optional:
                                              FC target worldwide names (WWNs)'
                                            items:
                                              type: string
                                            type: array
                                          wwids:
                                            description: 'wwids Optional: FC volume
                                              world wide identifiers (wwids) Either
                                              wwids or combination of targetWWNs and
                                              lun must be set, but not both simultaneously.'
                                            items:
                                              type: string
                                            type: array
                                        type: object
                                      flexVolume:
                                        description: flexVolume represents a generic
                                          volume resource that is provisioned/attached
                                          using an exec based plugin.
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              driver to use for this volume.
                                            type: string
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". The
                                              default filesystem depends on FlexVolume
                                              script.
                                            type: string
                                          options:
                                            additionalProperties:
                                              type: string
                                            description: 'options is Optional: this
                                              field holds extra command options if
                                              any.'
                                            type: object
                                          readOnly:
                                            description: 'readOnly is Optional: defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is Optional: secretRef
                                              is reference to the secret object containing
                                              sensitive information to pass to the
                                              plugin scripts. This may be empty if
                                              no secret object is specified. If the
                                              secret object contains more than one
                                              secret, all secrets are passed to the
                                              plugin scripts.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      flocker:
                                        description: flocker represents a Flocker
                                          volume attached to a kubelet's host machine.
                                          This depends on the Flocker control service
                                          being running
                                        properties:
                                          datasetName:
                                            description: datasetName is Name of the
                                              dataset stored as metadata -> name on
                                              the dataset for Flocker should be considered
                                              as deprecated
                                            type: string
                                          datasetUUID:
                                            description: datasetUUID is the UUID of
                                              the dataset. This is unique identifier
                                              of a Flocker dataset
                                            type: string
                                        type: object
                                      gcePersistentDisk:
                                        description: 'gcePersistentDisk represents
                                          a GCE Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        properties:
                                          fsType:
                                            description: 'fsType is filesystem type
                                              of the volume that you want to mount.
                                              Tip: Ensure that the filesystem type
                                              is supported by the host operating system.
                                              Examples: "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            format: int32
                                            type: integer
                                          pdName:
                                            description: 'pdName is unique name of
                                              the PD resource in GCE. Used to identify
                                              the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: boolean
                                        required:
                                        - pdName
                                        type: object
                                      gitRepo:
                                        description: 'gitRepo represents a git repository
                                          at a particular revision. DEPRECATED: GitRepo
                                          is deprecated. To provision a container
                                          with a git repo, mount an EmptyDir into
                                          an InitContainer that clones the repo using
                                          git, then mount the EmptyDir into the Pod''s
                                          container.'
                                        properties:
                                          directory:
                                            description: directory is the target directory
                                              name. Must not contain or start with
                                              '..'.  If '.' is supplied, the volume
                                              directory will be the git repository.  Otherwise,
                                              if specified, the volume will contain
                                              the git repository in the subdirectory
                                              with the given name.
                                            type: string
                                          repository:
                                            description: repository is the URL
                                            type: string
                                          revision:
                                            description: revision is the commit hash
                                              for the specified revision.
                                            type: string
                                        required:
                                        - repository
                                        type: object
                                      glusterfs:
                                        description: 'glusterfs represents a Glusterfs
                                          mount on the host that shares a pod''s lifetime.
                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                        properties:
                                          endpoints:
                                            description: 'endpoints is the endpoint
                                              name that details Glusterfs topology.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          path:
                                            description: 'path is the Glusterfs volume
                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the Glusterfs volume to be mounted with
                                              read-only permissions. Defaults to false.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: boolean
                                        required:
                                        - endpoints
                                        - path
                                        type: object
                                      hostPath:
                                        description: 'hostPath represents a pre-existing
                                          file or directory on the host machine that
                                          is directly exposed to the container. This
                                          is generally used for system agents or other
                                          privileged things that are allowed to see
                                          the host machine. Most containers will NOT
                                          need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                          --- TODO(jonesdl) We need to restrict who
                                          can use host directory mounts and who can/can
                                          not mount host directories as read/write.'
