k8s.io/perf-tests/clusterloader2@v0.0.0-20240304094227-64bdb12da87e/pkg/prometheus/manifests/0prometheus-operator-0thanosrulerCustomResourceDefinition.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 controller-gen.kubebuilder.io/version: v0.4.1 6 creationTimestamp: null 7 name: thanosrulers.monitoring.coreos.com 8 spec: 9 group: monitoring.coreos.com 10 names: 11 kind: ThanosRuler 12 listKind: ThanosRulerList 13 plural: thanosrulers 14 singular: thanosruler 15 scope: Namespaced 16 versions: 17 - name: v1 18 schema: 19 openAPIV3Schema: 20 description: ThanosRuler defines a ThanosRuler deployment. 21 properties: 22 apiVersion: 23 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 type: string 25 kind: 26 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 27 type: string 28 metadata: 29 type: object 30 spec: 31 description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 32 properties: 33 affinity: 34 description: If specified, the pod's scheduling constraints. 35 properties: 36 nodeAffinity: 37 description: Describes node affinity scheduling rules for the pod. 38 properties: 39 preferredDuringSchedulingIgnoredDuringExecution: 40 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 41 items: 42 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 43 properties: 44 preference: 45 description: A node selector term, associated with the corresponding weight. 46 properties: 47 matchExpressions: 48 description: A list of node selector requirements by node's labels. 49 items: 50 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 51 properties: 52 key: 53 description: The label key that the selector applies to. 54 type: string 55 operator: 56 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 57 type: string 58 values: 59 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 60 items: 61 type: string 62 type: array 63 required: 64 - key 65 - operator 66 type: object 67 type: array 68 matchFields: 69 description: A list of node selector requirements by node's fields. 70 items: 71 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 72 properties: 73 key: 74 description: The label key that the selector applies to. 75 type: string 76 operator: 77 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 78 type: string 79 values: 80 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 81 items: 82 type: string 83 type: array 84 required: 85 - key 86 - operator 87 type: object 88 type: array 89 type: object 90 weight: 91 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 92 format: int32 93 type: integer 94 required: 95 - preference 96 - weight 97 type: object 98 type: array 99 requiredDuringSchedulingIgnoredDuringExecution: 100 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 101 properties: 102 nodeSelectorTerms: 103 description: Required. A list of node selector terms. The terms are ORed. 104 items: 105 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 106 properties: 107 matchExpressions: 108 description: A list of node selector requirements by node's labels. 109 items: 110 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 111 properties: 112 key: 113 description: The label key that the selector applies to. 114 type: string 115 operator: 116 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 117 type: string 118 values: 119 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 120 items: 121 type: string 122 type: array 123 required: 124 - key 125 - operator 126 type: object 127 type: array 128 matchFields: 129 description: A list of node selector requirements by node's fields. 130 items: 131 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 132 properties: 133 key: 134 description: The label key that the selector applies to. 135 type: string 136 operator: 137 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 138 type: string 139 values: 140 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 141 items: 142 type: string 143 type: array 144 required: 145 - key 146 - operator 147 type: object 148 type: array 149 type: object 150 type: array 151 required: 152 - nodeSelectorTerms 153 type: object 154 type: object 155 podAffinity: 156 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 157 properties: 158 preferredDuringSchedulingIgnoredDuringExecution: 159 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 160 items: 161 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 162 properties: 163 podAffinityTerm: 164 description: Required. A pod affinity term, associated with the corresponding weight. 165 properties: 166 labelSelector: 167 description: A label query over a set of resources, in this case pods. 168 properties: 169 matchExpressions: 170 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 171 items: 172 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 173 properties: 174 key: 175 description: key is the label key that the selector applies to. 176 type: string 177 operator: 178 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 179 type: string 180 values: 181 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 182 items: 183 type: string 184 type: array 185 required: 186 - key 187 - operator 188 type: object 189 type: array 190 matchLabels: 191 additionalProperties: 192 type: string 193 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 194 type: object 195 type: object 196 namespaces: 197 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 198 items: 199 type: string 200 type: array 201 topologyKey: 202 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 203 type: string 204 required: 205 - topologyKey 206 type: object 207 weight: 208 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 209 format: int32 210 type: integer 211 required: 212 - podAffinityTerm 213 - weight 214 type: object 215 type: array 216 requiredDuringSchedulingIgnoredDuringExecution: 217 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 218 items: 219 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 220 properties: 221 labelSelector: 222 description: A label query over a set of resources, in this case pods. 223 properties: 224 matchExpressions: 225 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 226 items: 227 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 228 properties: 229 key: 230 description: key is the label key that the selector applies to. 231 type: string 232 operator: 233 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 234 type: string 235 values: 236 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 237 items: 238 type: string 239 type: array 240 required: 241 - key 242 - operator 243 type: object 244 type: array 245 matchLabels: 246 additionalProperties: 247 type: string 248 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 249 type: object 250 type: object 251 namespaces: 252 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 253 items: 254 type: string 255 type: array 256 topologyKey: 257 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 258 type: string 259 required: 260 - topologyKey 261 type: object 262 type: array 263 type: object 264 podAntiAffinity: 265 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 266 properties: 267 preferredDuringSchedulingIgnoredDuringExecution: 268 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 269 items: 270 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) 271 properties: 272 podAffinityTerm: 273 description: Required. A pod affinity term, associated with the corresponding weight. 274 properties: 275 labelSelector: 276 description: A label query over a set of resources, in this case pods. 277 properties: 278 matchExpressions: 279 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 280 items: 281 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 282 properties: 283 key: 284 description: key is the label key that the selector applies to. 285 type: string 286 operator: 287 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 288 type: string 289 values: 290 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 291 items: 292 type: string 293 type: array 294 required: 295 - key 296 - operator 297 type: object 298 type: array 299 matchLabels: 300 additionalProperties: 301 type: string 302 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 303 type: object 304 type: object 305 namespaces: 306 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 307 items: 308 type: string 309 type: array 310 topologyKey: 311 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 312 type: string 313 required: 314 - topologyKey 315 type: object 316 weight: 317 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 318 format: int32 319 type: integer 320 required: 321 - podAffinityTerm 322 - weight 323 type: object 324 type: array 325 requiredDuringSchedulingIgnoredDuringExecution: 326 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 327 items: 328 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running 329 properties: 330 labelSelector: 331 description: A label query over a set of resources, in this case pods. 332 properties: 333 matchExpressions: 334 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 335 items: 336 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 337 properties: 338 key: 339 description: key is the label key that the selector applies to. 340 type: string 341 operator: 342 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 343 type: string 344 values: 345 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 346 items: 347 type: string 348 type: array 349 required: 350 - key 351 - operator 352 type: object 353 type: array 354 matchLabels: 355 additionalProperties: 356 type: string 357 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 358 type: object 359 type: object 360 namespaces: 361 description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" 362 items: 363 type: string 364 type: array 365 topologyKey: 366 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 367 type: string 368 required: 369 - topologyKey 370 type: object 371 type: array 372 type: object 373 type: object 374 alertDropLabels: 375 description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. 376 items: 377 type: string 378 type: array 379 alertQueryUrl: 380 description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. 381 type: string 382 alertmanagersConfig: 383 description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. 384 properties: 385 key: 386 description: The key of the secret to select from. Must be a valid secret key. 387 type: string 388 name: 389 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 390 type: string 391 optional: 392 description: Specify whether the Secret or its key must be defined 393 type: boolean 394 required: 395 - key 396 type: object 397 alertmanagersUrl: 398 description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' 399 items: 400 type: string 401 type: array 402 containers: 403 description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' 404 items: 405 description: A single application container that you want to run within a pod. 406 properties: 407 args: 408 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 409 items: 410 type: string 411 type: array 412 command: 413 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 414 items: 415 type: string 416 type: array 417 env: 418 description: List of environment variables to set in the container. Cannot be updated. 419 items: 420 description: EnvVar represents an environment variable present in a Container. 421 properties: 422 name: 423 description: Name of the environment variable. Must be a C_IDENTIFIER. 424 type: string 425 value: 426 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 427 type: string 428 valueFrom: 429 description: Source for the environment variable's value. Cannot be used if value is not empty. 430 properties: 431 configMapKeyRef: 432 description: Selects a key of a ConfigMap. 433 properties: 434 key: 435 description: The key to select. 