sigs.k8s.io/cluster-api-provider-aws@v1.5.5/test/e2e/data/infrastructure-aws/e2e_test_templates/cluster-template-gpu.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cni: ${CLUSTER_NAME}-crs-0 6 gpu: nvidia 7 name: ${CLUSTER_NAME} 8 spec: 9 clusterNetwork: 10 pods: 11 cidrBlocks: 12 - 192.168.0.0/16 13 controlPlaneRef: 14 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 15 kind: KubeadmControlPlane 16 name: ${CLUSTER_NAME}-control-plane 17 infrastructureRef: 18 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 19 kind: AWSCluster 20 name: ${CLUSTER_NAME} 21 --- 22 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 23 kind: AWSCluster 24 metadata: 25 name: ${CLUSTER_NAME} 26 spec: 27 region: ${AWS_REGION} 28 sshKeyName: ${AWS_SSH_KEY_NAME} 29 --- 30 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 31 kind: KubeadmControlPlane 32 metadata: 33 name: ${CLUSTER_NAME}-control-plane 34 spec: 35 kubeadmConfigSpec: 36 clusterConfiguration: 37 apiServer: 38 extraArgs: 39 cloud-provider: aws 40 controllerManager: 41 extraArgs: 42 cloud-provider: aws 43 initConfiguration: 44 nodeRegistration: 45 kubeletExtraArgs: 46 cloud-provider: aws 47 name: '{{ ds.meta_data.local_hostname }}' 48 joinConfiguration: 49 nodeRegistration: 50 kubeletExtraArgs: 51 cloud-provider: aws 52 name: '{{ ds.meta_data.local_hostname }}' 53 machineTemplate: 54 infrastructureRef: 55 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 56 kind: AWSMachineTemplate 57 name: ${CLUSTER_NAME}-control-plane 58 replicas: ${CONTROL_PLANE_MACHINE_COUNT} 59 version: ${KUBERNETES_VERSION} 60 --- 61 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 62 kind: AWSMachineTemplate 63 metadata: 64 name: ${CLUSTER_NAME}-control-plane 65 spec: 66 template: 67 spec: 68 iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io 69 instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} 70 rootVolume: 71 size: 100 72 type: gp2 73 sshKeyName: ${AWS_SSH_KEY_NAME} 74 --- 75 apiVersion: addons.cluster.x-k8s.io/v1beta1 76 kind: ClusterResourceSet 77 metadata: 78 name: crs-gpu-operator 79 spec: 80 clusterSelector: 81 matchLabels: 82 gpu: nvidia 83 resources: 84 - kind: ConfigMap 85 name: nvidia-clusterpolicy-crd 86 - kind: ConfigMap 87 name: nvidia-gpu-operator-components 88 strategy: ApplyOnce 89 --- 90 apiVersion: cluster.x-k8s.io/v1beta1 91 kind: MachineDeployment 92 metadata: 93 name: ${CLUSTER_NAME}-md 94 spec: 95 clusterName: ${CLUSTER_NAME} 96 replicas: ${WORKER_MACHINE_COUNT} 97 selector: 98 matchLabels: null 99 template: 100 spec: 101 bootstrap: 102 configRef: 103 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 104 kind: KubeadmConfigTemplate 105 name: ${CLUSTER_NAME}-md 106 clusterName: ${CLUSTER_NAME} 107 infrastructureRef: 108 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 109 kind: AWSMachineTemplate 110 name: ${CLUSTER_NAME}-md 111 version: ${KUBERNETES_VERSION} 112 --- 113 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 114 kind: AWSMachineTemplate 115 metadata: 116 name: ${CLUSTER_NAME}-md 117 spec: 118 template: 119 spec: 120 iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io 121 instanceType: g4dn.xlarge 122 rootVolume: 123 size: 100 124 type: gp2 125 sshKeyName: ${AWS_SSH_KEY_NAME} 126 --- 127 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 128 kind: KubeadmConfigTemplate 129 metadata: 130 name: ${CLUSTER_NAME}-md 131 spec: 132 template: 133 spec: 134 joinConfiguration: 135 nodeRegistration: 136 kubeletExtraArgs: 137 cloud-provider: aws 138 name: '{{ ds.meta_data.local_hostname }}' 139 --- 140 apiVersion: v1 141 data: ${CNI_RESOURCES} 142 kind: ConfigMap 143 metadata: 144 name: cni-${CLUSTER_NAME}-crs-0 145 --- 146 apiVersion: addons.cluster.x-k8s.io/v1beta1 147 kind: ClusterResourceSet 148 metadata: 149 name: ${CLUSTER_NAME}-crs-0 150 spec: 151 clusterSelector: 152 matchLabels: 153 cni: ${CLUSTER_NAME}-crs-0 154 resources: 155 - kind: ConfigMap 156 name: cni-${CLUSTER_NAME}-crs-0 157 strategy: ApplyOnce 158 --- 159 apiVersion: v1 160 data: 161 clusterpolicy-crd.yaml: | 162 --- 163 apiVersion: apiextensions.k8s.io/v1 164 kind: CustomResourceDefinition 165 metadata: 166 annotations: 167 controller-gen.kubebuilder.io/version: v0.4.1 168 creationTimestamp: null 169 name: clusterpolicies.nvidia.com 170 spec: 171 group: nvidia.com 172 names: 173 kind: ClusterPolicy 174 listKind: ClusterPolicyList 175 plural: clusterpolicies 176 singular: clusterpolicy 177 scope: Cluster 178 versions: 179 - name: v1 180 schema: 181 openAPIV3Schema: 182 description: ClusterPolicy is the Schema for the clusterpolicies API 183 properties: 184 apiVersion: 185 description: 'APIVersion defines the versioned schema of this representation 186 of an object. Servers should convert recognized schemas to the latest 187 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 188 type: string 189 kind: 190 description: 'Kind is a string value representing the REST resource this 191 object represents. Servers may infer this from the endpoint the client 192 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 193 type: string 194 metadata: 195 type: object 196 spec: 197 description: ClusterPolicySpec defines the desired state of ClusterPolicy 198 properties: 199 dcgmExporter: 200 description: DCGMExporter spec 201 properties: 202 affinity: 203 description: 'Optional: Set Node affinity' 204 properties: 205 nodeAffinity: 206 description: Describes node affinity scheduling rules for 207 the pod. 208 properties: 209 preferredDuringSchedulingIgnoredDuringExecution: 210 description: The scheduler will prefer to schedule pods 211 to nodes that satisfy the affinity expressions specified 212 by this field, but it may choose a node that violates 213 one or more of the expressions. The node that is most 214 preferred is the one with the greatest sum of weights, 215 i.e. for each node that meets all of the scheduling 216 requirements (resource request, requiredDuringScheduling 217 affinity expressions, etc.), compute a sum by iterating 218 through the elements of this field and adding "weight" 219 to the sum if the node matches the corresponding matchExpressions; 220 the node(s) with the highest sum are the most preferred. 221 items: 222 description: An empty preferred scheduling term matches 223 all objects with implicit weight 0 (i.e. it's a no-op). 224 A null preferred scheduling term matches no objects 225 (i.e. is also a no-op). 226 properties: 227 preference: 228 description: A node selector term, associated with 229 the corresponding weight. 230 properties: 231 matchExpressions: 232 description: A list of node selector requirements 233 by node's labels. 234 items: 235 description: A node selector requirement is 236 a selector that contains values, a key, 237 and an operator that relates the key and 238 values. 239 properties: 240 key: 241 description: The label key that the selector 242 applies to. 243 type: string 244 operator: 245 description: Represents a key's relationship 246 to a set of values. Valid operators 247 are In, NotIn, Exists, DoesNotExist. 248 Gt, and Lt. 249 type: string 250 values: 251 description: An array of string values. 252 If the operator is In or NotIn, the 253 values array must be non-empty. If the 254 operator is Exists or DoesNotExist, 255 the values array must be empty. If the 256 operator is Gt or Lt, the values array 257 must have a single element, which will 258 be interpreted as an integer. This array 259 is replaced during a strategic merge 260 patch. 261 items: 262 type: string 263 type: array 264 required: 265 - key 266 - operator 267 type: object 268 type: array 269 matchFields: 270 description: A list of node selector requirements 271 by node's fields. 272 items: 273 description: A node selector requirement is 274 a selector that contains values, a key, 275 and an operator that relates the key and 276 values. 277 properties: 278 key: 279 description: The label key that the selector 280 applies to. 281 type: string 282 operator: 283 description: Represents a key's relationship 284 to a set of values. Valid operators 285 are In, NotIn, Exists, DoesNotExist. 286 Gt, and Lt. 287 type: string 288 values: 289 description: An array of string values. 290 If the operator is In or NotIn, the 291 values array must be non-empty. If the 292 operator is Exists or DoesNotExist, 293 the values array must be empty. If the 294 operator is Gt or Lt, the values array 295 must have a single element, which will 296 be interpreted as an integer. This array 297 is replaced during a strategic merge 298 patch. 299 items: 300 type: string 301 type: array 302 required: 303 - key 304 - operator 305 type: object 306 type: array 307 type: object 308 weight: 309 description: Weight associated with matching the 310 corresponding nodeSelectorTerm, in the range 1-100. 311 format: int32 312 type: integer 313 required: 314 - preference 315 - weight 316 type: object 317 type: array 318 requiredDuringSchedulingIgnoredDuringExecution: 319 description: If the affinity requirements specified by 320 this field are not met at scheduling time, the pod will 321 not be scheduled onto the node. If the affinity requirements 322 specified by this field cease to be met at some point 323 during pod execution (e.g. due to an update), the system 324 may or may not try to eventually evict the pod from 325 its node. 326 properties: 327 nodeSelectorTerms: 328 description: Required. A list of node selector terms. 329 The terms are ORed. 330 items: 331 description: A null or empty node selector term 332 matches no objects. The requirements of them are 333 ANDed. The TopologySelectorTerm type implements 334 a subset of the NodeSelectorTerm. 335 properties: 336 matchExpressions: 337 description: A list of node selector requirements 338 by node's labels. 339 items: 340 description: A node selector requirement is 341 a selector that contains values, a key, 342 and an operator that relates the key and 343 values. 344 properties: 345 key: 346 description: The label key that the selector 347 applies to. 348 type: string 349 operator: 350 description: Represents a key's relationship 351 to a set of values. Valid operators 352 are In, NotIn, Exists, DoesNotExist. 353 Gt, and Lt. 354 type: string 355 values: 356 description: An array of string values. 357 If the operator is In or NotIn, the 358 values array must be non-empty. If the 359 operator is Exists or DoesNotExist, 360 the values array must be empty. If the 361 operator is Gt or Lt, the values array 362 must have a single element, which will 363 be interpreted as an integer. This array 364 is replaced during a strategic merge 365 patch. 366 items: 367 type: string 368 type: array 369 required: 370 - key 371 - operator 372 type: object 373 type: array 374 matchFields: 375 description: A list of node selector requirements 376 by node's fields. 377 items: 378 description: A node selector requirement is 379 a selector that contains values, a key, 380 and an operator that relates the key and 381 values. 382 properties: 383 key: 384 description: The label key that the selector 385 applies to. 386 type: string 387 operator: 388 description: Represents a key's relationship 389 to a set of values. Valid operators 390 are In, NotIn, Exists, DoesNotExist. 391 Gt, and Lt. 392 type: string 393 values: 394 description: An array of string values. 395 If the operator is In or NotIn, the 396 values array must be non-empty. If the 397 operator is Exists or DoesNotExist, 398 the values array must be empty. If the 399 operator is Gt or Lt, the values array 400 must have a single element, which will 401 be interpreted as an integer. This array 402 is replaced during a strategic merge 403 patch. 404 items: 405 type: string 406 type: array 407 required: 408 - key 409 - operator 410 type: object 411 type: array 412 type: object 413 type: array 414 required: 415 - nodeSelectorTerms 416 type: object 417 type: object 418 podAffinity: 419 description: Describes pod affinity scheduling rules (e.g. 420 co-locate this pod in the same node, zone, etc. as some 421 other pod(s)). 422 properties: 423 preferredDuringSchedulingIgnoredDuringExecution: 424 description: The scheduler will prefer to schedule pods 425 to nodes that satisfy the affinity expressions specified 426 by this field, but it may choose a node that violates 427 one or more of the expressions. The node that is most 428 preferred is the one with the greatest sum of weights, 429 i.e. for each node that meets all of the scheduling 430 requirements (resource request, requiredDuringScheduling 431 affinity expressions, etc.), compute a sum by iterating 432 through the elements of this field and adding "weight" 433 to the sum if the node has pods which matches the corresponding 434 podAffinityTerm; the node(s) with the highest sum are 435 the most preferred. 436 items: 437 description: The weights of all of the matched WeightedPodAffinityTerm 438 fields are added per-node to find the most preferred 439 node(s) 440 properties: 441 podAffinityTerm: 442 description: Required. A pod affinity term, associated 443 with the corresponding weight. 444 properties: 445 labelSelector: 446 description: A label query over a set of resources, 447 in this case pods. 448 properties: 449 matchExpressions: 450 description: matchExpressions is a list 451 of label selector requirements. The requirements 452 are ANDed. 453 items: 454 description: A label selector requirement 455 is a selector that contains values, 456 a key, and an operator that relates 457 the key and values. 458 properties: 459 key: 460 description: key is the label key 461 that the selector applies to. 462 type: string 463 operator: 464 description: operator represents a 465 key's relationship to a set of values. 466 Valid operators are In, NotIn, Exists 467 and DoesNotExist. 468 type: string 469 values: 470 description: values is an array of 471 string values. If the operator is 472 In or NotIn, the values array must 473 be non-empty. If the operator is 474 Exists or DoesNotExist, the values 475 array must be empty. This array 476 is replaced during a strategic merge 477 patch. 478 items: 479 type: string 480 type: array 481 required: 482 - key 483 - operator 484 type: object 485 type: array 486 matchLabels: 487 additionalProperties: 488 type: string 489 description: matchLabels is a map of {key,value} 490 pairs. A single {key,value} in the matchLabels 491 map is equivalent to an element of matchExpressions, 492 whose key field is "key", the operator 493 is "In", and the values array contains 494 only "value". The requirements are ANDed. 495 type: object 496 type: object 497 namespaces: 498 description: namespaces specifies which namespaces 499 the labelSelector applies to (matches against); 500 null or empty list means "this pod's namespace" 501 items: 502 type: string 503 type: array 504 topologyKey: 505 description: This pod should be co-located (affinity) 506 or not co-located (anti-affinity) with the 507 pods matching the labelSelector in the specified 508 namespaces, where co-located is defined as 509 running on a node whose value of the label 510 with key topologyKey matches that of any node 511 on which any of the selected pods is running. 512 Empty topologyKey is not allowed. 513 type: string 514 required: 515 - topologyKey 516 type: object 517 weight: 518 description: weight associated with matching the 519 corresponding podAffinityTerm, in the range 1-100. 520 format: int32 521 type: integer 522 required: 523 - podAffinityTerm 524 - weight 525 type: object 526 type: array 527 requiredDuringSchedulingIgnoredDuringExecution: 528 description: If the affinity requirements specified by 529 this field are not met at scheduling time, the pod will 530 not be scheduled onto the node. If the affinity requirements 531 specified by this field cease to be met at some point 532 during pod execution (e.g. due to a pod label update), 533 the system may or may not try to eventually evict the 534 pod from its node. When there are multiple elements, 535 the lists of nodes corresponding to each podAffinityTerm 536 are intersected, i.e. all terms must be satisfied. 537 items: 538 description: Defines a set of pods (namely those matching 539 the labelSelector relative to the given namespace(s)) 540 that this pod should be co-located (affinity) or not 541 co-located (anti-affinity) with, where co-located 542 is defined as running on a node whose value of the 543 label with key <topologyKey> matches that of any node 544 on which a pod of the set of pods is running 545 properties: 546 labelSelector: 547 description: A label query over a set of resources, 548 in this case pods. 549 properties: 550 matchExpressions: 551 description: matchExpressions is a list of label 552 selector requirements. The requirements are 553 ANDed. 554 items: 555 description: A label selector requirement 556 is a selector that contains values, a key, 557 and an operator that relates the key and 558 values. 559 properties: 560 key: 561 description: key is the label key that 562 the selector applies to. 563 type: string 564 operator: 565 description: operator represents a key's 566 relationship to a set of values. Valid 567 operators are In, NotIn, Exists and 568 DoesNotExist. 569 type: string 570 values: 571 description: values is an array of string 572 values. If the operator is In or NotIn, 573 the values array must be non-empty. 574 If the operator is Exists or DoesNotExist, 575 the values array must be empty. This 576 array is replaced during a strategic 577 merge patch. 578 items: 579 type: string 580 type: array 581 required: 582 - key 583 - operator 584 type: object 585 type: array 586 matchLabels: 587 additionalProperties: 588 type: string 589 description: matchLabels is a map of {key,value} 590 pairs. A single {key,value} in the matchLabels 591 map is equivalent to an element of matchExpressions, 592 whose key field is "key", the operator is 593 "In", and the values array contains only "value". 594 The requirements are ANDed. 595 type: object 596 type: object 597 namespaces: 598 description: namespaces specifies which namespaces 599 the labelSelector applies to (matches against); 600 null or empty list means "this pod's namespace" 601 items: 602 type: string 603 type: array 604 topologyKey: 605 description: This pod should be co-located (affinity) 606 or not co-located (anti-affinity) with the pods 607 matching the labelSelector in the specified namespaces, 608 where co-located is defined as running on a node 609 whose value of the label with key topologyKey 610 matches that of any node on which any of the selected 611 pods is running. Empty topologyKey is not allowed. 612 type: string 613 required: 614 - topologyKey 615 type: object 616 type: array 617 type: object 618 podAntiAffinity: 619 description: Describes pod anti-affinity scheduling rules 620 (e.g. avoid putting this pod in the same node, zone, etc. 621 as some other pod(s)). 622 properties: 623 preferredDuringSchedulingIgnoredDuringExecution: 624 description: The scheduler will prefer to schedule pods 625 to nodes that satisfy the anti-affinity expressions 626 specified by this field, but it may choose a node that 627 violates one or more of the expressions. The node that 628 is most preferred is the one with the greatest sum of 629 weights, i.e. for each node that meets all of the scheduling 630 requirements (resource request, requiredDuringScheduling 631 anti-affinity expressions, etc.), compute a sum by iterating 632 through the elements of this field and adding "weight" 633 to the sum if the node has pods which matches the corresponding 634 podAffinityTerm; the node(s) with the highest sum are 635 the most preferred. 636 items: 637 description: The weights of all of the matched WeightedPodAffinityTerm 638 fields are added per-node to find the most preferred 639 node(s) 640 properties: 641 podAffinityTerm: 642 description: Required. A pod affinity term, associated 643 with the corresponding weight. 644 properties: 645 labelSelector: 646 description: A label query over a set of resources, 647 in this case pods. 648 properties: 649 matchExpressions: 650 description: matchExpressions is a list 651 of label selector requirements. The requirements 652 are ANDed. 653 items: 654 description: A label selector requirement 655 is a selector that contains values, 656 a key, and an operator that relates 657 the key and values. 658 properties: 659 key: 660 description: key is the label key 661 that the selector applies to. 662 type: string 663 operator: 664 description: operator represents a 665 key's relationship to a set of values. 666 Valid operators are In, NotIn, Exists 667 and DoesNotExist. 668 type: string 669 values: 670 description: values is an array of 671 string values. If the operator is 672 In or NotIn, the values array must 673 be non-empty. If the operator is 674 Exists or DoesNotExist, the values 675 array must be empty. This array 676 is replaced during a strategic merge 677 patch. 678 items: 679 type: string 680 type: array 681 required: 682 - key 683 - operator 684 type: object 685 type: array 686 matchLabels: 687 additionalProperties: 688 type: string 689 description: matchLabels is a map of {key,value} 690 pairs. A single {key,value} in the matchLabels 691 map is equivalent to an element of matchExpressions, 692 whose key field is "key", the operator 693 is "In", and the values array contains 694 only "value". The requirements are ANDed. 695 type: object 696 type: object 697 namespaces: 698 description: namespaces specifies which namespaces 699 the labelSelector applies to (matches against); 700 null or empty list means "this pod's namespace" 701 items: 702 type: string 703 type: array 704 topologyKey: 705 description: This pod should be co-located (affinity) 706 or not co-located (anti-affinity) with the 707 pods matching the labelSelector in the specified 708 namespaces, where co-located is defined as 709 running on a node whose value of the label 710 with key topologyKey matches that of any node 711 on which any of the selected pods is running. 712 Empty topologyKey is not allowed. 713 type: string 714 required: 715 - topologyKey 716 type: object 717 weight: 718 description: weight associated with matching the 719 corresponding podAffinityTerm, in the range 1-100. 720 format: int32 721 type: integer 722 required: 723 - podAffinityTerm 724 - weight 725 type: object 726 type: array 727 requiredDuringSchedulingIgnoredDuringExecution: 728 description: If the anti-affinity requirements specified 729 by this field are not met at scheduling time, the pod 730 will not be scheduled onto the node. If the anti-affinity 731 requirements specified by this field cease to be met 732 at some point during pod execution (e.g. due to a pod 733 label update), the system may or may not try to eventually 734 evict the pod from its node. When there are multiple 735 elements, the lists of nodes corresponding to each podAffinityTerm 736 are intersected, i.e. all terms must be satisfied. 737 items: 738 description: Defines a set of pods (namely those matching 739 the labelSelector relative to the given namespace(s)) 740 that this pod should be co-located (affinity) or not 741 co-located (anti-affinity) with, where co-located 742 is defined as running on a node whose value of the 743 label with key <topologyKey> matches that of any node 744 on which a pod of the set of pods is running 745 properties: 746 labelSelector: 747 description: A label query over a set of resources, 748 in this case pods. 749 properties: 750 matchExpressions: 751 description: matchExpressions is a list of label 752 selector requirements. The requirements are 753 ANDed. 754 items: 755 description: A label selector requirement 756 is a selector that contains values, a key, 757 and an operator that relates the key and 758 values. 759 properties: 760 key: 761 description: key is the label key that 762 the selector applies to. 763 type: string 764 operator: 765 description: operator represents a key's 766 relationship to a set of values. Valid 767 operators are In, NotIn, Exists and 768 DoesNotExist. 769 type: string 770 values: 771 description: values is an array of string 772 values. If the operator is In or NotIn, 773 the values array must be non-empty. 774 If the operator is Exists or DoesNotExist, 775 the values array must be empty. This 776 array is replaced during a strategic 777 merge patch. 778 items: 779 type: string 780 type: array 781 required: 782 - key 783 - operator 784 type: object 785 type: array 786 matchLabels: 787 additionalProperties: 788 type: string 789 description: matchLabels is a map of {key,value} 790 pairs. A single {key,value} in the matchLabels 791 map is equivalent to an element of matchExpressions, 792 whose key field is "key", the operator is 793 "In", and the values array contains only "value". 794 The requirements are ANDed. 795 type: object 796 type: object 797 namespaces: 798 description: namespaces specifies which namespaces 799 the labelSelector applies to (matches against); 800 null or empty list means "this pod's namespace" 801 items: 802 type: string 803 type: array 804 topologyKey: 805 description: This pod should be co-located (affinity) 806 or not co-located (anti-affinity) with the pods 807 matching the labelSelector in the specified namespaces, 808 where co-located is defined as running on a node 809 whose value of the label with key topologyKey 810 matches that of any node on which any of the selected 811 pods is running. Empty topologyKey is not allowed. 812 type: string 813 required: 814 - topologyKey 815 type: object 816 type: array 817 type: object 818 type: object 819 args: 820 description: 'Optional: List of arguments' 821 items: 822 type: string 823 type: array 824 env: 825 description: 'Optional: List of environment variables' 826 items: 827 description: EnvVar represents an environment variable present 828 in a Container. 829 properties: 830 name: 831 description: Name of the environment variable. Must be a 832 C_IDENTIFIER. 833 type: string 834 value: 835 description: 'Variable references $(VAR_NAME) are expanded 836 using the previous defined environment variables in the 837 container and any service environment variables. If a 838 variable cannot be resolved, the reference in the input 839 string will be unchanged. The $(VAR_NAME) syntax can be 840 escaped with a double $$, ie: $$(VAR_NAME). Escaped references 841 will never be expanded, regardless of whether the variable 842 exists or not. Defaults to "".' 843 type: string 844 valueFrom: 845 description: Source for the environment variable's value. 846 Cannot be used if value is not empty. 847 properties: 848 configMapKeyRef: 849 description: Selects a key of a ConfigMap. 850 properties: 851 key: 852 description: The key to select. 853 type: string 854 name: 855 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 856 TODO: Add other useful fields. apiVersion, kind, 857 uid?' 858 type: string 859 optional: 860 description: Specify whether the ConfigMap or its 861 key must be defined 862 type: boolean 863 required: 864 - key 865 type: object 866 fieldRef: 867 description: 'Selects a field of the pod: supports metadata.name, 868 metadata.namespace, `metadata.labels[''<KEY>'']`, 869 `metadata.annotations[''<KEY>'']`, spec.nodeName, 870 spec.serviceAccountName, status.hostIP, status.podIP, 871 status.podIPs.' 