                                        properties:
                                          path:
                                            description: 'path of the directory on
                                              the host. If the path is a symlink,
                                              it will follow the link to the real
                                              path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                          type:
                                            description: 'type for HostPath Volume
                                              Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                        required:
                                        - path
                                        type: object
                                      iscsi:
                                        description: 'iscsi represents an ISCSI Disk
                                          resource that is attached to a kubelet''s
                                          host machine and then exposed to the pod.
                                          More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                        properties:
                                          chapAuthDiscovery:
                                            description: chapAuthDiscovery defines
                                              whether support iSCSI Discovery CHAP
                                              authentication
                                            type: boolean
                                          chapAuthSession:
                                            description: chapAuthSession defines whether
                                              support iSCSI Session CHAP authentication
                                            type: boolean
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          initiatorName:
                                            description: initiatorName is the custom
                                              iSCSI Initiator Name. If initiatorName
                                              is specified with iscsiInterface simultaneously,
                                              new iSCSI interface <target portal>:<volume
                                              name> will be created for the connection.
                                            type: string
                                          iqn:
                                            description: iqn is the target iSCSI Qualified
                                              Name.
                                            type: string
                                          iscsiInterface:
                                            description: iscsiInterface is the interface
                                              Name that uses an iSCSI transport. Defaults
                                              to 'default' (tcp).
                                            type: string
                                          lun:
                                            description: lun represents iSCSI Target
                                              Lun number.
                                            format: int32
                                            type: integer
                                          portals:
                                            description: portals is the iSCSI Target
                                              Portal List. The portal is either an
                                              IP or ip_addr:port if the port is other
                                              than default (typically TCP ports 860
                                              and 3260).
                                            items:
                                              type: string
                                            type: array
                                          readOnly:
                                            description: readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false.
                                            type: boolean
                                          secretRef:
                                            description: secretRef is the CHAP Secret
                                              for iSCSI target and initiator authentication
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          targetPortal:
                                            description: targetPortal is iSCSI Target
                                              Portal. The Portal is either an IP or
                                              ip_addr:port if the port is other than
                                              default (typically TCP ports 860 and
                                              3260).
                                            type: string
                                        required:
                                        - iqn
                                        - lun
                                        - targetPortal
                                        type: object
                                      name:
                                        description: 'name of the volume. Must be
                                          a DNS_LABEL and unique within the pod. More
                                          info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                        type: string
                                      nfs:
                                        description: 'nfs represents an NFS mount
                                          on the host that shares a pod''s lifetime
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        properties:
                                          path:
                                            description: 'path that is exported by
                                              the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the NFS export to be mounted with read-only
                                              permissions. Defaults to false. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: boolean
                                          server:
                                            description: 'server is the hostname or
                                              IP address of the NFS server. More info:
                                              https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                        required:
                                        - path
                                        - server
                                        type: object
                                      persistentVolumeClaim:
                                        description: 'persistentVolumeClaimVolumeSource
                                          represents a reference to a PersistentVolumeClaim
                                          in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        properties:
                                          claimName:
                                            description: 'claimName is the name of
                                              a PersistentVolumeClaim in the same
                                              namespace as the pod using this volume.
                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            type: string
                                          readOnly:
                                            description: readOnly Will force the ReadOnly
                                              setting in VolumeMounts. Default false.
                                            type: boolean
                                        required:
                                        - claimName
                                        type: object
                                      photonPersistentDisk:
                                        description: photonPersistentDisk represents
                                          a PhotonController persistent disk attached
                                          and mounted on kubelets host machine
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          pdID:
                                            description: pdID is the ID that identifies
                                              Photon Controller persistent disk
                                            type: string
                                        required:
                                        - pdID
                                        type: object
                                      portworxVolume:
                                        description: portworxVolume represents a portworx
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fSType represents the filesystem
                                              type to mount Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs". Implicitly inferred
                                              to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          volumeID:
                                            description: volumeID uniquely identifies
                                              a Portworx volume
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      projected:
                                        description: projected items for all in one
                                          resources secrets, configmaps, and downward
                                          API
                                        properties:
                                          defaultMode:
                                            description: defaultMode are the mode
                                              bits used to set permissions on created
                                              files by default. Must be an octal value
                                              between 0000 and 0777 or a decimal value
                                              between 0 and 511. YAML accepts both
                                              octal and decimal values, JSON requires
                                              decimal values for mode bits. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.