436 type: string 437 name: 438 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 439 type: string 440 optional: 441 description: Specify whether the ConfigMap or its key must be defined 442 type: boolean 443 required: 444 - key 445 type: object 446 fieldRef: 447 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 448 properties: 449 apiVersion: 450 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 451 type: string 452 fieldPath: 453 description: Path of the field to select in the specified API version. 454 type: string 455 required: 456 - fieldPath 457 type: object 458 resourceFieldRef: 459 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 460 properties: 461 containerName: 462 description: 'Container name: required for volumes, optional for env vars' 463 type: string 464 divisor: 465 anyOf: 466 - type: integer 467 - type: string 468 description: Specifies the output format of the exposed resources, defaults to "1" 469 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 470 x-kubernetes-int-or-string: true 471 resource: 472 description: 'Required: resource to select' 473 type: string 474 required: 475 - resource 476 type: object 477 secretKeyRef: 478 description: Selects a key of a secret in the pod's namespace 479 properties: 480 key: 481 description: The key of the secret to select from. Must be a valid secret key. 482 type: string 483 name: 484 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 485 type: string 486 optional: 487 description: Specify whether the Secret or its key must be defined 488 type: boolean 489 required: 490 - key 491 type: object 492 type: object 493 required: 494 - name 495 type: object 496 type: array 497 envFrom: 498 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 499 items: 500 description: EnvFromSource represents the source of a set of ConfigMaps 501 properties: 502 configMapRef: 503 description: The ConfigMap to select from 504 properties: 505 name: 506 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 507 type: string 508 optional: 509 description: Specify whether the ConfigMap must be defined 510 type: boolean 511 type: object 512 prefix: 513 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 514 type: string 515 secretRef: 516 description: The Secret to select from 517 properties: 518 name: 519 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 520 type: string 521 optional: 522 description: Specify whether the Secret must be defined 523 type: boolean 524 type: object 525 type: object 526 type: array 527 image: 528 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 529 type: string 530 imagePullPolicy: 531 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 532 type: string 533 lifecycle: 534 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 535 properties: 536 postStart: 537 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 538 properties: 539 exec: 540 description: One and only one of the following should be specified. Exec specifies the action to take. 541 properties: 542 command: 543 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 544 items: 545 type: string 546 type: array 547 type: object 548 httpGet: 549 description: HTTPGet specifies the http request to perform. 550 properties: 551 host: 552 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 553 type: string 554 httpHeaders: 555 description: Custom headers to set in the request. HTTP allows repeated headers. 556 items: 557 description: HTTPHeader describes a custom header to be used in HTTP probes 558 properties: 559 name: 560 description: The header field name 561 type: string 562 value: 563 description: The header field value 564 type: string 565 required: 566 - name 567 - value 568 type: object 569 type: array 570 path: 571 description: Path to access on the HTTP server. 572 type: string 573 port: 574 anyOf: 575 - type: integer 576 - type: string 577 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 578 x-kubernetes-int-or-string: true 579 scheme: 580 description: Scheme to use for connecting to the host. Defaults to HTTP. 581 type: string 582 required: 583 - port 584 type: object 585 tcpSocket: 586 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 587 properties: 588 host: 589 description: 'Optional: Host name to connect to, defaults to the pod IP.' 590 type: string 591 port: 592 anyOf: 593 - type: integer 594 - type: string 595 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 596 x-kubernetes-int-or-string: true 597 required: 598 - port 599 type: object 600 type: object 601 preStop: 602 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 603 properties: 604 exec: 605 description: One and only one of the following should be specified. Exec specifies the action to take. 606 properties: 607 command: 608 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 609 items: 610 type: string 611 type: array 612 type: object 613 httpGet: 614 description: HTTPGet specifies the http request to perform. 615 properties: 616 host: 617 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 618 type: string 619 httpHeaders: 620 description: Custom headers to set in the request. HTTP allows repeated headers. 621 items: 622 description: HTTPHeader describes a custom header to be used in HTTP probes 623 properties: 624 name: 625 description: The header field name 626 type: string 627 value: 628 description: The header field value 629 type: string 630 required: 631 - name 632 - value 633 type: object 634 type: array 635 path: 636 description: Path to access on the HTTP server. 637 type: string 638 port: 639 anyOf: 640 - type: integer 641 - type: string 642 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 643 x-kubernetes-int-or-string: true 644 scheme: 645 description: Scheme to use for connecting to the host. Defaults to HTTP. 646 type: string 647 required: 648 - port 649 type: object 650 tcpSocket: 651 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 652 properties: 653 host: 654 description: 'Optional: Host name to connect to, defaults to the pod IP.' 655 type: string 656 port: 657 anyOf: 658 - type: integer 659 - type: string 660 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 661 x-kubernetes-int-or-string: true 662 required: 663 - port 664 type: object 665 type: object 666 type: object 667 livenessProbe: 668 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 669 properties: 670 exec: 671 description: One and only one of the following should be specified. Exec specifies the action to take. 672 properties: 673 command: 674 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 675 items: 676 type: string 677 type: array 678 type: object 679 failureThreshold: 680 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 681 format: int32 682 type: integer 683 httpGet: 684 description: HTTPGet specifies the http request to perform. 685 properties: 686 host: 687 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 688 type: string 689 httpHeaders: 690 description: Custom headers to set in the request. HTTP allows repeated headers. 691 items: 692 description: HTTPHeader describes a custom header to be used in HTTP probes 693 properties: 694 name: 695 description: The header field name 696 type: string 697 value: 698 description: The header field value 699 type: string 700 required: 701 - name 702 - value 703 type: object 704 type: array 705 path: 706 description: Path to access on the HTTP server. 707 type: string 708 port: 709 anyOf: 710 - type: integer 711 - type: string 712 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 713 x-kubernetes-int-or-string: true 714 scheme: 715 description: Scheme to use for connecting to the host. Defaults to HTTP. 716 type: string 717 required: 718 - port 719 type: object 720 initialDelaySeconds: 721 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 722 format: int32 723 type: integer 724 periodSeconds: 725 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 726 format: int32 727 type: integer 728 successThreshold: 729 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 730 format: int32 731 type: integer 732 tcpSocket: 733 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 734 properties: 735 host: 736 description: 'Optional: Host name to connect to, defaults to the pod IP.' 737 type: string 738 port: 739 anyOf: 740 - type: integer 741 - type: string 742 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 743 x-kubernetes-int-or-string: true 744 required: 745 - port 746 type: object 747 timeoutSeconds: 748 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 749 format: int32 750 type: integer 751 type: object 752 name: 753 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 754 type: string 755 ports: 756 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 757 items: 758 description: ContainerPort represents a network port in a single container. 759 properties: 760 containerPort: 761 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 762 format: int32 763 type: integer 764 hostIP: 765 description: What host IP to bind the external port to. 766 type: string 767 hostPort: 768 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 769 format: int32 770 type: integer 771 name: 772 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 773 type: string 774 protocol: 775 default: TCP 776 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 777 type: string 778 required: 779 - containerPort 780 type: object 781 type: array 782 x-kubernetes-list-map-keys: 783 - containerPort 784 - protocol 785 x-kubernetes-list-type: map 786 readinessProbe: 787 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 788 properties: 789 exec: 790 description: One and only one of the following should be specified. Exec specifies the action to take. 791 properties: 792 command: 793 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 794 items: 795 type: string 796 type: array 797 type: object 798 failureThreshold: 799 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 800 format: int32 801 type: integer 802 httpGet: 803 description: HTTPGet specifies the http request to perform. 804 properties: 805 host: 806 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 807 type: string 808 httpHeaders: 809 description: Custom headers to set in the request. HTTP allows repeated headers. 810 items: 811 description: HTTPHeader describes a custom header to be used in HTTP probes 812 properties: 813 name: 814 description: The header field name 815 type: string 816 value: 817 description: The header field value 818 type: string 819 required: 820 - name 821 - value 822 type: object 823 type: array 824 path: 825 description: Path to access on the HTTP server. 826 type: string 827 port: 828 anyOf: 829 - type: integer 830 - type: string 831 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 832 x-kubernetes-int-or-string: true 833 scheme: 834 description: Scheme to use for connecting to the host. Defaults to HTTP. 835 type: string 836 required: 837 - port 838 type: object 839 initialDelaySeconds: 840 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 841 format: int32 842 type: integer 843 periodSeconds: 844 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 845 format: int32 846 type: integer 847 successThreshold: 848 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 849 format: int32 850 type: integer 851 tcpSocket: 852 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 853 properties: 854 host: 855 description: 'Optional: Host name to connect to, defaults to the pod IP.' 856 type: string 857 port: 858 anyOf: 859 - type: integer 860 - type: string 861 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 862 x-kubernetes-int-or-string: true 863 required: 864 - port 865 type: object 866 timeoutSeconds: 867 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 868 format: int32 869 type: integer 870 type: object 871 resources: 872 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 873 properties: 874 limits: 875 additionalProperties: 876 anyOf: 877 - type: integer 878 - type: string 879 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 880 x-kubernetes-int-or-string: true 881 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 882 type: object 883 requests: 884 additionalProperties: 885 anyOf: 886 - type: integer 887 - type: string 888 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 889 x-kubernetes-int-or-string: true 890 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 891 type: object 892 type: object 893 securityContext: 894 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 895 properties: 896 allowPrivilegeEscalation: 897 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 898 type: boolean 899 capabilities: 900 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 901 properties: 902 add: 903 description: Added capabilities 904 items: 905 description: Capability represent POSIX capabilities type 906 type: string 907 type: array 908 drop: 909 description: Removed capabilities 910 items: 911 description: Capability represent POSIX capabilities type 912 type: string 913 type: array 914 type: object 915 privileged: 916 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 917 type: boolean 918 procMount: 919 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 920 type: string 921 readOnlyRootFilesystem: 922 description: Whether this container has a read-only root filesystem. Default is false. 