872 properties: 873 apiVersion: 874 description: Version of the schema the FieldPath 875 is written in terms of, defaults to "v1". 876 type: string 877 fieldPath: 878 description: Path of the field to select in the 879 specified API version. 880 type: string 881 required: 882 - fieldPath 883 type: object 884 resourceFieldRef: 885 description: 'Selects a resource of the container: only 886 resources limits and requests (limits.cpu, limits.memory, 887 limits.ephemeral-storage, requests.cpu, requests.memory 888 and requests.ephemeral-storage) are currently supported.' 889 properties: 890 containerName: 891 description: 'Container name: required for volumes, 892 optional for env vars' 893 type: string 894 divisor: 895 anyOf: 896 - type: integer 897 - type: string 898 description: Specifies the output format of the 899 exposed resources, defaults to "1" 900 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 901 x-kubernetes-int-or-string: true 902 resource: 903 description: 'Required: resource to select' 904 type: string 905 required: 906 - resource 907 type: object 908 secretKeyRef: 909 description: Selects a key of a secret in the pod's 910 namespace 911 properties: 912 key: 913 description: The key of the secret to select from. Must 914 be a valid secret key. 915 type: string 916 name: 917 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 918 TODO: Add other useful fields. apiVersion, kind, 919 uid?' 920 type: string 921 optional: 922 description: Specify whether the Secret or its key 923 must be defined 924 type: boolean 925 required: 926 - key 927 type: object 928 type: object 929 required: 930 - name 931 type: object 932 type: array 933 image: 934 pattern: '[a-zA-Z0-9\-]+' 935 type: string 936 imagePullPolicy: 937 description: Image pull policy 938 type: string 939 imagePullSecrets: 940 description: Image pull secrets 941 items: 942 type: string 943 type: array 944 licensingConfig: 945 description: 'Optional: Licensing configuration for vGPU drivers' 946 properties: 947 configMapName: 948 type: string 949 type: object 950 nodeSelector: 951 additionalProperties: 952 type: string 953 description: Node selector to control the selection of nodes (optional) 954 type: object 955 podSecurityContext: 956 description: 'Optional: Pod Security Context' 957 properties: 958 fsGroup: 959 description: "A special supplemental group that applies to 960 all containers in a pod. Some volume types allow the Kubelet 961 to change the ownership of that volume to be owned by the 962 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 963 bit is set (new files created in the volume will be owned 964 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 965 \n If unset, the Kubelet will not modify the ownership and 966 permissions of any volume." 967 format: int64 968 type: integer 969 fsGroupChangePolicy: 970 description: 'fsGroupChangePolicy defines behavior of changing 971 ownership and permission of the volume before being exposed 972 inside Pod. This field will only apply to volume types which 973 support fsGroup based ownership(and permissions). It will 974 have no effect on ephemeral volume types such as: secret, 975 configmaps and emptydir. Valid values are "OnRootMismatch" 976 and "Always". If not specified, "Always" is used.' 977 type: string 978 runAsGroup: 979 description: The GID to run the entrypoint of the container 980 process. Uses runtime default if unset. May also be set 981 in SecurityContext. If set in both SecurityContext and 982 PodSecurityContext, the value specified in SecurityContext 983 takes precedence for that container. 984 format: int64 985 type: integer 986 runAsNonRoot: 987 description: Indicates that the container must run as a non-root 988 user. If true, the Kubelet will validate the image at runtime 989 to ensure that it does not run as UID 0 (root) and fail 990 to start the container if it does. If unset or false, no 991 such validation will be performed. May also be set in SecurityContext. If 992 set in both SecurityContext and PodSecurityContext, the 993 value specified in SecurityContext takes precedence. 994 type: boolean 995 runAsUser: 996 description: The UID to run the entrypoint of the container 997 process. Defaults to user specified in image metadata if 998 unspecified. May also be set in SecurityContext. If set 999 in both SecurityContext and PodSecurityContext, the value 1000 specified in SecurityContext takes precedence for that container. 1001 format: int64 1002 type: integer 1003 seLinuxOptions: 1004 description: The SELinux context to be applied to all containers. 1005 If unspecified, the container runtime will allocate a random 1006 SELinux context for each container. May also be set in 1007 SecurityContext. If set in both SecurityContext and PodSecurityContext, 1008 the value specified in SecurityContext takes precedence 1009 for that container. 1010 properties: 1011 level: 1012 description: Level is SELinux level label that applies 1013 to the container. 1014 type: string 1015 role: 1016 description: Role is a SELinux role label that applies 1017 to the container. 1018 type: string 1019 type: 1020 description: Type is a SELinux type label that applies 1021 to the container. 1022 type: string 1023 user: 1024 description: User is a SELinux user label that applies 1025 to the container. 1026 type: string 1027 type: object 1028 seccompProfile: 1029 description: The seccomp options to use by the containers 1030 in this pod. 1031 properties: 1032 localhostProfile: 1033 description: localhostProfile indicates a profile defined 1034 in a file on the node should be used. The profile must 1035 be preconfigured on the node to work. Must be a descending 1036 path, relative to the kubelet's configured seccomp profile 1037 location. Must only be set if type is "Localhost". 1038 type: string 1039 type: 1040 description: "type indicates which kind of seccomp profile 1041 will be applied. Valid options are: \n Localhost - a 1042 profile defined in a file on the node should be used. 1043 RuntimeDefault - the container runtime default profile 1044 should be used. Unconfined - no profile should be applied." 1045 type: string 1046 required: 1047 - type 1048 type: object 1049 supplementalGroups: 1050 description: A list of groups applied to the first process 1051 run in each container, in addition to the container's primary 1052 GID. If unspecified, no groups will be added to any container. 1053 items: 1054 format: int64 1055 type: integer 1056 type: array 1057 sysctls: 1058 description: Sysctls hold a list of namespaced sysctls used 1059 for the pod. Pods with unsupported sysctls (by the container 1060 runtime) might fail to launch. 1061 items: 1062 description: Sysctl defines a kernel parameter to be set 1063 properties: 1064 name: 1065 description: Name of a property to set 1066 type: string 1067 value: 1068 description: Value of a property to set 1069 type: string 1070 required: 1071 - name 1072 - value 1073 type: object 1074 type: array 1075 windowsOptions: 1076 description: The Windows specific settings applied to all 1077 containers. If unspecified, the options within a container's 1078 SecurityContext will be used. If set in both SecurityContext 1079 and PodSecurityContext, the value specified in SecurityContext 1080 takes precedence. 1081 properties: 1082 gmsaCredentialSpec: 1083 description: GMSACredentialSpec is where the GMSA admission 1084 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1085 inlines the contents of the GMSA credential spec named 1086 by the GMSACredentialSpecName field. 1087 type: string 1088 gmsaCredentialSpecName: 1089 description: GMSACredentialSpecName is the name of the 1090 GMSA credential spec to use. 1091 type: string 1092 runAsUserName: 1093 description: The UserName in Windows to run the entrypoint 1094 of the container process. Defaults to the user specified 1095 in image metadata if unspecified. May also be set in 1096 PodSecurityContext. If set in both SecurityContext and 1097 PodSecurityContext, the value specified in SecurityContext 1098 takes precedence. 1099 type: string 1100 type: object 1101 type: object 1102 repoConfig: 1103 description: 'Optional: Custom repo configuration for driver container' 1104 properties: 1105 configMapName: 1106 type: string 1107 destinationDir: 1108 type: string 1109 type: object 1110 repository: 1111 pattern: '[a-zA-Z0-9\.\-\/]+' 1112 type: string 1113 resources: 1114 description: 'Optional: Define resources requests and limits for 1115 each pod' 1116 properties: 1117 limits: 1118 additionalProperties: 1119 anyOf: 1120 - type: integer 1121 - type: string 1122 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1123 x-kubernetes-int-or-string: true 1124 description: 'Limits describes the maximum amount of compute 1125 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1126 type: object 1127 requests: 1128 additionalProperties: 1129 anyOf: 1130 - type: integer 1131 - type: string 1132 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1133 x-kubernetes-int-or-string: true 1134 description: 'Requests describes the minimum amount of compute 1135 resources required. If Requests is omitted for a container, 1136 it defaults to Limits if that is explicitly specified, otherwise 1137 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 1138 type: object 1139 type: object 1140 securityContext: 1141 description: 'Optional: Security Context' 1142 properties: 1143 allowPrivilegeEscalation: 1144 description: 'AllowPrivilegeEscalation controls whether a 1145 process can gain more privileges than its parent process. 1146 This bool directly controls if the no_new_privs flag will 1147 be set on the container process. AllowPrivilegeEscalation 1148 is true always when the container is: 1) run as Privileged 1149 2) has CAP_SYS_ADMIN' 1150 type: boolean 1151 capabilities: 1152 description: The capabilities to add/drop when running containers. 1153 Defaults to the default set of capabilities granted by the 1154 container runtime. 1155 properties: 1156 add: 1157 description: Added capabilities 1158 items: 1159 description: Capability represent POSIX capabilities 1160 type 1161 type: string 1162 type: array 1163 drop: 1164 description: Removed capabilities 1165 items: 1166 description: Capability represent POSIX capabilities 1167 type 1168 type: string 1169 type: array 1170 type: object 1171 privileged: 1172 description: Run container in privileged mode. Processes in 1173 privileged containers are essentially equivalent to root 1174 on the host. Defaults to false. 1175 type: boolean 1176 procMount: 1177 description: procMount denotes the type of proc mount to use 1178 for the containers. The default is DefaultProcMount which 1179 uses the container runtime defaults for readonly paths and 1180 masked paths. This requires the ProcMountType feature flag 1181 to be enabled. 1182 type: string 1183 readOnlyRootFilesystem: 1184 description: Whether this container has a read-only root filesystem. 1185 Default is false. 1186 type: boolean 1187 runAsGroup: 1188 description: The GID to run the entrypoint of the container 1189 process. Uses runtime default if unset. May also be set 1190 in PodSecurityContext. If set in both SecurityContext and 1191 PodSecurityContext, the value specified in SecurityContext 1192 takes precedence. 1193 format: int64 1194 type: integer 1195 runAsNonRoot: 1196 description: Indicates that the container must run as a non-root 1197 user. If true, the Kubelet will validate the image at runtime 1198 to ensure that it does not run as UID 0 (root) and fail 1199 to start the container if it does. If unset or false, no 1200 such validation will be performed. May also be set in PodSecurityContext. If 1201 set in both SecurityContext and PodSecurityContext, the 1202 value specified in SecurityContext takes precedence. 1203 type: boolean 1204 runAsUser: 1205 description: The UID to run the entrypoint of the container 1206 process. Defaults to user specified in image metadata if 1207 unspecified. May also be set in PodSecurityContext. If 1208 set in both SecurityContext and PodSecurityContext, the 1209 value specified in SecurityContext takes precedence. 1210 format: int64 1211 type: integer 1212 seLinuxOptions: 1213 description: The SELinux context to be applied to the container. 1214 If unspecified, the container runtime will allocate a random 1215 SELinux context for each container. May also be set in 1216 PodSecurityContext. If set in both SecurityContext and 1217 PodSecurityContext, the value specified in SecurityContext 1218 takes precedence. 1219 properties: 1220 level: 1221 description: Level is SELinux level label that applies 1222 to the container. 1223 type: string 1224 role: 1225 description: Role is a SELinux role label that applies 1226 to the container. 1227 type: string 1228 type: 1229 description: Type is a SELinux type label that applies 1230 to the container. 1231 type: string 1232 user: 1233 description: User is a SELinux user label that applies 1234 to the container. 1235 type: string 1236 type: object 1237 seccompProfile: 1238 description: The seccomp options to use by this container. 1239 If seccomp options are provided at both the pod & container 1240 level, the container options override the pod options. 1241 properties: 1242 localhostProfile: 1243 description: localhostProfile indicates a profile defined 1244 in a file on the node should be used. The profile must 1245 be preconfigured on the node to work. Must be a descending 1246 path, relative to the kubelet's configured seccomp profile 1247 location. Must only be set if type is "Localhost". 1248 type: string 1249 type: 1250 description: "type indicates which kind of seccomp profile 1251 will be applied. Valid options are: \n Localhost - a 1252 profile defined in a file on the node should be used. 1253 RuntimeDefault - the container runtime default profile 1254 should be used. Unconfined - no profile should be applied." 1255 type: string 1256 required: 1257 - type 1258 type: object 1259 windowsOptions: 1260 description: The Windows specific settings applied to all 1261 containers. If unspecified, the options from the PodSecurityContext 1262 will be used. If set in both SecurityContext and PodSecurityContext, 1263 the value specified in SecurityContext takes precedence. 1264 properties: 1265 gmsaCredentialSpec: 1266 description: GMSACredentialSpec is where the GMSA admission 1267 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 1268 inlines the contents of the GMSA credential spec named 1269 by the GMSACredentialSpecName field. 1270 type: string 1271 gmsaCredentialSpecName: 1272 description: GMSACredentialSpecName is the name of the 1273 GMSA credential spec to use. 1274 type: string 1275 runAsUserName: 1276 description: The UserName in Windows to run the entrypoint 1277 of the container process. Defaults to the user specified 1278 in image metadata if unspecified. May also be set in 1279 PodSecurityContext. If set in both SecurityContext and 1280 PodSecurityContext, the value specified in SecurityContext 1281 takes precedence. 1282 type: string 1283 type: object 1284 type: object 1285 tolerations: 1286 description: 'Optional: Set tolerations' 1287 items: 1288 description: The pod this Toleration is attached to tolerates 1289 any taint that matches the triple <key,value,effect> using 1290 the matching operator <operator>. 1291 properties: 1292 effect: 1293 description: Effect indicates the taint effect to match. 1294 Empty means match all taint effects. When specified, allowed 1295 values are NoSchedule, PreferNoSchedule and NoExecute. 1296 type: string 1297 key: 1298 description: Key is the taint key that the toleration applies 1299 to. Empty means match all taint keys. If the key is empty, 1300 operator must be Exists; this combination means to match 1301 all values and all keys. 1302 type: string 1303 operator: 1304 description: Operator represents a key's relationship to 1305 the value. Valid operators are Exists and Equal. Defaults 1306 to Equal. Exists is equivalent to wildcard for value, 1307 so that a pod can tolerate all taints of a particular 1308 category. 1309 type: string 1310 tolerationSeconds: 1311 description: TolerationSeconds represents the period of 1312 time the toleration (which must be of effect NoExecute, 1313 otherwise this field is ignored) tolerates the taint. 1314 By default, it is not set, which means tolerate the taint 1315 forever (do not evict). Zero and negative values will 1316 be treated as 0 (evict immediately) by the system. 1317 format: int64 1318 type: integer 1319 value: 1320 description: Value is the taint value the toleration matches 1321 to. If the operator is Exists, the value should be empty, 1322 otherwise just a regular string. 1323 type: string 1324 type: object 1325 type: array 1326 version: 1327 pattern: '[a-zA-Z0-9\.-]+' 1328 type: string 1329 required: 1330 - image 1331 - repository 1332 - version 1333 type: object 1334 devicePlugin: 1335 description: DevicePlugin component spec 1336 properties: 1337 affinity: 1338 description: 'Optional: Set Node affinity' 1339 properties: 1340 nodeAffinity: 1341 description: Describes node affinity scheduling rules for 1342 the pod. 1343 properties: 1344 preferredDuringSchedulingIgnoredDuringExecution: 1345 description: The scheduler will prefer to schedule pods 1346 to nodes that satisfy the affinity expressions specified 1347 by this field, but it may choose a node that violates 1348 one or more of the expressions. The node that is most 1349 preferred is the one with the greatest sum of weights, 1350 i.e. for each node that meets all of the scheduling 1351 requirements (resource request, requiredDuringScheduling 1352 affinity expressions, etc.), compute a sum by iterating 1353 through the elements of this field and adding "weight" 1354 to the sum if the node matches the corresponding matchExpressions; 1355 the node(s) with the highest sum are the most preferred. 1356 items: 1357 description: An empty preferred scheduling term matches 1358 all objects with implicit weight 0 (i.e. it's a no-op). 1359 A null preferred scheduling term matches no objects 1360 (i.e. is also a no-op). 1361 properties: 1362 preference: 1363 description: A node selector term, associated with 1364 the corresponding weight. 1365 properties: 1366 matchExpressions: 1367 description: A list of node selector requirements 1368 by node's labels. 1369 items: 1370 description: A node selector requirement is 1371 a selector that contains values, a key, 1372 and an operator that relates the key and 1373 values. 1374 properties: 1375 key: 1376 description: The label key that the selector 1377 applies to. 1378 type: string 1379 operator: 1380 description: Represents a key's relationship 1381 to a set of values. Valid operators 1382 are In, NotIn, Exists, DoesNotExist. 1383 Gt, and Lt. 1384 type: string 1385 values: 1386 description: An array of string values. 1387 If the operator is In or NotIn, the 1388 values array must be non-empty. If the 1389 operator is Exists or DoesNotExist, 1390 the values array must be empty. If the 1391 operator is Gt or Lt, the values array 1392 must have a single element, which will 1393 be interpreted as an integer. This array 1394 is replaced during a strategic merge 1395 patch. 1396 items: 1397 type: string 1398 type: array 1399 required: 1400 - key 1401 - operator 1402 type: object 1403 type: array 1404 matchFields: 1405 description: A list of node selector requirements 1406 by node's fields. 1407 items: 1408 description: A node selector requirement is 1409 a selector that contains values, a key, 1410 and an operator that relates the key and 1411 values. 1412 properties: 1413 key: 1414 description: The label key that the selector 1415 applies to. 1416 type: string 1417 operator: 1418 description: Represents a key's relationship 1419 to a set of values. Valid operators 1420 are In, NotIn, Exists, DoesNotExist. 1421 Gt, and Lt. 1422 type: string 1423 values: 1424 description: An array of string values. 1425 If the operator is In or NotIn, the 1426 values array must be non-empty. If the 1427 operator is Exists or DoesNotExist, 1428 the values array must be empty. If the 1429 operator is Gt or Lt, the values array 1430 must have a single element, which will 1431 be interpreted as an integer. This array 1432 is replaced during a strategic merge 1433 patch. 1434 items: 1435 type: string 1436 type: array 1437 required: 1438 - key 1439 - operator 1440 type: object 1441 type: array 1442 type: object 1443 weight: 1444 description: Weight associated with matching the 1445 corresponding nodeSelectorTerm, in the range 1-100. 1446 format: int32 1447 type: integer 1448 required: 1449 - preference 1450 - weight 1451 type: object 1452 type: array 1453 requiredDuringSchedulingIgnoredDuringExecution: 1454 description: If the affinity requirements specified by 1455 this field are not met at scheduling time, the pod will 1456 not be scheduled onto the node. If the affinity requirements 1457 specified by this field cease to be met at some point 1458 during pod execution (e.g. due to an update), the system 1459 may or may not try to eventually evict the pod from 1460 its node. 1461 properties: 1462 nodeSelectorTerms: 1463 description: Required. A list of node selector terms. 1464 The terms are ORed. 1465 items: 1466 description: A null or empty node selector term 1467 matches no objects. The requirements of them are 1468 ANDed. The TopologySelectorTerm type implements 1469 a subset of the NodeSelectorTerm. 1470 properties: 1471 matchExpressions: 1472 description: A list of node selector requirements 1473 by node's labels. 1474 items: 1475 description: A node selector requirement is 1476 a selector that contains values, a key, 1477 and an operator that relates the key and 1478 values. 1479 properties: 1480 key: 1481 description: The label key that the selector 1482 applies to. 1483 type: string 1484 operator: 1485 description: Represents a key's relationship 1486 to a set of values. Valid operators 1487 are In, NotIn, Exists, DoesNotExist. 1488 Gt, and Lt. 1489 type: string 1490 values: 1491 description: An array of string values. 1492 If the operator is In or NotIn, the 1493 values array must be non-empty. If the 1494 operator is Exists or DoesNotExist, 1495 the values array must be empty. If the 1496 operator is Gt or Lt, the values array 1497 must have a single element, which will 1498 be interpreted as an integer. This array 1499 is replaced during a strategic merge 1500 patch. 1501 items: 1502 type: string 1503 type: array 1504 required: 1505 - key 1506 - operator 1507 type: object 1508 type: array 1509 matchFields: 1510 description: A list of node selector requirements 1511 by node's fields. 1512 items: 1513 description: A node selector requirement is 1514 a selector that contains values, a key, 1515 and an operator that relates the key and 1516 values. 1517 properties: 1518 key: 1519 description: The label key that the selector 1520 applies to. 1521 type: string 1522 operator: 1523 description: Represents a key's relationship 1524 to a set of values. Valid operators 1525 are In, NotIn, Exists, DoesNotExist. 1526 Gt, and Lt. 1527 type: string 1528 values: 1529 description: An array of string values. 1530 If the operator is In or NotIn, the 1531 values array must be non-empty. If the 1532 operator is Exists or DoesNotExist, 1533 the values array must be empty. If the 1534 operator is Gt or Lt, the values array 1535 must have a single element, which will 1536 be interpreted as an integer. This array 1537 is replaced during a strategic merge 1538 patch. 1539 items: 1540 type: string 1541 type: array 1542 required: 1543 - key 1544 - operator 1545 type: object 1546 type: array 1547 type: object 1548 type: array 1549 required: 1550 - nodeSelectorTerms 1551 type: object 1552 type: object 1553 podAffinity: 1554 description: Describes pod affinity scheduling rules (e.g. 1555 co-locate this pod in the same node, zone, etc. as some 1556 other pod(s)). 1557 properties: 1558 preferredDuringSchedulingIgnoredDuringExecution: 1559 description: The scheduler will prefer to schedule pods 1560 to nodes that satisfy the affinity expressions specified 1561 by this field, but it may choose a node that violates 1562 one or more of the expressions. The node that is most 1563 preferred is the one with the greatest sum of weights, 1564 i.e. for each node that meets all of the scheduling 1565 requirements (resource request, requiredDuringScheduling 1566 affinity expressions, etc.), compute a sum by iterating 1567 through the elements of this field and adding "weight" 1568 to the sum if the node has pods which matches the corresponding 1569 podAffinityTerm; the node(s) with the highest sum are 1570 the most preferred. 1571 items: 1572 description: The weights of all of the matched WeightedPodAffinityTerm 1573 fields are added per-node to find the most preferred 1574 node(s) 1575 properties: 1576 podAffinityTerm: 1577 description: Required. A pod affinity term, associated 1578 with the corresponding weight. 1579 properties: 1580 labelSelector: 1581 description: A label query over a set of resources, 1582 in this case pods. 1583 properties: 1584 matchExpressions: 1585 description: matchExpressions is a list 1586 of label selector requirements. The requirements 1587 are ANDed. 1588 items: 1589 description: A label selector requirement 1590 is a selector that contains values, 1591 a key, and an operator that relates 1592 the key and values. 1593 properties: 1594 key: 1595 description: key is the label key 1596 that the selector applies to. 1597 type: string 1598 operator: 1599 description: operator represents a 1600 key's relationship to a set of values. 1601 Valid operators are In, NotIn, Exists 1602 and DoesNotExist. 1603 type: string 1604 values: 1605 description: values is an array of 1606 string values. If the operator is 1607 In or NotIn, the values array must 1608 be non-empty. If the operator is 1609 Exists or DoesNotExist, the values 1610 array must be empty. This array 1611 is replaced during a strategic merge 1612 patch. 1613 items: 1614 type: string 1615 type: array 1616 required: 1617 - key 1618 - operator 1619 type: object 1620 type: array 1621 matchLabels: 1622 additionalProperties: 1623 type: string 1624 description: matchLabels is a map of {key,value} 1625 pairs. A single {key,value} in the matchLabels 1626 map is equivalent to an element of matchExpressions, 1627 whose key field is "key", the operator 1628 is "In", and the values array contains 1629 only "value". The requirements are ANDed. 1630 type: object 1631 type: object 1632 namespaces: 1633 description: namespaces specifies which namespaces 1634 the labelSelector applies to (matches against); 1635 null or empty list means "this pod's namespace" 1636 items: 1637 type: string 1638 type: array 1639 topologyKey: 1640 description: This pod should be co-located (affinity) 1641 or not co-located (anti-affinity) with the 1642 pods matching the labelSelector in the specified 1643 namespaces, where co-located is defined as 1644 running on a node whose value of the label 1645 with key topologyKey matches that of any node 1646 on which any of the selected pods is running. 1647 Empty topologyKey is not allowed. 1648 type: string 1649 required: 1650 - topologyKey 1651 type: object 1652 weight: 1653 description: weight associated with matching the 1654 corresponding podAffinityTerm, in the range 1-100. 