                                            format: int32
                                            type: integer
                                          sources:
                                            description: sources is the list of volume
                                              projections
                                            items:
                                              description: Projection that may be
                                                projected along with other supported
                                                volume types
                                              properties:
                                                configMap:
                                                  description: configMap information
                                                    about the configMap data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        ConfigMap will be projected
                                                        into the volume as a file
                                                        whose name is the key and
                                                        content is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        ConfigMap, the volume setup
                                                        will error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional specify
                                                        whether the ConfigMap or its
                                                        keys must be defined
                                                      type: boolean
                                                  type: object
                                                downwardAPI:
                                                  description: downwardAPI information
                                                    about the downwardAPI data to
                                                    project
                                                  properties:
                                                    items:
                                                      description: Items is a list
                                                        of DownwardAPIVolume file
                                                      items:
                                                        description: DownwardAPIVolumeFile
                                                          represents information to
                                                          create the file containing
                                                          the pod field
                                                        properties:
                                                          fieldRef:
                                                            description: 'Required:
                                                              Selects a field of the
                                                              pod: only annotations,
                                                              labels, name and namespace
                                                              are supported.'
                                                            properties:
                                                              apiVersion:
                                                                description: Version
                                                                  of the schema the
                                                                  FieldPath is written
                                                                  in terms of, defaults
                                                                  to "v1".
                                                                type: string
                                                              fieldPath:
                                                                description: Path
                                                                  of the field to
                                                                  select in the specified
                                                                  API version.
                                                                type: string
                                                            required:
                                                            - fieldPath
                                                            type: object
                                                          mode:
                                                            description: 'Optional:
                                                              mode bits used to set
                                                              permissions on this
                                                              file, must be an octal
                                                              value between 0000 and
                                                              0777 or a decimal value
                                                              between 0 and 511. YAML
                                                              accepts both octal and
                                                              decimal values, JSON
                                                              requires decimal values
                                                              for mode bits. If not
                                                              specified, the volume
                                                              defaultMode will be
                                                              used. This might be
                                                              in conflict with other
                                                              options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: 'Required:
                                                              Path is  the relative
                                                              path name of the file
                                                              to be created. Must
                                                              not be absolute or contain
                                                              the ''..'' path. Must
                                                              be utf-8 encoded. The
                                                              first item of the relative
                                                              path must not start
                                                              with ''..'''
                                                            type: string
                                                          resourceFieldRef:
                                                            description: 'Selects
                                                              a resource of the container:
                                                              only resources limits
                                                              and requests (limits.cpu,
                                                              limits.memory, requests.cpu
                                                              and requests.memory)
                                                              are currently supported.'
                                                            properties:
                                                              containerName:
                                                                description: 'Container
                                                                  name: required for
                                                                  volumes, optional
                                                                  for env vars'
                                                                type: string
                                                              divisor:
                                                                anyOf:
                                                                - type: integer
                                                                - type: string
                                                                description: Specifies
                                                                  the output format
                                                                  of the exposed resources,
                                                                  defaults to "1"
                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                x-kubernetes-int-or-string: true
                                                              resource:
                                                                description: 'Required:
                                                                  resource to select'
                                                                type: string
                                                            required:
                                                            - resource
                                                            type: object
                                                        required:
                                                        - path
                                                        type: object
                                                      type: array
                                                  type: object
                                                secret:
                                                  description: secret information
                                                    about the secret data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        Secret will be projected into
                                                        the volume as a file whose
                                                        name is the key and content
                                                        is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        Secret, the volume setup will
                                                        error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional field
                                                        specify whether the Secret
                                                        or its key must be defined
                                                      type: boolean
                                                  type: object
                                                serviceAccountToken:
                                                  description: serviceAccountToken
                                                    is information about the serviceAccountToken
                                                    data to project
                                                  properties:
                                                    audience:
                                                      description: audience is the
                                                        intended audience of the token.
                                                        A recipient of a token must
                                                        identify itself with an identifier
                                                        specified in the audience
                                                        of the token, and otherwise
                                                        should reject the token. The
                                                        audience defaults to the identifier
                                                        of the apiserver.