923 type: boolean 924 runAsGroup: 925 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 926 format: int64 927 type: integer 928 runAsNonRoot: 929 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 930 type: boolean 931 runAsUser: 932 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 933 format: int64 934 type: integer 935 seLinuxOptions: 936 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 937 properties: 938 level: 939 description: Level is SELinux level label that applies to the container. 940 type: string 941 role: 942 description: Role is a SELinux role label that applies to the container. 943 type: string 944 type: 945 description: Type is a SELinux type label that applies to the container. 946 type: string 947 user: 948 description: User is a SELinux user label that applies to the container. 949 type: string 950 type: object 951 windowsOptions: 952 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 953 properties: 954 gmsaCredentialSpec: 955 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 956 type: string 957 gmsaCredentialSpecName: 958 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 959 type: string 960 runAsUserName: 961 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 962 type: string 963 type: object 964 type: object 965 startupProbe: 966 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 967 properties: 968 exec: 969 description: One and only one of the following should be specified. Exec specifies the action to take. 970 properties: 971 command: 972 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 973 items: 974 type: string 975 type: array 976 type: object 977 failureThreshold: 978 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 979 format: int32 980 type: integer 981 httpGet: 982 description: HTTPGet specifies the http request to perform. 983 properties: 984 host: 985 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 986 type: string 987 httpHeaders: 988 description: Custom headers to set in the request. HTTP allows repeated headers. 989 items: 990 description: HTTPHeader describes a custom header to be used in HTTP probes 991 properties: 992 name: 993 description: The header field name 994 type: string 995 value: 996 description: The header field value 997 type: string 998 required: 999 - name 1000 - value 1001 type: object 1002 type: array 1003 path: 1004 description: Path to access on the HTTP server. 1005 type: string 1006 port: 1007 anyOf: 1008 - type: integer 1009 - type: string 1010 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1011 x-kubernetes-int-or-string: true 1012 scheme: 1013 description: Scheme to use for connecting to the host. Defaults to HTTP. 1014 type: string 1015 required: 1016 - port 1017 type: object 1018 initialDelaySeconds: 1019 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1020 format: int32 1021 type: integer 1022 periodSeconds: 1023 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1024 format: int32 1025 type: integer 1026 successThreshold: 1027 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1028 format: int32 1029 type: integer 1030 tcpSocket: 1031 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1032 properties: 1033 host: 1034 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1035 type: string 1036 port: 1037 anyOf: 1038 - type: integer 1039 - type: string 1040 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1041 x-kubernetes-int-or-string: true 1042 required: 1043 - port 1044 type: object 1045 timeoutSeconds: 1046 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1047 format: int32 1048 type: integer 1049 type: object 1050 stdin: 1051 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1052 type: boolean 1053 stdinOnce: 1054 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1055 type: boolean 1056 terminationMessagePath: 1057 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 1058 type: string 1059 terminationMessagePolicy: 1060 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1061 type: string 1062 tty: 1063 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1064 type: boolean 1065 volumeDevices: 1066 description: volumeDevices is the list of block devices to be used by the container. 1067 items: 1068 description: volumeDevice describes a mapping of a raw block device within a container. 1069 properties: 1070 devicePath: 1071 description: devicePath is the path inside of the container that the device will be mapped to. 1072 type: string 1073 name: 1074 description: name must match the name of a persistentVolumeClaim in the pod 1075 type: string 1076 required: 1077 - devicePath 1078 - name 1079 type: object 1080 type: array 1081 volumeMounts: 1082 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1083 items: 1084 description: VolumeMount describes a mounting of a Volume within a container. 1085 properties: 1086 mountPath: 1087 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1088 type: string 1089 mountPropagation: 1090 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 1091 type: string 1092 name: 1093 description: This must match the Name of a Volume. 1094 type: string 1095 readOnly: 1096 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1097 type: boolean 1098 subPath: 1099 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1100 type: string 1101 subPathExpr: 1102 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1103 type: string 1104 required: 1105 - mountPath 1106 - name 1107 type: object 1108 type: array 1109 workingDir: 1110 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1111 type: string 1112 required: 1113 - name 1114 type: object 1115 type: array 1116 enforcedNamespaceLabel: 1117 description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. 1118 type: string 1119 evaluationInterval: 1120 description: Interval between consecutive evaluations. 1121 type: string 1122 externalPrefix: 1123 description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. 1124 type: string 1125 grpcServerTlsConfig: 1126 description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' 1127 properties: 1128 ca: 1129 description: Struct containing the CA cert to use for the targets. 1130 properties: 1131 configMap: 1132 description: ConfigMap containing data to use for the targets. 1133 properties: 1134 key: 1135 description: The key to select. 1136 type: string 1137 name: 1138 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1139 type: string 1140 optional: 1141 description: Specify whether the ConfigMap or its key must be defined 1142 type: boolean 1143 required: 1144 - key 1145 type: object 1146 secret: 1147 description: Secret containing data to use for the targets. 1148 properties: 1149 key: 1150 description: The key of the secret to select from. Must be a valid secret key. 1151 type: string 1152 name: 1153 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1154 type: string 1155 optional: 1156 description: Specify whether the Secret or its key must be defined 1157 type: boolean 1158 required: 1159 - key 1160 type: object 1161 type: object 1162 caFile: 1163 description: Path to the CA cert in the Prometheus container to use for the targets. 1164 type: string 1165 cert: 1166 description: Struct containing the client cert file for the targets. 1167 properties: 1168 configMap: 1169 description: ConfigMap containing data to use for the targets. 1170 properties: 1171 key: 1172 description: The key to select. 1173 type: string 1174 name: 1175 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1176 type: string 1177 optional: 1178 description: Specify whether the ConfigMap or its key must be defined 1179 type: boolean 1180 required: 1181 - key 1182 type: object 1183 secret: 1184 description: Secret containing data to use for the targets. 1185 properties: 1186 key: 1187 description: The key of the secret to select from. Must be a valid secret key. 1188 type: string 1189 name: 1190 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1191 type: string 1192 optional: 1193 description: Specify whether the Secret or its key must be defined 1194 type: boolean 1195 required: 1196 - key 1197 type: object 1198 type: object 1199 certFile: 1200 description: Path to the client cert file in the Prometheus container for the targets. 1201 type: string 1202 insecureSkipVerify: 1203 description: Disable target certificate validation. 1204 type: boolean 1205 keyFile: 1206 description: Path to the client key file in the Prometheus container for the targets. 1207 type: string 1208 keySecret: 1209 description: Secret containing the client key file for the targets. 1210 properties: 1211 key: 1212 description: The key of the secret to select from. Must be a valid secret key. 1213 type: string 1214 name: 1215 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1216 type: string 1217 optional: 1218 description: Specify whether the Secret or its key must be defined 1219 type: boolean 1220 required: 1221 - key 1222 type: object 1223 serverName: 1224 description: Used to verify the hostname for the targets. 1225 type: string 1226 type: object 1227 image: 1228 description: Thanos container image URL. 1229 type: string 1230 imagePullSecrets: 1231 description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod 1232 items: 1233 description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. 1234 properties: 1235 name: 1236 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1237 type: string 1238 type: object 1239 type: array 1240 initContainers: 1241 description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' 1242 items: 1243 description: A single application container that you want to run within a pod. 1244 properties: 1245 args: 1246 description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1247 items: 1248 type: string 1249 type: array 1250 command: 1251 description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' 1252 items: 1253 type: string 1254 type: array 1255 env: 1256 description: List of environment variables to set in the container. Cannot be updated. 1257 items: 1258 description: EnvVar represents an environment variable present in a Container. 1259 properties: 1260 name: 1261 description: Name of the environment variable. Must be a C_IDENTIFIER. 1262 type: string 1263 value: 1264 description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' 1265 type: string 1266 valueFrom: 1267 description: Source for the environment variable's value. Cannot be used if value is not empty. 1268 properties: 1269 configMapKeyRef: 1270 description: Selects a key of a ConfigMap. 1271 properties: 1272 key: 1273 description: The key to select. 1274 type: string 1275 name: 1276 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1277 type: string 1278 optional: 1279 description: Specify whether the ConfigMap or its key must be defined 1280 type: boolean 1281 required: 1282 - key 1283 type: object 1284 fieldRef: 1285 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' 1286 properties: 1287 apiVersion: 1288 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1289 type: string 1290 fieldPath: 1291 description: Path of the field to select in the specified API version. 