1655 format: int32 1656 type: integer 1657 required: 1658 - podAffinityTerm 1659 - weight 1660 type: object 1661 type: array 1662 requiredDuringSchedulingIgnoredDuringExecution: 1663 description: If the affinity requirements specified by 1664 this field are not met at scheduling time, the pod will 1665 not be scheduled onto the node. If the affinity requirements 1666 specified by this field cease to be met at some point 1667 during pod execution (e.g. due to a pod label update), 1668 the system may or may not try to eventually evict the 1669 pod from its node. When there are multiple elements, 1670 the lists of nodes corresponding to each podAffinityTerm 1671 are intersected, i.e. all terms must be satisfied. 1672 items: 1673 description: Defines a set of pods (namely those matching 1674 the labelSelector relative to the given namespace(s)) 1675 that this pod should be co-located (affinity) or not 1676 co-located (anti-affinity) with, where co-located 1677 is defined as running on a node whose value of the 1678 label with key <topologyKey> matches that of any node 1679 on which a pod of the set of pods is running 1680 properties: 1681 labelSelector: 1682 description: A label query over a set of resources, 1683 in this case pods. 1684 properties: 1685 matchExpressions: 1686 description: matchExpressions is a list of label 1687 selector requirements. The requirements are 1688 ANDed. 1689 items: 1690 description: A label selector requirement 1691 is a selector that contains values, a key, 1692 and an operator that relates the key and 1693 values. 1694 properties: 1695 key: 1696 description: key is the label key that 1697 the selector applies to. 1698 type: string 1699 operator: 1700 description: operator represents a key's 1701 relationship to a set of values. Valid 1702 operators are In, NotIn, Exists and 1703 DoesNotExist. 1704 type: string 1705 values: 1706 description: values is an array of string 1707 values. If the operator is In or NotIn, 1708 the values array must be non-empty. 1709 If the operator is Exists or DoesNotExist, 1710 the values array must be empty. This 1711 array is replaced during a strategic 1712 merge patch. 1713 items: 1714 type: string 1715 type: array 1716 required: 1717 - key 1718 - operator 1719 type: object 1720 type: array 1721 matchLabels: 1722 additionalProperties: 1723 type: string 1724 description: matchLabels is a map of {key,value} 1725 pairs. A single {key,value} in the matchLabels 1726 map is equivalent to an element of matchExpressions, 1727 whose key field is "key", the operator is 1728 "In", and the values array contains only "value". 1729 The requirements are ANDed. 1730 type: object 1731 type: object 1732 namespaces: 1733 description: namespaces specifies which namespaces 1734 the labelSelector applies to (matches against); 1735 null or empty list means "this pod's namespace" 1736 items: 1737 type: string 1738 type: array 1739 topologyKey: 1740 description: This pod should be co-located (affinity) 1741 or not co-located (anti-affinity) with the pods 1742 matching the labelSelector in the specified namespaces, 1743 where co-located is defined as running on a node 1744 whose value of the label with key topologyKey 1745 matches that of any node on which any of the selected 1746 pods is running. Empty topologyKey is not allowed. 1747 type: string 1748 required: 1749 - topologyKey 1750 type: object 1751 type: array 1752 type: object 1753 podAntiAffinity: 1754 description: Describes pod anti-affinity scheduling rules 1755 (e.g. avoid putting this pod in the same node, zone, etc. 1756 as some other pod(s)). 1757 properties: 1758 preferredDuringSchedulingIgnoredDuringExecution: 1759 description: The scheduler will prefer to schedule pods 1760 to nodes that satisfy the anti-affinity expressions 1761 specified by this field, but it may choose a node that 1762 violates one or more of the expressions. The node that 1763 is most preferred is the one with the greatest sum of 1764 weights, i.e. for each node that meets all of the scheduling 1765 requirements (resource request, requiredDuringScheduling 1766 anti-affinity expressions, etc.), compute a sum by iterating 1767 through the elements of this field and adding "weight" 1768 to the sum if the node has pods which matches the corresponding 1769 podAffinityTerm; the node(s) with the highest sum are 1770 the most preferred. 1771 items: 1772 description: The weights of all of the matched WeightedPodAffinityTerm 1773 fields are added per-node to find the most preferred 1774 node(s) 1775 properties: 1776 podAffinityTerm: 1777 description: Required. A pod affinity term, associated 1778 with the corresponding weight. 1779 properties: 1780 labelSelector: 1781 description: A label query over a set of resources, 1782 in this case pods. 1783 properties: 1784 matchExpressions: 1785 description: matchExpressions is a list 1786 of label selector requirements. The requirements 1787 are ANDed. 1788 items: 1789 description: A label selector requirement 1790 is a selector that contains values, 1791 a key, and an operator that relates 1792 the key and values. 1793 properties: 1794 key: 1795 description: key is the label key 1796 that the selector applies to. 1797 type: string 1798 operator: 1799 description: operator represents a 1800 key's relationship to a set of values. 1801 Valid operators are In, NotIn, Exists 1802 and DoesNotExist. 1803 type: string 1804 values: 1805 description: values is an array of 1806 string values. If the operator is 1807 In or NotIn, the values array must 1808 be non-empty. If the operator is 1809 Exists or DoesNotExist, the values 1810 array must be empty. This array 1811 is replaced during a strategic merge 1812 patch. 1813 items: 1814 type: string 1815 type: array 1816 required: 1817 - key 1818 - operator 1819 type: object 1820 type: array 1821 matchLabels: 1822 additionalProperties: 1823 type: string 1824 description: matchLabels is a map of {key,value} 1825 pairs. A single {key,value} in the matchLabels 1826 map is equivalent to an element of matchExpressions, 1827 whose key field is "key", the operator 1828 is "In", and the values array contains 1829 only "value". The requirements are ANDed. 1830 type: object 1831 type: object 1832 namespaces: 1833 description: namespaces specifies which namespaces 1834 the labelSelector applies to (matches against); 1835 null or empty list means "this pod's namespace" 1836 items: 1837 type: string 1838 type: array 1839 topologyKey: 1840 description: This pod should be co-located (affinity) 1841 or not co-located (anti-affinity) with the 1842 pods matching the labelSelector in the specified 1843 namespaces, where co-located is defined as 1844 running on a node whose value of the label 1845 with key topologyKey matches that of any node 1846 on which any of the selected pods is running. 1847 Empty topologyKey is not allowed. 1848 type: string 1849 required: 1850 - topologyKey 1851 type: object 1852 weight: 1853 description: weight associated with matching the 1854 corresponding podAffinityTerm, in the range 1-100. 1855 format: int32 1856 type: integer 1857 required: 1858 - podAffinityTerm 1859 - weight 1860 type: object 1861 type: array 1862 requiredDuringSchedulingIgnoredDuringExecution: 1863 description: If the anti-affinity requirements specified 1864 by this field are not met at scheduling time, the pod 1865 will not be scheduled onto the node. If the anti-affinity 1866 requirements specified by this field cease to be met 1867 at some point during pod execution (e.g. due to a pod 1868 label update), the system may or may not try to eventually 1869 evict the pod from its node. When there are multiple 1870 elements, the lists of nodes corresponding to each podAffinityTerm 1871 are intersected, i.e. all terms must be satisfied. 1872 items: 1873 description: Defines a set of pods (namely those matching 1874 the labelSelector relative to the given namespace(s)) 1875 that this pod should be co-located (affinity) or not 1876 co-located (anti-affinity) with, where co-located 1877 is defined as running on a node whose value of the 1878 label with key <topologyKey> matches that of any node 1879 on which a pod of the set of pods is running 1880 properties: 1881 labelSelector: 1882 description: A label query over a set of resources, 1883 in this case pods. 1884 properties: 1885 matchExpressions: 1886 description: matchExpressions is a list of label 1887 selector requirements. The requirements are 1888 ANDed. 1889 items: 1890 description: A label selector requirement 1891 is a selector that contains values, a key, 1892 and an operator that relates the key and 1893 values. 1894 properties: 1895 key: 1896 description: key is the label key that 1897 the selector applies to. 1898 type: string 1899 operator: 1900 description: operator represents a key's 1901 relationship to a set of values. Valid 1902 operators are In, NotIn, Exists and 1903 DoesNotExist. 1904 type: string 1905 values: 1906 description: values is an array of string 1907 values. If the operator is In or NotIn, 1908 the values array must be non-empty. 1909 If the operator is Exists or DoesNotExist, 1910 the values array must be empty. This 1911 array is replaced during a strategic 1912 merge patch. 1913 items: 1914 type: string 1915 type: array 1916 required: 1917 - key 1918 - operator 1919 type: object 1920 type: array 1921 matchLabels: 1922 additionalProperties: 1923 type: string 1924 description: matchLabels is a map of {key,value} 1925 pairs. A single {key,value} in the matchLabels 1926 map is equivalent to an element of matchExpressions, 1927 whose key field is "key", the operator is 1928 "In", and the values array contains only "value". 1929 The requirements are ANDed. 1930 type: object 1931 type: object 1932 namespaces: 1933 description: namespaces specifies which namespaces 1934 the labelSelector applies to (matches against); 1935 null or empty list means "this pod's namespace" 1936 items: 1937 type: string 1938 type: array 1939 topologyKey: 1940 description: This pod should be co-located (affinity) 1941 or not co-located (anti-affinity) with the pods 1942 matching the labelSelector in the specified namespaces, 1943 where co-located is defined as running on a node 1944 whose value of the label with key topologyKey 1945 matches that of any node on which any of the selected 1946 pods is running. Empty topologyKey is not allowed. 1947 type: string 1948 required: 1949 - topologyKey 1950 type: object 1951 type: array 1952 type: object 1953 type: object 1954 args: 1955 description: 'Optional: List of arguments' 1956 items: 1957 type: string 1958 type: array 1959 env: 1960 description: 'Optional: List of environment variables' 1961 items: 1962 description: EnvVar represents an environment variable present 1963 in a Container. 1964 properties: 1965 name: 1966 description: Name of the environment variable. Must be a 1967 C_IDENTIFIER. 1968 type: string 1969 value: 1970 description: 'Variable references $(VAR_NAME) are expanded 1971 using the previous defined environment variables in the 1972 container and any service environment variables. If a 1973 variable cannot be resolved, the reference in the input 1974 string will be unchanged. The $(VAR_NAME) syntax can be 1975 escaped with a double $$, ie: $$(VAR_NAME). Escaped references 1976 will never be expanded, regardless of whether the variable 1977 exists or not. Defaults to "".' 1978 type: string 1979 valueFrom: 1980 description: Source for the environment variable's value. 1981 Cannot be used if value is not empty. 1982 properties: 1983 configMapKeyRef: 1984 description: Selects a key of a ConfigMap. 1985 properties: 1986 key: 1987 description: The key to select. 1988 type: string 1989 name: 1990 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1991 TODO: Add other useful fields. apiVersion, kind, 1992 uid?' 1993 type: string 1994 optional: 1995 description: Specify whether the ConfigMap or its 1996 key must be defined 1997 type: boolean 1998 required: 1999 - key 2000 type: object 2001 fieldRef: 2002 description: 'Selects a field of the pod: supports metadata.name, 2003 metadata.namespace, `metadata.labels[''<KEY>'']`, 2004 `metadata.annotations[''<KEY>'']`, spec.nodeName, 2005 spec.serviceAccountName, status.hostIP, status.podIP, 2006 status.podIPs.' 2007 properties: 2008 apiVersion: 2009 description: Version of the schema the FieldPath 2010 is written in terms of, defaults to "v1". 2011 type: string 2012 fieldPath: 2013 description: Path of the field to select in the 2014 specified API version. 2015 type: string 2016 required: 2017 - fieldPath 2018 type: object 2019 resourceFieldRef: 2020 description: 'Selects a resource of the container: only 2021 resources limits and requests (limits.cpu, limits.memory, 2022 limits.ephemeral-storage, requests.cpu, requests.memory 2023 and requests.ephemeral-storage) are currently supported.' 2024 properties: 2025 containerName: 2026 description: 'Container name: required for volumes, 2027 optional for env vars' 2028 type: string 2029 divisor: 2030 anyOf: 2031 - type: integer 2032 - type: string 2033 description: Specifies the output format of the 2034 exposed resources, defaults to "1" 2035 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2036 x-kubernetes-int-or-string: true 2037 resource: 2038 description: 'Required: resource to select' 2039 type: string 2040 required: 2041 - resource 2042 type: object 2043 secretKeyRef: 2044 description: Selects a key of a secret in the pod's 2045 namespace 2046 properties: 2047 key: 2048 description: The key of the secret to select from. Must 2049 be a valid secret key. 2050 type: string 2051 name: 2052 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2053 TODO: Add other useful fields. apiVersion, kind, 2054 uid?' 2055 type: string 2056 optional: 2057 description: Specify whether the Secret or its key 2058 must be defined 2059 type: boolean 2060 required: 2061 - key 2062 type: object 2063 type: object 2064 required: 2065 - name 2066 type: object 2067 type: array 2068 image: 2069 pattern: '[a-zA-Z0-9\-]+' 2070 type: string 2071 imagePullPolicy: 2072 description: Image pull policy 2073 type: string 2074 imagePullSecrets: 2075 description: Image pull secrets 2076 items: 2077 type: string 2078 type: array 2079 licensingConfig: 2080 description: 'Optional: Licensing configuration for vGPU drivers' 2081 properties: 2082 configMapName: 2083 type: string 2084 type: object 2085 nodeSelector: 2086 additionalProperties: 2087 type: string 2088 description: Node selector to control the selection of nodes (optional) 2089 type: object 2090 podSecurityContext: 2091 description: 'Optional: Pod Security Context' 2092 properties: 2093 fsGroup: 2094 description: "A special supplemental group that applies to 2095 all containers in a pod. Some volume types allow the Kubelet 2096 to change the ownership of that volume to be owned by the 2097 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 2098 bit is set (new files created in the volume will be owned 2099 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 2100 \n If unset, the Kubelet will not modify the ownership and 2101 permissions of any volume." 2102 format: int64 2103 type: integer 2104 fsGroupChangePolicy: 2105 description: 'fsGroupChangePolicy defines behavior of changing 2106 ownership and permission of the volume before being exposed 2107 inside Pod. This field will only apply to volume types which 2108 support fsGroup based ownership(and permissions). It will 2109 have no effect on ephemeral volume types such as: secret, 2110 configmaps and emptydir. Valid values are "OnRootMismatch" 2111 and "Always". If not specified, "Always" is used.' 2112 type: string 2113 runAsGroup: 2114 description: The GID to run the entrypoint of the container 2115 process. Uses runtime default if unset. May also be set 2116 in SecurityContext. If set in both SecurityContext and 2117 PodSecurityContext, the value specified in SecurityContext 2118 takes precedence for that container. 2119 format: int64 2120 type: integer 2121 runAsNonRoot: 2122 description: Indicates that the container must run as a non-root 2123 user. If true, the Kubelet will validate the image at runtime 2124 to ensure that it does not run as UID 0 (root) and fail 2125 to start the container if it does. If unset or false, no 2126 such validation will be performed. May also be set in SecurityContext. If 2127 set in both SecurityContext and PodSecurityContext, the 2128 value specified in SecurityContext takes precedence. 2129 type: boolean 2130 runAsUser: 2131 description: The UID to run the entrypoint of the container 2132 process. Defaults to user specified in image metadata if 2133 unspecified. May also be set in SecurityContext. If set 2134 in both SecurityContext and PodSecurityContext, the value 2135 specified in SecurityContext takes precedence for that container. 2136 format: int64 2137 type: integer 2138 seLinuxOptions: 2139 description: The SELinux context to be applied to all containers. 2140 If unspecified, the container runtime will allocate a random 2141 SELinux context for each container. May also be set in 2142 SecurityContext. If set in both SecurityContext and PodSecurityContext, 2143 the value specified in SecurityContext takes precedence 2144 for that container. 2145 properties: 2146 level: 2147 description: Level is SELinux level label that applies 2148 to the container. 2149 type: string 2150 role: 2151 description: Role is a SELinux role label that applies 2152 to the container. 2153 type: string 2154 type: 2155 description: Type is a SELinux type label that applies 2156 to the container. 2157 type: string 2158 user: 2159 description: User is a SELinux user label that applies 2160 to the container. 2161 type: string 2162 type: object 2163 seccompProfile: 2164 description: The seccomp options to use by the containers 2165 in this pod. 2166 properties: 2167 localhostProfile: 2168 description: localhostProfile indicates a profile defined 2169 in a file on the node should be used. The profile must 2170 be preconfigured on the node to work. Must be a descending 2171 path, relative to the kubelet's configured seccomp profile 2172 location. Must only be set if type is "Localhost". 2173 type: string 2174 type: 2175 description: "type indicates which kind of seccomp profile 2176 will be applied. Valid options are: \n Localhost - a 2177 profile defined in a file on the node should be used. 2178 RuntimeDefault - the container runtime default profile 2179 should be used. Unconfined - no profile should be applied." 2180 type: string 2181 required: 2182 - type 2183 type: object 2184 supplementalGroups: 2185 description: A list of groups applied to the first process 2186 run in each container, in addition to the container's primary 2187 GID. If unspecified, no groups will be added to any container. 2188 items: 2189 format: int64 2190 type: integer 2191 type: array 2192 sysctls: 2193 description: Sysctls hold a list of namespaced sysctls used 2194 for the pod. Pods with unsupported sysctls (by the container 2195 runtime) might fail to launch. 2196 items: 2197 description: Sysctl defines a kernel parameter to be set 2198 properties: 2199 name: 2200 description: Name of a property to set 2201 type: string 2202 value: 2203 description: Value of a property to set 2204 type: string 2205 required: 2206 - name 2207 - value 2208 type: object 2209 type: array 2210 windowsOptions: 2211 description: The Windows specific settings applied to all 2212 containers. If unspecified, the options within a container's 2213 SecurityContext will be used. If set in both SecurityContext 2214 and PodSecurityContext, the value specified in SecurityContext 2215 takes precedence. 2216 properties: 2217 gmsaCredentialSpec: 2218 description: GMSACredentialSpec is where the GMSA admission 2219 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2220 inlines the contents of the GMSA credential spec named 2221 by the GMSACredentialSpecName field. 2222 type: string 2223 gmsaCredentialSpecName: 2224 description: GMSACredentialSpecName is the name of the 2225 GMSA credential spec to use. 2226 type: string 2227 runAsUserName: 2228 description: The UserName in Windows to run the entrypoint 2229 of the container process. Defaults to the user specified 2230 in image metadata if unspecified. May also be set in 2231 PodSecurityContext. If set in both SecurityContext and 2232 PodSecurityContext, the value specified in SecurityContext 2233 takes precedence. 2234 type: string 2235 type: object 2236 type: object 2237 repoConfig: 2238 description: 'Optional: Custom repo configuration for driver container' 2239 properties: 2240 configMapName: 2241 type: string 2242 destinationDir: 2243 type: string 2244 type: object 2245 repository: 2246 pattern: '[a-zA-Z0-9\.\-\/]+' 2247 type: string 2248 resources: 2249 description: 'Optional: Define resources requests and limits for 2250 each pod' 2251 properties: 2252 limits: 2253 additionalProperties: 2254 anyOf: 2255 - type: integer 2256 - type: string 2257 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2258 x-kubernetes-int-or-string: true 2259 description: 'Limits describes the maximum amount of compute 2260 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2261 type: object 2262 requests: 2263 additionalProperties: 2264 anyOf: 2265 - type: integer 2266 - type: string 2267 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2268 x-kubernetes-int-or-string: true 2269 description: 'Requests describes the minimum amount of compute 2270 resources required. If Requests is omitted for a container, 2271 it defaults to Limits if that is explicitly specified, otherwise 2272 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 2273 type: object 2274 type: object 2275 securityContext: 2276 description: 'Optional: Security Context' 2277 properties: 2278 allowPrivilegeEscalation: 2279 description: 'AllowPrivilegeEscalation controls whether a 2280 process can gain more privileges than its parent process. 2281 This bool directly controls if the no_new_privs flag will 2282 be set on the container process. AllowPrivilegeEscalation 2283 is true always when the container is: 1) run as Privileged 2284 2) has CAP_SYS_ADMIN' 2285 type: boolean 2286 capabilities: 2287 description: The capabilities to add/drop when running containers. 2288 Defaults to the default set of capabilities granted by the 2289 container runtime. 2290 properties: 2291 add: 2292 description: Added capabilities 2293 items: 2294 description: Capability represent POSIX capabilities 2295 type 2296 type: string 2297 type: array 2298 drop: 2299 description: Removed capabilities 2300 items: 2301 description: Capability represent POSIX capabilities 2302 type 2303 type: string 2304 type: array 2305 type: object 2306 privileged: 2307 description: Run container in privileged mode. Processes in 2308 privileged containers are essentially equivalent to root 2309 on the host. Defaults to false. 2310 type: boolean 2311 procMount: 2312 description: procMount denotes the type of proc mount to use 2313 for the containers. The default is DefaultProcMount which 2314 uses the container runtime defaults for readonly paths and 2315 masked paths. This requires the ProcMountType feature flag 2316 to be enabled. 2317 type: string 2318 readOnlyRootFilesystem: 2319 description: Whether this container has a read-only root filesystem. 2320 Default is false. 2321 type: boolean 2322 runAsGroup: 2323 description: The GID to run the entrypoint of the container 2324 process. Uses runtime default if unset. May also be set 2325 in PodSecurityContext. If set in both SecurityContext and 2326 PodSecurityContext, the value specified in SecurityContext 2327 takes precedence. 2328 format: int64 2329 type: integer 2330 runAsNonRoot: 2331 description: Indicates that the container must run as a non-root 2332 user. If true, the Kubelet will validate the image at runtime 2333 to ensure that it does not run as UID 0 (root) and fail 2334 to start the container if it does. If unset or false, no 2335 such validation will be performed. May also be set in PodSecurityContext. If 2336 set in both SecurityContext and PodSecurityContext, the 2337 value specified in SecurityContext takes precedence. 2338 type: boolean 2339 runAsUser: 2340 description: The UID to run the entrypoint of the container 2341 process. Defaults to user specified in image metadata if 2342 unspecified. May also be set in PodSecurityContext. If 2343 set in both SecurityContext and PodSecurityContext, the 2344 value specified in SecurityContext takes precedence. 2345 format: int64 2346 type: integer 2347 seLinuxOptions: 2348 description: The SELinux context to be applied to the container. 2349 If unspecified, the container runtime will allocate a random 2350 SELinux context for each container. May also be set in 2351 PodSecurityContext. If set in both SecurityContext and 2352 PodSecurityContext, the value specified in SecurityContext 2353 takes precedence. 2354 properties: 2355 level: 2356 description: Level is SELinux level label that applies 2357 to the container. 2358 type: string 2359 role: 2360 description: Role is a SELinux role label that applies 2361 to the container. 2362 type: string 2363 type: 2364 description: Type is a SELinux type label that applies 2365 to the container. 2366 type: string 2367 user: 2368 description: User is a SELinux user label that applies 2369 to the container. 2370 type: string 2371 type: object 2372 seccompProfile: 2373 description: The seccomp options to use by this container. 2374 If seccomp options are provided at both the pod & container 2375 level, the container options override the pod options. 2376 properties: 2377 localhostProfile: 2378 description: localhostProfile indicates a profile defined 2379 in a file on the node should be used. The profile must 2380 be preconfigured on the node to work. Must be a descending 2381 path, relative to the kubelet's configured seccomp profile 2382 location. Must only be set if type is "Localhost". 2383 type: string 2384 type: 2385 description: "type indicates which kind of seccomp profile 2386 will be applied. Valid options are: \n Localhost - a 2387 profile defined in a file on the node should be used. 2388 RuntimeDefault - the container runtime default profile 2389 should be used. Unconfined - no profile should be applied." 2390 type: string 2391 required: 2392 - type 2393 type: object 2394 windowsOptions: 2395 description: The Windows specific settings applied to all 2396 containers. If unspecified, the options from the PodSecurityContext 2397 will be used. If set in both SecurityContext and PodSecurityContext, 2398 the value specified in SecurityContext takes precedence. 2399 properties: 2400 gmsaCredentialSpec: 2401 description: GMSACredentialSpec is where the GMSA admission 2402 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 2403 inlines the contents of the GMSA credential spec named 2404 by the GMSACredentialSpecName field. 2405 type: string 2406 gmsaCredentialSpecName: 2407 description: GMSACredentialSpecName is the name of the 2408 GMSA credential spec to use. 2409 type: string 2410 runAsUserName: 2411 description: The UserName in Windows to run the entrypoint 2412 of the container process. Defaults to the user specified 2413 in image metadata if unspecified. May also be set in 2414 PodSecurityContext. If set in both SecurityContext and 2415 PodSecurityContext, the value specified in SecurityContext 2416 takes precedence. 