                                                      type: string
                                                    expirationSeconds:
                                                      description: expirationSeconds
                                                        is the requested duration
                                                        of validity of the service
                                                        account token. As the token
                                                        approaches expiration, the
                                                        kubelet volume plugin will
                                                        proactively rotate the service
                                                        account token. The kubelet
                                                        will start trying to rotate
                                                        the token if the token is
                                                        older than 80 percent of its
                                                        time to live or if the token
                                                        is older than 24 hours.Defaults
                                                        to 1 hour and must be at least
                                                        10 minutes.
                                                      format: int64
                                                      type: integer
                                                    path:
                                                      description: path is the path
                                                        relative to the mount point
                                                        of the file to project the
                                                        token into.
                                                      type: string
                                                  required:
                                                  - path
                                                  type: object
                                              type: object
                                            type: array
                                        type: object
                                      quobyte:
                                        description: quobyte represents a Quobyte
                                          mount on the host that shares a pod's lifetime
                                        properties:
                                          group:
                                            description: group to map volume access
                                              to Default is no group
                                            type: string
                                          readOnly:
                                            description: readOnly here will force
                                              the Quobyte volume to be mounted with
                                              read-only permissions. Defaults to false.
                                            type: boolean
                                          registry:
                                            description: registry represents a single
                                              or multiple Quobyte Registry services
                                              specified as a string as host:port pair
                                              (multiple entries are separated with
                                              commas) which acts as the central registry
                                              for volumes
                                            type: string
                                          tenant:
                                            description: tenant owning the given Quobyte
                                              volume in the Backend Used with dynamically
                                              provisioned Quobyte volumes, value is
                                              set by the plugin
                                            type: string
                                          user:
                                            description: user to map volume access
                                              to Defaults to serivceaccount user
                                            type: string
                                          volume:
                                            description: volume is a string that references
                                              an already created Quobyte volume by
                                              name.
                                            type: string
                                        required:
                                        - registry
                                        - volume
                                        type: object
                                      rbd:
                                        description: 'rbd represents a Rados Block
                                          Device mount on the host that shares a pod''s
                                          lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          image:
                                            description: 'image is the rados image
                                              name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          keyring:
                                            description: 'keyring is the path to key
                                              ring for RBDUser. Default is /etc/ceph/keyring.
                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          monitors:
                                            description: 'monitors is a collection
                                              of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          pool:
                                            description: 'pool is the rados pool name.
                                              Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is name of the
                                              authentication secret for RBDUser. If
                                              provided overrides keyring. Default
                                              is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is the rados user name.
                                              Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - image
                                        - monitors
                                        type: object
                                      scaleIO:
                                        description: scaleIO represents a ScaleIO
                                          persistent volume attached and mounted on
                                          Kubernetes nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Default
                                              is "xfs".
                                            type: string
                                          gateway:
                                            description: gateway is the host address
                                              of the ScaleIO API Gateway.
                                            type: string
                                          protectionDomain:
                                            description: protectionDomain is the name
                                              of the ScaleIO Protection Domain for
                                              the configured storage.
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef references to the
                                              secret for ScaleIO user and other sensitive
                                              information. If this is not provided,
                                              Login operation will fail.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          sslEnabled:
                                            description: sslEnabled Flag enable/disable
                                              SSL communication with Gateway, default
                                              false
                                            type: boolean
                                          storageMode:
                                            description: storageMode indicates whether
                                              the storage for a volume should be ThickProvisioned
                                              or ThinProvisioned. Default is ThinProvisioned.
                                            type: string
                                          storagePool:
                                            description: storagePool is the ScaleIO
                                              Storage Pool associated with the protection
                                              domain.
                                            type: string
                                          system:
                                            description: system is the name of the
                                              storage system as configured in ScaleIO.
                                            type: string
                                          volumeName:
                                            description: volumeName is the name of
                                              a volume already created in the ScaleIO
                                              system that is associated with this
                                              volume source.
                                            type: string
                                        required:
                                        - gateway
                                        - secretRef
                                        - system
                                        type: object
                                      secret:
                                        description: 'secret represents a secret that
                                          should populate this volume. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is Optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items If unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its keys must be defined
                                            type: boolean
                                          secretName:
                                            description: 'secretName is the name of
                                              the secret in the pod''s namespace to
                                              use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            type: string
                                        type: object
                                      storageos:
                                        description: storageOS represents a StorageOS
                                          volume attached and mounted on Kubernetes
                                          nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef specifies the secret
                                              to use for obtaining the StorageOS API
                                              credentials.  If not specified, default
                                              values will be attempted.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeName:
                                            description: volumeName is the human-readable
                                              name of the StorageOS volume.  Volume
                                              names are only unique within a namespace.