1292 type: string 1293 required: 1294 - fieldPath 1295 type: object 1296 resourceFieldRef: 1297 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' 1298 properties: 1299 containerName: 1300 description: 'Container name: required for volumes, optional for env vars' 1301 type: string 1302 divisor: 1303 anyOf: 1304 - type: integer 1305 - type: string 1306 description: Specifies the output format of the exposed resources, defaults to "1" 1307 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1308 x-kubernetes-int-or-string: true 1309 resource: 1310 description: 'Required: resource to select' 1311 type: string 1312 required: 1313 - resource 1314 type: object 1315 secretKeyRef: 1316 description: Selects a key of a secret in the pod's namespace 1317 properties: 1318 key: 1319 description: The key of the secret to select from. Must be a valid secret key. 1320 type: string 1321 name: 1322 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1323 type: string 1324 optional: 1325 description: Specify whether the Secret or its key must be defined 1326 type: boolean 1327 required: 1328 - key 1329 type: object 1330 type: object 1331 required: 1332 - name 1333 type: object 1334 type: array 1335 envFrom: 1336 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1337 items: 1338 description: EnvFromSource represents the source of a set of ConfigMaps 1339 properties: 1340 configMapRef: 1341 description: The ConfigMap to select from 1342 properties: 1343 name: 1344 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1345 type: string 1346 optional: 1347 description: Specify whether the ConfigMap must be defined 1348 type: boolean 1349 type: object 1350 prefix: 1351 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1352 type: string 1353 secretRef: 1354 description: The Secret to select from 1355 properties: 1356 name: 1357 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1358 type: string 1359 optional: 1360 description: Specify whether the Secret must be defined 1361 type: boolean 1362 type: object 1363 type: object 1364 type: array 1365 image: 1366 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' 1367 type: string 1368 imagePullPolicy: 1369 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' 1370 type: string 1371 lifecycle: 1372 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 1373 properties: 1374 postStart: 1375 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1376 properties: 1377 exec: 1378 description: One and only one of the following should be specified. Exec specifies the action to take. 1379 properties: 1380 command: 1381 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1382 items: 1383 type: string 1384 type: array 1385 type: object 1386 httpGet: 1387 description: HTTPGet specifies the http request to perform. 1388 properties: 1389 host: 1390 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1391 type: string 1392 httpHeaders: 1393 description: Custom headers to set in the request. HTTP allows repeated headers. 1394 items: 1395 description: HTTPHeader describes a custom header to be used in HTTP probes 1396 properties: 1397 name: 1398 description: The header field name 1399 type: string 1400 value: 1401 description: The header field value 1402 type: string 1403 required: 1404 - name 1405 - value 1406 type: object 1407 type: array 1408 path: 1409 description: Path to access on the HTTP server. 1410 type: string 1411 port: 1412 anyOf: 1413 - type: integer 1414 - type: string 1415 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1416 x-kubernetes-int-or-string: true 1417 scheme: 1418 description: Scheme to use for connecting to the host. Defaults to HTTP. 1419 type: string 1420 required: 1421 - port 1422 type: object 1423 tcpSocket: 1424 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1425 properties: 1426 host: 1427 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1428 type: string 1429 port: 1430 anyOf: 1431 - type: integer 1432 - type: string 1433 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1434 x-kubernetes-int-or-string: true 1435 required: 1436 - port 1437 type: object 1438 type: object 1439 preStop: 1440 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' 1441 properties: 1442 exec: 1443 description: One and only one of the following should be specified. Exec specifies the action to take. 1444 properties: 1445 command: 1446 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1447 items: 1448 type: string 1449 type: array 1450 type: object 1451 httpGet: 1452 description: HTTPGet specifies the http request to perform. 1453 properties: 1454 host: 1455 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1456 type: string 1457 httpHeaders: 1458 description: Custom headers to set in the request. HTTP allows repeated headers. 1459 items: 1460 description: HTTPHeader describes a custom header to be used in HTTP probes 1461 properties: 1462 name: 1463 description: The header field name 1464 type: string 1465 value: 1466 description: The header field value 1467 type: string 1468 required: 1469 - name 1470 - value 1471 type: object 1472 type: array 1473 path: 1474 description: Path to access on the HTTP server. 1475 type: string 1476 port: 1477 anyOf: 1478 - type: integer 1479 - type: string 1480 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1481 x-kubernetes-int-or-string: true 1482 scheme: 1483 description: Scheme to use for connecting to the host. Defaults to HTTP. 1484 type: string 1485 required: 1486 - port 1487 type: object 1488 tcpSocket: 1489 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1490 properties: 1491 host: 1492 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1493 type: string 1494 port: 1495 anyOf: 1496 - type: integer 1497 - type: string 1498 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1499 x-kubernetes-int-or-string: true 1500 required: 1501 - port 1502 type: object 1503 type: object 1504 type: object 1505 livenessProbe: 1506 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1507 properties: 1508 exec: 1509 description: One and only one of the following should be specified. Exec specifies the action to take. 1510 properties: 1511 command: 1512 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1513 items: 1514 type: string 1515 type: array 1516 type: object 1517 failureThreshold: 1518 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1519 format: int32 1520 type: integer 1521 httpGet: 1522 description: HTTPGet specifies the http request to perform. 1523 properties: 1524 host: 1525 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1526 type: string 1527 httpHeaders: 1528 description: Custom headers to set in the request. HTTP allows repeated headers. 1529 items: 1530 description: HTTPHeader describes a custom header to be used in HTTP probes 1531 properties: 1532 name: 1533 description: The header field name 1534 type: string 1535 value: 1536 description: The header field value 1537 type: string 1538 required: 1539 - name 1540 - value 1541 type: object 1542 type: array 1543 path: 1544 description: Path to access on the HTTP server. 1545 type: string 1546 port: 1547 anyOf: 1548 - type: integer 1549 - type: string 1550 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1551 x-kubernetes-int-or-string: true 1552 scheme: 1553 description: Scheme to use for connecting to the host. Defaults to HTTP. 1554 type: string 1555 required: 1556 - port 1557 type: object 1558 initialDelaySeconds: 1559 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1560 format: int32 1561 type: integer 1562 periodSeconds: 1563 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1564 format: int32 1565 type: integer 1566 successThreshold: 1567 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1568 format: int32 1569 type: integer 1570 tcpSocket: 1571 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1572 properties: 1573 host: 1574 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1575 type: string 1576 port: 1577 anyOf: 1578 - type: integer 1579 - type: string 1580 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1581 x-kubernetes-int-or-string: true 1582 required: 1583 - port 1584 type: object 1585 timeoutSeconds: 1586 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1587 format: int32 1588 type: integer 1589 type: object 1590 name: 1591 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1592 type: string 1593 ports: 1594 description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. 1595 items: 1596 description: ContainerPort represents a network port in a single container. 1597 properties: 1598 containerPort: 1599 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1600 format: int32 1601 type: integer 1602 hostIP: 1603 description: What host IP to bind the external port to. 1604 type: string 1605 hostPort: 1606 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1607 format: int32 1608 type: integer 1609 name: 1610 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1611 type: string 1612 protocol: 1613 default: TCP 1614 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1615 type: string 1616 required: 1617 - containerPort 1618 type: object 1619 type: array 1620 x-kubernetes-list-map-keys: 1621 - containerPort 1622 - protocol 1623 x-kubernetes-list-type: map 1624 readinessProbe: 1625 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1626 properties: 1627 exec: 1628 description: One and only one of the following should be specified. Exec specifies the action to take. 1629 properties: 1630 command: 1631 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1632 items: 1633 type: string 1634 type: array 1635 type: object 1636 failureThreshold: 1637 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1638 format: int32 1639 type: integer 1640 httpGet: 1641 description: HTTPGet specifies the http request to perform. 1642 properties: 1643 host: 1644 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1645 type: string 1646 httpHeaders: 1647 description: Custom headers to set in the request. HTTP allows repeated headers. 1648 items: 1649 description: HTTPHeader describes a custom header to be used in HTTP probes 1650 properties: 1651 name: 1652 description: The header field name 1653 type: string 1654 value: 1655 description: The header field value 1656 type: string 1657 required: 1658 - name 1659 - value 1660 type: object 1661 type: array 1662 path: 1663 description: Path to access on the HTTP server. 1664 type: string 1665 port: 1666 anyOf: 1667 - type: integer 1668 - type: string 1669 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1670 x-kubernetes-int-or-string: true 1671 scheme: 1672 description: Scheme to use for connecting to the host. Defaults to HTTP. 1673 type: string 1674 required: 1675 - port 1676 type: object 1677 initialDelaySeconds: 1678 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1679 format: int32 1680 type: integer 1681 periodSeconds: 1682 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1683 format: int32 1684 type: integer 1685 successThreshold: 1686 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1687 format: int32 1688 type: integer 1689 tcpSocket: 1690 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1691 properties: 1692 host: 1693 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1694 type: string 1695 port: 1696 anyOf: 1697 - type: integer 1698 - type: string 1699 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1700 x-kubernetes-int-or-string: true 1701 required: 1702 - port 1703 type: object 1704 timeoutSeconds: 1705 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1706 format: int32 1707 type: integer 1708 type: object 1709 resources: 1710 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1711 properties: 1712 limits: 1713 additionalProperties: 1714 anyOf: 1715 - type: integer 1716 - type: string 1717 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1718 x-kubernetes-int-or-string: true 1719 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1720 type: object 1721 requests: 1722 additionalProperties: 1723 anyOf: 1724 - type: integer 1725 - type: string 1726 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1727 x-kubernetes-int-or-string: true 1728 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1729 type: object 1730 type: object 1731 securityContext: 1732 description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' 1733 properties: 1734 allowPrivilegeEscalation: 1735 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' 1736 type: boolean 1737 capabilities: 1738 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. 1739 properties: 1740 add: 1741 description: Added capabilities 1742 items: 1743 description: Capability represent POSIX capabilities type 1744 type: string 1745 type: array 1746 drop: 1747 description: Removed capabilities 1748 items: 1749 description: Capability represent POSIX capabilities type 1750 type: string 1751 type: array 1752 type: object 1753 privileged: 1754 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. 1755 type: boolean 1756 procMount: 1757 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. 1758 type: string 1759 readOnlyRootFilesystem: 1760 description: Whether this container has a read-only root filesystem. Default is false. 1761 type: boolean 1762 runAsGroup: 1763 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1764 format: int64 1765 type: integer 1766 runAsNonRoot: 1767 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1768 type: boolean 1769 runAsUser: 1770 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1771 format: int64 1772 type: integer 1773 seLinuxOptions: 1774 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1775 properties: 1776 level: 1777 description: Level is SELinux level label that applies to the container. 1778 type: string 1779 role: 1780 description: Role is a SELinux role label that applies to the container. 1781 type: string 1782 type: 1783 description: Type is a SELinux type label that applies to the container. 1784 type: string 1785 user: 1786 description: User is a SELinux user label that applies to the container. 1787 type: string 1788 type: object 1789 windowsOptions: 1790 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1791 properties: 1792 gmsaCredentialSpec: 1793 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1794 type: string 1795 gmsaCredentialSpecName: 1796 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1797 type: string 1798 runAsUserName: 1799 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1800 type: string 1801 type: object 1802 type: object 1803 startupProbe: 1804 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1805 properties: 1806 exec: 1807 description: One and only one of the following should be specified. Exec specifies the action to take. 1808 properties: 1809 command: 1810 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1811 items: 1812 type: string 1813 type: array 1814 type: object 1815 failureThreshold: 1816 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1817 format: int32 1818 type: integer 1819 httpGet: 1820 description: HTTPGet specifies the http request to perform. 1821 properties: 1822 host: 1823 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1824 type: string 1825 httpHeaders: 1826 description: Custom headers to set in the request. HTTP allows repeated headers. 1827 items: 1828 description: HTTPHeader describes a custom header to be used in HTTP probes 1829 properties: 1830 name: 1831 description: The header field name 1832 type: string 1833 value: 1834 description: The header field value 1835 type: string 1836 required: 1837 - name 1838 - value 1839 type: object 1840 type: array 1841 path: 1842 description: Path to access on the HTTP server. 1843 type: string 1844 port: 1845 anyOf: 1846 - type: integer 1847 - type: string 1848 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1849 x-kubernetes-int-or-string: true 1850 scheme: 1851 description: Scheme to use for connecting to the host. Defaults to HTTP. 1852 type: string 1853 required: 1854 - port 1855 type: object 1856 initialDelaySeconds: 1857 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1858 format: int32 1859 type: integer 1860 periodSeconds: 1861 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1862 format: int32 1863 type: integer 1864 successThreshold: 1865 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1866 format: int32 1867 type: integer 1868 tcpSocket: 1869 description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' 1870 properties: 1871 host: 1872 description: 'Optional: Host name to connect to, defaults to the pod IP.' 1873 type: string 1874 port: 1875 anyOf: 1876 - type: integer 1877 - type: string 1878 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1879 x-kubernetes-int-or-string: true 1880 required: 1881 - port 1882 type: object 1883 timeoutSeconds: 1884 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' 1885 format: int32 1886 type: integer 1887 type: object 1888 stdin: 1889 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1890 type: boolean 1891 stdinOnce: 1892 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1893 type: boolean 1894 terminationMessagePath: 1895 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' 1896 type: string 1897 terminationMessagePolicy: 1898 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1899 type: string 1900 tty: 1901 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1902 type: boolean 1903 volumeDevices: 1904 description: volumeDevices is the list of block devices to be used by the container. 1905 items: 1906 description: volumeDevice describes a mapping of a raw block device within a container. 1907 properties: 1908 devicePath: 1909 description: devicePath is the path inside of the container that the device will be mapped to. 1910 type: string 1911 name: 1912 description: name must match the name of a persistentVolumeClaim in the pod 1913 type: string 1914 required: 1915 - devicePath 1916 - name 1917 type: object 1918 type: array 1919 volumeMounts: 1920 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1921 items: 1922 description: VolumeMount describes a mounting of a Volume within a container. 1923 properties: 1924 mountPath: 1925 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1926 type: string 1927 mountPropagation: 1928 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. 1929 type: string 1930 name: 1931 description: This must match the Name of a Volume. 1932 type: string 1933 readOnly: 1934 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1935 type: boolean 1936 subPath: 1937 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1938 type: string 1939 subPathExpr: 1940 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1941 type: string 1942 required: 1943 - mountPath 1944 - name 1945 type: object 1946 type: array 1947 workingDir: 1948 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1949 type: string 1950 required: 1951 - name 1952 type: object 1953 type: array 1954 labels: 1955 additionalProperties: 1956 type: string 1957 description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. 1958 type: object 1959 listenLocal: 1960 description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. 1961 type: boolean 1962 logFormat: 1963 description: Log format for ThanosRuler to be configured with. 1964 type: string 1965 logLevel: 1966 description: Log level for ThanosRuler to be configured with. 1967 type: string 1968 nodeSelector: 1969 additionalProperties: 1970 type: string 1971 description: Define which Nodes the Pods are scheduled on. 1972 type: object 1973 objectStorageConfig: 1974 description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. 1975 properties: 1976 key: 1977 description: The key of the secret to select from. Must be a valid secret key. 1978 type: string 1979 name: 1980 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 1981 type: string 1982 optional: 1983 description: Specify whether the Secret or its key must be defined 1984 type: boolean 1985 required: 1986 - key 1987 type: object 1988 objectStorageConfigFile: 1989 description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. 1990 type: string 1991 paused: 1992 description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. 1993 type: boolean 1994 podMetadata: 1995 description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. 1996 properties: 1997 annotations: 1998 additionalProperties: 1999 type: string 2000 description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 2001 type: object 2002 labels: 2003 additionalProperties: 2004 type: string 2005 description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' 2006 type: object 2007 name: 2008 description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 2009 type: string 2010 type: object 2011 portName: 2012 description: Port name used for the pods and governing service. This defaults to web 2013 type: string 2014 priorityClassName: 2015 description: Priority class assigned to the Pods 2016 type: string 2017 prometheusRulesExcludedFromEnforce: 2018 description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair 2019 items: 2020 description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. 2021 properties: 2022 ruleName: 2023 description: RuleNamespace - name of excluded rule 2024 type: string 2025 ruleNamespace: 2026 description: RuleNamespace - namespace of excluded rule 2027 type: string 2028 required: 2029 - ruleName 2030 - ruleNamespace 2031 type: object 2032 type: array 2033 queryConfig: 2034 description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. 2035 properties: 2036 key: 2037 description: The key of the secret to select from. Must be a valid secret key. 2038 type: string 2039 name: 2040 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2041 type: string 2042 optional: 2043 description: Specify whether the Secret or its key must be defined 2044 type: boolean 2045 required: 2046 - key 2047 type: object 2048 queryEndpoints: 2049 description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. 2050 items: 2051 type: string 2052 type: array 2053 replicas: 2054 description: Number of thanos ruler instances to deploy. 2055 format: int32 2056 type: integer 2057 resources: 2058 description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set 2059 properties: 2060 limits: 2061 additionalProperties: 2062 anyOf: 2063 - type: integer 2064 - type: string 2065 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2066 x-kubernetes-int-or-string: true 2067 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2068 type: object 2069 requests: 2070 additionalProperties: 2071 anyOf: 2072 - type: integer 2073 - type: string 2074 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2075 x-kubernetes-int-or-string: true 2076 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2077 type: object 2078 type: object 2079 retention: 2080 description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). 2081 type: string 2082 routePrefix: 2083 description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. 2084 type: string 2085 ruleNamespaceSelector: 2086 description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. 2087 properties: 2088 matchExpressions: 2089 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 2090 items: 2091 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 2092 properties: 2093 key: 2094 description: key is the label key that the selector applies to. 2095 type: string 2096 operator: 2097 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 2098 type: string 2099 values: 2100 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 2101 items: 2102 type: string 2103 type: array 2104 required: 2105 - key 2106 - operator 2107 type: object 2108 type: array 2109 matchLabels: 2110 additionalProperties: 2111 type: string 2112 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 2113 type: object 2114 type: object 2115 ruleSelector: 2116 description: A label selector to select which PrometheusRules to mount for alerting and recording. 2117 properties: 2118 matchExpressions: 2119 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 2120 items: 2121 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 2122 properties: 2123 key: 2124 description: key is the label key that the selector applies to. 2125 type: string 2126 operator: 2127 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 2128 type: string 2129 values: 2130 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 2131 items: 2132 type: string 2133 type: array 2134 required: 2135 - key 2136 - operator 2137 type: object 2138 type: array 2139 matchLabels: 2140 additionalProperties: 2141 type: string 2142 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 2143 type: object 2144 type: object 2145 securityContext: 2146 description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. 2147 properties: 2148 fsGroup: 2149 description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." 2150 format: int64 2151 type: integer 2152 fsGroupChangePolicy: 2153 description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' 2154 type: string 2155 runAsGroup: 2156 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 2157 format: int64 2158 type: integer 2159 runAsNonRoot: 2160 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2161 type: boolean 2162 runAsUser: 2163 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 2164 format: int64 2165 type: integer 2166 seLinuxOptions: 2167 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. 2168 properties: 2169 level: 2170 description: Level is SELinux level label that applies to the container. 2171 type: string 2172 role: 2173 description: Role is a SELinux role label that applies to the container. 2174 type: string 2175 type: 2176 description: Type is a SELinux type label that applies to the container. 2177 type: string 2178 user: 2179 description: User is a SELinux user label that applies to the container. 2180 type: string 2181 type: object 2182 supplementalGroups: 2183 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. 2184 items: 2185 format: int64 2186 type: integer 2187 type: array 2188 sysctls: 2189 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. 2190 items: 2191 description: Sysctl defines a kernel parameter to be set 2192 properties: 2193 name: 2194 description: Name of a property to set 2195 type: string 2196 value: 2197 description: Value of a property to set 2198 type: string 2199 required: 2200 - name 2201 - value 2202 type: object 2203 type: array 2204 windowsOptions: 2205 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2206 properties: 2207 gmsaCredentialSpec: 2208 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2209 type: string 2210 gmsaCredentialSpecName: 2211 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2212 type: string 2213 runAsUserName: 2214 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2215 type: string 2216 type: object 2217 type: object 2218 serviceAccountName: 2219 description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. 2220 type: string 2221 storage: 2222 description: Storage spec to specify how storage shall be used. 2223 properties: 2224 disableMountSubPath: 2225 description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' 2226 type: boolean 2227 emptyDir: 2228 description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' 2229 properties: 2230 medium: 2231 description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 2232 type: string 2233 sizeLimit: 2234 anyOf: 2235 - type: integer 2236 - type: string 2237 description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 2238 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2239 x-kubernetes-int-or-string: true 2240 type: object 2241 volumeClaimTemplate: 2242 description: A PVC spec to be used by the Prometheus StatefulSets. 2243 properties: 2244 apiVersion: 2245 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2246 type: string 2247 kind: 2248 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2249 type: string 2250 metadata: 2251 description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. 2252 properties: 2253 annotations: 2254 additionalProperties: 2255 type: string 2256 description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' 2257 type: object 2258 labels: 2259 additionalProperties: 2260 type: string 2261 description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' 2262 type: object 2263 name: 2264 description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' 2265 type: string 2266 type: object 2267 spec: 2268 description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 2269 properties: 2270 accessModes: 2271 description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 2272 items: 2273 type: string 2274 type: array 2275 dataSource: 2276 description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' 2277 properties: 2278 apiGroup: 2279 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 2280 type: string 2281 kind: 2282 description: Kind is the type of resource being referenced 2283 type: string 2284 name: 2285 description: Name is the name of resource being referenced 2286 type: string 2287 required: 2288 - kind 2289 - name 2290 type: object 2291 resources: 2292 description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' 2293 properties: 2294 limits: 2295 additionalProperties: 2296 anyOf: 2297 - type: integer 2298 - type: string 2299 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2300 x-kubernetes-int-or-string: true 2301 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2302 type: object 2303 requests: 2304 additionalProperties: 2305 anyOf: 2306 - type: integer 2307 - type: string 2308 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2309 x-kubernetes-int-or-string: true 2310 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2311 type: object 2312 type: object 2313 selector: 2314 description: A label query over volumes to consider for binding. 2315 properties: 2316 matchExpressions: 2317 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 2318 items: 2319 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 2320 properties: 2321 key: 2322 description: key is the label key that the selector applies to. 2323 type: string 2324 operator: 2325 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 2326 type: string 2327 values: 2328 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 2329 items: 2330 type: string 2331 type: array 2332 required: 2333 - key 2334 - operator 2335 type: object 2336 type: array 2337 matchLabels: 2338 additionalProperties: 2339 type: string 2340 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 2341 type: object 2342 type: object 2343 storageClassName: 2344 description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' 2345 type: string 2346 volumeMode: 2347 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 2348 type: string 2349 volumeName: 2350 description: VolumeName is the binding reference to the PersistentVolume backing this claim. 2351 type: string 2352 type: object 2353 status: 2354 description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 2355 properties: 2356 accessModes: 2357 description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' 2358 items: 2359 type: string 2360 type: array 2361 capacity: 2362 additionalProperties: 2363 anyOf: 2364 - type: integer 2365 - type: string 2366 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2367 x-kubernetes-int-or-string: true 2368 description: Represents the actual resources of the underlying volume. 2369 type: object 2370 conditions: 2371 description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. 2372 items: 2373 description: PersistentVolumeClaimCondition contails details about state of pvc 2374 properties: 2375 lastProbeTime: 2376 description: Last time we probed the condition. 2377 format: date-time 2378 type: string 2379 lastTransitionTime: 2380 description: Last time the condition transitioned from one status to another. 2381 format: date-time 2382 type: string 2383 message: 2384 description: Human-readable message indicating details about last transition. 2385 type: string 2386 reason: 2387 description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. 2388 type: string 2389 status: 2390 type: string 2391 type: 2392 description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type 2393 type: string 2394 required: 2395 - status 2396 - type 2397 type: object 2398 type: array 2399 phase: 2400 description: Phase represents the current phase of PersistentVolumeClaim. 2401 type: string 2402 type: object 2403 type: object 2404 type: object 2405 tolerations: 2406 description: If specified, the pod's tolerations. 2407 items: 2408 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>. 2409 properties: 2410 effect: 2411 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 2412 type: string 2413 key: 2414 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 2415 type: string 2416 operator: 2417 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 2418 type: string 2419 tolerationSeconds: 2420 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 2421 format: int64 2422 type: integer 2423 value: 2424 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 2425 type: string 2426 type: object 2427 type: array 2428 topologySpreadConstraints: 2429 description: If specified, the pod's topology spread constraints. 2430 items: 2431 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. 2432 properties: 2433 labelSelector: 2434 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 2435 properties: 2436 matchExpressions: 2437 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 2438 items: 2439 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 2440 properties: 2441 key: 2442 description: key is the label key that the selector applies to. 2443 type: string 2444 operator: 2445 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 2446 type: string 2447 values: 2448 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 2449 items: 2450 type: string 2451 type: array 2452 required: 2453 - key 2454 - operator 2455 type: object 2456 type: array 2457 matchLabels: 2458 additionalProperties: 2459 type: string 2460 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 2461 type: object 2462 type: object 2463 maxSkew: 2464 description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' 2465 format: int32 2466 type: integer 2467 topologyKey: 2468 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. 2469 type: string 2470 whenUnsatisfiable: 2471 description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' 2472 type: string 2473 required: 2474 - maxSkew 2475 - topologyKey 2476 - whenUnsatisfiable 2477 type: object 2478 type: array 2479 tracingConfig: 2480 description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. 2481 properties: 2482 key: 2483 description: The key of the secret to select from. Must be a valid secret key. 2484 type: string 2485 name: 2486 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2487 type: string 2488 optional: 2489 description: Specify whether the Secret or its key must be defined 2490 type: boolean 2491 required: 2492 - key 2493 type: object 2494 volumes: 2495 description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. 2496 items: 2497 description: Volume represents a named volume in a pod that may be accessed by any container in the pod. 2498 properties: 2499 awsElasticBlockStore: 2500 description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2501 properties: 2502 fsType: 2503 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' 2504 type: string 2505 partition: 2506 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' 2507 format: int32 2508 type: integer 2509 readOnly: 2510 description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2511 type: boolean 2512 volumeID: 2513 description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' 2514 type: string 2515 required: 2516 - volumeID 2517 type: object 2518 azureDisk: 2519 description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. 2520 properties: 2521 cachingMode: 2522 description: 'Host Caching mode: None, Read Only, Read Write.' 2523 type: string 2524 diskName: 2525 description: The Name of the data disk in the blob storage 2526 type: string 2527 diskURI: 2528 description: The URI the data disk in the blob storage 2529 type: string 2530 fsType: 2531 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 2532 type: string 2533 kind: 2534 description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' 2535 type: string 2536 readOnly: 2537 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 2538 type: boolean 2539 required: 2540 - diskName 2541 - diskURI 2542 type: object 2543 azureFile: 2544 description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. 2545 properties: 2546 readOnly: 2547 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 2548 type: boolean 2549 secretName: 2550 description: the name of secret that contains Azure Storage Account Name and Key 2551 type: string 2552 shareName: 2553 description: Share Name 2554 type: string 2555 required: 2556 - secretName 2557 - shareName 2558 type: object 2559 cephfs: 2560 description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime 2561 properties: 2562 monitors: 2563 description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2564 items: 2565 type: string 2566 type: array 2567 path: 2568 description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' 2569 type: string 2570 readOnly: 2571 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2572 type: boolean 2573 secretFile: 2574 description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2575 type: string 2576 secretRef: 2577 description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2578 properties: 2579 name: 2580 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2581 type: string 2582 type: object 2583 user: 2584 description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' 2585 type: string 2586 required: 2587 - monitors 2588 type: object 2589 cinder: 2590 description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2591 properties: 2592 fsType: 2593 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2594 type: string 2595 readOnly: 2596 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2597 type: boolean 2598 secretRef: 2599 description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' 2600 properties: 2601 name: 2602 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2603 type: string 2604 type: object 2605 volumeID: 2606 description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' 2607 type: string 2608 required: 2609 - volumeID 2610 type: object 2611 configMap: 2612 description: ConfigMap represents a configMap that should populate this volume 2613 properties: 2614 defaultMode: 2615 description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 2616 format: int32 2617 type: integer 2618 items: 2619 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 2620 items: 2621 description: Maps a string key to a path within a volume. 2622 properties: 2623 key: 2624 description: The key to project. 2625 type: string 2626 mode: 2627 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 2628 format: int32 2629 type: integer 2630 path: 2631 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 2632 type: string 2633 required: 2634 - key 2635 - path 2636 type: object 2637 type: array 2638 name: 2639 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2640 type: string 2641 optional: 2642 description: Specify whether the ConfigMap or its keys must be defined 2643 type: boolean 2644 type: object 2645 csi: 2646 description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). 2647 properties: 2648 driver: 2649 description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 2650 type: string 2651 fsType: 2652 description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 2653 type: string 2654 nodePublishSecretRef: 2655 description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 2656 properties: 2657 name: 2658 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2659 type: string 2660 type: object 2661 readOnly: 2662 description: Specifies a read-only configuration for the volume. Defaults to false (read/write). 2663 type: boolean 2664 volumeAttributes: 2665 additionalProperties: 2666 type: string 2667 description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 2668 type: object 2669 required: 2670 - driver 2671 type: object 2672 downwardAPI: 2673 description: DownwardAPI represents downward API about the pod that should populate this volume 2674 properties: 2675 defaultMode: 2676 description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 2677 format: int32 2678 type: integer 2679 items: 2680 description: Items is a list of downward API volume file 2681 items: 2682 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 2683 properties: 2684 fieldRef: 2685 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 2686 properties: 2687 apiVersion: 2688 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2689 type: string 2690 fieldPath: 2691 description: Path of the field to select in the specified API version. 2692 type: string 2693 required: 2694 - fieldPath 2695 type: object 2696 mode: 2697 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 2698 format: int32 2699 type: integer 2700 path: 2701 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 2702 type: string 2703 resourceFieldRef: 2704 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 2705 properties: 2706 containerName: 2707 description: 'Container name: required for volumes, optional for env vars' 2708 type: string 2709 divisor: 2710 anyOf: 2711 - type: integer 2712 - type: string 2713 description: Specifies the output format of the exposed resources, defaults to "1" 2714 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2715 x-kubernetes-int-or-string: true 2716 resource: 2717 description: 'Required: resource to select' 2718 type: string 2719 required: 2720 - resource 2721 type: object 2722 required: 2723 - path 2724 type: object 2725 type: array 2726 type: object 2727 emptyDir: 2728 description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 2729 properties: 2730 medium: 2731 description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' 2732 type: string 2733 sizeLimit: 2734 anyOf: 2735 - type: integer 2736 - type: string 2737 description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' 2738 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2739 x-kubernetes-int-or-string: true 2740 type: object 2741 fc: 2742 description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 2743 properties: 2744 fsType: 2745 description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' 2746 type: string 2747 lun: 2748 description: 'Optional: FC target lun number' 2749 format: int32 2750 type: integer 2751 readOnly: 2752 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 2753 type: boolean 2754 targetWWNs: 2755 description: 'Optional: FC target worldwide names (WWNs)' 2756 items: 2757 type: string 2758 type: array 2759 wwids: 2760 description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' 2761 items: 2762 type: string 2763 type: array 2764 type: object 2765 flexVolume: 2766 description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. 2767 properties: 2768 driver: 2769 description: Driver is the name of the driver to use for this volume. 2770 type: string 2771 fsType: 2772 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 2773 type: string 2774 options: 2775 additionalProperties: 2776 type: string 2777 description: 'Optional: Extra command options if any.' 2778 type: object 2779 readOnly: 2780 description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' 2781 type: boolean 2782 secretRef: 2783 description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' 2784 properties: 2785 name: 2786 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2787 type: string 2788 type: object 2789 required: 2790 - driver 2791 type: object 2792 flocker: 2793 description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running 2794 properties: 2795 datasetName: 2796 description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 2797 type: string 2798 datasetUUID: 2799 description: UUID of the dataset. This is unique identifier of a Flocker dataset 2800 type: string 2801 type: object 2802 gcePersistentDisk: 2803 description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 2804 properties: 2805 fsType: 2806 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' 2807 type: string 2808 partition: 2809 description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 2810 format: int32 2811 type: integer 2812 pdName: 2813 description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 2814 type: string 2815 readOnly: 2816 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' 2817 type: boolean 2818 required: 2819 - pdName 2820 type: object 2821 gitRepo: 2822 description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' 2823 properties: 2824 directory: 2825 description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 2826 type: string 2827 repository: 2828 description: Repository URL 2829 type: string 2830 revision: 2831 description: Commit hash for the specified revision. 2832 type: string 2833 required: 2834 - repository 2835 type: object 2836 glusterfs: 2837 description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' 2838 properties: 2839 endpoints: 2840 description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 2841 type: string 2842 path: 2843 description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 2844 type: string 2845 readOnly: 2846 description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' 2847 type: boolean 2848 required: 2849 - endpoints 2850 - path 2851 type: object 2852 hostPath: 2853 description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' 2854 properties: 2855 path: 2856 description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 2857 type: string 2858 type: 2859 description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' 2860 type: string 2861 required: 2862 - path 2863 type: object 2864 iscsi: 2865 description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' 2866 properties: 2867 chapAuthDiscovery: 2868 description: whether support iSCSI Discovery CHAP authentication 2869 type: boolean 2870 chapAuthSession: 2871 description: whether support iSCSI Session CHAP authentication 2872 type: boolean 2873 fsType: 2874 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' 2875 type: string 2876 initiatorName: 2877 description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 2878 type: string 2879 iqn: 2880 description: Target iSCSI Qualified Name. 2881 type: string 2882 iscsiInterface: 2883 description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 2884 type: string 2885 lun: 2886 description: iSCSI Target Lun number. 2887 format: int32 2888 type: integer 2889 portals: 2890 description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 2891 items: 2892 type: string 2893 type: array 2894 readOnly: 2895 description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 2896 type: boolean 2897 secretRef: 2898 description: CHAP Secret for iSCSI target and initiator authentication 2899 properties: 2900 name: 2901 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 2902 type: string 2903 type: object 2904 targetPortal: 2905 description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 2906 type: string 2907 required: 2908 - iqn 2909 - lun 2910 - targetPortal 2911 type: object 2912 name: 2913 description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 2914 type: string 2915 nfs: 2916 description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 2917 properties: 2918 path: 2919 description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 2920 type: string 2921 readOnly: 2922 description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 2923 type: boolean 2924 server: 2925 description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' 2926 type: string 2927 required: 2928 - path 2929 - server 2930 type: object 2931 persistentVolumeClaim: 2932 description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 2933 properties: 2934 claimName: 2935 description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' 2936 type: string 2937 readOnly: 2938 description: Will force the ReadOnly setting in VolumeMounts. Default false. 2939 type: boolean 2940 required: 2941 - claimName 2942 type: object 2943 photonPersistentDisk: 2944 description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine 2945 properties: 2946 fsType: 2947 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 2948 type: string 2949 pdID: 2950 description: ID that identifies Photon Controller persistent disk 2951 type: string 2952 required: 2953 - pdID 2954 type: object 2955 portworxVolume: 2956 description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine 2957 properties: 2958 fsType: 2959 description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 2960 type: string 2961 readOnly: 2962 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 2963 type: boolean 2964 volumeID: 2965 description: VolumeID uniquely identifies a Portworx volume 2966 type: string 2967 required: 2968 - volumeID 2969 type: object 2970 projected: 2971 description: Items for all in one resources secrets, configmaps, and downward API 2972 properties: 2973 defaultMode: 2974 description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 2975 format: int32 2976 type: integer 2977 sources: 2978 description: list of volume projections 2979 items: 2980 description: Projection that may be projected along with other supported volume types 2981 properties: 2982 configMap: 2983 description: information about the configMap data to project 2984 properties: 2985 items: 2986 description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 2987 items: 2988 description: Maps a string key to a path within a volume. 2989 properties: 2990 key: 2991 description: The key to project. 2992 type: string 2993 mode: 2994 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 2995 format: int32 2996 type: integer 2997 path: 2998 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 2999 type: string 3000 required: 3001 - key 3002 - path 3003 type: object 3004 type: array 3005 name: 3006 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3007 type: string 3008 optional: 3009 description: Specify whether the ConfigMap or its keys must be defined 3010 type: boolean 3011 type: object 3012 downwardAPI: 3013 description: information about the downwardAPI data to project 3014 properties: 3015 items: 3016 description: Items is a list of DownwardAPIVolume file 3017 items: 3018 description: DownwardAPIVolumeFile represents information to create the file containing the pod field 3019 properties: 3020 fieldRef: 3021 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' 3022 properties: 3023 apiVersion: 3024 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 3025 type: string 3026 fieldPath: 3027 description: Path of the field to select in the specified API version. 3028 type: string 3029 required: 3030 - fieldPath 3031 type: object 3032 mode: 3033 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3034 format: int32 3035 type: integer 3036 path: 3037 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' 3038 type: string 3039 resourceFieldRef: 3040 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' 3041 properties: 3042 containerName: 3043 description: 'Container name: required for volumes, optional for env vars' 3044 type: string 3045 divisor: 3046 anyOf: 3047 - type: integer 3048 - type: string 3049 description: Specifies the output format of the exposed resources, defaults to "1" 3050 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3051 x-kubernetes-int-or-string: true 3052 resource: 3053 description: 'Required: resource to select' 3054 type: string 3055 required: 3056 - resource 3057 type: object 3058 required: 3059 - path 3060 type: object 3061 type: array 3062 type: object 3063 secret: 3064 description: information about the secret data to project 3065 properties: 3066 items: 3067 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 3068 items: 3069 description: Maps a string key to a path within a volume. 3070 properties: 3071 key: 3072 description: The key to project. 3073 type: string 3074 mode: 3075 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3076 format: int32 3077 type: integer 3078 path: 3079 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 3080 type: string 3081 required: 3082 - key 3083 - path 3084 type: object 3085 type: array 3086 name: 3087 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3088 type: string 3089 optional: 3090 description: Specify whether the Secret or its key must be defined 3091 type: boolean 3092 type: object 3093 serviceAccountToken: 3094 description: information about the serviceAccountToken data to project 3095 properties: 3096 audience: 3097 description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 3098 type: string 3099 expirationSeconds: 3100 description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 3101 format: int64 3102 type: integer 3103 path: 3104 description: Path is the path relative to the mount point of the file to project the token into. 3105 type: string 3106 required: 3107 - path 3108 type: object 3109 type: object 3110 type: array 3111 required: 3112 - sources 3113 type: object 3114 quobyte: 3115 description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime 3116 properties: 3117 group: 3118 description: Group to map volume access to Default is no group 3119 type: string 3120 readOnly: 3121 description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 3122 type: boolean 3123 registry: 3124 description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 3125 type: string 3126 tenant: 3127 description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 3128 type: string 3129 user: 3130 description: User to map volume access to Defaults to serivceaccount user 3131 type: string 3132 volume: 3133 description: Volume is a string that references an already created Quobyte volume by name. 3134 type: string 3135 required: 3136 - registry 3137 - volume 3138 type: object 3139 rbd: 3140 description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' 3141 properties: 3142 fsType: 3143 description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' 3144 type: string 3145 image: 3146 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3147 type: string 3148 keyring: 3149 description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3150 type: string 3151 monitors: 3152 description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3153 items: 3154 type: string 3155 type: array 3156 pool: 3157 description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3158 type: string 3159 readOnly: 3160 description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3161 type: boolean 3162 secretRef: 3163 description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3164 properties: 3165 name: 3166 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3167 type: string 3168 type: object 3169 user: 3170 description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' 3171 type: string 3172 required: 3173 - image 3174 - monitors 3175 type: object 3176 scaleIO: 3177 description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. 3178 properties: 3179 fsType: 3180 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 3181 type: string 3182 gateway: 3183 description: The host address of the ScaleIO API Gateway. 3184 type: string 3185 protectionDomain: 3186 description: The name of the ScaleIO Protection Domain for the configured storage. 3187 type: string 3188 readOnly: 3189 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3190 type: boolean 3191 secretRef: 3192 description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 3193 properties: 3194 name: 3195 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3196 type: string 3197 type: object 3198 sslEnabled: 3199 description: Flag to enable/disable SSL communication with Gateway, default false 3200 type: boolean 3201 storageMode: 3202 description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 3203 type: string 3204 storagePool: 3205 description: The ScaleIO Storage Pool associated with the protection domain. 3206 type: string 3207 system: 3208 description: The name of the storage system as configured in ScaleIO. 3209 type: string 3210 volumeName: 3211 description: The name of a volume already created in the ScaleIO system that is associated with this volume source. 3212 type: string 3213 required: 3214 - gateway 3215 - secretRef 3216 - system 3217 type: object 3218 secret: 3219 description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 3220 properties: 3221 defaultMode: 3222 description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3223 format: int32 3224 type: integer 3225 items: 3226 description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 3227 items: 3228 description: Maps a string key to a path within a volume. 3229 properties: 3230 key: 3231 description: The key to project. 3232 type: string 3233 mode: 3234 description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' 3235 format: int32 3236 type: integer 3237 path: 3238 description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 3239 type: string 3240 required: 3241 - key 3242 - path 3243 type: object 3244 type: array 3245 optional: 3246 description: Specify whether the Secret or its keys must be defined 3247 type: boolean 3248 secretName: 3249 description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' 3250 type: string 3251 type: object 3252 storageos: 3253 description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. 3254 properties: 3255 fsType: 3256 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3257 type: string 3258 readOnly: 3259 description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 3260 type: boolean 3261 secretRef: 3262 description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 3263 properties: 3264 name: 3265 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' 3266 type: string 3267 type: object 3268 volumeName: 3269 description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 3270 type: string 3271 volumeNamespace: 3272 description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 3273 type: string 3274 type: object 3275 vsphereVolume: 3276 description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine 3277 properties: 3278 fsType: 3279 description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 3280 type: string 3281 storagePolicyID: 3282 description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 3283 type: string 3284 storagePolicyName: 3285 description: Storage Policy Based Management (SPBM) profile name. 3286 type: string 3287 volumePath: 3288 description: Path that identifies vSphere volume vmdk 3289 type: string 3290 required: 3291 - volumePath 3292 type: object 3293 required: 3294 - name 3295 type: object 3296 type: array 3297 type: object 3298 status: 3299 description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' 3300 properties: 3301 availableReplicas: 3302 description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. 3303 format: int32 3304 type: integer 3305 paused: 3306 description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. 3307 type: boolean 3308 replicas: 3309 description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). 3310 format: int32 3311 type: integer 3312 unavailableReplicas: 3313 description: Total number of unavailable pods targeted by this ThanosRuler deployment. 3314 format: int32 3315 type: integer 3316 updatedReplicas: 3317 description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. 3318 format: int32 3319 type: integer 3320 required: 3321 - availableReplicas 3322 - paused 3323 - replicas 3324 - unavailableReplicas 3325 - updatedReplicas 3326 type: object 3327 required: 3328 - spec 3329 type: object 3330 served: true 3331 storage: true 3332 status: 3333 acceptedNames: 3334 kind: "" 3335 plural: "" 3336 conditions: [] 3337 storedVersions: []