2417 type: string 2418 type: object 2419 type: object 2420 tolerations: 2421 description: 'Optional: Set tolerations' 2422 items: 2423 description: The pod this Toleration is attached to tolerates 2424 any taint that matches the triple <key,value,effect> using 2425 the matching operator <operator>. 2426 properties: 2427 effect: 2428 description: Effect indicates the taint effect to match. 2429 Empty means match all taint effects. When specified, allowed 2430 values are NoSchedule, PreferNoSchedule and NoExecute. 2431 type: string 2432 key: 2433 description: Key is the taint key that the toleration applies 2434 to. Empty means match all taint keys. If the key is empty, 2435 operator must be Exists; this combination means to match 2436 all values and all keys. 2437 type: string 2438 operator: 2439 description: Operator represents a key's relationship to 2440 the value. Valid operators are Exists and Equal. Defaults 2441 to Equal. Exists is equivalent to wildcard for value, 2442 so that a pod can tolerate all taints of a particular 2443 category. 2444 type: string 2445 tolerationSeconds: 2446 description: TolerationSeconds represents the period of 2447 time the toleration (which must be of effect NoExecute, 2448 otherwise this field is ignored) tolerates the taint. 2449 By default, it is not set, which means tolerate the taint 2450 forever (do not evict). Zero and negative values will 2451 be treated as 0 (evict immediately) by the system. 2452 format: int64 2453 type: integer 2454 value: 2455 description: Value is the taint value the toleration matches 2456 to. If the operator is Exists, the value should be empty, 2457 otherwise just a regular string. 2458 type: string 2459 type: object 2460 type: array 2461 version: 2462 pattern: '[a-zA-Z0-9\.-]+' 2463 type: string 2464 required: 2465 - image 2466 - repository 2467 - version 2468 type: object 2469 driver: 2470 description: Driver component spec 2471 properties: 2472 affinity: 2473 description: 'Optional: Set Node affinity' 2474 properties: 2475 nodeAffinity: 2476 description: Describes node affinity scheduling rules for 2477 the pod. 2478 properties: 2479 preferredDuringSchedulingIgnoredDuringExecution: 2480 description: The scheduler will prefer to schedule pods 2481 to nodes that satisfy the affinity expressions specified 2482 by this field, but it may choose a node that violates 2483 one or more of the expressions. The node that is most 2484 preferred is the one with the greatest sum of weights, 2485 i.e. for each node that meets all of the scheduling 2486 requirements (resource request, requiredDuringScheduling 2487 affinity expressions, etc.), compute a sum by iterating 2488 through the elements of this field and adding "weight" 2489 to the sum if the node matches the corresponding matchExpressions; 2490 the node(s) with the highest sum are the most preferred. 2491 items: 2492 description: An empty preferred scheduling term matches 2493 all objects with implicit weight 0 (i.e. it's a no-op). 2494 A null preferred scheduling term matches no objects 2495 (i.e. is also a no-op). 2496 properties: 2497 preference: 2498 description: A node selector term, associated with 2499 the corresponding weight. 2500 properties: 2501 matchExpressions: 2502 description: A list of node selector requirements 2503 by node's labels. 2504 items: 2505 description: A node selector requirement is 2506 a selector that contains values, a key, 2507 and an operator that relates the key and 2508 values. 2509 properties: 2510 key: 2511 description: The label key that the selector 2512 applies to. 2513 type: string 2514 operator: 2515 description: Represents a key's relationship 2516 to a set of values. Valid operators 2517 are In, NotIn, Exists, DoesNotExist. 2518 Gt, and Lt. 2519 type: string 2520 values: 2521 description: An array of string values. 2522 If the operator is In or NotIn, the 2523 values array must be non-empty. If the 2524 operator is Exists or DoesNotExist, 2525 the values array must be empty. If the 2526 operator is Gt or Lt, the values array 2527 must have a single element, which will 2528 be interpreted as an integer. This array 2529 is replaced during a strategic merge 2530 patch. 2531 items: 2532 type: string 2533 type: array 2534 required: 2535 - key 2536 - operator 2537 type: object 2538 type: array 2539 matchFields: 2540 description: A list of node selector requirements 2541 by node's fields. 2542 items: 2543 description: A node selector requirement is 2544 a selector that contains values, a key, 2545 and an operator that relates the key and 2546 values. 2547 properties: 2548 key: 2549 description: The label key that the selector 2550 applies to. 2551 type: string 2552 operator: 2553 description: Represents a key's relationship 2554 to a set of values. Valid operators 2555 are In, NotIn, Exists, DoesNotExist. 2556 Gt, and Lt. 2557 type: string 2558 values: 2559 description: An array of string values. 2560 If the operator is In or NotIn, the 2561 values array must be non-empty. If the 2562 operator is Exists or DoesNotExist, 2563 the values array must be empty. If the 2564 operator is Gt or Lt, the values array 2565 must have a single element, which will 2566 be interpreted as an integer. This array 2567 is replaced during a strategic merge 2568 patch. 2569 items: 2570 type: string 2571 type: array 2572 required: 2573 - key 2574 - operator 2575 type: object 2576 type: array 2577 type: object 2578 weight: 2579 description: Weight associated with matching the 2580 corresponding nodeSelectorTerm, in the range 1-100. 2581 format: int32 2582 type: integer 2583 required: 2584 - preference 2585 - weight 2586 type: object 2587 type: array 2588 requiredDuringSchedulingIgnoredDuringExecution: 2589 description: If the affinity requirements specified by 2590 this field are not met at scheduling time, the pod will 2591 not be scheduled onto the node. If the affinity requirements 2592 specified by this field cease to be met at some point 2593 during pod execution (e.g. due to an update), the system 2594 may or may not try to eventually evict the pod from 2595 its node. 2596 properties: 2597 nodeSelectorTerms: 2598 description: Required. A list of node selector terms. 2599 The terms are ORed. 2600 items: 2601 description: A null or empty node selector term 2602 matches no objects. The requirements of them are 2603 ANDed. The TopologySelectorTerm type implements 2604 a subset of the NodeSelectorTerm. 2605 properties: 2606 matchExpressions: 2607 description: A list of node selector requirements 2608 by node's labels. 2609 items: 2610 description: A node selector requirement is 2611 a selector that contains values, a key, 2612 and an operator that relates the key and 2613 values. 2614 properties: 2615 key: 2616 description: The label key that the selector 2617 applies to. 2618 type: string 2619 operator: 2620 description: Represents a key's relationship 2621 to a set of values. Valid operators 2622 are In, NotIn, Exists, DoesNotExist. 2623 Gt, and Lt. 2624 type: string 2625 values: 2626 description: An array of string values. 2627 If the operator is In or NotIn, the 2628 values array must be non-empty. If the 2629 operator is Exists or DoesNotExist, 2630 the values array must be empty. If the 2631 operator is Gt or Lt, the values array 2632 must have a single element, which will 2633 be interpreted as an integer. This array 2634 is replaced during a strategic merge 2635 patch. 2636 items: 2637 type: string 2638 type: array 2639 required: 2640 - key 2641 - operator 2642 type: object 2643 type: array 2644 matchFields: 2645 description: A list of node selector requirements 2646 by node's fields. 2647 items: 2648 description: A node selector requirement is 2649 a selector that contains values, a key, 2650 and an operator that relates the key and 2651 values. 2652 properties: 2653 key: 2654 description: The label key that the selector 2655 applies to. 2656 type: string 2657 operator: 2658 description: Represents a key's relationship 2659 to a set of values. Valid operators 2660 are In, NotIn, Exists, DoesNotExist. 2661 Gt, and Lt. 2662 type: string 2663 values: 2664 description: An array of string values. 2665 If the operator is In or NotIn, the 2666 values array must be non-empty. If the 2667 operator is Exists or DoesNotExist, 2668 the values array must be empty. If the 2669 operator is Gt or Lt, the values array 2670 must have a single element, which will 2671 be interpreted as an integer. This array 2672 is replaced during a strategic merge 2673 patch. 2674 items: 2675 type: string 2676 type: array 2677 required: 2678 - key 2679 - operator 2680 type: object 2681 type: array 2682 type: object 2683 type: array 2684 required: 2685 - nodeSelectorTerms 2686 type: object 2687 type: object 2688 podAffinity: 2689 description: Describes pod affinity scheduling rules (e.g. 2690 co-locate this pod in the same node, zone, etc. as some 2691 other pod(s)). 2692 properties: 2693 preferredDuringSchedulingIgnoredDuringExecution: 2694 description: The scheduler will prefer to schedule pods 2695 to nodes that satisfy the affinity expressions specified 2696 by this field, but it may choose a node that violates 2697 one or more of the expressions. The node that is most 2698 preferred is the one with the greatest sum of weights, 2699 i.e. for each node that meets all of the scheduling 2700 requirements (resource request, requiredDuringScheduling 2701 affinity expressions, etc.), compute a sum by iterating 2702 through the elements of this field and adding "weight" 2703 to the sum if the node has pods which matches the corresponding 2704 podAffinityTerm; the node(s) with the highest sum are 2705 the most preferred. 2706 items: 2707 description: The weights of all of the matched WeightedPodAffinityTerm 2708 fields are added per-node to find the most preferred 2709 node(s) 2710 properties: 2711 podAffinityTerm: 2712 description: Required. A pod affinity term, associated 2713 with the corresponding weight. 2714 properties: 2715 labelSelector: 2716 description: A label query over a set of resources, 2717 in this case pods. 2718 properties: 2719 matchExpressions: 2720 description: matchExpressions is a list 2721 of label selector requirements. The requirements 2722 are ANDed. 2723 items: 2724 description: A label selector requirement 2725 is a selector that contains values, 2726 a key, and an operator that relates 2727 the key and values. 2728 properties: 2729 key: 2730 description: key is the label key 2731 that the selector applies to. 2732 type: string 2733 operator: 2734 description: operator represents a 2735 key's relationship to a set of values. 2736 Valid operators are In, NotIn, Exists 2737 and DoesNotExist. 2738 type: string 2739 values: 2740 description: values is an array of 2741 string values. If the operator is 2742 In or NotIn, the values array must 2743 be non-empty. If the operator is 2744 Exists or DoesNotExist, the values 2745 array must be empty. This array 2746 is replaced during a strategic merge 2747 patch. 2748 items: 2749 type: string 2750 type: array 2751 required: 2752 - key 2753 - operator 2754 type: object 2755 type: array 2756 matchLabels: 2757 additionalProperties: 2758 type: string 2759 description: matchLabels is a map of {key,value} 2760 pairs. A single {key,value} in the matchLabels 2761 map is equivalent to an element of matchExpressions, 2762 whose key field is "key", the operator 2763 is "In", and the values array contains 2764 only "value". The requirements are ANDed. 2765 type: object 2766 type: object 2767 namespaces: 2768 description: namespaces specifies which namespaces 2769 the labelSelector applies to (matches against); 2770 null or empty list means "this pod's namespace" 2771 items: 2772 type: string 2773 type: array 2774 topologyKey: 2775 description: This pod should be co-located (affinity) 2776 or not co-located (anti-affinity) with the 2777 pods matching the labelSelector in the specified 2778 namespaces, where co-located is defined as 2779 running on a node whose value of the label 2780 with key topologyKey matches that of any node 2781 on which any of the selected pods is running. 2782 Empty topologyKey is not allowed. 2783 type: string 2784 required: 2785 - topologyKey 2786 type: object 2787 weight: 2788 description: weight associated with matching the 2789 corresponding podAffinityTerm, in the range 1-100. 2790 format: int32 2791 type: integer 2792 required: 2793 - podAffinityTerm 2794 - weight 2795 type: object 2796 type: array 2797 requiredDuringSchedulingIgnoredDuringExecution: 2798 description: If the affinity requirements specified by 2799 this field are not met at scheduling time, the pod will 2800 not be scheduled onto the node. If the affinity requirements 2801 specified by this field cease to be met at some point 2802 during pod execution (e.g. due to a pod label update), 2803 the system may or may not try to eventually evict the 2804 pod from its node. When there are multiple elements, 2805 the lists of nodes corresponding to each podAffinityTerm 2806 are intersected, i.e. all terms must be satisfied. 2807 items: 2808 description: Defines a set of pods (namely those matching 2809 the labelSelector relative to the given namespace(s)) 2810 that this pod should be co-located (affinity) or not 2811 co-located (anti-affinity) with, where co-located 2812 is defined as running on a node whose value of the 2813 label with key <topologyKey> matches that of any node 2814 on which a pod of the set of pods is running 2815 properties: 2816 labelSelector: 2817 description: A label query over a set of resources, 2818 in this case pods. 2819 properties: 2820 matchExpressions: 2821 description: matchExpressions is a list of label 2822 selector requirements. The requirements are 2823 ANDed. 2824 items: 2825 description: A label selector requirement 2826 is a selector that contains values, a key, 2827 and an operator that relates the key and 2828 values. 2829 properties: 2830 key: 2831 description: key is the label key that 2832 the selector applies to. 2833 type: string 2834 operator: 2835 description: operator represents a key's 2836 relationship to a set of values. Valid 2837 operators are In, NotIn, Exists and 2838 DoesNotExist. 2839 type: string 2840 values: 2841 description: values is an array of string 2842 values. If the operator is In or NotIn, 2843 the values array must be non-empty. 2844 If the operator is Exists or DoesNotExist, 2845 the values array must be empty. This 2846 array is replaced during a strategic 2847 merge patch. 2848 items: 2849 type: string 2850 type: array 2851 required: 2852 - key 2853 - operator 2854 type: object 2855 type: array 2856 matchLabels: 2857 additionalProperties: 2858 type: string 2859 description: matchLabels is a map of {key,value} 2860 pairs. A single {key,value} in the matchLabels 2861 map is equivalent to an element of matchExpressions, 2862 whose key field is "key", the operator is 2863 "In", and the values array contains only "value". 2864 The requirements are ANDed. 2865 type: object 2866 type: object 2867 namespaces: 2868 description: namespaces specifies which namespaces 2869 the labelSelector applies to (matches against); 2870 null or empty list means "this pod's namespace" 2871 items: 2872 type: string 2873 type: array 2874 topologyKey: 2875 description: This pod should be co-located (affinity) 2876 or not co-located (anti-affinity) with the pods 2877 matching the labelSelector in the specified namespaces, 2878 where co-located is defined as running on a node 2879 whose value of the label with key topologyKey 2880 matches that of any node on which any of the selected 2881 pods is running. Empty topologyKey is not allowed. 2882 type: string 2883 required: 2884 - topologyKey 2885 type: object 2886 type: array 2887 type: object 2888 podAntiAffinity: 2889 description: Describes pod anti-affinity scheduling rules 2890 (e.g. avoid putting this pod in the same node, zone, etc. 2891 as some other pod(s)). 2892 properties: 2893 preferredDuringSchedulingIgnoredDuringExecution: 2894 description: The scheduler will prefer to schedule pods 2895 to nodes that satisfy the anti-affinity expressions 2896 specified by this field, but it may choose a node that 2897 violates one or more of the expressions. The node that 2898 is most preferred is the one with the greatest sum of 2899 weights, i.e. for each node that meets all of the scheduling 2900 requirements (resource request, requiredDuringScheduling 2901 anti-affinity expressions, etc.), compute a sum by iterating 2902 through the elements of this field and adding "weight" 2903 to the sum if the node has pods which matches the corresponding 2904 podAffinityTerm; the node(s) with the highest sum are 2905 the most preferred. 2906 items: 2907 description: The weights of all of the matched WeightedPodAffinityTerm 2908 fields are added per-node to find the most preferred 2909 node(s) 2910 properties: 2911 podAffinityTerm: 2912 description: Required. A pod affinity term, associated 2913 with the corresponding weight. 2914 properties: 2915 labelSelector: 2916 description: A label query over a set of resources, 2917 in this case pods. 2918 properties: 2919 matchExpressions: 2920 description: matchExpressions is a list 2921 of label selector requirements. The requirements 2922 are ANDed. 2923 items: 2924 description: A label selector requirement 2925 is a selector that contains values, 2926 a key, and an operator that relates 2927 the key and values. 2928 properties: 2929 key: 2930 description: key is the label key 2931 that the selector applies to. 2932 type: string 2933 operator: 2934 description: operator represents a 2935 key's relationship to a set of values. 2936 Valid operators are In, NotIn, Exists 2937 and DoesNotExist. 2938 type: string 2939 values: 2940 description: values is an array of 2941 string values. If the operator is 2942 In or NotIn, the values array must 2943 be non-empty. If the operator is 2944 Exists or DoesNotExist, the values 2945 array must be empty. This array 2946 is replaced during a strategic merge 2947 patch. 2948 items: 2949 type: string 2950 type: array 2951 required: 2952 - key 2953 - operator 2954 type: object 2955 type: array 2956 matchLabels: 2957 additionalProperties: 2958 type: string 2959 description: matchLabels is a map of {key,value} 2960 pairs. A single {key,value} in the matchLabels 2961 map is equivalent to an element of matchExpressions, 2962 whose key field is "key", the operator 2963 is "In", and the values array contains 2964 only "value". The requirements are ANDed. 2965 type: object 2966 type: object 2967 namespaces: 2968 description: namespaces specifies which namespaces 2969 the labelSelector applies to (matches against); 2970 null or empty list means "this pod's namespace" 2971 items: 2972 type: string 2973 type: array 2974 topologyKey: 2975 description: This pod should be co-located (affinity) 2976 or not co-located (anti-affinity) with the 2977 pods matching the labelSelector in the specified 2978 namespaces, where co-located is defined as 2979 running on a node whose value of the label 2980 with key topologyKey matches that of any node 2981 on which any of the selected pods is running. 2982 Empty topologyKey is not allowed. 2983 type: string 2984 required: 2985 - topologyKey 2986 type: object 2987 weight: 2988 description: weight associated with matching the 2989 corresponding podAffinityTerm, in the range 1-100. 2990 format: int32 2991 type: integer 2992 required: 2993 - podAffinityTerm 2994 - weight 2995 type: object 2996 type: array 2997 requiredDuringSchedulingIgnoredDuringExecution: 2998 description: If the anti-affinity requirements specified 2999 by this field are not met at scheduling time, the pod 3000 will not be scheduled onto the node. If the anti-affinity 3001 requirements specified by this field cease to be met 3002 at some point during pod execution (e.g. due to a pod 3003 label update), the system may or may not try to eventually 3004 evict the pod from its node. When there are multiple 3005 elements, the lists of nodes corresponding to each podAffinityTerm 3006 are intersected, i.e. all terms must be satisfied. 3007 items: 3008 description: Defines a set of pods (namely those matching 3009 the labelSelector relative to the given namespace(s)) 3010 that this pod should be co-located (affinity) or not 3011 co-located (anti-affinity) with, where co-located 3012 is defined as running on a node whose value of the 3013 label with key <topologyKey> matches that of any node 3014 on which a pod of the set of pods is running 3015 properties: 3016 labelSelector: 3017 description: A label query over a set of resources, 3018 in this case pods. 3019 properties: 3020 matchExpressions: 3021 description: matchExpressions is a list of label 3022 selector requirements. The requirements are 3023 ANDed. 3024 items: 3025 description: A label selector requirement 3026 is a selector that contains values, a key, 3027 and an operator that relates the key and 3028 values. 3029 properties: 3030 key: 3031 description: key is the label key that 3032 the selector applies to. 3033 type: string 3034 operator: 3035 description: operator represents a key's 3036 relationship to a set of values. Valid 3037 operators are In, NotIn, Exists and 3038 DoesNotExist. 3039 type: string 3040 values: 3041 description: values is an array of string 3042 values. If the operator is In or NotIn, 3043 the values array must be non-empty. 3044 If the operator is Exists or DoesNotExist, 3045 the values array must be empty. This 3046 array is replaced during a strategic 3047 merge patch. 3048 items: 3049 type: string 3050 type: array 3051 required: 3052 - key 3053 - operator 3054 type: object 3055 type: array 3056 matchLabels: 3057 additionalProperties: 3058 type: string 3059 description: matchLabels is a map of {key,value} 3060 pairs. A single {key,value} in the matchLabels 3061 map is equivalent to an element of matchExpressions, 3062 whose key field is "key", the operator is 3063 "In", and the values array contains only "value". 3064 The requirements are ANDed. 3065 type: object 3066 type: object 3067 namespaces: 3068 description: namespaces specifies which namespaces 3069 the labelSelector applies to (matches against); 3070 null or empty list means "this pod's namespace" 3071 items: 3072 type: string 3073 type: array 3074 topologyKey: 3075 description: This pod should be co-located (affinity) 3076 or not co-located (anti-affinity) with the pods 3077 matching the labelSelector in the specified namespaces, 3078 where co-located is defined as running on a node 3079 whose value of the label with key topologyKey 3080 matches that of any node on which any of the selected 3081 pods is running. Empty topologyKey is not allowed. 3082 type: string 3083 required: 3084 - topologyKey 3085 type: object 3086 type: array 3087 type: object 3088 type: object 3089 args: 3090 description: 'Optional: List of arguments' 3091 items: 3092 type: string 3093 type: array 3094 env: 3095 description: 'Optional: List of environment variables' 3096 items: 3097 description: EnvVar represents an environment variable present 3098 in a Container. 3099 properties: 3100 name: 3101 description: Name of the environment variable. Must be a 3102 C_IDENTIFIER. 3103 type: string 3104 value: 3105 description: 'Variable references $(VAR_NAME) are expanded 3106 using the previous defined environment variables in the 3107 container and any service environment variables. If a 3108 variable cannot be resolved, the reference in the input 3109 string will be unchanged. The $(VAR_NAME) syntax can be 3110 escaped with a double $$, ie: $$(VAR_NAME). Escaped references 3111 will never be expanded, regardless of whether the variable 3112 exists or not. Defaults to "".' 3113 type: string 3114 valueFrom: 3115 description: Source for the environment variable's value. 3116 Cannot be used if value is not empty. 3117 properties: 3118 configMapKeyRef: 3119 description: Selects a key of a ConfigMap. 3120 properties: 3121 key: 3122 description: The key to select. 3123 type: string 3124 name: 3125 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3126 TODO: Add other useful fields. apiVersion, kind, 3127 uid?' 3128 type: string 3129 optional: 3130 description: Specify whether the ConfigMap or its 3131 key must be defined 3132 type: boolean 3133 required: 3134 - key 3135 type: object 3136 fieldRef: 3137 description: 'Selects a field of the pod: supports metadata.name, 3138 metadata.namespace, `metadata.labels[''<KEY>'']`, 3139 `metadata.annotations[''<KEY>'']`, spec.nodeName, 3140 spec.serviceAccountName, status.hostIP, status.podIP, 3141 status.podIPs.' 3142 properties: 3143 apiVersion: 3144 description: Version of the schema the FieldPath 3145 is written in terms of, defaults to "v1". 3146 type: string 3147 fieldPath: 3148 description: Path of the field to select in the 3149 specified API version. 3150 type: string 3151 required: 3152 - fieldPath 3153 type: object 3154 resourceFieldRef: 3155 description: 'Selects a resource of the container: only 3156 resources limits and requests (limits.cpu, limits.memory, 3157 limits.ephemeral-storage, requests.cpu, requests.memory 3158 and requests.ephemeral-storage) are currently supported.' 3159 properties: 3160 containerName: 3161 description: 'Container name: required for volumes, 3162 optional for env vars' 3163 type: string 3164 divisor: 3165 anyOf: 3166 - type: integer 3167 - type: string 3168 description: Specifies the output format of the 3169 exposed resources, defaults to "1" 3170 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3171 x-kubernetes-int-or-string: true 3172 resource: 3173 description: 'Required: resource to select' 3174 type: string 3175 required: 3176 - resource 3177 type: object 3178 secretKeyRef: 3179 description: Selects a key of a secret in the pod's 3180 namespace 3181 properties: 3182 key: 3183 description: The key of the secret to select from. Must 3184 be a valid secret key. 3185 type: string 3186 name: 3187 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3188 TODO: Add other useful fields. apiVersion, kind, 3189 uid?' 3190 type: string 3191 optional: 3192 description: Specify whether the Secret or its key 3193 must be defined 3194 type: boolean 3195 required: 3196 - key 3197 type: object 3198 type: object 3199 required: 3200 - name 3201 type: object 3202 type: array 3203 image: 3204 pattern: '[a-zA-Z0-9\-]+' 3205 type: string 3206 imagePullPolicy: 3207 description: Image pull policy 3208 type: string 3209 imagePullSecrets: 3210 description: Image pull secrets 3211 items: 3212 type: string 3213 type: array 3214 licensingConfig: 3215 description: 'Optional: Licensing configuration for vGPU drivers' 3216 properties: 3217 configMapName: 3218 type: string 3219 type: object 3220 nodeSelector: 3221 additionalProperties: 3222 type: string 3223 description: Node selector to control the selection of nodes (optional) 3224 type: object 3225 podSecurityContext: 3226 description: 'Optional: Pod Security Context' 3227 properties: 3228 fsGroup: 3229 description: "A special supplemental group that applies to 3230 all containers in a pod. Some volume types allow the Kubelet 3231 to change the ownership of that volume to be owned by the 3232 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 3233 bit is set (new files created in the volume will be owned 3234 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 3235 \n If unset, the Kubelet will not modify the ownership and 3236 permissions of any volume." 