                                            type: string
                                          volumeNamespace:
                                            description: volumeNamespace specifies
                                              the scope of the volume within StorageOS.  If
                                              no namespace is specified then the Pod's
                                              namespace will be used.  This allows
                                              the Kubernetes name scoping to be mirrored
                                              within StorageOS for tighter integration.
                                              Set VolumeName to any name to override
                                              the default behaviour. Set to "default"
                                              if you are not using namespaces within
                                              StorageOS. Namespaces that do not pre-exist
                                              within StorageOS will be created.
                                            type: string
                                        type: object
                                      vsphereVolume:
                                        description: vsphereVolume represents a vSphere
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fsType is filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          storagePolicyID:
                                            description: storagePolicyID is the storage
                                              Policy Based Management (SPBM) profile
                                              ID associated with the StoragePolicyName.
                                            type: string
                                          storagePolicyName:
                                            description: storagePolicyName is the
                                              storage Policy Based Management (SPBM)
                                              profile name.
                                            type: string
                                          volumePath:
                                            description: volumePath is the path that
                                              identifies vSphere volume vmdk
                                            type: string
                                        required:
                                        - volumePath
                                        type: object
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            taskServiceAccountName:
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      timeout:
                        description: 'Timeout Deprecated: use pipelineRunSpec.Timeouts.Pipeline
                          instead Time after which the Pipeline times out. Defaults
                          to never. Refer to Go''s ParseDuration documentation for
                          expected format: https://golang.org/pkg/time/#ParseDuration'
                        type: string
                      timeouts:
                        description: Time after which the Pipeline times out. Currently
                          three keys are accepted in the map pipeline, tasks and finally
                          with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally
                        properties:
                          finally:
                            description: Finally sets the maximum allowed duration
                              of this pipeline's finally
                            type: string
                          pipeline:
                            description: Pipeline sets the maximum allowed duration
                              for execution of the entire pipeline. The sum of individual
                              timeouts for tasks and finally must not exceed this
                              value.
                            type: string
                          tasks:
                            description: Tasks sets the maximum allowed duration of
                              this pipeline's tasks
                            type: string
                        type: object
                      workspaces:
                        description: Workspaces holds a set of workspace bindings
                          that must match names with those declared in the pipeline.
                        items:
                          description: WorkspaceBinding maps a Task's declared workspace
                            to a Volume.
                          properties:
                            configMap:
                              description: ConfigMap represents a configMap that should
                                populate this workspace.
                              properties:
                                defaultMode:
                                  description: 'defaultMode is optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items if unspecified, each key-value
                                    pair in the Data field of the referenced ConfigMap
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the ConfigMap, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: optional specify whether the ConfigMap
                                    or its keys must be defined
                                  type: boolean
                              type: object
                            csi:
                              description: CSI (Container Storage Interface) represents
                                ephemeral storage that is handled by certain external
                                CSI drivers.
                              properties:
                                driver:
                                  description: driver is the name of the CSI driver
                                    that handles this volume. Consult with your admin
                                    for the correct name as registered in the cluster.
                                  type: string
                                fsType:
                                  description: fsType to mount. Ex. "ext4", "xfs",
                                    "ntfs". If not provided, the empty value is passed
                                    to the associated CSI driver which will determine
                                    the default filesystem to apply.
                                  type: string
                                nodePublishSecretRef:
                                  description: nodePublishSecretRef is a reference
                                    to the secret object containing sensitive information
                                    to pass to the CSI driver to complete the CSI
                                    NodePublishVolume and NodeUnpublishVolume calls.
                                    This field is optional, and  may be empty if no
                                    secret is required. If the secret object contains
                                    more than one secret, all secret references are
                                    passed.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                readOnly:
                                  description: readOnly specifies a read-only configuration
                                    for the volume. Defaults to false (read/write).
                                  type: boolean
                                volumeAttributes:
                                  additionalProperties:
                                    type: string
                                  description: volumeAttributes stores driver-specific
                                    properties that are passed to the CSI driver.
                                    Consult your driver's documentation for supported
                                    values.
                                  type: object
                              required:
                              - driver
                              type: object
                            emptyDir:
                              description: 'EmptyDir represents a temporary directory
                                that shares a Task''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
                                Either this OR PersistentVolumeClaim can be used.'
                              properties:
                                medium:
                                  description: 'medium represents what type of storage
                                    medium should back this directory. The default
                                    is "" which means to use the node''s default medium.
                                    Must be an empty string (default) or Memory. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                  type: string
                                sizeLimit:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: 'sizeLimit is the total amount of local
                                    storage required for this EmptyDir volume. The
                                    size limit is also applicable for memory medium.
                                    The maximum usage on memory medium EmptyDir would
                                    be the minimum value between the SizeLimit specified
                                    here and the sum of memory limits of all containers
                                    in a pod. The default is nil which means that
                                    the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                              type: object
                            name:
                              description: Name is the name of the workspace populated
                                by the volume.
                              type: string
                            persistentVolumeClaim:
                              description: PersistentVolumeClaimVolumeSource represents
                                a reference to a PersistentVolumeClaim in the same
                                namespace. Either this OR EmptyDir can be used.
                              properties:
                                claimName:
                                  description: 'claimName is the name of a PersistentVolumeClaim
                                    in the same namespace as the pod using this volume.
                                    More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  type: string
                                readOnly:
                                  description: readOnly Will force the ReadOnly setting
                                    in VolumeMounts. Default false.
                                  type: boolean
                              required:
                              - claimName
                              type: object
                            projected:
                              description: Projected represents a projected volume
                                that should populate this workspace.
                              properties:
                                defaultMode:
                                  description: defaultMode are the mode bits used
                                    to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Directories within the path
                                    are not affected by this setting. This might be
                                    in conflict with other options that affect the
                                    file mode, like fsGroup, and the result can be
                                    other mode bits set.
                                  format: int32
                                  type: integer
                                sources:
                                  description: sources is the list of volume projections
                                  items:
                                    description: Projection that may be projected
                                      along with other supported volume types
                                    properties:
                                      configMap:
                                        description: configMap information about the
                                          configMap data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI information about
                                          the downwardAPI data to project
                                        properties:
                                          items:
                                            description: Items is a list of DownwardAPIVolume
                                              file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      secret:
                                        description: secret information about the
                                          secret data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its key must be defined
                                            type: boolean
                                        type: object
                                      serviceAccountToken:
                                        description: serviceAccountToken is information
                                          about the serviceAccountToken data to project
                                        properties:
                                          audience:
                                            description: audience is the intended
                                              audience of the token. A recipient of
                                              a token must identify itself with an
                                              identifier specified in the audience
                                              of the token, and otherwise should reject
                                              the token. The audience defaults to
                                              the identifier of the apiserver.
                                            type: string
                                          expirationSeconds:
                                            description: expirationSeconds is the
                                              requested duration of validity of the
                                              service account token. As the token
                                              approaches expiration, the kubelet volume
                                              plugin will proactively rotate the service
                                              account token. The kubelet will start
                                              trying to rotate the token if the token
                                              is older than 80 percent of its time
                                              to live or if the token is older than
                                              24 hours.Defaults to 1 hour and must
                                              be at least 10 minutes.
                                            format: int64
                                            type: integer
                                          path:
                                            description: path is the path relative
                                              to the mount point of the file to project
                                              the token into.
                                            type: string
                                        required:
                                        - path
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            secret:
                              description: Secret represents a secret that should
                                populate this workspace.
                              properties:
                                defaultMode:
                                  description: 'defaultMode is Optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items If unspecified, each key-value
                                    pair in the Data field of the referenced Secret
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the Secret, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                optional:
                                  description: optional field specify whether the
                                    Secret or its keys must be defined
                                  type: boolean
                                secretName:
                                  description: 'secretName is the name of the secret
                                    in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                  type: string
                              type: object
                            subPath:
                              description: SubPath is optionally a directory on the
                                volume which should be used for this binding (i.e.
                                the volume will be mounted at this sub directory).