3237 format: int64 3238 type: integer 3239 fsGroupChangePolicy: 3240 description: 'fsGroupChangePolicy defines behavior of changing 3241 ownership and permission of the volume before being exposed 3242 inside Pod. This field will only apply to volume types which 3243 support fsGroup based ownership(and permissions). It will 3244 have no effect on ephemeral volume types such as: secret, 3245 configmaps and emptydir. Valid values are "OnRootMismatch" 3246 and "Always". If not specified, "Always" is used.' 3247 type: string 3248 runAsGroup: 3249 description: The GID to run the entrypoint of the container 3250 process. Uses runtime default if unset. May also be set 3251 in SecurityContext. If set in both SecurityContext and 3252 PodSecurityContext, the value specified in SecurityContext 3253 takes precedence for that container. 3254 format: int64 3255 type: integer 3256 runAsNonRoot: 3257 description: Indicates that the container must run as a non-root 3258 user. If true, the Kubelet will validate the image at runtime 3259 to ensure that it does not run as UID 0 (root) and fail 3260 to start the container if it does. If unset or false, no 3261 such validation will be performed. May also be set in SecurityContext. If 3262 set in both SecurityContext and PodSecurityContext, the 3263 value specified in SecurityContext takes precedence. 3264 type: boolean 3265 runAsUser: 3266 description: The UID to run the entrypoint of the container 3267 process. Defaults to user specified in image metadata if 3268 unspecified. May also be set in SecurityContext. If set 3269 in both SecurityContext and PodSecurityContext, the value 3270 specified in SecurityContext takes precedence for that container. 3271 format: int64 3272 type: integer 3273 seLinuxOptions: 3274 description: The SELinux context to be applied to all containers. 3275 If unspecified, the container runtime will allocate a random 3276 SELinux context for each container. May also be set in 3277 SecurityContext. If set in both SecurityContext and PodSecurityContext, 3278 the value specified in SecurityContext takes precedence 3279 for that container. 3280 properties: 3281 level: 3282 description: Level is SELinux level label that applies 3283 to the container. 3284 type: string 3285 role: 3286 description: Role is a SELinux role label that applies 3287 to the container. 3288 type: string 3289 type: 3290 description: Type is a SELinux type label that applies 3291 to the container. 3292 type: string 3293 user: 3294 description: User is a SELinux user label that applies 3295 to the container. 3296 type: string 3297 type: object 3298 seccompProfile: 3299 description: The seccomp options to use by the containers 3300 in this pod. 3301 properties: 3302 localhostProfile: 3303 description: localhostProfile indicates a profile defined 3304 in a file on the node should be used. The profile must 3305 be preconfigured on the node to work. Must be a descending 3306 path, relative to the kubelet's configured seccomp profile 3307 location. Must only be set if type is "Localhost". 3308 type: string 3309 type: 3310 description: "type indicates which kind of seccomp profile 3311 will be applied. Valid options are: \n Localhost - a 3312 profile defined in a file on the node should be used. 3313 RuntimeDefault - the container runtime default profile 3314 should be used. Unconfined - no profile should be applied." 3315 type: string 3316 required: 3317 - type 3318 type: object 3319 supplementalGroups: 3320 description: A list of groups applied to the first process 3321 run in each container, in addition to the container's primary 3322 GID. If unspecified, no groups will be added to any container. 3323 items: 3324 format: int64 3325 type: integer 3326 type: array 3327 sysctls: 3328 description: Sysctls hold a list of namespaced sysctls used 3329 for the pod. Pods with unsupported sysctls (by the container 3330 runtime) might fail to launch. 3331 items: 3332 description: Sysctl defines a kernel parameter to be set 3333 properties: 3334 name: 3335 description: Name of a property to set 3336 type: string 3337 value: 3338 description: Value of a property to set 3339 type: string 3340 required: 3341 - name 3342 - value 3343 type: object 3344 type: array 3345 windowsOptions: 3346 description: The Windows specific settings applied to all 3347 containers. If unspecified, the options within a container's 3348 SecurityContext will be used. If set in both SecurityContext 3349 and PodSecurityContext, the value specified in SecurityContext 3350 takes precedence. 3351 properties: 3352 gmsaCredentialSpec: 3353 description: GMSACredentialSpec is where the GMSA admission 3354 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3355 inlines the contents of the GMSA credential spec named 3356 by the GMSACredentialSpecName field. 3357 type: string 3358 gmsaCredentialSpecName: 3359 description: GMSACredentialSpecName is the name of the 3360 GMSA credential spec to use. 3361 type: string 3362 runAsUserName: 3363 description: The UserName in Windows to run the entrypoint 3364 of the container process. Defaults to the user specified 3365 in image metadata if unspecified. May also be set in 3366 PodSecurityContext. If set in both SecurityContext and 3367 PodSecurityContext, the value specified in SecurityContext 3368 takes precedence. 3369 type: string 3370 type: object 3371 type: object 3372 repoConfig: 3373 description: 'Optional: Custom repo configuration for driver container' 3374 properties: 3375 configMapName: 3376 type: string 3377 destinationDir: 3378 type: string 3379 type: object 3380 repository: 3381 pattern: '[a-zA-Z0-9\.\-\/]+' 3382 type: string 3383 resources: 3384 description: 'Optional: Define resources requests and limits for 3385 each pod' 3386 properties: 3387 limits: 3388 additionalProperties: 3389 anyOf: 3390 - type: integer 3391 - type: string 3392 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3393 x-kubernetes-int-or-string: true 3394 description: 'Limits describes the maximum amount of compute 3395 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3396 type: object 3397 requests: 3398 additionalProperties: 3399 anyOf: 3400 - type: integer 3401 - type: string 3402 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3403 x-kubernetes-int-or-string: true 3404 description: 'Requests describes the minimum amount of compute 3405 resources required. If Requests is omitted for a container, 3406 it defaults to Limits if that is explicitly specified, otherwise 3407 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 3408 type: object 3409 type: object 3410 securityContext: 3411 description: 'Optional: Security Context' 3412 properties: 3413 allowPrivilegeEscalation: 3414 description: 'AllowPrivilegeEscalation controls whether a 3415 process can gain more privileges than its parent process. 3416 This bool directly controls if the no_new_privs flag will 3417 be set on the container process. AllowPrivilegeEscalation 3418 is true always when the container is: 1) run as Privileged 3419 2) has CAP_SYS_ADMIN' 3420 type: boolean 3421 capabilities: 3422 description: The capabilities to add/drop when running containers. 3423 Defaults to the default set of capabilities granted by the 3424 container runtime. 3425 properties: 3426 add: 3427 description: Added capabilities 3428 items: 3429 description: Capability represent POSIX capabilities 3430 type 3431 type: string 3432 type: array 3433 drop: 3434 description: Removed capabilities 3435 items: 3436 description: Capability represent POSIX capabilities 3437 type 3438 type: string 3439 type: array 3440 type: object 3441 privileged: 3442 description: Run container in privileged mode. Processes in 3443 privileged containers are essentially equivalent to root 3444 on the host. Defaults to false. 3445 type: boolean 3446 procMount: 3447 description: procMount denotes the type of proc mount to use 3448 for the containers. The default is DefaultProcMount which 3449 uses the container runtime defaults for readonly paths and 3450 masked paths. This requires the ProcMountType feature flag 3451 to be enabled. 3452 type: string 3453 readOnlyRootFilesystem: 3454 description: Whether this container has a read-only root filesystem. 3455 Default is false. 3456 type: boolean 3457 runAsGroup: 3458 description: The GID to run the entrypoint of the container 3459 process. Uses runtime default if unset. May also be set 3460 in PodSecurityContext. If set in both SecurityContext and 3461 PodSecurityContext, the value specified in SecurityContext 3462 takes precedence. 3463 format: int64 3464 type: integer 3465 runAsNonRoot: 3466 description: Indicates that the container must run as a non-root 3467 user. If true, the Kubelet will validate the image at runtime 3468 to ensure that it does not run as UID 0 (root) and fail 3469 to start the container if it does. If unset or false, no 3470 such validation will be performed. May also be set in PodSecurityContext. If 3471 set in both SecurityContext and PodSecurityContext, the 3472 value specified in SecurityContext takes precedence. 3473 type: boolean 3474 runAsUser: 3475 description: The UID to run the entrypoint of the container 3476 process. Defaults to user specified in image metadata if 3477 unspecified. May also be set in PodSecurityContext. If 3478 set in both SecurityContext and PodSecurityContext, the 3479 value specified in SecurityContext takes precedence. 3480 format: int64 3481 type: integer 3482 seLinuxOptions: 3483 description: The SELinux context to be applied to the container. 3484 If unspecified, the container runtime will allocate a random 3485 SELinux context for each container. May also be set in 3486 PodSecurityContext. If set in both SecurityContext and 3487 PodSecurityContext, the value specified in SecurityContext 3488 takes precedence. 3489 properties: 3490 level: 3491 description: Level is SELinux level label that applies 3492 to the container. 3493 type: string 3494 role: 3495 description: Role is a SELinux role label that applies 3496 to the container. 3497 type: string 3498 type: 3499 description: Type is a SELinux type label that applies 3500 to the container. 3501 type: string 3502 user: 3503 description: User is a SELinux user label that applies 3504 to the container. 3505 type: string 3506 type: object 3507 seccompProfile: 3508 description: The seccomp options to use by this container. 3509 If seccomp options are provided at both the pod & container 3510 level, the container options override the pod options. 3511 properties: 3512 localhostProfile: 3513 description: localhostProfile indicates a profile defined 3514 in a file on the node should be used. The profile must 3515 be preconfigured on the node to work. Must be a descending 3516 path, relative to the kubelet's configured seccomp profile 3517 location. Must only be set if type is "Localhost". 3518 type: string 3519 type: 3520 description: "type indicates which kind of seccomp profile 3521 will be applied. Valid options are: \n Localhost - a 3522 profile defined in a file on the node should be used. 3523 RuntimeDefault - the container runtime default profile 3524 should be used. Unconfined - no profile should be applied." 3525 type: string 3526 required: 3527 - type 3528 type: object 3529 windowsOptions: 3530 description: The Windows specific settings applied to all 3531 containers. If unspecified, the options from the PodSecurityContext 3532 will be used. If set in both SecurityContext and PodSecurityContext, 3533 the value specified in SecurityContext takes precedence. 3534 properties: 3535 gmsaCredentialSpec: 3536 description: GMSACredentialSpec is where the GMSA admission 3537 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 3538 inlines the contents of the GMSA credential spec named 3539 by the GMSACredentialSpecName field. 3540 type: string 3541 gmsaCredentialSpecName: 3542 description: GMSACredentialSpecName is the name of the 3543 GMSA credential spec to use. 3544 type: string 3545 runAsUserName: 3546 description: The UserName in Windows to run the entrypoint 3547 of the container process. Defaults to the user specified 3548 in image metadata if unspecified. May also be set in 3549 PodSecurityContext. If set in both SecurityContext and 3550 PodSecurityContext, the value specified in SecurityContext 3551 takes precedence. 3552 type: string 3553 type: object 3554 type: object 3555 tolerations: 3556 description: 'Optional: Set tolerations' 3557 items: 3558 description: The pod this Toleration is attached to tolerates 3559 any taint that matches the triple <key,value,effect> using 3560 the matching operator <operator>. 3561 properties: 3562 effect: 3563 description: Effect indicates the taint effect to match. 3564 Empty means match all taint effects. When specified, allowed 3565 values are NoSchedule, PreferNoSchedule and NoExecute. 3566 type: string 3567 key: 3568 description: Key is the taint key that the toleration applies 3569 to. Empty means match all taint keys. If the key is empty, 3570 operator must be Exists; this combination means to match 3571 all values and all keys. 3572 type: string 3573 operator: 3574 description: Operator represents a key's relationship to 3575 the value. Valid operators are Exists and Equal. Defaults 3576 to Equal. Exists is equivalent to wildcard for value, 3577 so that a pod can tolerate all taints of a particular 3578 category. 3579 type: string 3580 tolerationSeconds: 3581 description: TolerationSeconds represents the period of 3582 time the toleration (which must be of effect NoExecute, 3583 otherwise this field is ignored) tolerates the taint. 3584 By default, it is not set, which means tolerate the taint 3585 forever (do not evict). Zero and negative values will 3586 be treated as 0 (evict immediately) by the system. 3587 format: int64 3588 type: integer 3589 value: 3590 description: Value is the taint value the toleration matches 3591 to. If the operator is Exists, the value should be empty, 3592 otherwise just a regular string. 3593 type: string 3594 type: object 3595 type: array 3596 version: 3597 pattern: '[a-zA-Z0-9\.-]+' 3598 type: string 3599 required: 3600 - image 3601 - repository 3602 - version 3603 type: object 3604 gfd: 3605 description: GPUFeatureDiscovery spec 3606 properties: 3607 affinity: 3608 description: 'Optional: Set Node affinity' 3609 properties: 3610 nodeAffinity: 3611 description: Describes node affinity scheduling rules for 3612 the pod. 3613 properties: 3614 preferredDuringSchedulingIgnoredDuringExecution: 3615 description: The scheduler will prefer to schedule pods 3616 to nodes that satisfy the affinity expressions specified 3617 by this field, but it may choose a node that violates 3618 one or more of the expressions. The node that is most 3619 preferred is the one with the greatest sum of weights, 3620 i.e. for each node that meets all of the scheduling 3621 requirements (resource request, requiredDuringScheduling 3622 affinity expressions, etc.), compute a sum by iterating 3623 through the elements of this field and adding "weight" 3624 to the sum if the node matches the corresponding matchExpressions; 3625 the node(s) with the highest sum are the most preferred. 3626 items: 3627 description: An empty preferred scheduling term matches 3628 all objects with implicit weight 0 (i.e. it's a no-op). 3629 A null preferred scheduling term matches no objects 3630 (i.e. is also a no-op). 3631 properties: 3632 preference: 3633 description: A node selector term, associated with 3634 the corresponding weight. 3635 properties: 3636 matchExpressions: 3637 description: A list of node selector requirements 3638 by node's labels. 3639 items: 3640 description: A node selector requirement is 3641 a selector that contains values, a key, 3642 and an operator that relates the key and 3643 values. 3644 properties: 3645 key: 3646 description: The label key that the selector 3647 applies to. 3648 type: string 3649 operator: 3650 description: Represents a key's relationship 3651 to a set of values. Valid operators 3652 are In, NotIn, Exists, DoesNotExist. 3653 Gt, and Lt. 3654 type: string 3655 values: 3656 description: An array of string values. 3657 If the operator is In or NotIn, the 3658 values array must be non-empty. If the 3659 operator is Exists or DoesNotExist, 3660 the values array must be empty. If the 3661 operator is Gt or Lt, the values array 3662 must have a single element, which will 3663 be interpreted as an integer. This array 3664 is replaced during a strategic merge 3665 patch. 3666 items: 3667 type: string 3668 type: array 3669 required: 3670 - key 3671 - operator 3672 type: object 3673 type: array 3674 matchFields: 3675 description: A list of node selector requirements 3676 by node's fields. 3677 items: 3678 description: A node selector requirement is 3679 a selector that contains values, a key, 3680 and an operator that relates the key and 3681 values. 3682 properties: 3683 key: 3684 description: The label key that the selector 3685 applies to. 3686 type: string 3687 operator: 3688 description: Represents a key's relationship 3689 to a set of values. Valid operators 3690 are In, NotIn, Exists, DoesNotExist. 3691 Gt, and Lt. 3692 type: string 3693 values: 3694 description: An array of string values. 3695 If the operator is In or NotIn, the 3696 values array must be non-empty. If the 3697 operator is Exists or DoesNotExist, 3698 the values array must be empty. If the 3699 operator is Gt or Lt, the values array 3700 must have a single element, which will 3701 be interpreted as an integer. This array 3702 is replaced during a strategic merge 3703 patch. 3704 items: 3705 type: string 3706 type: array 3707 required: 3708 - key 3709 - operator 3710 type: object 3711 type: array 3712 type: object 3713 weight: 3714 description: Weight associated with matching the 3715 corresponding nodeSelectorTerm, in the range 1-100. 3716 format: int32 3717 type: integer 3718 required: 3719 - preference 3720 - weight 3721 type: object 3722 type: array 3723 requiredDuringSchedulingIgnoredDuringExecution: 3724 description: If the affinity requirements specified by 3725 this field are not met at scheduling time, the pod will 3726 not be scheduled onto the node. If the affinity requirements 3727 specified by this field cease to be met at some point 3728 during pod execution (e.g. due to an update), the system 3729 may or may not try to eventually evict the pod from 3730 its node. 3731 properties: 3732 nodeSelectorTerms: 3733 description: Required. A list of node selector terms. 3734 The terms are ORed. 3735 items: 3736 description: A null or empty node selector term 3737 matches no objects. The requirements of them are 3738 ANDed. The TopologySelectorTerm type implements 3739 a subset of the NodeSelectorTerm. 3740 properties: 3741 matchExpressions: 3742 description: A list of node selector requirements 3743 by node's labels. 3744 items: 3745 description: A node selector requirement is 3746 a selector that contains values, a key, 3747 and an operator that relates the key and 3748 values. 3749 properties: 3750 key: 3751 description: The label key that the selector 3752 applies to. 3753 type: string 3754 operator: 3755 description: Represents a key's relationship 3756 to a set of values. Valid operators 3757 are In, NotIn, Exists, DoesNotExist. 3758 Gt, and Lt. 3759 type: string 3760 values: 3761 description: An array of string values. 3762 If the operator is In or NotIn, the 3763 values array must be non-empty. If the 3764 operator is Exists or DoesNotExist, 3765 the values array must be empty. If the 3766 operator is Gt or Lt, the values array 3767 must have a single element, which will 3768 be interpreted as an integer. This array 3769 is replaced during a strategic merge 3770 patch. 3771 items: 3772 type: string 3773 type: array 3774 required: 3775 - key 3776 - operator 3777 type: object 3778 type: array 3779 matchFields: 3780 description: A list of node selector requirements 3781 by node's fields. 3782 items: 3783 description: A node selector requirement is 3784 a selector that contains values, a key, 3785 and an operator that relates the key and 3786 values. 3787 properties: 3788 key: 3789 description: The label key that the selector 3790 applies to. 3791 type: string 3792 operator: 3793 description: Represents a key's relationship 3794 to a set of values. Valid operators 3795 are In, NotIn, Exists, DoesNotExist. 3796 Gt, and Lt. 3797 type: string 3798 values: 3799 description: An array of string values. 3800 If the operator is In or NotIn, the 3801 values array must be non-empty. If the 3802 operator is Exists or DoesNotExist, 3803 the values array must be empty. If the 3804 operator is Gt or Lt, the values array 3805 must have a single element, which will 3806 be interpreted as an integer. This array 3807 is replaced during a strategic merge 3808 patch. 3809 items: 3810 type: string 3811 type: array 3812 required: 3813 - key 3814 - operator 3815 type: object 3816 type: array 3817 type: object 3818 type: array 3819 required: 3820 - nodeSelectorTerms 3821 type: object 3822 type: object 3823 podAffinity: 3824 description: Describes pod affinity scheduling rules (e.g. 3825 co-locate this pod in the same node, zone, etc. as some 3826 other pod(s)). 3827 properties: 3828 preferredDuringSchedulingIgnoredDuringExecution: 3829 description: The scheduler will prefer to schedule pods 3830 to nodes that satisfy the affinity expressions specified 3831 by this field, but it may choose a node that violates 3832 one or more of the expressions. The node that is most 3833 preferred is the one with the greatest sum of weights, 3834 i.e. for each node that meets all of the scheduling 3835 requirements (resource request, requiredDuringScheduling 3836 affinity expressions, etc.), compute a sum by iterating 3837 through the elements of this field and adding "weight" 3838 to the sum if the node has pods which matches the corresponding 3839 podAffinityTerm; the node(s) with the highest sum are 3840 the most preferred. 3841 items: 3842 description: The weights of all of the matched WeightedPodAffinityTerm 3843 fields are added per-node to find the most preferred 3844 node(s) 3845 properties: 3846 podAffinityTerm: 3847 description: Required. A pod affinity term, associated 3848 with the corresponding weight. 3849 properties: 3850 labelSelector: 3851 description: A label query over a set of resources, 3852 in this case pods. 3853 properties: 3854 matchExpressions: 3855 description: matchExpressions is a list 3856 of label selector requirements. The requirements 3857 are ANDed. 3858 items: 3859 description: A label selector requirement 3860 is a selector that contains values, 3861 a key, and an operator that relates 3862 the key and values. 3863 properties: 3864 key: 3865 description: key is the label key 3866 that the selector applies to. 3867 type: string 3868 operator: 3869 description: operator represents a 3870 key's relationship to a set of values. 3871 Valid operators are In, NotIn, Exists 3872 and DoesNotExist. 3873 type: string 3874 values: 3875 description: values is an array of 3876 string values. If the operator is 3877 In or NotIn, the values array must 3878 be non-empty. If the operator is 3879 Exists or DoesNotExist, the values 3880 array must be empty. This array 3881 is replaced during a strategic merge 3882 patch. 3883 items: 3884 type: string 3885 type: array 3886 required: 3887 - key 3888 - operator 3889 type: object 3890 type: array 3891 matchLabels: 3892 additionalProperties: 3893 type: string 3894 description: matchLabels is a map of {key,value} 3895 pairs. A single {key,value} in the matchLabels 3896 map is equivalent to an element of matchExpressions, 3897 whose key field is "key", the operator 3898 is "In", and the values array contains 3899 only "value". The requirements are ANDed. 3900 type: object 3901 type: object 3902 namespaces: 3903 description: namespaces specifies which namespaces 3904 the labelSelector applies to (matches against); 3905 null or empty list means "this pod's namespace" 3906 items: 3907 type: string 3908 type: array 3909 topologyKey: 3910 description: This pod should be co-located (affinity) 3911 or not co-located (anti-affinity) with the 3912 pods matching the labelSelector in the specified 3913 namespaces, where co-located is defined as 3914 running on a node whose value of the label 3915 with key topologyKey matches that of any node 3916 on which any of the selected pods is running. 3917 Empty topologyKey is not allowed. 3918 type: string 3919 required: 3920 - topologyKey 3921 type: object 3922 weight: 3923 description: weight associated with matching the 3924 corresponding podAffinityTerm, in the range 1-100. 3925 format: int32 3926 type: integer 3927 required: 3928 - podAffinityTerm 3929 - weight 3930 type: object 3931 type: array 3932 requiredDuringSchedulingIgnoredDuringExecution: 3933 description: If the affinity requirements specified by 3934 this field are not met at scheduling time, the pod will 3935 not be scheduled onto the node. If the affinity requirements 3936 specified by this field cease to be met at some point 3937 during pod execution (e.g. due to a pod label update), 3938 the system may or may not try to eventually evict the 3939 pod from its node. When there are multiple elements, 3940 the lists of nodes corresponding to each podAffinityTerm 3941 are intersected, i.e. all terms must be satisfied. 3942 items: 3943 description: Defines a set of pods (namely those matching 3944 the labelSelector relative to the given namespace(s)) 3945 that this pod should be co-located (affinity) or not 3946 co-located (anti-affinity) with, where co-located 3947 is defined as running on a node whose value of the 3948 label with key <topologyKey> matches that of any node 3949 on which a pod of the set of pods is running 3950 properties: 3951 labelSelector: 3952 description: A label query over a set of resources, 3953 in this case pods. 3954 properties: 3955 matchExpressions: 3956 description: matchExpressions is a list of label 3957 selector requirements. The requirements are 3958 ANDed. 3959 items: 3960 description: A label selector requirement 3961 is a selector that contains values, a key, 3962 and an operator that relates the key and 3963 values. 3964 properties: 3965 key: 3966 description: key is the label key that 3967 the selector applies to. 3968 type: string 3969 operator: 3970 description: operator represents a key's 3971 relationship to a set of values. Valid 3972 operators are In, NotIn, Exists and 3973 DoesNotExist. 3974 type: string 3975 values: 3976 description: values is an array of string 3977 values. If the operator is In or NotIn, 3978 the values array must be non-empty. 3979 If the operator is Exists or DoesNotExist, 3980 the values array must be empty. This 3981 array is replaced during a strategic 3982 merge patch. 3983 items: 3984 type: string 3985 type: array 3986 required: 3987 - key 3988 - operator 3989 type: object 3990 type: array 3991 matchLabels: 3992 additionalProperties: 3993 type: string 3994 description: matchLabels is a map of {key,value} 3995 pairs. A single {key,value} in the matchLabels 3996 map is equivalent to an element of matchExpressions, 3997 whose key field is "key", the operator is 3998 "In", and the values array contains only "value". 