                              type: string
                            volumeClaimTemplate:
                              description: VolumeClaimTemplate is a template for a
                                claim that will be created in the same namespace.
                                The PipelineRun controller is responsible for creating
                                a unique claim for each instance of PipelineRun.
                              properties:
                                apiVersion:
                                  description: 'APIVersion defines the versioned schema
                                    of this representation of an object. Servers should
                                    convert recognized schemas to the latest internal
                                    value, and may reject unrecognized values. More
                                    info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                                  type: string
                                kind:
                                  description: 'Kind is a string value representing
                                    the REST resource this object represents. Servers
                                    may infer this from the endpoint the client submits
                                    requests to. Cannot be updated. In CamelCase.
                                    More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                                  type: string
                                metadata:
                                  description: 'Standard object''s metadata. More
                                    info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
                                  type: object
                                spec:
                                  description: 'spec defines the desired characteristics
                                    of a volume requested by a pod author. More info:
                                    https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  properties:
                                    accessModes:
                                      description: 'accessModes contains the desired
                                        access modes the volume should have. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                      items:
                                        type: string
                                      type: array
                                    dataSource:
                                      description: 'dataSource field can be used to
                                        specify either: * An existing VolumeSnapshot
                                        object (snapshot.storage.k8s.io/VolumeSnapshot)
                                        * An existing PVC (PersistentVolumeClaim)
                                        If the provisioner or an external controller
                                        can support the specified data source, it
                                        will create a new volume based on the contents
                                        of the specified data source. If the AnyVolumeDataSource
                                        feature gate is enabled, this field will always
                                        have the same contents as the DataSourceRef
                                        field.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    dataSourceRef:
                                      description: 'dataSourceRef specifies the object
                                        from which to populate the volume with data,
                                        if a non-empty volume is desired. This may
                                        be any local object from a non-empty API group
                                        (non core object) or a PersistentVolumeClaim
                                        object. When this field is specified, volume
                                        binding will only succeed if the type of the
                                        specified object matches some installed volume
                                        populator or dynamic provisioner. This field
                                        will replace the functionality of the DataSource
                                        field and as such if both fields are non-empty,
                                        they must have the same value. For backwards
                                        compatibility, both fields (DataSource and
                                        DataSourceRef) will be set to the same value
                                        automatically if one of them is empty and
                                        the other is non-empty. There are two important
                                        differences between DataSource and DataSourceRef:
                                        * While DataSource only allows two specific
                                        types of objects, DataSourceRef   allows any
                                        non-core object, as well as PersistentVolumeClaim
                                        objects. * While DataSource ignores disallowed
                                        values (dropping them), DataSourceRef   preserves
                                        all values, and generates an error if a disallowed
                                        value is   specified. (Beta) Using this field
                                        requires the AnyVolumeDataSource feature gate
                                        to be enabled.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    resources:
                                      description: 'resources represents the minimum
                                        resources the volume should have. If RecoverVolumeExpansionFailure
                                        feature is enabled users are allowed to specify
                                        resource requirements that are lower than
                                        previous value but must still be higher than
                                        capacity recorded in the status field of the
                                        claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    selector:
                                      description: selector is a label query over
                                        volumes to consider for binding.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    storageClassName:
                                      description: 'storageClassName is the name of
                                        the StorageClass required by the claim. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                      type: string
                                    volumeMode:
                                      description: volumeMode defines what type of
                                        volume is required by the claim. Value of
                                        Filesystem is implied when not included in
                                        claim spec.
                                      type: string
                                    volumeName:
                                      description: volumeName is the binding reference
                                        to the PersistentVolume backing this claim.
                                      type: string
                                  type: object
                                status:
                                  description: 'status represents the current information/status
                                    of a persistent volume claim. Read-only. More
                                    info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  properties:
                                    accessModes:
                                      description: 'accessModes contains the actual
                                        access modes the volume backing the PVC has.