3999 The requirements are ANDed. 4000 type: object 4001 type: object 4002 namespaces: 4003 description: namespaces specifies which namespaces 4004 the labelSelector applies to (matches against); 4005 null or empty list means "this pod's namespace" 4006 items: 4007 type: string 4008 type: array 4009 topologyKey: 4010 description: This pod should be co-located (affinity) 4011 or not co-located (anti-affinity) with the pods 4012 matching the labelSelector in the specified namespaces, 4013 where co-located is defined as running on a node 4014 whose value of the label with key topologyKey 4015 matches that of any node on which any of the selected 4016 pods is running. Empty topologyKey is not allowed. 4017 type: string 4018 required: 4019 - topologyKey 4020 type: object 4021 type: array 4022 type: object 4023 podAntiAffinity: 4024 description: Describes pod anti-affinity scheduling rules 4025 (e.g. avoid putting this pod in the same node, zone, etc. 4026 as some other pod(s)). 4027 properties: 4028 preferredDuringSchedulingIgnoredDuringExecution: 4029 description: The scheduler will prefer to schedule pods 4030 to nodes that satisfy the anti-affinity expressions 4031 specified by this field, but it may choose a node that 4032 violates one or more of the expressions. The node that 4033 is most preferred is the one with the greatest sum of 4034 weights, i.e. for each node that meets all of the scheduling 4035 requirements (resource request, requiredDuringScheduling 4036 anti-affinity expressions, etc.), compute a sum by iterating 4037 through the elements of this field and adding "weight" 4038 to the sum if the node has pods which matches the corresponding 4039 podAffinityTerm; the node(s) with the highest sum are 4040 the most preferred. 4041 items: 4042 description: The weights of all of the matched WeightedPodAffinityTerm 4043 fields are added per-node to find the most preferred 4044 node(s) 4045 properties: 4046 podAffinityTerm: 4047 description: Required. A pod affinity term, associated 4048 with the corresponding weight. 4049 properties: 4050 labelSelector: 4051 description: A label query over a set of resources, 4052 in this case pods. 4053 properties: 4054 matchExpressions: 4055 description: matchExpressions is a list 4056 of label selector requirements. The requirements 4057 are ANDed. 4058 items: 4059 description: A label selector requirement 4060 is a selector that contains values, 4061 a key, and an operator that relates 4062 the key and values. 4063 properties: 4064 key: 4065 description: key is the label key 4066 that the selector applies to. 4067 type: string 4068 operator: 4069 description: operator represents a 4070 key's relationship to a set of values. 4071 Valid operators are In, NotIn, Exists 4072 and DoesNotExist. 4073 type: string 4074 values: 4075 description: values is an array of 4076 string values. If the operator is 4077 In or NotIn, the values array must 4078 be non-empty. If the operator is 4079 Exists or DoesNotExist, the values 4080 array must be empty. This array 4081 is replaced during a strategic merge 4082 patch. 4083 items: 4084 type: string 4085 type: array 4086 required: 4087 - key 4088 - operator 4089 type: object 4090 type: array 4091 matchLabels: 4092 additionalProperties: 4093 type: string 4094 description: matchLabels is a map of {key,value} 4095 pairs. A single {key,value} in the matchLabels 4096 map is equivalent to an element of matchExpressions, 4097 whose key field is "key", the operator 4098 is "In", and the values array contains 4099 only "value". The requirements are ANDed. 4100 type: object 4101 type: object 4102 namespaces: 4103 description: namespaces specifies which namespaces 4104 the labelSelector applies to (matches against); 4105 null or empty list means "this pod's namespace" 4106 items: 4107 type: string 4108 type: array 4109 topologyKey: 4110 description: This pod should be co-located (affinity) 4111 or not co-located (anti-affinity) with the 4112 pods matching the labelSelector in the specified 4113 namespaces, where co-located is defined as 4114 running on a node whose value of the label 4115 with key topologyKey matches that of any node 4116 on which any of the selected pods is running. 4117 Empty topologyKey is not allowed. 4118 type: string 4119 required: 4120 - topologyKey 4121 type: object 4122 weight: 4123 description: weight associated with matching the 4124 corresponding podAffinityTerm, in the range 1-100. 4125 format: int32 4126 type: integer 4127 required: 4128 - podAffinityTerm 4129 - weight 4130 type: object 4131 type: array 4132 requiredDuringSchedulingIgnoredDuringExecution: 4133 description: If the anti-affinity requirements specified 4134 by this field are not met at scheduling time, the pod 4135 will not be scheduled onto the node. If the anti-affinity 4136 requirements specified by this field cease to be met 4137 at some point during pod execution (e.g. due to a pod 4138 label update), the system may or may not try to eventually 4139 evict the pod from its node. When there are multiple 4140 elements, the lists of nodes corresponding to each podAffinityTerm 4141 are intersected, i.e. all terms must be satisfied. 4142 items: 4143 description: Defines a set of pods (namely those matching 4144 the labelSelector relative to the given namespace(s)) 4145 that this pod should be co-located (affinity) or not 4146 co-located (anti-affinity) with, where co-located 4147 is defined as running on a node whose value of the 4148 label with key <topologyKey> matches that of any node 4149 on which a pod of the set of pods is running 4150 properties: 4151 labelSelector: 4152 description: A label query over a set of resources, 4153 in this case pods. 4154 properties: 4155 matchExpressions: 4156 description: matchExpressions is a list of label 4157 selector requirements. The requirements are 4158 ANDed. 4159 items: 4160 description: A label selector requirement 4161 is a selector that contains values, a key, 4162 and an operator that relates the key and 4163 values. 4164 properties: 4165 key: 4166 description: key is the label key that 4167 the selector applies to. 4168 type: string 4169 operator: 4170 description: operator represents a key's 4171 relationship to a set of values. Valid 4172 operators are In, NotIn, Exists and 4173 DoesNotExist. 4174 type: string 4175 values: 4176 description: values is an array of string 4177 values. If the operator is In or NotIn, 4178 the values array must be non-empty. 4179 If the operator is Exists or DoesNotExist, 4180 the values array must be empty. This 4181 array is replaced during a strategic 4182 merge patch. 4183 items: 4184 type: string 4185 type: array 4186 required: 4187 - key 4188 - operator 4189 type: object 4190 type: array 4191 matchLabels: 4192 additionalProperties: 4193 type: string 4194 description: matchLabels is a map of {key,value} 4195 pairs. A single {key,value} in the matchLabels 4196 map is equivalent to an element of matchExpressions, 4197 whose key field is "key", the operator is 4198 "In", and the values array contains only "value". 4199 The requirements are ANDed. 4200 type: object 4201 type: object 4202 namespaces: 4203 description: namespaces specifies which namespaces 4204 the labelSelector applies to (matches against); 4205 null or empty list means "this pod's namespace" 4206 items: 4207 type: string 4208 type: array 4209 topologyKey: 4210 description: This pod should be co-located (affinity) 4211 or not co-located (anti-affinity) with the pods 4212 matching the labelSelector in the specified namespaces, 4213 where co-located is defined as running on a node 4214 whose value of the label with key topologyKey 4215 matches that of any node on which any of the selected 4216 pods is running. Empty topologyKey is not allowed. 4217 type: string 4218 required: 4219 - topologyKey 4220 type: object 4221 type: array 4222 type: object 4223 type: object 4224 args: 4225 description: 'Optional: List of arguments' 4226 items: 4227 type: string 4228 type: array 4229 discoveryIntervalSeconds: 4230 description: 'Optional: Discovery Interval for GPU feature discovery 4231 plugin' 4232 type: integer 4233 env: 4234 description: 'Optional: List of environment variables' 4235 items: 4236 description: EnvVar represents an environment variable present 4237 in a Container. 4238 properties: 4239 name: 4240 description: Name of the environment variable. Must be a 4241 C_IDENTIFIER. 4242 type: string 4243 value: 4244 description: 'Variable references $(VAR_NAME) are expanded 4245 using the previous defined environment variables in the 4246 container and any service environment variables. If a 4247 variable cannot be resolved, the reference in the input 4248 string will be unchanged. The $(VAR_NAME) syntax can be 4249 escaped with a double $$, ie: $$(VAR_NAME). Escaped references 4250 will never be expanded, regardless of whether the variable 4251 exists or not. Defaults to "".' 4252 type: string 4253 valueFrom: 4254 description: Source for the environment variable's value. 4255 Cannot be used if value is not empty. 4256 properties: 4257 configMapKeyRef: 4258 description: Selects a key of a ConfigMap. 4259 properties: 4260 key: 4261 description: The key to select. 4262 type: string 4263 name: 4264 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4265 TODO: Add other useful fields. apiVersion, kind, 4266 uid?' 4267 type: string 4268 optional: 4269 description: Specify whether the ConfigMap or its 4270 key must be defined 4271 type: boolean 4272 required: 4273 - key 4274 type: object 4275 fieldRef: 4276 description: 'Selects a field of the pod: supports metadata.name, 4277 metadata.namespace, `metadata.labels[''<KEY>'']`, 4278 `metadata.annotations[''<KEY>'']`, spec.nodeName, 4279 spec.serviceAccountName, status.hostIP, status.podIP, 4280 status.podIPs.' 4281 properties: 4282 apiVersion: 4283 description: Version of the schema the FieldPath 4284 is written in terms of, defaults to "v1". 4285 type: string 4286 fieldPath: 4287 description: Path of the field to select in the 4288 specified API version. 4289 type: string 4290 required: 4291 - fieldPath 4292 type: object 4293 resourceFieldRef: 4294 description: 'Selects a resource of the container: only 4295 resources limits and requests (limits.cpu, limits.memory, 4296 limits.ephemeral-storage, requests.cpu, requests.memory 4297 and requests.ephemeral-storage) are currently supported.' 4298 properties: 4299 containerName: 4300 description: 'Container name: required for volumes, 4301 optional for env vars' 4302 type: string 4303 divisor: 4304 anyOf: 4305 - type: integer 4306 - type: string 4307 description: Specifies the output format of the 4308 exposed resources, defaults to "1" 4309 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4310 x-kubernetes-int-or-string: true 4311 resource: 4312 description: 'Required: resource to select' 4313 type: string 4314 required: 4315 - resource 4316 type: object 4317 secretKeyRef: 4318 description: Selects a key of a secret in the pod's 4319 namespace 4320 properties: 4321 key: 4322 description: The key of the secret to select from. Must 4323 be a valid secret key. 4324 type: string 4325 name: 4326 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4327 TODO: Add other useful fields. apiVersion, kind, 4328 uid?' 4329 type: string 4330 optional: 4331 description: Specify whether the Secret or its key 4332 must be defined 4333 type: boolean 4334 required: 4335 - key 4336 type: object 4337 type: object 4338 required: 4339 - name 4340 type: object 4341 type: array 4342 image: 4343 pattern: '[a-zA-Z0-9\-]+' 4344 type: string 4345 imagePullPolicy: 4346 description: Image pull policy 4347 type: string 4348 imagePullSecrets: 4349 description: Image pull secrets 4350 items: 4351 type: string 4352 type: array 4353 migStrategy: 4354 description: 'Optional: MigStrategy for GPU feature discovery 4355 plugin' 4356 enum: 4357 - none 4358 - single 4359 - mixed 4360 type: string 4361 nodeSelector: 4362 additionalProperties: 4363 type: string 4364 description: Node selector to control the selection of nodes (optional) 4365 type: object 4366 podSecurityContext: 4367 description: 'Optional: Pod Security Context' 4368 properties: 4369 fsGroup: 4370 description: "A special supplemental group that applies to 4371 all containers in a pod. Some volume types allow the Kubelet 4372 to change the ownership of that volume to be owned by the 4373 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 4374 bit is set (new files created in the volume will be owned 4375 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 4376 \n If unset, the Kubelet will not modify the ownership and 4377 permissions of any volume." 4378 format: int64 4379 type: integer 4380 fsGroupChangePolicy: 4381 description: 'fsGroupChangePolicy defines behavior of changing 4382 ownership and permission of the volume before being exposed 4383 inside Pod. This field will only apply to volume types which 4384 support fsGroup based ownership(and permissions). It will 4385 have no effect on ephemeral volume types such as: secret, 4386 configmaps and emptydir. Valid values are "OnRootMismatch" 4387 and "Always". If not specified, "Always" is used.' 4388 type: string 4389 runAsGroup: 4390 description: The GID to run the entrypoint of the container 4391 process. Uses runtime default if unset. May also be set 4392 in SecurityContext. If set in both SecurityContext and 4393 PodSecurityContext, the value specified in SecurityContext 4394 takes precedence for that container. 4395 format: int64 4396 type: integer 4397 runAsNonRoot: 4398 description: Indicates that the container must run as a non-root 4399 user. If true, the Kubelet will validate the image at runtime 4400 to ensure that it does not run as UID 0 (root) and fail 4401 to start the container if it does. If unset or false, no 4402 such validation will be performed. May also be set in SecurityContext. If 4403 set in both SecurityContext and PodSecurityContext, the 4404 value specified in SecurityContext takes precedence. 4405 type: boolean 4406 runAsUser: 4407 description: The UID to run the entrypoint of the container 4408 process. Defaults to user specified in image metadata if 4409 unspecified. May also be set in SecurityContext. If set 4410 in both SecurityContext and PodSecurityContext, the value 4411 specified in SecurityContext takes precedence for that container. 4412 format: int64 4413 type: integer 4414 seLinuxOptions: 4415 description: The SELinux context to be applied to all containers. 4416 If unspecified, the container runtime will allocate a random 4417 SELinux context for each container. May also be set in 4418 SecurityContext. If set in both SecurityContext and PodSecurityContext, 4419 the value specified in SecurityContext takes precedence 4420 for that container. 4421 properties: 4422 level: 4423 description: Level is SELinux level label that applies 4424 to the container. 4425 type: string 4426 role: 4427 description: Role is a SELinux role label that applies 4428 to the container. 4429 type: string 4430 type: 4431 description: Type is a SELinux type label that applies 4432 to the container. 4433 type: string 4434 user: 4435 description: User is a SELinux user label that applies 4436 to the container. 4437 type: string 4438 type: object 4439 seccompProfile: 4440 description: The seccomp options to use by the containers 4441 in this pod. 4442 properties: 4443 localhostProfile: 4444 description: localhostProfile indicates a profile defined 4445 in a file on the node should be used. The profile must 4446 be preconfigured on the node to work. Must be a descending 4447 path, relative to the kubelet's configured seccomp profile 4448 location. Must only be set if type is "Localhost". 4449 type: string 4450 type: 4451 description: "type indicates which kind of seccomp profile 4452 will be applied. Valid options are: \n Localhost - a 4453 profile defined in a file on the node should be used. 4454 RuntimeDefault - the container runtime default profile 4455 should be used. Unconfined - no profile should be applied." 4456 type: string 4457 required: 4458 - type 4459 type: object 4460 supplementalGroups: 4461 description: A list of groups applied to the first process 4462 run in each container, in addition to the container's primary 4463 GID. If unspecified, no groups will be added to any container. 4464 items: 4465 format: int64 4466 type: integer 4467 type: array 4468 sysctls: 4469 description: Sysctls hold a list of namespaced sysctls used 4470 for the pod. Pods with unsupported sysctls (by the container 4471 runtime) might fail to launch. 4472 items: 4473 description: Sysctl defines a kernel parameter to be set 4474 properties: 4475 name: 4476 description: Name of a property to set 4477 type: string 4478 value: 4479 description: Value of a property to set 4480 type: string 4481 required: 4482 - name 4483 - value 4484 type: object 4485 type: array 4486 windowsOptions: 4487 description: The Windows specific settings applied to all 4488 containers. If unspecified, the options within a container's 4489 SecurityContext will be used. If set in both SecurityContext 4490 and PodSecurityContext, the value specified in SecurityContext 4491 takes precedence. 4492 properties: 4493 gmsaCredentialSpec: 4494 description: GMSACredentialSpec is where the GMSA admission 4495 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4496 inlines the contents of the GMSA credential spec named 4497 by the GMSACredentialSpecName field. 4498 type: string 4499 gmsaCredentialSpecName: 4500 description: GMSACredentialSpecName is the name of the 4501 GMSA credential spec to use. 4502 type: string 4503 runAsUserName: 4504 description: The UserName in Windows to run the entrypoint 4505 of the container process. Defaults to the user specified 4506 in image metadata if unspecified. May also be set in 4507 PodSecurityContext. If set in both SecurityContext and 4508 PodSecurityContext, the value specified in SecurityContext 4509 takes precedence. 4510 type: string 4511 type: object 4512 type: object 4513 repository: 4514 pattern: '[a-zA-Z0-9\.\-\/]+' 4515 type: string 4516 resources: 4517 description: 'Optional: Define resources requests and limits for 4518 each pod' 4519 properties: 4520 limits: 4521 additionalProperties: 4522 anyOf: 4523 - type: integer 4524 - type: string 4525 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4526 x-kubernetes-int-or-string: true 4527 description: 'Limits describes the maximum amount of compute 4528 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4529 type: object 4530 requests: 4531 additionalProperties: 4532 anyOf: 4533 - type: integer 4534 - type: string 4535 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4536 x-kubernetes-int-or-string: true 4537 description: 'Requests describes the minimum amount of compute 4538 resources required. If Requests is omitted for a container, 4539 it defaults to Limits if that is explicitly specified, otherwise 4540 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 4541 type: object 4542 type: object 4543 securityContext: 4544 description: 'Optional: Security Context' 4545 properties: 4546 allowPrivilegeEscalation: 4547 description: 'AllowPrivilegeEscalation controls whether a 4548 process can gain more privileges than its parent process. 4549 This bool directly controls if the no_new_privs flag will 4550 be set on the container process. AllowPrivilegeEscalation 4551 is true always when the container is: 1) run as Privileged 4552 2) has CAP_SYS_ADMIN' 4553 type: boolean 4554 capabilities: 4555 description: The capabilities to add/drop when running containers. 4556 Defaults to the default set of capabilities granted by the 4557 container runtime. 4558 properties: 4559 add: 4560 description: Added capabilities 4561 items: 4562 description: Capability represent POSIX capabilities 4563 type 4564 type: string 4565 type: array 4566 drop: 4567 description: Removed capabilities 4568 items: 4569 description: Capability represent POSIX capabilities 4570 type 4571 type: string 4572 type: array 4573 type: object 4574 privileged: 4575 description: Run container in privileged mode. Processes in 4576 privileged containers are essentially equivalent to root 4577 on the host. Defaults to false. 4578 type: boolean 4579 procMount: 4580 description: procMount denotes the type of proc mount to use 4581 for the containers. The default is DefaultProcMount which 4582 uses the container runtime defaults for readonly paths and 4583 masked paths. This requires the ProcMountType feature flag 4584 to be enabled. 4585 type: string 4586 readOnlyRootFilesystem: 4587 description: Whether this container has a read-only root filesystem. 4588 Default is false. 4589 type: boolean 4590 runAsGroup: 4591 description: The GID to run the entrypoint of the container 4592 process. Uses runtime default if unset. May also be set 4593 in PodSecurityContext. If set in both SecurityContext and 4594 PodSecurityContext, the value specified in SecurityContext 4595 takes precedence. 4596 format: int64 4597 type: integer 4598 runAsNonRoot: 4599 description: Indicates that the container must run as a non-root 4600 user. If true, the Kubelet will validate the image at runtime 4601 to ensure that it does not run as UID 0 (root) and fail 4602 to start the container if it does. If unset or false, no 4603 such validation will be performed. May also be set in PodSecurityContext. If 4604 set in both SecurityContext and PodSecurityContext, the 4605 value specified in SecurityContext takes precedence. 4606 type: boolean 4607 runAsUser: 4608 description: The UID to run the entrypoint of the container 4609 process. Defaults to user specified in image metadata if 4610 unspecified. May also be set in PodSecurityContext. If 4611 set in both SecurityContext and PodSecurityContext, the 4612 value specified in SecurityContext takes precedence. 4613 format: int64 4614 type: integer 4615 seLinuxOptions: 4616 description: The SELinux context to be applied to the container. 4617 If unspecified, the container runtime will allocate a random 4618 SELinux context for each container. May also be set in 4619 PodSecurityContext. If set in both SecurityContext and 4620 PodSecurityContext, the value specified in SecurityContext 4621 takes precedence. 4622 properties: 4623 level: 4624 description: Level is SELinux level label that applies 4625 to the container. 4626 type: string 4627 role: 4628 description: Role is a SELinux role label that applies 4629 to the container. 4630 type: string 4631 type: 4632 description: Type is a SELinux type label that applies 4633 to the container. 4634 type: string 4635 user: 4636 description: User is a SELinux user label that applies 4637 to the container. 4638 type: string 4639 type: object 4640 seccompProfile: 4641 description: The seccomp options to use by this container. 4642 If seccomp options are provided at both the pod & container 4643 level, the container options override the pod options. 4644 properties: 4645 localhostProfile: 4646 description: localhostProfile indicates a profile defined 4647 in a file on the node should be used. The profile must 4648 be preconfigured on the node to work. Must be a descending 4649 path, relative to the kubelet's configured seccomp profile 4650 location. Must only be set if type is "Localhost". 4651 type: string 4652 type: 4653 description: "type indicates which kind of seccomp profile 4654 will be applied. Valid options are: \n Localhost - a 4655 profile defined in a file on the node should be used. 4656 RuntimeDefault - the container runtime default profile 4657 should be used. Unconfined - no profile should be applied." 4658 type: string 4659 required: 4660 - type 4661 type: object 4662 windowsOptions: 4663 description: The Windows specific settings applied to all 4664 containers. If unspecified, the options from the PodSecurityContext 4665 will be used. If set in both SecurityContext and PodSecurityContext, 4666 the value specified in SecurityContext takes precedence. 4667 properties: 4668 gmsaCredentialSpec: 4669 description: GMSACredentialSpec is where the GMSA admission 4670 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 4671 inlines the contents of the GMSA credential spec named 4672 by the GMSACredentialSpecName field. 4673 type: string 4674 gmsaCredentialSpecName: 4675 description: GMSACredentialSpecName is the name of the 4676 GMSA credential spec to use. 4677 type: string 4678 runAsUserName: 4679 description: The UserName in Windows to run the entrypoint 4680 of the container process. Defaults to the user specified 4681 in image metadata if unspecified. May also be set in 4682 PodSecurityContext. If set in both SecurityContext and 4683 PodSecurityContext, the value specified in SecurityContext 4684 takes precedence. 4685 type: string 4686 type: object 4687 type: object 4688 tolerations: 4689 description: 'Optional: Set tolerations' 4690 items: 4691 description: The pod this Toleration is attached to tolerates 4692 any taint that matches the triple <key,value,effect> using 4693 the matching operator <operator>. 4694 properties: 4695 effect: 4696 description: Effect indicates the taint effect to match. 4697 Empty means match all taint effects. When specified, allowed 4698 values are NoSchedule, PreferNoSchedule and NoExecute. 4699 type: string 4700 key: 4701 description: Key is the taint key that the toleration applies 4702 to. Empty means match all taint keys. If the key is empty, 4703 operator must be Exists; this combination means to match 4704 all values and all keys. 4705 type: string 4706 operator: 4707 description: Operator represents a key's relationship to 4708 the value. Valid operators are Exists and Equal. Defaults 4709 to Equal. Exists is equivalent to wildcard for value, 4710 so that a pod can tolerate all taints of a particular 4711 category. 4712 type: string 4713 tolerationSeconds: 4714 description: TolerationSeconds represents the period of 4715 time the toleration (which must be of effect NoExecute, 4716 otherwise this field is ignored) tolerates the taint. 4717 By default, it is not set, which means tolerate the taint 4718 forever (do not evict). Zero and negative values will 4719 be treated as 0 (evict immediately) by the system. 4720 format: int64 4721 type: integer 4722 value: 4723 description: Value is the taint value the toleration matches 4724 to. If the operator is Exists, the value should be empty, 4725 otherwise just a regular string. 4726 type: string 4727 type: object 4728 type: array 4729 version: 4730 pattern: '[a-zA-Z0-9\.-]+' 4731 type: string 4732 required: 4733 - image 4734 - repository 4735 - version 4736 type: object 4737 operator: 4738 description: Operator component spec 4739 properties: 4740 defaultRuntime: 4741 description: Runtime defines container runtime type 4742 enum: 4743 - docker 4744 - crio 4745 - containerd 4746 type: string 4747 validator: 4748 description: ValidatorSpec describes configuration options for 4749 validation pod 4750 properties: 4751 image: 4752 pattern: '[a-zA-Z0-9\-]+' 4753 type: string 4754 imagePullPolicy: 4755 description: Image pull policy 4756 type: string 4757 imagePullSecrets: 4758 description: Image pull secrets 4759 items: 4760 type: string 4761 type: array 4762 repository: 4763 pattern: '[a-zA-Z0-9\.\-\/]+' 4764 type: string 4765 version: 4766 pattern: '[a-zA-Z0-9\.-]+' 4767 type: string 4768 type: object 4769 required: 4770 - defaultRuntime 4771 type: object 4772 toolkit: 4773 description: Toolkit component spec 4774 properties: 4775 affinity: 4776 description: 'Optional: Set Node affinity' 4777 properties: 4778 nodeAffinity: 4779 description: Describes node affinity scheduling rules for 4780 the pod. 4781 properties: 4782 preferredDuringSchedulingIgnoredDuringExecution: 4783 description: The scheduler will prefer to schedule pods 4784 to nodes that satisfy the affinity expressions specified 4785 by this field, but it may choose a node that violates 4786 one or more of the expressions. The node that is most 4787 preferred is the one with the greatest sum of weights, 4788 i.e. for each node that meets all of the scheduling 4789 requirements (resource request, requiredDuringScheduling 4790 affinity expressions, etc.), compute a sum by iterating 4791 through the elements of this field and adding "weight" 4792 to the sum if the node matches the corresponding matchExpressions; 4793 the node(s) with the highest sum are the most preferred. 4794 items: 4795 description: An empty preferred scheduling term matches 4796 all objects with implicit weight 0 (i.e. it's a no-op). 4797 A null preferred scheduling term matches no objects 4798 (i.e. is also a no-op). 4799 properties: 4800 preference: 4801 description: A node selector term, associated with 4802 the corresponding weight. 4803 properties: 4804 matchExpressions: 4805 description: A list of node selector requirements 4806 by node's labels. 4807 items: 4808 description: A node selector requirement is 4809 a selector that contains values, a key, 4810 and an operator that relates the key and 4811 values. 4812 properties: 4813 key: 4814 description: The label key that the selector 4815 applies to. 4816 type: string 4817 operator: 4818 description: Represents a key's relationship 4819 to a set of values. Valid operators 4820 are In, NotIn, Exists, DoesNotExist. 4821 Gt, and Lt. 4822 type: string 4823 values: 4824 description: An array of string values. 4825 If the operator is In or NotIn, the 4826 values array must be non-empty. If the 4827 operator is Exists or DoesNotExist, 4828 the values array must be empty. If the 4829 operator is Gt or Lt, the values array 4830 must have a single element, which will 4831 be interpreted as an integer. This array 4832 is replaced during a strategic merge 4833 patch. 4834 items: 4835 type: string 4836 type: array 4837 required: 4838 - key 4839 - operator 4840 type: object 4841 type: array 4842 matchFields: 4843 description: A list of node selector requirements 4844 by node's fields. 4845 items: 4846 description: A node selector requirement is 4847 a selector that contains values, a key, 4848 and an operator that relates the key and 4849 values. 4850 properties: 4851 key: 4852 description: The label key that the selector 4853 applies to. 4854 type: string 4855 operator: 4856 description: Represents a key's relationship 4857 to a set of values. Valid operators 4858 are In, NotIn, Exists, DoesNotExist. 4859 Gt, and Lt. 4860 type: string 4861 values: 4862 description: An array of string values. 4863 If the operator is In or NotIn, the 4864 values array must be non-empty. If the 4865 operator is Exists or DoesNotExist, 4866 the values array must be empty. If the 4867 operator is Gt or Lt, the values array 4868 must have a single element, which will 4869 be interpreted as an integer. This array 4870 is replaced during a strategic merge 4871 patch. 4872 items: 4873 type: string 4874 type: array 4875 required: 4876 - key 4877 - operator 4878 type: object 4879 type: array 4880 type: object 4881 weight: 4882 description: Weight associated with matching the 4883 corresponding nodeSelectorTerm, in the range 1-100. 4884 format: int32 4885 type: integer 4886 required: 4887 - preference 4888 - weight 4889 type: object 4890 type: array 4891 requiredDuringSchedulingIgnoredDuringExecution: 4892 description: If the affinity requirements specified by 4893 this field are not met at scheduling time, the pod will 4894 not be scheduled onto the node. If the affinity requirements 4895 specified by this field cease to be met at some point 4896 during pod execution (e.g. due to an update), the system 4897 may or may not try to eventually evict the pod from 4898 its node. 4899 properties: 4900 nodeSelectorTerms: 4901 description: Required. A list of node selector terms. 4902 The terms are ORed. 4903 items: 4904 description: A null or empty node selector term 4905 matches no objects. The requirements of them are 4906 ANDed. The TopologySelectorTerm type implements 4907 a subset of the NodeSelectorTerm. 4908 properties: 4909 matchExpressions: 4910 description: A list of node selector requirements 4911 by node's labels. 4912 items: 4913 description: A node selector requirement is 4914 a selector that contains values, a key, 4915 and an operator that relates the key and 4916 values. 4917 properties: 4918 key: 4919 description: The label key that the selector 4920 applies to. 4921 type: string 4922 operator: 4923 description: Represents a key's relationship 4924 to a set of values. Valid operators 4925 are In, NotIn, Exists, DoesNotExist. 4926 Gt, and Lt. 4927 type: string 4928 values: 4929 description: An array of string values. 4930 If the operator is In or NotIn, the 4931 values array must be non-empty. If the 4932 operator is Exists or DoesNotExist, 4933 the values array must be empty. If the 4934 operator is Gt or Lt, the values array 4935 must have a single element, which will 4936 be interpreted as an integer. This array 4937 is replaced during a strategic merge 4938 patch. 4939 items: 4940 type: string 4941 type: array 4942 required: 4943 - key 4944 - operator 4945 type: object 4946 type: array 4947 matchFields: 4948 description: A list of node selector requirements 4949 by node's fields. 4950 items: 4951 description: A node selector requirement is 4952 a selector that contains values, a key, 4953 and an operator that relates the key and 4954 values. 4955 properties: 4956 key: 4957 description: The label key that the selector 4958 applies to. 4959 type: string 4960 operator: 4961 description: Represents a key's relationship 4962 to a set of values. Valid operators 4963 are In, NotIn, Exists, DoesNotExist. 4964 Gt, and Lt. 4965 type: string 4966 values: 4967 description: An array of string values. 4968 If the operator is In or NotIn, the 4969 values array must be non-empty. If the 4970 operator is Exists or DoesNotExist, 4971 the values array must be empty. If the 4972 operator is Gt or Lt, the values array 4973 must have a single element, which will 4974 be interpreted as an integer. This array 4975 is replaced during a strategic merge 4976 patch. 4977 items: 4978 type: string 4979 type: array 4980 required: 4981 - key 4982 - operator 4983 type: object 4984 type: array 4985 type: object 4986 type: array 4987 required: 4988 - nodeSelectorTerms 4989 type: object 4990 type: object 4991 podAffinity: 4992 description: Describes pod affinity scheduling rules (e.g. 4993 co-locate this pod in the same node, zone, etc. as some 4994 other pod(s)). 4995 properties: 4996 preferredDuringSchedulingIgnoredDuringExecution: 4997 description: The scheduler will prefer to schedule pods 4998 to nodes that satisfy the affinity expressions specified 4999 by this field, but it may choose a node that violates 5000 one or more of the expressions. The node that is most 5001 preferred is the one with the greatest sum of weights, 5002 i.e. for each node that meets all of the scheduling 5003 requirements (resource request, requiredDuringScheduling 5004 affinity expressions, etc.), compute a sum by iterating 5005 through the elements of this field and adding "weight" 5006 to the sum if the node has pods which matches the corresponding 5007 podAffinityTerm; the node(s) with the highest sum are 5008 the most preferred. 5009 items: 5010 description: The weights of all of the matched WeightedPodAffinityTerm 5011 fields are added per-node to find the most preferred 5012 node(s) 5013 properties: 5014 podAffinityTerm: 5015 description: Required. A pod affinity term, associated 5016 with the corresponding weight. 5017 properties: 5018 labelSelector: 5019 description: A label query over a set of resources, 5020 in this case pods. 5021 properties: 5022 matchExpressions: 5023 description: matchExpressions is a list 5024 of label selector requirements. The requirements 5025 are ANDed. 5026 items: 5027 description: A label selector requirement 5028 is a selector that contains values, 5029 a key, and an operator that relates 5030 the key and values. 5031 properties: 5032 key: 5033 description: key is the label key 5034 that the selector applies to. 5035 type: string 5036 operator: 5037 description: operator represents a 5038 key's relationship to a set of values. 5039 Valid operators are In, NotIn, Exists 5040 and DoesNotExist. 5041 type: string 5042 values: 5043 description: values is an array of 5044 string values. If the operator is 5045 In or NotIn, the values array must 5046 be non-empty. If the operator is 5047 Exists or DoesNotExist, the values 5048 array must be empty. This array 5049 is replaced during a strategic merge 5050 patch. 5051 items: 5052 type: string 5053 type: array 5054 required: 5055 - key 5056 - operator 5057 type: object 5058 type: array 5059 matchLabels: 5060 additionalProperties: 5061 type: string 5062 description: matchLabels is a map of {key,value} 5063 pairs. A single {key,value} in the matchLabels 5064 map is equivalent to an element of matchExpressions, 5065 whose key field is "key", the operator 5066 is "In", and the values array contains 5067 only "value". The requirements are ANDed. 5068 type: object 5069 type: object 5070 namespaces: 5071 description: namespaces specifies which namespaces 5072 the labelSelector applies to (matches against); 5073 null or empty list means "this pod's namespace" 5074 items: 5075 type: string 5076 type: array 5077 topologyKey: 5078 description: This pod should be co-located (affinity) 5079 or not co-located (anti-affinity) with the 5080 pods matching the labelSelector in the specified 5081 namespaces, where co-located is defined as 5082 running on a node whose value of the label 5083 with key topologyKey matches that of any node 5084 on which any of the selected pods is running. 5085 Empty topologyKey is not allowed. 5086 type: string 5087 required: 5088 - topologyKey 5089 type: object 5090 weight: 5091 description: weight associated with matching the 5092 corresponding podAffinityTerm, in the range 1-100. 5093 format: int32 5094 type: integer 5095 required: 5096 - podAffinityTerm 5097 - weight 5098 type: object 5099 type: array 5100 requiredDuringSchedulingIgnoredDuringExecution: 5101 description: If the affinity requirements specified by 5102 this field are not met at scheduling time, the pod will 5103 not be scheduled onto the node. If the affinity requirements 5104 specified by this field cease to be met at some point 5105 during pod execution (e.g. due to a pod label update), 5106 the system may or may not try to eventually evict the 5107 pod from its node. When there are multiple elements, 5108 the lists of nodes corresponding to each podAffinityTerm 5109 are intersected, i.e. all terms must be satisfied. 5110 items: 5111 description: Defines a set of pods (namely those matching 5112 the labelSelector relative to the given namespace(s)) 5113 that this pod should be co-located (affinity) or not 5114 co-located (anti-affinity) with, where co-located 5115 is defined as running on a node whose value of the 5116 label with key <topologyKey> matches that of any node 5117 on which a pod of the set of pods is running 5118 properties: 5119 labelSelector: 5120 description: A label query over a set of resources, 5121 in this case pods. 5122 properties: 5123 matchExpressions: 5124 description: matchExpressions is a list of label 5125 selector requirements. The requirements are 5126 ANDed. 5127 items: 5128 description: A label selector requirement 5129 is a selector that contains values, a key, 5130 and an operator that relates the key and 5131 values. 5132 properties: 5133 key: 5134 description: key is the label key that 5135 the selector applies to. 5136 type: string 5137 operator: 5138 description: operator represents a key's 5139 relationship to a set of values. Valid 5140 operators are In, NotIn, Exists and 5141 DoesNotExist. 5142 type: string 5143 values: 5144 description: values is an array of string 5145 values. If the operator is In or NotIn, 5146 the values array must be non-empty. 5147 If the operator is Exists or DoesNotExist, 5148 the values array must be empty. This 5149 array is replaced during a strategic 5150 merge patch. 5151 items: 5152 type: string 5153 type: array 5154 required: 5155 - key 5156 - operator 5157 type: object 5158 type: array 5159 matchLabels: 5160 additionalProperties: 5161 type: string 5162 description: matchLabels is a map of {key,value} 5163 pairs. A single {key,value} in the matchLabels 5164 map is equivalent to an element of matchExpressions, 5165 whose key field is "key", the operator is 5166 "In", and the values array contains only "value". 5167 The requirements are ANDed. 5168 type: object 5169 type: object 5170 namespaces: 5171 description: namespaces specifies which namespaces 5172 the labelSelector applies to (matches against); 5173 null or empty list means "this pod's namespace" 5174 items: 5175 type: string 5176 type: array 5177 topologyKey: 5178 description: This pod should be co-located (affinity) 5179 or not co-located (anti-affinity) with the pods 5180 matching the labelSelector in the specified namespaces, 5181 where co-located is defined as running on a node 5182 whose value of the label with key topologyKey 5183 matches that of any node on which any of the selected 5184 pods is running. Empty topologyKey is not allowed. 5185 type: string 5186 required: 5187 - topologyKey 5188 type: object 5189 type: array 5190 type: object 5191 podAntiAffinity: 5192 description: Describes pod anti-affinity scheduling rules 5193 (e.g. avoid putting this pod in the same node, zone, etc. 5194 as some other pod(s)). 5195 properties: 5196 preferredDuringSchedulingIgnoredDuringExecution: 5197 description: The scheduler will prefer to schedule pods 5198 to nodes that satisfy the anti-affinity expressions 5199 specified by this field, but it may choose a node that 5200 violates one or more of the expressions. The node that 5201 is most preferred is the one with the greatest sum of 5202 weights, i.e. for each node that meets all of the scheduling 5203 requirements (resource request, requiredDuringScheduling 5204 anti-affinity expressions, etc.), compute a sum by iterating 5205 through the elements of this field and adding "weight" 5206 to the sum if the node has pods which matches the corresponding 5207 podAffinityTerm; the node(s) with the highest sum are 5208 the most preferred. 5209 items: 5210 description: The weights of all of the matched WeightedPodAffinityTerm 5211 fields are added per-node to find the most preferred 5212 node(s) 5213 properties: 5214 podAffinityTerm: 5215 description: Required. A pod affinity term, associated 5216 with the corresponding weight. 5217 properties: 5218 labelSelector: 5219 description: A label query over a set of resources, 5220 in this case pods. 5221 properties: 5222 matchExpressions: 5223 description: matchExpressions is a list 5224 of label selector requirements. The requirements 5225 are ANDed. 5226 items: 5227 description: A label selector requirement 5228 is a selector that contains values, 5229 a key, and an operator that relates 5230 the key and values. 5231 properties: 5232 key: 5233 description: key is the label key 5234 that the selector applies to. 5235 type: string 5236 operator: 5237 description: operator represents a 5238 key's relationship to a set of values. 5239 Valid operators are In, NotIn, Exists 5240 and DoesNotExist. 5241 type: string 5242 values: 5243 description: values is an array of 5244 string values. If the operator is 5245 In or NotIn, the values array must 5246 be non-empty. If the operator is 5247 Exists or DoesNotExist, the values 5248 array must be empty. This array 5249 is replaced during a strategic merge 5250 patch. 5251 items: 5252 type: string 5253 type: array 5254 required: 5255 - key 5256 - operator 5257 type: object 5258 type: array 5259 matchLabels: 5260 additionalProperties: 5261 type: string 5262 description: matchLabels is a map of {key,value} 5263 pairs. A single {key,value} in the matchLabels 5264 map is equivalent to an element of matchExpressions, 5265 whose key field is "key", the operator 5266 is "In", and the values array contains 5267 only "value". The requirements are ANDed. 5268 type: object 5269 type: object 5270 namespaces: 5271 description: namespaces specifies which namespaces 5272 the labelSelector applies to (matches against); 5273 null or empty list means "this pod's namespace" 5274 items: 5275 type: string 5276 type: array 5277 topologyKey: 5278 description: This pod should be co-located (affinity) 5279 or not co-located (anti-affinity) with the 5280 pods matching the labelSelector in the specified 5281 namespaces, where co-located is defined as 5282 running on a node whose value of the label 5283 with key topologyKey matches that of any node 5284 on which any of the selected pods is running. 5285 Empty topologyKey is not allowed. 5286 type: string 5287 required: 5288 - topologyKey 5289 type: object 5290 weight: 5291 description: weight associated with matching the 5292 corresponding podAffinityTerm, in the range 1-100. 5293 format: int32 5294 type: integer 5295 required: 5296 - podAffinityTerm 5297 - weight 5298 type: object 5299 type: array 5300 requiredDuringSchedulingIgnoredDuringExecution: 5301 description: If the anti-affinity requirements specified 5302 by this field are not met at scheduling time, the pod 5303 will not be scheduled onto the node. If the anti-affinity 5304 requirements specified by this field cease to be met 5305 at some point during pod execution (e.g. due to a pod 5306 label update), the system may or may not try to eventually 5307 evict the pod from its node. When there are multiple 5308 elements, the lists of nodes corresponding to each podAffinityTerm 5309 are intersected, i.e. all terms must be satisfied. 5310 items: 5311 description: Defines a set of pods (namely those matching 5312 the labelSelector relative to the given namespace(s)) 5313 that this pod should be co-located (affinity) or not 5314 co-located (anti-affinity) with, where co-located 5315 is defined as running on a node whose value of the 5316 label with key <topologyKey> matches that of any node 5317 on which a pod of the set of pods is running 5318 properties: 5319 labelSelector: 5320 description: A label query over a set of resources, 5321 in this case pods. 5322 properties: 5323 matchExpressions: 5324 description: matchExpressions is a list of label 5325 selector requirements. The requirements are 5326 ANDed. 5327 items: 5328 description: A label selector requirement 5329 is a selector that contains values, a key, 5330 and an operator that relates the key and 5331 values. 5332 properties: 5333 key: 5334 description: key is the label key that 5335 the selector applies to. 5336 type: string 5337 operator: 5338 description: operator represents a key's 5339 relationship to a set of values. Valid 5340 operators are In, NotIn, Exists and 5341 DoesNotExist. 5342 type: string 5343 values: 5344 description: values is an array of string 5345 values. If the operator is In or NotIn, 5346 the values array must be non-empty. 5347 If the operator is Exists or DoesNotExist, 5348 the values array must be empty. This 5349 array is replaced during a strategic 5350 merge patch. 5351 items: 5352 type: string 5353 type: array 5354 required: 5355 - key 5356 - operator 5357 type: object 5358 type: array 5359 matchLabels: 5360 additionalProperties: 5361 type: string 5362 description: matchLabels is a map of {key,value} 5363 pairs. A single {key,value} in the matchLabels 5364 map is equivalent to an element of matchExpressions, 5365 whose key field is "key", the operator is 5366 "In", and the values array contains only "value". 5367 The requirements are ANDed. 5368 type: object 5369 type: object 5370 namespaces: 5371 description: namespaces specifies which namespaces 5372 the labelSelector applies to (matches against); 5373 null or empty list means "this pod's namespace" 5374 items: 5375 type: string 5376 type: array 5377 topologyKey: 5378 description: This pod should be co-located (affinity) 5379 or not co-located (anti-affinity) with the pods 5380 matching the labelSelector in the specified namespaces, 5381 where co-located is defined as running on a node 5382 whose value of the label with key topologyKey 5383 matches that of any node on which any of the selected 5384 pods is running. Empty topologyKey is not allowed. 5385 type: string 5386 required: 5387 - topologyKey 5388 type: object 5389 type: array 5390 type: object 5391 type: object 5392 args: 5393 description: 'Optional: List of arguments' 5394 items: 5395 type: string 5396 type: array 5397 env: 5398 description: 'Optional: List of environment variables' 5399 items: 5400 description: EnvVar represents an environment variable present 5401 in a Container. 5402 properties: 5403 name: 5404 description: Name of the environment variable. Must be a 5405 C_IDENTIFIER. 5406 type: string 5407 value: 5408 description: 'Variable references $(VAR_NAME) are expanded 5409 using the previous defined environment variables in the 5410 container and any service environment variables. If a 5411 variable cannot be resolved, the reference in the input 5412 string will be unchanged. The $(VAR_NAME) syntax can be 5413 escaped with a double $$, ie: $$(VAR_NAME). Escaped references 5414 will never be expanded, regardless of whether the variable 5415 exists or not. Defaults to "".' 5416 type: string 5417 valueFrom: 5418 description: Source for the environment variable's value. 5419 Cannot be used if value is not empty. 5420 properties: 5421 configMapKeyRef: 5422 description: Selects a key of a ConfigMap. 5423 properties: 5424 key: 5425 description: The key to select. 5426 type: string 5427 name: 5428 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5429 TODO: Add other useful fields. apiVersion, kind, 5430 uid?' 5431 type: string 5432 optional: 5433 description: Specify whether the ConfigMap or its 5434 key must be defined 5435 type: boolean 5436 required: 5437 - key 5438 type: object 5439 fieldRef: 5440 description: 'Selects a field of the pod: supports metadata.name, 5441 metadata.namespace, `metadata.labels[''<KEY>'']`, 5442 `metadata.annotations[''<KEY>'']`, spec.nodeName, 5443 spec.serviceAccountName, status.hostIP, status.podIP, 5444 status.podIPs.' 5445 properties: 5446 apiVersion: 5447 description: Version of the schema the FieldPath 5448 is written in terms of, defaults to "v1". 5449 type: string 5450 fieldPath: 5451 description: Path of the field to select in the 5452 specified API version. 5453 type: string 5454 required: 5455 - fieldPath 5456 type: object 5457 resourceFieldRef: 5458 description: 'Selects a resource of the container: only 5459 resources limits and requests (limits.cpu, limits.memory, 5460 limits.ephemeral-storage, requests.cpu, requests.memory 5461 and requests.ephemeral-storage) are currently supported.' 5462 properties: 5463 containerName: 5464 description: 'Container name: required for volumes, 5465 optional for env vars' 5466 type: string 5467 divisor: 5468 anyOf: 5469 - type: integer 5470 - type: string 5471 description: Specifies the output format of the 5472 exposed resources, defaults to "1" 5473 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5474 x-kubernetes-int-or-string: true 5475 resource: 5476 description: 'Required: resource to select' 5477 type: string 5478 required: 5479 - resource 5480 type: object 5481 secretKeyRef: 5482 description: Selects a key of a secret in the pod's 5483 namespace 5484 properties: 5485 key: 5486 description: The key of the secret to select from. Must 5487 be a valid secret key. 5488 type: string 5489 name: 5490 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 5491 TODO: Add other useful fields. apiVersion, kind, 5492 uid?' 5493 type: string 5494 optional: 5495 description: Specify whether the Secret or its key 5496 must be defined 5497 type: boolean 5498 required: 5499 - key 5500 type: object 5501 type: object 5502 required: 5503 - name 5504 type: object 5505 type: array 5506 image: 5507 pattern: '[a-zA-Z0-9\-]+' 5508 type: string 5509 imagePullPolicy: 5510 description: Image pull policy 5511 type: string 5512 imagePullSecrets: 5513 description: Image pull secrets 5514 items: 5515 type: string 5516 type: array 5517 licensingConfig: 5518 description: 'Optional: Licensing configuration for vGPU drivers' 5519 properties: 5520 configMapName: 5521 type: string 5522 type: object 5523 nodeSelector: 5524 additionalProperties: 5525 type: string 5526 description: Node selector to control the selection of nodes (optional) 5527 type: object 5528 podSecurityContext: 5529 description: 'Optional: Pod Security Context' 5530 properties: 5531 fsGroup: 5532 description: "A special supplemental group that applies to 5533 all containers in a pod. Some volume types allow the Kubelet 5534 to change the ownership of that volume to be owned by the 5535 pod: \n 1. The owning GID will be the FSGroup 2. The setgid 5536 bit is set (new files created in the volume will be owned 5537 by FSGroup) 3. The permission bits are OR'd with rw-rw---- 5538 \n If unset, the Kubelet will not modify the ownership and 5539 permissions of any volume." 5540 format: int64 5541 type: integer 5542 fsGroupChangePolicy: 5543 description: 'fsGroupChangePolicy defines behavior of changing 5544 ownership and permission of the volume before being exposed 5545 inside Pod. This field will only apply to volume types which 5546 support fsGroup based ownership(and permissions). It will 5547 have no effect on ephemeral volume types such as: secret, 5548 configmaps and emptydir. Valid values are "OnRootMismatch" 5549 and "Always". If not specified, "Always" is used.' 5550 type: string 5551 runAsGroup: 5552 description: The GID to run the entrypoint of the container 5553 process. Uses runtime default if unset. May also be set 5554 in SecurityContext. If set in both SecurityContext and 5555 PodSecurityContext, the value specified in SecurityContext 5556 takes precedence for that container. 5557 format: int64 5558 type: integer 5559 runAsNonRoot: 5560 description: Indicates that the container must run as a non-root 5561 user. If true, the Kubelet will validate the image at runtime 5562 to ensure that it does not run as UID 0 (root) and fail 5563 to start the container if it does. If unset or false, no 5564 such validation will be performed. May also be set in SecurityContext. If 5565 set in both SecurityContext and PodSecurityContext, the 5566 value specified in SecurityContext takes precedence. 5567 type: boolean 5568 runAsUser: 5569 description: The UID to run the entrypoint of the container 5570 process. Defaults to user specified in image metadata if 5571 unspecified. May also be set in SecurityContext. If set 5572 in both SecurityContext and PodSecurityContext, the value 5573 specified in SecurityContext takes precedence for that container. 5574 format: int64 5575 type: integer 5576 seLinuxOptions: 5577 description: The SELinux context to be applied to all containers. 5578 If unspecified, the container runtime will allocate a random 5579 SELinux context for each container. May also be set in 5580 SecurityContext. If set in both SecurityContext and PodSecurityContext, 5581 the value specified in SecurityContext takes precedence 5582 for that container. 5583 properties: 5584 level: 5585 description: Level is SELinux level label that applies 5586 to the container. 5587 type: string 5588 role: 5589 description: Role is a SELinux role label that applies 5590 to the container. 5591 type: string 5592 type: 5593 description: Type is a SELinux type label that applies 5594 to the container. 5595 type: string 5596 user: 5597 description: User is a SELinux user label that applies 5598 to the container. 5599 type: string 5600 type: object 5601 seccompProfile: 5602 description: The seccomp options to use by the containers 5603 in this pod. 5604 properties: 5605 localhostProfile: 5606 description: localhostProfile indicates a profile defined 5607 in a file on the node should be used. The profile must 5608 be preconfigured on the node to work. Must be a descending 5609 path, relative to the kubelet's configured seccomp profile 5610 location. Must only be set if type is "Localhost". 5611 type: string 5612 type: 5613 description: "type indicates which kind of seccomp profile 5614 will be applied. Valid options are: \n Localhost - a 5615 profile defined in a file on the node should be used. 5616 RuntimeDefault - the container runtime default profile 5617 should be used. Unconfined - no profile should be applied." 5618 type: string 5619 required: 5620 - type 5621 type: object 5622 supplementalGroups: 5623 description: A list of groups applied to the first process 5624 run in each container, in addition to the container's primary 5625 GID. If unspecified, no groups will be added to any container. 5626 items: 5627 format: int64 5628 type: integer 5629 type: array 5630 sysctls: 5631 description: Sysctls hold a list of namespaced sysctls used 5632 for the pod. Pods with unsupported sysctls (by the container 5633 runtime) might fail to launch. 5634 items: 5635 description: Sysctl defines a kernel parameter to be set 5636 properties: 5637 name: 5638 description: Name of a property to set 5639 type: string 5640 value: 5641 description: Value of a property to set 5642 type: string 5643 required: 5644 - name 5645 - value 5646 type: object 5647 type: array 5648 windowsOptions: 5649 description: The Windows specific settings applied to all 5650 containers. If unspecified, the options within a container's 5651 SecurityContext will be used. If set in both SecurityContext 5652 and PodSecurityContext, the value specified in SecurityContext 5653 takes precedence. 5654 properties: 5655 gmsaCredentialSpec: 5656 description: GMSACredentialSpec is where the GMSA admission 5657 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5658 inlines the contents of the GMSA credential spec named 5659 by the GMSACredentialSpecName field. 5660 type: string 5661 gmsaCredentialSpecName: 5662 description: GMSACredentialSpecName is the name of the 5663 GMSA credential spec to use. 5664 type: string 5665 runAsUserName: 5666 description: The UserName in Windows to run the entrypoint 5667 of the container process. Defaults to the user specified 5668 in image metadata if unspecified. May also be set in 5669 PodSecurityContext. If set in both SecurityContext and 5670 PodSecurityContext, the value specified in SecurityContext 5671 takes precedence. 5672 type: string 5673 type: object 5674 type: object 5675 repoConfig: 5676 description: 'Optional: Custom repo configuration for driver container' 5677 properties: 5678 configMapName: 5679 type: string 5680 destinationDir: 5681 type: string 5682 type: object 5683 repository: 5684 pattern: '[a-zA-Z0-9\.\-\/]+' 5685 type: string 5686 resources: 5687 description: 'Optional: Define resources requests and limits for 5688 each pod' 5689 properties: 5690 limits: 5691 additionalProperties: 5692 anyOf: 5693 - type: integer 5694 - type: string 5695 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5696 x-kubernetes-int-or-string: true 5697 description: 'Limits describes the maximum amount of compute 5698 resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5699 type: object 5700 requests: 5701 additionalProperties: 5702 anyOf: 5703 - type: integer 5704 - type: string 5705 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5706 x-kubernetes-int-or-string: true 5707 description: 'Requests describes the minimum amount of compute 5708 resources required. If Requests is omitted for a container, 5709 it defaults to Limits if that is explicitly specified, otherwise 5710 to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 5711 type: object 5712 type: object 5713 securityContext: 5714 description: 'Optional: Security Context' 5715 properties: 5716 allowPrivilegeEscalation: 5717 description: 'AllowPrivilegeEscalation controls whether a 5718 process can gain more privileges than its parent process. 5719 This bool directly controls if the no_new_privs flag will 5720 be set on the container process. AllowPrivilegeEscalation 5721 is true always when the container is: 1) run as Privileged 5722 2) has CAP_SYS_ADMIN' 5723 type: boolean 5724 capabilities: 5725 description: The capabilities to add/drop when running containers. 5726 Defaults to the default set of capabilities granted by the 5727 container runtime. 5728 properties: 5729 add: 5730 description: Added capabilities 5731 items: 5732 description: Capability represent POSIX capabilities 5733 type 5734 type: string 5735 type: array 5736 drop: 5737 description: Removed capabilities 5738 items: 5739 description: Capability represent POSIX capabilities 5740 type 5741 type: string 5742 type: array 5743 type: object 5744 privileged: 5745 description: Run container in privileged mode. Processes in 5746 privileged containers are essentially equivalent to root 5747 on the host. Defaults to false. 5748 type: boolean 5749 procMount: 5750 description: procMount denotes the type of proc mount to use 5751 for the containers. The default is DefaultProcMount which 5752 uses the container runtime defaults for readonly paths and 5753 masked paths. This requires the ProcMountType feature flag 5754 to be enabled. 5755 type: string 5756 readOnlyRootFilesystem: 5757 description: Whether this container has a read-only root filesystem. 5758 Default is false. 5759 type: boolean 5760 runAsGroup: 5761 description: The GID to run the entrypoint of the container 5762 process. Uses runtime default if unset. May also be set 5763 in PodSecurityContext. If set in both SecurityContext and 5764 PodSecurityContext, the value specified in SecurityContext 5765 takes precedence. 5766 format: int64 5767 type: integer 5768 runAsNonRoot: 5769 description: Indicates that the container must run as a non-root 5770 user. If true, the Kubelet will validate the image at runtime 5771 to ensure that it does not run as UID 0 (root) and fail 5772 to start the container if it does. If unset or false, no 5773 such validation will be performed. May also be set in PodSecurityContext. If 5774 set in both SecurityContext and PodSecurityContext, the 5775 value specified in SecurityContext takes precedence. 5776 type: boolean 5777 runAsUser: 5778 description: The UID to run the entrypoint of the container 5779 process. Defaults to user specified in image metadata if 5780 unspecified. May also be set in PodSecurityContext. If 5781 set in both SecurityContext and PodSecurityContext, the 5782 value specified in SecurityContext takes precedence. 5783 format: int64 5784 type: integer 5785 seLinuxOptions: 5786 description: The SELinux context to be applied to the container. 5787 If unspecified, the container runtime will allocate a random 5788 SELinux context for each container. May also be set in 5789 PodSecurityContext. If set in both SecurityContext and 5790 PodSecurityContext, the value specified in SecurityContext 5791 takes precedence. 5792 properties: 5793 level: 5794 description: Level is SELinux level label that applies 5795 to the container. 5796 type: string 5797 role: 5798 description: Role is a SELinux role label that applies 5799 to the container. 5800 type: string 5801 type: 5802 description: Type is a SELinux type label that applies 5803 to the container. 5804 type: string 5805 user: 5806 description: User is a SELinux user label that applies 5807 to the container. 5808 type: string 5809 type: object 5810 seccompProfile: 5811 description: The seccomp options to use by this container. 5812 If seccomp options are provided at both the pod & container 5813 level, the container options override the pod options. 5814 properties: 5815 localhostProfile: 5816 description: localhostProfile indicates a profile defined 5817 in a file on the node should be used. The profile must 5818 be preconfigured on the node to work. Must be a descending 5819 path, relative to the kubelet's configured seccomp profile 5820 location. Must only be set if type is "Localhost". 5821 type: string 5822 type: 5823 description: "type indicates which kind of seccomp profile 5824 will be applied. Valid options are: \n Localhost - a 5825 profile defined in a file on the node should be used. 5826 RuntimeDefault - the container runtime default profile 5827 should be used. Unconfined - no profile should be applied." 5828 type: string 5829 required: 5830 - type 5831 type: object 5832 windowsOptions: 5833 description: The Windows specific settings applied to all 5834 containers. If unspecified, the options from the PodSecurityContext 5835 will be used. If set in both SecurityContext and PodSecurityContext, 5836 the value specified in SecurityContext takes precedence. 5837 properties: 5838 gmsaCredentialSpec: 5839 description: GMSACredentialSpec is where the GMSA admission 5840 webhook (https://github.com/kubernetes-sigs/windows-gmsa) 5841 inlines the contents of the GMSA credential spec named 5842 by the GMSACredentialSpecName field. 5843 type: string 5844 gmsaCredentialSpecName: 5845 description: GMSACredentialSpecName is the name of the 5846 GMSA credential spec to use. 5847 type: string 5848 runAsUserName: 5849 description: The UserName in Windows to run the entrypoint 5850 of the container process. Defaults to the user specified 5851 in image metadata if unspecified. May also be set in 5852 PodSecurityContext. If set in both SecurityContext and 5853 PodSecurityContext, the value specified in SecurityContext 5854 takes precedence. 5855 type: string 5856 type: object 5857 type: object 5858 tolerations: 5859 description: 'Optional: Set tolerations' 5860 items: 5861 description: The pod this Toleration is attached to tolerates 5862 any taint that matches the triple <key,value,effect> using 5863 the matching operator <operator>. 5864 properties: 5865 effect: 5866 description: Effect indicates the taint effect to match. 5867 Empty means match all taint effects. When specified, allowed 5868 values are NoSchedule, PreferNoSchedule and NoExecute. 5869 type: string 5870 key: 5871 description: Key is the taint key that the toleration applies 5872 to. Empty means match all taint keys. If the key is empty, 5873 operator must be Exists; this combination means to match 5874 all values and all keys. 5875 type: string 5876 operator: 5877 description: Operator represents a key's relationship to 5878 the value. Valid operators are Exists and Equal. Defaults 5879 to Equal. Exists is equivalent to wildcard for value, 5880 so that a pod can tolerate all taints of a particular 5881 category. 5882 type: string 5883 tolerationSeconds: 5884 description: TolerationSeconds represents the period of 5885 time the toleration (which must be of effect NoExecute, 5886 otherwise this field is ignored) tolerates the taint. 5887 By default, it is not set, which means tolerate the taint 5888 forever (do not evict). Zero and negative values will 5889 be treated as 0 (evict immediately) by the system. 5890 format: int64 5891 type: integer 5892 value: 5893 description: Value is the taint value the toleration matches 5894 to. If the operator is Exists, the value should be empty, 5895 otherwise just a regular string. 5896 type: string 5897 type: object 5898 type: array 5899 version: 5900 pattern: '[a-zA-Z0-9\.-]+' 5901 type: string 5902 required: 5903 - image 5904 - repository 5905 - version 5906 type: object 5907 required: 5908 - dcgmExporter 5909 - devicePlugin 5910 - driver 5911 - gfd 5912 - operator 5913 - toolkit 5914 type: object 5915 status: 5916 description: ClusterPolicyStatus defines the observed state of ClusterPolicy 5917 properties: 5918 state: 5919 enum: 5920 - ignored 5921 - ready 5922 - notReady 5923 type: string 5924 required: 5925 - state 5926 type: object 5927 type: object 5928 served: true 5929 storage: true 5930 subresources: 5931 status: {} 5932 status: 5933 acceptedNames: 5934 kind: "" 5935 plural: "" 5936 conditions: [] 5937 storedVersions: [] 5938 kind: ConfigMap 5939 metadata: 5940 annotations: 5941 note: generated 5942 labels: 5943 type: generated 5944 name: nvidia-clusterpolicy-crd 5945 --- 5946 apiVersion: v1 5947 data: 5948 gpu-operator-components.yaml: | 5949 --- 5950 # Source: gpu-operator/templates/resources-namespace.yaml 5951 apiVersion: v1 5952 kind: Namespace 5953 metadata: 5954 name: gpu-operator-resources 5955 labels: 5956 app.kubernetes.io/component: "gpu-operator" 5957 5958 openshift.io/cluster-monitoring: "true" 5959 --- 5960 # Source: gpu-operator/charts/node-feature-discovery/templates/serviceaccount.yaml 5961 apiVersion: v1 5962 kind: ServiceAccount 5963 metadata: 5964 name: gpu-operator-node-feature-discovery 5965 namespace: default 5966 labels: 5967 helm.sh/chart: node-feature-discovery-2.0.0 5968 app.kubernetes.io/name: node-feature-discovery 5969 app.kubernetes.io/instance: gpu-operator 5970 app.kubernetes.io/version: "0.6.0" 5971 app.kubernetes.io/managed-by: Helm 5972 --- 5973 # Source: gpu-operator/templates/serviceaccount.yaml 5974 apiVersion: v1 5975 kind: ServiceAccount 5976 metadata: 5977 name: gpu-operator 5978 namespace: default 5979 labels: 5980 app.kubernetes.io/component: "gpu-operator" 5981 --- 5982 # Source: gpu-operator/charts/node-feature-discovery/templates/configmap.yaml 5983 apiVersion: v1 5984 kind: ConfigMap 5985 metadata: 5986 name: gpu-operator-node-feature-discovery 5987 namespace: default 5988 labels: 5989 helm.sh/chart: node-feature-discovery-2.0.0 5990 app.kubernetes.io/name: node-feature-discovery 5991 app.kubernetes.io/instance: gpu-operator 5992 app.kubernetes.io/version: "0.6.0" 5993 app.kubernetes.io/managed-by: Helm 5994 data: 5995 nfd-worker.conf: | 5996 sources: 5997 pci: 5998 deviceLabelFields: 5999 - vendor 6000 --- 6001 # Source: gpu-operator/charts/node-feature-discovery/templates/rbac.yaml 6002 apiVersion: rbac.authorization.k8s.io/v1 6003 kind: ClusterRole 6004 metadata: 6005 name: gpu-operator-node-feature-discovery-master 6006 rules: 6007 - apiGroups: 6008 - "" 6009 resources: 6010 - nodes 6011 # when using command line flag --resource-labels to create extended resources 6012 # you will need to uncomment "- nodes/status" 6013 # - nodes/status 6014 verbs: 6015 - get 6016 - patch 6017 - update 6018 --- 6019 # Source: gpu-operator/templates/role.yaml 6020 apiVersion: rbac.authorization.k8s.io/v1 6021 kind: ClusterRole 6022 metadata: 6023 creationTimestamp: null 6024 name: gpu-operator 6025 labels: 6026 app.kubernetes.io/component: "gpu-operator" 6027 6028 rules: 6029 - apiGroups: 6030 - config.openshift.io 6031 resources: 6032 - proxies 6033 verbs: 6034 - get 6035 - apiGroups: 6036 - rbac.authorization.k8s.io 6037 resources: 6038 - roles 6039 - rolebindings 6040 - clusterroles 6041 - clusterrolebindings 6042 verbs: 6043 - '*' 6044 - apiGroups: 6045 - "" 6046 resources: 6047 - pods 6048 - services 6049 - endpoints 6050 - persistentvolumeclaims 6051 - events 6052 - configmaps 6053 - secrets 6054 - serviceaccounts 6055 - nodes 6056 verbs: 6057 - '*' 6058 - apiGroups: 6059 - "" 6060 resources: 6061 - namespaces 6062 verbs: 6063 - get 6064 - apiGroups: 6065 - apps 6066 resources: 6067 - deployments 6068 - daemonsets 6069 - replicasets 6070 - statefulsets 6071 verbs: 6072 - '*' 6073 - apiGroups: 6074 - monitoring.coreos.com 6075 resources: 6076 - servicemonitors 6077 verbs: 6078 - get 6079 - list 6080 - create 6081 - watch 6082 - apiGroups: 6083 - nvidia.com 6084 resources: 6085 - '*' 6086 verbs: 6087 - '*' 6088 - apiGroups: 6089 - scheduling.k8s.io 6090 resources: 6091 - priorityclasses 6092 verbs: 6093 - get 6094 - list 6095 - watch 6096 - create 6097 - apiGroups: 6098 - security.openshift.io 6099 resources: 6100 - securitycontextconstraints 6101 verbs: 6102 - '*' 6103 - apiGroups: 6104 - config.openshift.io 6105 resources: 6106 - clusterversions 6107 verbs: 6108 - get 6109 - list 6110 - watch 6111 --- 6112 # Source: gpu-operator/charts/node-feature-discovery/templates/rbac.yaml 6113 apiVersion: rbac.authorization.k8s.io/v1 6114 kind: ClusterRoleBinding 6115 metadata: 6116 name: gpu-operator-node-feature-discovery-master 6117 roleRef: 6118 apiGroup: rbac.authorization.k8s.io 6119 kind: ClusterRole 6120 name: gpu-operator-node-feature-discovery-master 6121 subjects: 6122 - kind: ServiceAccount 6123 name: gpu-operator-node-feature-discovery 6124 namespace: default 6125 --- 6126 # Source: gpu-operator/templates/rolebinding.yaml 6127 kind: ClusterRoleBinding 6128 apiVersion: rbac.authorization.k8s.io/v1 6129 metadata: 6130 name: gpu-operator 6131 labels: 6132 app.kubernetes.io/component: "gpu-operator" 6133 6134 subjects: 6135 - kind: ServiceAccount 6136 name: gpu-operator 6137 namespace: default 6138 roleRef: 6139 kind: ClusterRole 6140 name: gpu-operator 6141 apiGroup: rbac.authorization.k8s.io 6142 --- 6143 # Source: gpu-operator/charts/node-feature-discovery/templates/service.yaml 6144 apiVersion: v1 6145 kind: Service 6146 metadata: 6147 name: gpu-operator-node-feature-discovery 6148 namespace: default 6149 labels: 6150 helm.sh/chart: node-feature-discovery-2.0.0 6151 app.kubernetes.io/name: node-feature-discovery 6152 app.kubernetes.io/instance: gpu-operator 6153 app.kubernetes.io/version: "0.6.0" 6154 app.kubernetes.io/managed-by: Helm 6155 spec: 6156 type: ClusterIP 6157 ports: 6158 - name: api 6159 port: 8080 6160 protocol: TCP 6161 targetPort: api 6162 6163 selector: 6164 app.kubernetes.io/component: master 6165 app.kubernetes.io/name: node-feature-discovery 6166 app.kubernetes.io/instance: gpu-operator 6167 --- 6168 # Source: gpu-operator/charts/node-feature-discovery/templates/daemonset-worker.yaml 6169 apiVersion: apps/v1 6170 kind: DaemonSet 6171 metadata: 6172 name: gpu-operator-node-feature-discovery-worker 6173 namespace: default 6174 labels: 6175 helm.sh/chart: node-feature-discovery-2.0.0 6176 app.kubernetes.io/name: node-feature-discovery 6177 app.kubernetes.io/instance: gpu-operator 6178 app.kubernetes.io/version: "0.6.0" 6179 app.kubernetes.io/managed-by: Helm 6180 app.kubernetes.io/component: worker 6181 spec: 6182 selector: 6183 matchLabels: 6184 app.kubernetes.io/name: node-feature-discovery 6185 app.kubernetes.io/instance: gpu-operator 6186 app.kubernetes.io/component: worker 6187 template: 6188 metadata: 6189 labels: 6190 app.kubernetes.io/name: node-feature-discovery 6191 app.kubernetes.io/instance: gpu-operator 6192 app.kubernetes.io/component: worker 6193 spec: 6194 serviceAccountName: gpu-operator-node-feature-discovery 6195 securityContext: 6196 {} 6197 dnsPolicy: ClusterFirstWithHostNet 6198 containers: 6199 - name: node-feature-discovery-master 6200 securityContext: 6201 {} 6202 image: "quay.io/kubernetes_incubator/node-feature-discovery:v0.6.0" 6203 imagePullPolicy: IfNotPresent 6204 env: 6205 - name: NODE_NAME 6206 valueFrom: 6207 fieldRef: 6208 fieldPath: spec.nodeName 6209 command: 6210 - "nfd-worker" 6211 args: 6212 - "--sleep-interval=60s" 6213 - "--server=gpu-operator-node-feature-discovery:8080" 6214 volumeMounts: 6215 - name: host-boot 6216 mountPath: "/host-boot" 6217 readOnly: true 6218 - name: host-os-release 6219 mountPath: "/host-etc/os-release" 6220 readOnly: true 6221 - name: host-sys 6222 mountPath: "/host-sys" 6223 - name: source-d 6224 mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" 6225 - name: features-d 6226 mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" 6227 - name: nfd-worker-config 6228 mountPath: "/etc/kubernetes/node-feature-discovery/" 6229 resources: 6230 {} 6231 6232 volumes: 6233 - name: host-boot 6234 hostPath: 6235 path: "/boot" 6236 - name: host-os-release 6237 hostPath: 6238 path: "/etc/os-release" 6239 - name: host-sys 6240 hostPath: 6241 path: "/sys" 6242 - name: source-d 6243 hostPath: 6244 path: "/etc/kubernetes/node-feature-discovery/source.d/" 6245 - name: features-d 6246 hostPath: 6247 path: "/etc/kubernetes/node-feature-discovery/features.d/" 6248 - name: nfd-worker-config 6249 configMap: 6250 name: gpu-operator-node-feature-discovery 6251 tolerations: 6252 - effect: NoSchedule 6253 key: node-role.kubernetes.io/master 6254 operator: Equal 6255 value: "" 6256 - effect: NoSchedule 6257 key: nvidia.com/gpu 6258 operator: Equal 6259 value: present 6260 --- 6261 # Source: gpu-operator/charts/node-feature-discovery/templates/deployment-master.yaml 6262 apiVersion: apps/v1 6263 kind: Deployment 6264 metadata: 6265 name: gpu-operator-node-feature-discovery-master 6266 namespace: default 6267 labels: 6268 helm.sh/chart: node-feature-discovery-2.0.0 6269 app.kubernetes.io/name: node-feature-discovery 6270 app.kubernetes.io/instance: gpu-operator 6271 app.kubernetes.io/version: "0.6.0" 6272 app.kubernetes.io/managed-by: Helm 6273 app.kubernetes.io/component: master 6274 spec: 6275 replicas: 1 6276 selector: 6277 matchLabels: 6278 app.kubernetes.io/name: node-feature-discovery 6279 app.kubernetes.io/instance: gpu-operator 6280 app.kubernetes.io/component: master 6281 template: 6282 metadata: 6283 labels: 6284 app.kubernetes.io/name: node-feature-discovery 6285 app.kubernetes.io/instance: gpu-operator 6286 app.kubernetes.io/component: master 6287 spec: 6288 serviceAccountName: gpu-operator-node-feature-discovery 6289 securityContext: 6290 {} 6291 containers: 6292 - name: node-feature-discovery-master 6293 securityContext: 6294 {} 6295 image: "quay.io/kubernetes_incubator/node-feature-discovery:v0.6.0" 6296 imagePullPolicy: IfNotPresent 6297 ports: 6298 - name: api 6299 containerPort: 8080 6300 protocol: TCP 6301 env: 6302 - name: NODE_NAME 6303 valueFrom: 6304 fieldRef: 6305 fieldPath: spec.nodeName 6306 command: 6307 - "nfd-master" 6308 args: 6309 - --extra-label-ns=nvidia.com 6310 resources: 6311 {} 6312 affinity: 6313 nodeAffinity: 6314 preferredDuringSchedulingIgnoredDuringExecution: 6315 - preference: 6316 matchExpressions: 6317 - key: node-role.kubernetes.io/master 6318 operator: In 6319 values: 6320 - "" 6321 weight: 1 6322 tolerations: 6323 - effect: NoSchedule 6324 key: node-role.kubernetes.io/master 6325 operator: Equal 6326 value: "" 6327 --- 6328 # Source: gpu-operator/templates/operator.yaml 6329 apiVersion: apps/v1 6330 kind: Deployment 6331 metadata: 6332 name: gpu-operator 6333 namespace: default 6334 labels: 6335 app.kubernetes.io/component: "gpu-operator" 6336 6337 spec: 6338 replicas: 1 6339 selector: 6340 matchLabels: 6341 6342 app.kubernetes.io/component: "gpu-operator" 6343 template: 6344 metadata: 6345 labels: 6346 6347 app.kubernetes.io/component: "gpu-operator" 6348 annotations: 6349 openshift.io/scc: restricted-readonly 6350 spec: 6351 serviceAccountName: gpu-operator 6352 containers: 6353 - name: gpu-operator 6354 image: nvcr.io/nvidia/gpu-operator:1.6.2 6355 imagePullPolicy: IfNotPresent 6356 command: ["gpu-operator"] 6357 args: 6358 - "--zap-time-encoding=epoch" 6359 env: 6360 - name: WATCH_NAMESPACE 6361 value: "" 6362 - name: OPERATOR_NAME 6363 value: "gpu-operator" 6364 - name: POD_NAME 6365 valueFrom: 6366 fieldRef: 6367 fieldPath: metadata.name 6368 volumeMounts: 6369 - name: host-os-release 6370 mountPath: "/host-etc/os-release" 6371 readOnly: true 6372 readinessProbe: 6373 exec: 6374 command: ["stat", "/tmp/operator-sdk-ready"] 6375 initialDelaySeconds: 4 6376 periodSeconds: 10 6377 failureThreshold: 1 6378 ports: 6379 - containerPort: 60000 6380 name: metrics 6381 volumes: 6382 - name: host-os-release 6383 hostPath: 6384 path: "/etc/os-release" 6385 affinity: 6386 nodeAffinity: 6387 preferredDuringSchedulingIgnoredDuringExecution: 6388 - preference: 6389 matchExpressions: 6390 - key: node-role.kubernetes.io/master 6391 operator: In 6392 values: 6393 - "" 6394 weight: 1 6395 tolerations: 6396 - effect: NoSchedule 6397 key: node-role.kubernetes.io/master 6398 operator: Equal 6399 value: "" 6400 --- 6401 # Source: gpu-operator/templates/clusterpolicy.yaml 6402 apiVersion: nvidia.com/v1 6403 kind: ClusterPolicy 6404 metadata: 6405 name: cluster-policy 6406 namespace: default 6407 labels: 6408 app.kubernetes.io/component: "gpu-operator" 6409 6410 spec: 6411 operator: 6412 defaultRuntime: containerd 6413 validator: 6414 repository: nvcr.io/nvidia/k8s 6415 image: cuda-sample 6416 version: vectoradd-cuda10.2 6417 imagePullPolicy: IfNotPresent 6418 driver: 6419 repository: nvcr.io/nvidia 6420 image: driver 6421 version: 510.47.03 6422 imagePullPolicy: Always 6423 repoConfig: 6424 configMapName: "" 6425 destinationDir: "" 6426 licensingConfig: 6427 configMapName: "" 6428 tolerations: 6429 - effect: NoSchedule 6430 key: nvidia.com/gpu 6431 operator: Exists 6432 nodeSelector: 6433 nvidia.com/gpu.present: "true" 6434 securityContext: 6435 privileged: true 6436 seLinuxOptions: 6437 level: s0 6438 toolkit: 6439 repository: nvcr.io/nvidia/k8s 6440 image: container-toolkit 6441 version: 1.4.7-ubuntu18.04 6442 imagePullPolicy: IfNotPresent 6443 tolerations: 6444 - key: CriticalAddonsOnly 6445 operator: Exists 6446 - effect: NoSchedule 6447 key: nvidia.com/gpu 6448 operator: Exists 6449 nodeSelector: 6450 nvidia.com/gpu.present: "true" 6451 securityContext: 6452 privileged: true 6453 seLinuxOptions: 6454 level: s0 6455 devicePlugin: 6456 repository: nvcr.io/nvidia 6457 image: k8s-device-plugin 6458 version: v0.8.2-ubi8 6459 imagePullPolicy: IfNotPresent 6460 nodeSelector: 6461 nvidia.com/gpu.present: "true" 6462 securityContext: 6463 privileged: true 6464 args: 6465 - --mig-strategy=single 6466 - --pass-device-specs=true 6467 - --fail-on-init-error=true 6468 - --device-list-strategy=envvar 6469 - --nvidia-driver-root=/run/nvidia/driver 6470 dcgmExporter: 6471 repository: nvcr.io/nvidia/k8s 6472 image: dcgm-exporter 6473 version: 2.1.4-2.2.0-ubuntu20.04 6474 imagePullPolicy: IfNotPresent 6475 args: 6476 - -f 6477 - /etc/dcgm-exporter/dcp-metrics-included.csv 6478 gfd: 6479 repository: nvcr.io/nvidia 6480 image: gpu-feature-discovery 6481 version: v0.4.1 6482 imagePullPolicy: IfNotPresent 6483 nodeSelector: 6484 nvidia.com/gpu.present: "true" 6485 migStrategy: single 6486 discoveryIntervalSeconds: 60 6487 kind: ConfigMap 6488 metadata: 6489 annotations: 6490 note: generated 6491 labels: 6492 type: generated 6493 name: nvidia-gpu-operator-components