                                        More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                      items:
                                        type: string
                                      type: array
                                    allocatedResources:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: allocatedResources is the storage
                                        resource within AllocatedResources tracks
                                        the capacity allocated to a PVC. It may be
                                        larger than the actual capacity when a volume
                                        expansion operation is requested. For storage
                                        quota, the larger value from allocatedResources
                                        and PVC.spec.resources is used. If allocatedResources
                                        is not set, PVC.spec.resources alone is used
                                        for quota calculation. If a volume expansion
                                        capacity request is lowered, allocatedResources
                                        is only lowered if there are no expansion
                                        operations in progress and if the actual volume
                                        capacity is equal or lower than the requested
                                        capacity. This is an alpha field and requires
                                        enabling RecoverVolumeExpansionFailure feature.
                                      type: object
                                    capacity:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: capacity represents the actual
                                        resources of the underlying volume.
                                      type: object
                                    conditions:
                                      description: conditions is the current Condition
                                        of persistent volume claim. If underlying
                                        persistent volume is being resized then the
                                        Condition will be set to 'ResizeStarted'.
                                      items:
                                        description: PersistentVolumeClaimCondition
                                          contails details about state of pvc
                                        properties:
                                          lastProbeTime:
                                            description: lastProbeTime is the time
                                              we probed the condition.
                                            format: date-time
                                            type: string
                                          lastTransitionTime:
                                            description: lastTransitionTime is the
                                              time the condition transitioned from
                                              one status to another.
                                            format: date-time
                                            type: string
                                          message:
                                            description: message is the human-readable
                                              message indicating details about last
                                              transition.
                                            type: string
                                          reason:
                                            description: reason is a unique, this
                                              should be a short, machine understandable
                                              string that gives the reason for condition's
                                              last transition. If it reports "ResizeStarted"
                                              that means the underlying persistent
                                              volume is being resized.
                                            type: string
                                          status:
                                            type: string
                                          type:
                                            description: PersistentVolumeClaimConditionType
                                              is a valid value of PersistentVolumeClaimCondition.Type
                                            type: string
                                        required:
                                        - status
                                        - type
                                        type: object
                                      type: array
                                    phase:
                                      description: phase represents the current phase
                                        of PersistentVolumeClaim.
                                      type: string
                                    resizeStatus:
                                      description: resizeStatus stores status of resize
                                        operation. ResizeStatus is not set by default
                                        but when expansion is complete resizeStatus
                                        is set to empty string by resize controller
                                        or kubelet. This is an alpha field and requires
                                        enabling RecoverVolumeExpansionFailure feature.
                                      type: string
                                  type: object
                              type: object
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                    type: object
                type: object
              type:
                description: Type is the type of job and informs how the jobs is triggered
                enum:
                - presubmit
                - postsubmit
                - periodic
                - batch
                type: string
            type: object
          status:
            anyOf:
            - not:
                properties:
                  state:
                    enum:
                    - "success"
                    - "failure"
                    - "error"
            - required:
              - completionTime
            description: ProwJobStatus provides runtime metadata, such as when it
              finished, whether it is running, etc.
            properties:
              build_id:
                description: BuildID is the build identifier vended either by tot
                  or the snowflake library for this job and used as an identifier
                  for grouping artifacts in GCS for views in TestGrid and Gubernator.
                  Idenitifiers vended by tot are monotonically increasing whereas
                  identifiers vended by the snowflake library are not.
                type: string
              completionTime:
                description: CompletionTime is the timestamp for when the job goes
                  to a final state
                format: date-time
                type: string
              description:
                type: string
              jenkins_build_id:
                description: JenkinsBuildID applies only to ProwJobs fulfilled by
                  the jenkins-operator. This field is the build identifier that Jenkins
                  gave to the build for this ProwJob.
                type: string
              pendingTime:
                description: PendingTime is the timestamp for when the job moved from
                  triggered to pending
                format: date-time
                type: string
              pod_name:
                description: PodName applies only to ProwJobs fulfilled by plank.
                  This field should always be the same as the ProwJob.ObjectMeta.Name
                  field.
                type: string
              prev_report_states:
                additionalProperties:
                  description: ProwJobState specifies whether the job is running
                  type: string
                description: PrevReportStates stores the previous reported prowjob
                  state per reporter So crier won't make duplicated report attempt
                type: object
              startTime:
                description: StartTime is equal to the creation time of the ProwJob
                format: date-time
                type: string
              state:
                description: ProwJobState specifies whether the job is running
                enum:
                - scheduling
                - triggered
                - pending
                - success
                - failure
                - aborted
                - error
                type: string
              url:
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []