sigs.k8s.io/kueue@v0.6.2/charts/kueue/templates/crd/kueue.x-k8s.io_workloads.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 {{- if .Values.enableCertManager }} 7 cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kueue.fullname" . }}-serving-cert 8 {{- end }} 9 controller-gen.kubebuilder.io/version: v0.14.0 10 name: workloads.kueue.x-k8s.io 11 spec: 12 conversion: 13 strategy: Webhook 14 webhook: 15 clientConfig: 16 service: 17 name: {{ include "kueue.fullname" . }}-webhook-service 18 namespace: '{{ .Release.Namespace }}' 19 path: /convert 20 conversionReviewVersions: 21 - v1 22 group: kueue.x-k8s.io 23 names: 24 kind: Workload 25 listKind: WorkloadList 26 plural: workloads 27 shortNames: 28 - wl 29 singular: workload 30 scope: Namespaced 31 versions: 32 - additionalPrinterColumns: 33 - description: Name of the queue this workload was submitted to 34 jsonPath: .spec.queueName 35 name: Queue 36 type: string 37 - description: Name of the ClusterQueue that admitted this workload 38 jsonPath: .status.admission.clusterQueue 39 name: Admitted by 40 type: string 41 - description: Time this workload was created 42 jsonPath: .metadata.creationTimestamp 43 name: Age 44 type: date 45 name: v1beta1 46 schema: 47 openAPIV3Schema: 48 description: Workload is the Schema for the workloads API 49 properties: 50 apiVersion: 51 description: |- 52 APIVersion defines the versioned schema of this representation of an object. 53 Servers should convert recognized schemas to the latest internal value, and 54 may reject unrecognized values. 55 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 56 type: string 57 kind: 58 description: |- 59 Kind is a string value representing the REST resource this object represents. 60 Servers may infer this from the endpoint the client submits requests to. 61 Cannot be updated. 62 In CamelCase. 63 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 64 type: string 65 metadata: 66 type: object 67 spec: 68 description: WorkloadSpec defines the desired state of Workload 69 properties: 70 active: 71 default: true 72 description: |- 73 Active determines if a workload can be admitted into a queue. 74 Changing active from true to false will evict any running workloads. 75 Possible values are: 76 77 78 - false: indicates that a workload should never be admitted and evicts running workloads 79 - true: indicates that a workload can be evaluated for admission into it's respective queue. 80 81 82 Defaults to true 83 type: boolean 84 podSets: 85 description: |- 86 podSets is a list of sets of homogeneous pods, each described by a Pod spec 87 and a count. 88 There must be at least one element and at most 8. 89 podSets cannot be changed. 90 items: 91 properties: 92 count: 93 description: count is the number of pods for the spec. 94 format: int32 95 minimum: 1 96 type: integer 97 minCount: 98 description: |- 99 minCount is the minimum number of pods for the spec acceptable 100 if the workload supports partial admission. 101 102 103 If not provided, partial admission for the current PodSet is not 104 enabled. 105 106 107 Only one podSet within the workload can use this. 108 109 110 This is an alpha field and requires enabling PartialAdmission feature gate. 111 format: int32 112 type: integer 113 name: 114 description: name is the PodSet name. 115 type: string 116 template: 117 description: |- 118 template is the Pod template. 119 120 121 The only allowed fields in template.metadata are labels and annotations. 122 123 124 If requests are omitted for a container or initContainer, 125 they default to the limits if they are explicitly specified for the 126 container or initContainer. 127 128 129 During admission, the rules in nodeSelector and 130 nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution that match 131 the keys in the nodeLabels from the ResourceFlavors considered for this 132 Workload are used to filter the ResourceFlavors that can be assigned to 133 this podSet. 134 properties: 135 metadata: 136 description: |- 137 Standard object's metadata. 138 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 139 properties: 140 annotations: 141 additionalProperties: 142 type: string 143 type: object 144 finalizers: 145 items: 146 type: string 147 type: array 148 labels: 149 additionalProperties: 150 type: string 151 type: object 152 name: 153 type: string 154 namespace: 155 type: string 156 type: object 157 spec: 158 description: |- 159 Specification of the desired behavior of the pod. 160 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 161 properties: 162 activeDeadlineSeconds: 163 description: |- 164 Optional duration in seconds the pod may be active on the node relative to 165 StartTime before the system will actively try to mark it failed and kill associated containers. 166 Value must be a positive integer. 167 format: int64 168 type: integer 169 affinity: 170 description: If specified, the pod's scheduling constraints 171 properties: 172 nodeAffinity: 173 description: Describes node affinity scheduling 174 rules for the pod. 175 properties: 176 preferredDuringSchedulingIgnoredDuringExecution: 177 description: |- 178 The scheduler will prefer to schedule pods to nodes that satisfy 179 the affinity expressions specified by this field, but it may choose 180 a node that violates one or more of the expressions. The node that is 181 most preferred is the one with the greatest sum of weights, i.e. 182 for each node that meets all of the scheduling requirements (resource 183 request, requiredDuringScheduling affinity expressions, etc.), 184 compute a sum by iterating through the elements of this field and adding 185 "weight" to the sum if the node matches the corresponding matchExpressions; the 186 node(s) with the highest sum are the most preferred. 187 items: 188 description: |- 189 An empty preferred scheduling term matches all objects with implicit weight 0 190 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 191 properties: 192 preference: 193 description: A node selector term, associated 194 with the corresponding weight. 195 properties: 196 matchExpressions: 197 description: A list of node selector 198 requirements by node's labels. 199 items: 200 description: |- 201 A node selector requirement is a selector that contains values, a key, and an operator 202 that relates the key and values. 203 properties: 204 key: 205 description: The label key that 206 the selector applies to. 207 type: string 208 operator: 209 description: |- 210 Represents a key's relationship to a set of values. 211 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 212 type: string 213 values: 214 description: |- 215 An array of string values. If the operator is In or NotIn, 216 the values array must be non-empty. If the operator is Exists or DoesNotExist, 217 the values array must be empty. If the operator is Gt or Lt, the values 218 array must have a single element, which will be interpreted as an integer. 219 This array is replaced during a strategic merge patch. 220 items: 221 type: string 222 type: array 223 required: 224 - key 225 - operator 226 type: object 227 type: array 228 matchFields: 229 description: A list of node selector 230 requirements by node's fields. 231 items: 232 description: |- 233 A node selector requirement is a selector that contains values, a key, and an operator 234 that relates the key and values. 235 properties: 236 key: 237 description: The label key that 238 the selector applies to. 239 type: string 240 operator: 241 description: |- 242 Represents a key's relationship to a set of values. 243 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 244 type: string 245 values: 246 description: |- 247 An array of string values. If the operator is In or NotIn, 248 the values array must be non-empty. If the operator is Exists or DoesNotExist, 249 the values array must be empty. If the operator is Gt or Lt, the values 250 array must have a single element, which will be interpreted as an integer. 251 This array is replaced during a strategic merge patch. 252 items: 253 type: string 254 type: array 255 required: 256 - key 257 - operator 258 type: object 259 type: array 260 type: object 261 x-kubernetes-map-type: atomic 262 weight: 263 description: Weight associated with matching 264 the corresponding nodeSelectorTerm, 265 in the range 1-100. 266 format: int32 267 type: integer 268 required: 269 - preference 270 - weight 271 type: object 272 type: array 273 requiredDuringSchedulingIgnoredDuringExecution: 274 description: |- 275 If the affinity requirements specified by this field are not met at 276 scheduling time, the pod will not be scheduled onto the node. 277 If the affinity requirements specified by this field cease to be met 278 at some point during pod execution (e.g. due to an update), the system 279 may or may not try to eventually evict the pod from its node. 280 properties: 281 nodeSelectorTerms: 282 description: Required. A list of node selector 283 terms. The terms are ORed. 284 items: 285 description: |- 286 A null or empty node selector term matches no objects. The requirements of 287 them are ANDed. 288 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 289 properties: 290 matchExpressions: 291 description: A list of node selector 292 requirements by node's labels. 293 items: 294 description: |- 295 A node selector requirement is a selector that contains values, a key, and an operator 296 that relates the key and values. 297 properties: 298 key: 299 description: The label key that 300 the selector applies to. 301 type: string 302 operator: 303 description: |- 304 Represents a key's relationship to a set of values. 305 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 306 type: string 307 values: 308 description: |- 309 An array of string values. If the operator is In or NotIn, 310 the values array must be non-empty. If the operator is Exists or DoesNotExist, 311 the values array must be empty. If the operator is Gt or Lt, the values 312 array must have a single element, which will be interpreted as an integer. 313 This array is replaced during a strategic merge patch. 314 items: 315 type: string 316 type: array 317 required: 318 - key 319 - operator 320 type: object 321 type: array 322 matchFields: 323 description: A list of node selector 324 requirements by node's fields. 325 items: 326 description: |- 327 A node selector requirement is a selector that contains values, a key, and an operator 328 that relates the key and values. 329 properties: 330 key: 331 description: The label key that 332 the selector applies to. 333 type: string 334 operator: 335 description: |- 336 Represents a key's relationship to a set of values. 337 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 338 type: string 339 values: 340 description: |- 341 An array of string values. If the operator is In or NotIn, 342 the values array must be non-empty. If the operator is Exists or DoesNotExist, 343 the values array must be empty. If the operator is Gt or Lt, the values 344 array must have a single element, which will be interpreted as an integer. 345 This array is replaced during a strategic merge patch. 346 items: 347 type: string 348 type: array 349 required: 350 - key 351 - operator 352 type: object 353 type: array 354 type: object 355 x-kubernetes-map-type: atomic 356 type: array 357 required: 358 - nodeSelectorTerms 359 type: object 360 x-kubernetes-map-type: atomic 361 type: object 362 podAffinity: 363 description: Describes pod affinity scheduling rules 364 (e.g. co-locate this pod in the same node, zone, 365 etc. as some other pod(s)). 366 properties: 367 preferredDuringSchedulingIgnoredDuringExecution: 368 description: |- 369 The scheduler will prefer to schedule pods to nodes that satisfy 370 the affinity expressions specified by this field, but it may choose 371 a node that violates one or more of the expressions. The node that is 372 most preferred is the one with the greatest sum of weights, i.e. 373 for each node that meets all of the scheduling requirements (resource 374 request, requiredDuringScheduling affinity expressions, etc.), 375 compute a sum by iterating through the elements of this field and adding 376 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 377 node(s) with the highest sum are the most preferred. 378 items: 379 description: The weights of all of the matched 380 WeightedPodAffinityTerm fields are added 381 per-node to find the most preferred node(s) 382 properties: 383 podAffinityTerm: 384 description: Required. A pod affinity 385 term, associated with the corresponding 386 weight. 387 properties: 388 labelSelector: 389 description: |- 390 A label query over a set of resources, in this case pods. 391 If it's null, this PodAffinityTerm matches with no Pods. 392 properties: 393 matchExpressions: 394 description: matchExpressions 395 is a list of label selector 396 requirements. The requirements 397 are ANDed. 398 items: 399 description: |- 400 A label selector requirement is a selector that contains values, a key, and an operator that 401 relates the key and values. 402 properties: 403 key: 404 description: key is the 405 label key that the selector 406 applies to. 407 type: string 408 operator: 409 description: |- 410 operator represents a key's relationship to a set of values. 411 Valid operators are In, NotIn, Exists and DoesNotExist. 412 type: string 413 values: 414 description: |- 415 values is an array of string values. If the operator is In or NotIn, 416 the values array must be non-empty. If the operator is Exists or DoesNotExist, 417 the values array must be empty. This array is replaced during a strategic 418 merge patch. 419 items: 420 type: string 421 type: array 422 required: 423 - key 424 - operator 425 type: object 426 type: array 427 matchLabels: 428 additionalProperties: 429 type: string 430 description: |- 431 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 432 map is equivalent to an element of matchExpressions, whose key field is "key", the 433 operator is "In", and the values array contains only "value". The requirements are ANDed. 434 type: object 435 type: object 436 x-kubernetes-map-type: atomic 437 matchLabelKeys: 438 description: |- 439 MatchLabelKeys is a set of pod label keys to select which pods will 440 be taken into consideration. The keys are used to lookup values from the 441 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 442 to select the group of existing pods which pods will be taken into consideration 443 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 444 pod labels will be ignored. The default value is empty. 445 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 446 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 447 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 448 items: 449 type: string 450 type: array 451 x-kubernetes-list-type: atomic 452 mismatchLabelKeys: 453 description: |- 454 MismatchLabelKeys is a set of pod label keys to select which pods will 455 be taken into consideration. The keys are used to lookup values from the 456 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 457 to select the group of existing pods which pods will be taken into consideration 458 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 459 pod labels will be ignored. The default value is empty. 460 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 461 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 462 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 463 items: 464 type: string 465 type: array 466 x-kubernetes-list-type: atomic 467 namespaceSelector: 468 description: |- 469 A label query over the set of namespaces that the term applies to. 470 The term is applied to the union of the namespaces selected by this field 471 and the ones listed in the namespaces field. 472 null selector and null or empty namespaces list means "this pod's namespace". 473 An empty selector ({}) matches all namespaces. 474 properties: 475 matchExpressions: 476 description: matchExpressions 477 is a list of label selector 478 requirements. The requirements 479 are ANDed. 480 items: 481 description: |- 482 A label selector requirement is a selector that contains values, a key, and an operator that 483 relates the key and values. 484 properties: 485 key: 486 description: key is the 487 label key that the selector 488 applies to. 489 type: string 490 operator: 491 description: |- 492 operator represents a key's relationship to a set of values. 493 Valid operators are In, NotIn, Exists and DoesNotExist. 494 type: string 495 values: 496 description: |- 497 values is an array of string values. If the operator is In or NotIn, 498 the values array must be non-empty. If the operator is Exists or DoesNotExist, 499 the values array must be empty. This array is replaced during a strategic 500 merge patch. 501 items: 502 type: string 503 type: array 504 required: 505 - key 506 - operator 507 type: object 508 type: array 509 matchLabels: 510 additionalProperties: 511 type: string 512 description: |- 513 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 514 map is equivalent to an element of matchExpressions, whose key field is "key", the 515 operator is "In", and the values array contains only "value". The requirements are ANDed. 516 type: object 517 type: object 518 x-kubernetes-map-type: atomic 519 namespaces: 520 description: |- 521 namespaces specifies a static list of namespace names that the term applies to. 522 The term is applied to the union of the namespaces listed in this field 523 and the ones selected by namespaceSelector. 524 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 525 items: 526 type: string 527 type: array 528 topologyKey: 529 description: |- 530 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 531 the labelSelector in the specified namespaces, where co-located is defined as running on a node 532 whose value of the label with key topologyKey matches that of any node on which any of the 533 selected pods is running. 534 Empty topologyKey is not allowed. 535 type: string 536 required: 537 - topologyKey 538 type: object 539 weight: 540 description: |- 541 weight associated with matching the corresponding podAffinityTerm, 542 in the range 1-100. 543 format: int32 544 type: integer 545 required: 546 - podAffinityTerm 547 - weight 548 type: object 549 type: array 550 requiredDuringSchedulingIgnoredDuringExecution: 551 description: |- 552 If the affinity requirements specified by this field are not met at 553 scheduling time, the pod will not be scheduled onto the node. 554 If the affinity requirements specified by this field cease to be met 555 at some point during pod execution (e.g. due to a pod label update), the 556 system may or may not try to eventually evict the pod from its node. 557 When there are multiple elements, the lists of nodes corresponding to each 558 podAffinityTerm are intersected, i.e. all terms must be satisfied. 559 items: 560 description: |- 561 Defines a set of pods (namely those matching the labelSelector 562 relative to the given namespace(s)) that this pod should be 563 co-located (affinity) or not co-located (anti-affinity) with, 564 where co-located is defined as running on a node whose value of 565 the label with key <topologyKey> matches that of any node on which 566 a pod of the set of pods is running 567 properties: 568 labelSelector: 569 description: |- 570 A label query over a set of resources, in this case pods. 571 If it's null, this PodAffinityTerm matches with no Pods. 572 properties: 573 matchExpressions: 574 description: matchExpressions is a 575 list of label selector requirements. 576 The requirements are ANDed. 577 items: 578 description: |- 579 A label selector requirement is a selector that contains values, a key, and an operator that 580 relates the key and values. 581 properties: 582 key: 583 description: key is the label 584 key that the selector applies 585 to. 586 type: string 587 operator: 588 description: |- 589 operator represents a key's relationship to a set of values. 590 Valid operators are In, NotIn, Exists and DoesNotExist. 591 type: string 592 values: 593 description: |- 594 values is an array of string values. If the operator is In or NotIn, 595 the values array must be non-empty. If the operator is Exists or DoesNotExist, 596 the values array must be empty. This array is replaced during a strategic 597 merge patch. 598 items: 599 type: string 600 type: array 601 required: 602 - key 603 - operator 604 type: object 605 type: array 606 matchLabels: 607 additionalProperties: 608 type: string 609 description: |- 610 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 611 map is equivalent to an element of matchExpressions, whose key field is "key", the 612 operator is "In", and the values array contains only "value". The requirements are ANDed. 613 type: object 614 type: object 615 x-kubernetes-map-type: atomic 616 matchLabelKeys: 617 description: |- 618 MatchLabelKeys is a set of pod label keys to select which pods will 619 be taken into consideration. The keys are used to lookup values from the 620 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 621 to select the group of existing pods which pods will be taken into consideration 622 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 623 pod labels will be ignored. The default value is empty. 624 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 625 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 626 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 627 items: 628 type: string 629 type: array 630 x-kubernetes-list-type: atomic 631 mismatchLabelKeys: 632 description: |- 633 MismatchLabelKeys is a set of pod label keys to select which pods will 634 be taken into consideration. The keys are used to lookup values from the 635 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 636 to select the group of existing pods which pods will be taken into consideration 637 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 638 pod labels will be ignored. The default value is empty. 639 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 640 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 641 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 642 items: 643 type: string 644 type: array 645 x-kubernetes-list-type: atomic 646 namespaceSelector: 647 description: |- 648 A label query over the set of namespaces that the term applies to. 649 The term is applied to the union of the namespaces selected by this field 650 and the ones listed in the namespaces field. 651 null selector and null or empty namespaces list means "this pod's namespace". 652 An empty selector ({}) matches all namespaces. 653 properties: 654 matchExpressions: 655 description: matchExpressions is a 656 list of label selector requirements. 657 The requirements are ANDed. 658 items: 659 description: |- 660 A label selector requirement is a selector that contains values, a key, and an operator that 661 relates the key and values. 662 properties: 663 key: 664 description: key is the label 665 key that the selector applies 666 to. 667 type: string 668 operator: 669 description: |- 670 operator represents a key's relationship to a set of values. 671 Valid operators are In, NotIn, Exists and DoesNotExist. 672 type: string 673 values: 674 description: |- 675 values is an array of string values. If the operator is In or NotIn, 676 the values array must be non-empty. If the operator is Exists or DoesNotExist, 677 the values array must be empty. This array is replaced during a strategic 678 merge patch. 679 items: 680 type: string 681 type: array 682 required: 683 - key 684 - operator 685 type: object 686 type: array 687 matchLabels: 688 additionalProperties: 689 type: string 690 description: |- 691 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 692 map is equivalent to an element of matchExpressions, whose key field is "key", the 693 operator is "In", and the values array contains only "value". The requirements are ANDed. 694 type: object 695 type: object 696 x-kubernetes-map-type: atomic 697 namespaces: 698 description: |- 699 namespaces specifies a static list of namespace names that the term applies to. 700 The term is applied to the union of the namespaces listed in this field 701 and the ones selected by namespaceSelector. 702 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 703 items: 704 type: string 705 type: array 706 topologyKey: 707 description: |- 708 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 709 the labelSelector in the specified namespaces, where co-located is defined as running on a node 710 whose value of the label with key topologyKey matches that of any node on which any of the 711 selected pods is running. 712 Empty topologyKey is not allowed. 713 type: string 714 required: 715 - topologyKey 716 type: object 717 type: array 718 type: object 719 podAntiAffinity: 720 description: Describes pod anti-affinity scheduling 721 rules (e.g. avoid putting this pod in the same 722 node, zone, etc. as some other pod(s)). 723 properties: 724 preferredDuringSchedulingIgnoredDuringExecution: 725 description: |- 726 The scheduler will prefer to schedule pods to nodes that satisfy 727 the anti-affinity expressions specified by this field, but it may choose 728 a node that violates one or more of the expressions. The node that is 729 most preferred is the one with the greatest sum of weights, i.e. 730 for each node that meets all of the scheduling requirements (resource 731 request, requiredDuringScheduling anti-affinity expressions, etc.), 732 compute a sum by iterating through the elements of this field and adding 733 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 734 node(s) with the highest sum are the most preferred. 735 items: 736 description: The weights of all of the matched 737 WeightedPodAffinityTerm fields are added 738 per-node to find the most preferred node(s) 739 properties: 740 podAffinityTerm: 741 description: Required. A pod affinity 742 term, associated with the corresponding 743 weight. 744 properties: 745 labelSelector: 746 description: |- 747 A label query over a set of resources, in this case pods. 748 If it's null, this PodAffinityTerm matches with no Pods. 749 properties: 750 matchExpressions: 751 description: matchExpressions 752 is a list of label selector 753 requirements. The requirements 754 are ANDed. 755 items: 756 description: |- 757 A label selector requirement is a selector that contains values, a key, and an operator that 758 relates the key and values. 759 properties: 760 key: 761 description: key is the 762 label key that the selector 763 applies to. 764 type: string 765 operator: 766 description: |- 767 operator represents a key's relationship to a set of values. 768 Valid operators are In, NotIn, Exists and DoesNotExist. 769 type: string 770 values: 771 description: |- 772 values is an array of string values. If the operator is In or NotIn, 773 the values array must be non-empty. If the operator is Exists or DoesNotExist, 774 the values array must be empty. This array is replaced during a strategic 775 merge patch. 776 items: 777 type: string 778 type: array 779 required: 780 - key 781 - operator 782 type: object 783 type: array 784 matchLabels: 785 additionalProperties: 786 type: string 787 description: |- 788 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 789 map is equivalent to an element of matchExpressions, whose key field is "key", the 790 operator is "In", and the values array contains only "value". The requirements are ANDed. 791 type: object 792 type: object 793 x-kubernetes-map-type: atomic 794 matchLabelKeys: 795 description: |- 796 MatchLabelKeys is a set of pod label keys to select which pods will 797 be taken into consideration. The keys are used to lookup values from the 798 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 799 to select the group of existing pods which pods will be taken into consideration 800 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 801 pod labels will be ignored. The default value is empty. 802 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 803 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 804 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 805 items: 806 type: string 807 type: array 808 x-kubernetes-list-type: atomic 809 mismatchLabelKeys: 810 description: |- 811 MismatchLabelKeys is a set of pod label keys to select which pods will 812 be taken into consideration. The keys are used to lookup values from the 813 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 814 to select the group of existing pods which pods will be taken into consideration 815 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 816 pod labels will be ignored. The default value is empty. 817 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 818 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 819 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 820 items: 821 type: string 822 type: array 823 x-kubernetes-list-type: atomic 824 namespaceSelector: 825 description: |- 826 A label query over the set of namespaces that the term applies to. 827 The term is applied to the union of the namespaces selected by this field 828 and the ones listed in the namespaces field. 829 null selector and null or empty namespaces list means "this pod's namespace". 830 An empty selector ({}) matches all namespaces. 831 properties: 832 matchExpressions: 833 description: matchExpressions 834 is a list of label selector 835 requirements. The requirements 836 are ANDed. 837 items: 838 description: |- 839 A label selector requirement is a selector that contains values, a key, and an operator that 840 relates the key and values. 841 properties: 842 key: 843 description: key is the 844 label key that the selector 845 applies to. 846 type: string 847 operator: 848 description: |- 849 operator represents a key's relationship to a set of values. 850 Valid operators are In, NotIn, Exists and DoesNotExist. 851 type: string 852 values: 853 description: |- 854 values is an array of string values. If the operator is In or NotIn, 855 the values array must be non-empty. If the operator is Exists or DoesNotExist, 856 the values array must be empty. This array is replaced during a strategic 857 merge patch. 858 items: 859 type: string 860 type: array 861 required: 862 - key 863 - operator 864 type: object 865 type: array 866 matchLabels: 867 additionalProperties: 868 type: string 869 description: |- 870 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 871 map is equivalent to an element of matchExpressions, whose key field is "key", the 872 operator is "In", and the values array contains only "value". The requirements are ANDed. 873 type: object 874 type: object 875 x-kubernetes-map-type: atomic 876 namespaces: 877 description: |- 878 namespaces specifies a static list of namespace names that the term applies to. 879 The term is applied to the union of the namespaces listed in this field 880 and the ones selected by namespaceSelector. 881 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 882 items: 883 type: string 884 type: array 885 topologyKey: 886 description: |- 887 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 888 the labelSelector in the specified namespaces, where co-located is defined as running on a node 889 whose value of the label with key topologyKey matches that of any node on which any of the 890 selected pods is running. 891 Empty topologyKey is not allowed. 892 type: string 893 required: 894 - topologyKey 895 type: object 896 weight: 897 description: |- 898 weight associated with matching the corresponding podAffinityTerm, 899 in the range 1-100. 900 format: int32 901 type: integer 902 required: 903 - podAffinityTerm 904 - weight 905 type: object 906 type: array 907 requiredDuringSchedulingIgnoredDuringExecution: 908 description: |- 909 If the anti-affinity requirements specified by this field are not met at 910 scheduling time, the pod will not be scheduled onto the node. 911 If the anti-affinity requirements specified by this field cease to be met 912 at some point during pod execution (e.g. due to a pod label update), the 913 system may or may not try to eventually evict the pod from its node. 914 When there are multiple elements, the lists of nodes corresponding to each 915 podAffinityTerm are intersected, i.e. all terms must be satisfied. 916 items: 917 description: |- 918 Defines a set of pods (namely those matching the labelSelector 919 relative to the given namespace(s)) that this pod should be 920 co-located (affinity) or not co-located (anti-affinity) with, 921 where co-located is defined as running on a node whose value of 922 the label with key <topologyKey> matches that of any node on which 923 a pod of the set of pods is running 924 properties: 925 labelSelector: 926 description: |- 927 A label query over a set of resources, in this case pods. 928 If it's null, this PodAffinityTerm matches with no Pods. 929 properties: 930 matchExpressions: 931 description: matchExpressions is a 932 list of label selector requirements. 933 The requirements are ANDed. 934 items: 935 description: |- 936 A label selector requirement is a selector that contains values, a key, and an operator that 937 relates the key and values. 938 properties: 939 key: 940 description: key is the label 941 key that the selector applies 942 to. 943 type: string 944 operator: 945 description: |- 946 operator represents a key's relationship to a set of values. 947 Valid operators are In, NotIn, Exists and DoesNotExist. 948 type: string 949 values: 950 description: |- 951 values is an array of string values. If the operator is In or NotIn, 952 the values array must be non-empty. If the operator is Exists or DoesNotExist, 953 the values array must be empty. This array is replaced during a strategic 954 merge patch. 955 items: 956 type: string 957 type: array 958 required: 959 - key 960 - operator 961 type: object 962 type: array 963 matchLabels: 964 additionalProperties: 965 type: string 966 description: |- 967 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 968 map is equivalent to an element of matchExpressions, whose key field is "key", the 969 operator is "In", and the values array contains only "value". The requirements are ANDed. 970 type: object 971 type: object 972 x-kubernetes-map-type: atomic 973 matchLabelKeys: 974 description: |- 975 MatchLabelKeys is a set of pod label keys to select which pods will 976 be taken into consideration. The keys are used to lookup values from the 977 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 978 to select the group of existing pods which pods will be taken into consideration 979 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 980 pod labels will be ignored. The default value is empty. 981 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 982 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 983 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 984 items: 985 type: string 986 type: array 987 x-kubernetes-list-type: atomic 988 mismatchLabelKeys: 989 description: |- 990 MismatchLabelKeys is a set of pod label keys to select which pods will 991 be taken into consideration. The keys are used to lookup values from the 992 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 993 to select the group of existing pods which pods will be taken into consideration 994 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 995 pod labels will be ignored. The default value is empty. 996 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 997 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 998 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 999 items: 1000 type: string 1001 type: array 1002 x-kubernetes-list-type: atomic 1003 namespaceSelector: 1004 description: |- 1005 A label query over the set of namespaces that the term applies to. 1006 The term is applied to the union of the namespaces selected by this field 1007 and the ones listed in the namespaces field. 1008 null selector and null or empty namespaces list means "this pod's namespace". 1009 An empty selector ({}) matches all namespaces. 1010 properties: 1011 matchExpressions: 1012 description: matchExpressions is a 1013 list of label selector requirements. 1014 The requirements are ANDed. 1015 items: 1016 description: |- 1017 A label selector requirement is a selector that contains values, a key, and an operator that 1018 relates the key and values. 1019 properties: 1020 key: 1021 description: key is the label 1022 key that the selector applies 1023 to. 1024 type: string 1025 operator: 1026 description: |- 1027 operator represents a key's relationship to a set of values. 1028 Valid operators are In, NotIn, Exists and DoesNotExist. 1029 type: string 1030 values: 1031 description: |- 1032 values is an array of string values. If the operator is In or NotIn, 1033 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1034 the values array must be empty. This array is replaced during a strategic 1035 merge patch. 1036 items: 1037 type: string 1038 type: array 1039 required: 1040 - key 1041 - operator 1042 type: object 1043 type: array 1044 matchLabels: 1045 additionalProperties: 1046 type: string 1047 description: |- 1048 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1049 map is equivalent to an element of matchExpressions, whose key field is "key", the 1050 operator is "In", and the values array contains only "value". The requirements are ANDed. 1051 type: object 1052 type: object 1053 x-kubernetes-map-type: atomic 1054 namespaces: 1055 description: |- 1056 namespaces specifies a static list of namespace names that the term applies to. 1057 The term is applied to the union of the namespaces listed in this field 1058 and the ones selected by namespaceSelector. 1059 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1060 items: 1061 type: string 1062 type: array 1063 topologyKey: 1064 description: |- 1065 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1066 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1067 whose value of the label with key topologyKey matches that of any node on which any of the 1068 selected pods is running. 1069 Empty topologyKey is not allowed. 1070 type: string 1071 required: 1072 - topologyKey 1073 type: object 1074 type: array 1075 type: object 1076 type: object 1077 automountServiceAccountToken: 1078 description: AutomountServiceAccountToken indicates 1079 whether a service account token should be automatically 1080 mounted. 1081 type: boolean 1082 containers: 1083 description: |- 1084 List of containers belonging to the pod. 1085 Containers cannot currently be added or removed. 1086 There must be at least one container in a Pod. 1087 Cannot be updated. 1088 items: 1089 description: A single application container that you 1090 want to run within a pod. 1091 properties: 1092 args: 1093 description: |- 1094 Arguments to the entrypoint. 1095 The container image's CMD is used if this is not provided. 1096 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1097 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1098 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1099 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1100 of whether the variable exists or not. Cannot be updated. 1101 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1102 items: 1103 type: string 1104 type: array 1105 command: 1106 description: |- 1107 Entrypoint array. Not executed within a shell. 1108 The container image's ENTRYPOINT is used if this is not provided. 1109 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1110 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1111 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1112 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1113 of whether the variable exists or not. Cannot be updated. 1114 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1115 items: 1116 type: string 1117 type: array 1118 env: 1119 description: |- 1120 List of environment variables to set in the container. 1121 Cannot be updated. 1122 items: 1123 description: EnvVar represents an environment 1124 variable present in a Container. 1125 properties: 1126 name: 1127 description: Name of the environment variable. 1128 Must be a C_IDENTIFIER. 1129 type: string 1130 value: 1131 description: |- 1132 Variable references $(VAR_NAME) are expanded 1133 using the previously defined environment variables in the container and 1134 any service environment variables. If a variable cannot be resolved, 1135 the reference in the input string will be unchanged. Double $$ are reduced 1136 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1137 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1138 Escaped references will never be expanded, regardless of whether the variable 1139 exists or not. 1140 Defaults to "". 1141 type: string 1142 valueFrom: 1143 description: Source for the environment 1144 variable's value. Cannot be used if value 1145 is not empty. 1146 properties: 1147 configMapKeyRef: 1148 description: Selects a key of a ConfigMap. 1149 properties: 1150 key: 1151 description: The key to select. 1152 type: string 1153 name: 1154 description: |- 1155 Name of the referent. 1156 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1157 TODO: Add other useful fields. apiVersion, kind, uid? 1158 type: string 1159 optional: 1160 description: Specify whether the 1161 ConfigMap or its key must be defined 1162 type: boolean 1163 required: 1164 - key 1165 type: object 1166 x-kubernetes-map-type: atomic 1167 fieldRef: 1168 description: |- 1169 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 1170 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 1171 properties: 1172 apiVersion: 1173 description: Version of the schema 1174 the FieldPath is written in terms 1175 of, defaults to "v1". 1176 type: string 1177 fieldPath: 1178 description: Path of the field to 1179 select in the specified API version. 1180 type: string 1181 required: 1182 - fieldPath 1183 type: object 1184 x-kubernetes-map-type: atomic 1185 resourceFieldRef: 1186 description: |- 1187 Selects a resource of the container: only resources limits and requests 1188 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 1189 properties: 1190 containerName: 1191 description: 'Container name: required 1192 for volumes, optional for env 1193 vars' 1194 type: string 1195 divisor: 1196 anyOf: 1197 - type: integer 1198 - type: string 1199 description: Specifies the output 1200 format of the exposed resources, 1201 defaults to "1" 1202 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1203 x-kubernetes-int-or-string: true 1204 resource: 1205 description: 'Required: resource 1206 to select' 1207 type: string 1208 required: 1209 - resource 1210 type: object 1211 x-kubernetes-map-type: atomic 1212 secretKeyRef: 1213 description: Selects a key of a secret 1214 in the pod's namespace 1215 properties: 1216 key: 1217 description: The key of the secret 1218 to select from. Must be a valid 1219 secret key. 1220 type: string 1221 name: 1222 description: |- 1223 Name of the referent. 1224 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1225 TODO: Add other useful fields. apiVersion, kind, uid? 1226 type: string 1227 optional: 1228 description: Specify whether the 1229 Secret or its key must be defined 1230 type: boolean 1231 required: 1232 - key 1233 type: object 1234 x-kubernetes-map-type: atomic 1235 type: object 1236 required: 1237 - name 1238 type: object 1239 type: array 1240 envFrom: 1241 description: |- 1242 List of sources to populate environment variables in the container. 1243 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 1244 will be reported as an event when the container is starting. When a key exists in multiple 1245 sources, the value associated with the last source will take precedence. 1246 Values defined by an Env with a duplicate key will take precedence. 1247 Cannot be updated. 1248 items: 1249 description: EnvFromSource represents the source 1250 of a set of ConfigMaps 1251 properties: 1252 configMapRef: 1253 description: The ConfigMap to select from 1254 properties: 1255 name: 1256 description: |- 1257 Name of the referent. 1258 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1259 TODO: Add other useful fields. apiVersion, kind, uid? 1260 type: string 1261 optional: 1262 description: Specify whether the ConfigMap 1263 must be defined 1264 type: boolean 1265 type: object 1266 x-kubernetes-map-type: atomic 1267 prefix: 1268 description: An optional identifier to prepend 1269 to each key in the ConfigMap. Must be 1270 a C_IDENTIFIER. 1271 type: string 1272 secretRef: 1273 description: The Secret to select from 1274 properties: 1275 name: 1276 description: |- 1277 Name of the referent. 1278 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1279 TODO: Add other useful fields. apiVersion, kind, uid? 1280 type: string 1281 optional: 1282 description: Specify whether the Secret 1283 must be defined 1284 type: boolean 1285 type: object 1286 x-kubernetes-map-type: atomic 1287 type: object 1288 type: array 1289 image: 1290 description: |- 1291 Container image name. 1292 More info: https://kubernetes.io/docs/concepts/containers/images 1293 This field is optional to allow higher level config management to default or override 1294 container images in workload controllers like Deployments and StatefulSets. 1295 type: string 1296 imagePullPolicy: 1297 description: |- 1298 Image pull policy. 1299 One of Always, Never, IfNotPresent. 1300 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 1301 Cannot be updated. 1302 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1303 type: string 1304 lifecycle: 1305 description: |- 1306 Actions that the management system should take in response to container lifecycle events. 1307 Cannot be updated. 1308 properties: 1309 postStart: 1310 description: |- 1311 PostStart is called immediately after a container is created. If the handler fails, 1312 the container is terminated and restarted according to its restart policy. 1313 Other management of the container blocks until the hook completes. 1314 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1315 properties: 1316 exec: 1317 description: Exec specifies the action 1318 to take. 1319 properties: 1320 command: 1321 description: |- 1322 Command is the command line to execute inside the container, the working directory for the 1323 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1324 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1325 a shell, you need to explicitly call out to that shell. 1326 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1327 items: 1328 type: string 1329 type: array 1330 type: object 1331 httpGet: 1332 description: HTTPGet specifies the http 1333 request to perform. 1334 properties: 1335 host: 1336 description: |- 1337 Host name to connect to, defaults to the pod IP. You probably want to set 1338 "Host" in httpHeaders instead. 1339 type: string 1340 httpHeaders: 1341 description: Custom headers to set 1342 in the request. HTTP allows repeated 1343 headers. 1344 items: 1345 description: HTTPHeader describes 1346 a custom header to be used in 1347 HTTP probes 1348 properties: 1349 name: 1350 description: |- 1351 The header field name. 1352 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1353 type: string 1354 value: 1355 description: The header field 1356 value 1357 type: string 1358 required: 1359 - name 1360 - value 1361 type: object 1362 type: array 1363 path: 1364 description: Path to access on the 1365 HTTP server. 1366 type: string 1367 port: 1368 anyOf: 1369 - type: integer 1370 - type: string 1371 description: |- 1372 Name or number of the port to access on the container. 1373 Number must be in the range 1 to 65535. 1374 Name must be an IANA_SVC_NAME. 1375 x-kubernetes-int-or-string: true 1376 scheme: 1377 description: |- 1378 Scheme to use for connecting to the host. 1379 Defaults to HTTP. 1380 type: string 1381 required: 1382 - port 1383 type: object 1384 sleep: 1385 description: Sleep represents the duration 1386 that the container should sleep before 1387 being terminated. 1388 properties: 1389 seconds: 1390 description: Seconds is the number 1391 of seconds to sleep. 1392 format: int64 1393 type: integer 1394 required: 1395 - seconds 1396 type: object 1397 tcpSocket: 1398 description: |- 1399 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 1400 for the backward compatibility. There are no validation of this field and 1401 lifecycle hooks will fail in runtime when tcp handler is specified. 1402 properties: 1403 host: 1404 description: 'Optional: Host name 1405 to connect to, defaults to the pod 1406 IP.' 1407 type: string 1408 port: 1409 anyOf: 1410 - type: integer 1411 - type: string 1412 description: |- 1413 Number or name of the port to access on the container. 1414 Number must be in the range 1 to 65535. 1415 Name must be an IANA_SVC_NAME. 1416 x-kubernetes-int-or-string: true 1417 required: 1418 - port 1419 type: object 1420 type: object 1421 preStop: 1422 description: |- 1423 PreStop is called immediately before a container is terminated due to an 1424 API request or management event such as liveness/startup probe failure, 1425 preemption, resource contention, etc. The handler is not called if the 1426 container crashes or exits. The Pod's termination grace period countdown begins before the 1427 PreStop hook is executed. Regardless of the outcome of the handler, the 1428 container will eventually terminate within the Pod's termination grace 1429 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 1430 or until the termination grace period is reached. 1431 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1432 properties: 1433 exec: 1434 description: Exec specifies the action 1435 to take. 1436 properties: 1437 command: 1438 description: |- 1439 Command is the command line to execute inside the container, the working directory for the 1440 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1441 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1442 a shell, you need to explicitly call out to that shell. 1443 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1444 items: 1445 type: string 1446 type: array 1447 type: object 1448 httpGet: 1449 description: HTTPGet specifies the http 1450 request to perform. 1451 properties: 1452 host: 1453 description: |- 1454 Host name to connect to, defaults to the pod IP. You probably want to set 1455 "Host" in httpHeaders instead. 1456 type: string 1457 httpHeaders: 1458 description: Custom headers to set 1459 in the request. HTTP allows repeated 1460 headers. 1461 items: 1462 description: HTTPHeader describes 1463 a custom header to be used in 1464 HTTP probes 1465 properties: 1466 name: 1467 description: |- 1468 The header field name. 1469 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1470 type: string 1471 value: 1472 description: The header field 1473 value 1474 type: string 1475 required: 1476 - name 1477 - value 1478 type: object 1479 type: array 1480 path: 1481 description: Path to access on the 1482 HTTP server. 1483 type: string 1484 port: 1485 anyOf: 1486 - type: integer 1487 - type: string 1488 description: |- 1489 Name or number of the port to access on the container. 1490 Number must be in the range 1 to 65535. 1491 Name must be an IANA_SVC_NAME. 1492 x-kubernetes-int-or-string: true 1493 scheme: 1494 description: |- 1495 Scheme to use for connecting to the host. 1496 Defaults to HTTP. 1497 type: string 1498 required: 1499 - port 1500 type: object 1501 sleep: 1502 description: Sleep represents the duration 1503 that the container should sleep before 1504 being terminated. 1505 properties: 1506 seconds: 1507 description: Seconds is the number 1508 of seconds to sleep. 1509 format: int64 1510 type: integer 1511 required: 1512 - seconds 1513 type: object 1514 tcpSocket: 1515 description: |- 1516 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 1517 for the backward compatibility. There are no validation of this field and 1518 lifecycle hooks will fail in runtime when tcp handler is specified. 1519 properties: 1520 host: 1521 description: 'Optional: Host name 1522 to connect to, defaults to the pod 1523 IP.' 1524 type: string 1525 port: 1526 anyOf: 1527 - type: integer 1528 - type: string 1529 description: |- 1530 Number or name of the port to access on the container. 1531 Number must be in the range 1 to 65535. 1532 Name must be an IANA_SVC_NAME. 1533 x-kubernetes-int-or-string: true 1534 required: 1535 - port 1536 type: object 1537 type: object 1538 type: object 1539 livenessProbe: 1540 description: |- 1541 Periodic probe of container liveness. 1542 Container will be restarted if the probe fails. 1543 Cannot be updated. 1544 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1545 properties: 1546 exec: 1547 description: Exec specifies the action to 1548 take. 1549 properties: 1550 command: 1551 description: |- 1552 Command is the command line to execute inside the container, the working directory for the 1553 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1554 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1555 a shell, you need to explicitly call out to that shell. 1556 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1557 items: 1558 type: string 1559 type: array 1560 type: object 1561 failureThreshold: 1562 description: |- 1563 Minimum consecutive failures for the probe to be considered failed after having succeeded. 1564 Defaults to 3. Minimum value is 1. 1565 format: int32 1566 type: integer 1567 grpc: 1568 description: GRPC specifies an action involving 1569 a GRPC port. 1570 properties: 1571 port: 1572 description: Port number of the gRPC service. 1573 Number must be in the range 1 to 65535. 1574 format: int32 1575 type: integer 1576 service: 1577 description: |- 1578 Service is the name of the service to place in the gRPC HealthCheckRequest 1579 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1580 1581 1582 If this is not specified, the default behavior is defined by gRPC. 1583 type: string 1584 required: 1585 - port 1586 type: object 1587 httpGet: 1588 description: HTTPGet specifies the http request 1589 to perform. 1590 properties: 1591 host: 1592 description: |- 1593 Host name to connect to, defaults to the pod IP. You probably want to set 1594 "Host" in httpHeaders instead. 1595 type: string 1596 httpHeaders: 1597 description: Custom headers to set in 1598 the request. HTTP allows repeated headers. 1599 items: 1600 description: HTTPHeader describes a 1601 custom header to be used in HTTP probes 1602 properties: 1603 name: 1604 description: |- 1605 The header field name. 1606 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1607 type: string 1608 value: 1609 description: The header field value 1610 type: string 1611 required: 1612 - name 1613 - value 1614 type: object 1615 type: array 1616 path: 1617 description: Path to access on the HTTP 1618 server. 1619 type: string 1620 port: 1621 anyOf: 1622 - type: integer 1623 - type: string 1624 description: |- 1625 Name or number of the port to access on the container. 1626 Number must be in the range 1 to 65535. 1627 Name must be an IANA_SVC_NAME. 1628 x-kubernetes-int-or-string: true 1629 scheme: 1630 description: |- 1631 Scheme to use for connecting to the host. 1632 Defaults to HTTP. 1633 type: string 1634 required: 1635 - port 1636 type: object 1637 initialDelaySeconds: 1638 description: |- 1639 Number of seconds after the container has started before liveness probes are initiated. 1640 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1641 format: int32 1642 type: integer 1643 periodSeconds: 1644 description: |- 1645 How often (in seconds) to perform the probe. 1646 Default to 10 seconds. Minimum value is 1. 1647 format: int32 1648 type: integer 1649 successThreshold: 1650 description: |- 1651 Minimum consecutive successes for the probe to be considered successful after having failed. 1652 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1653 format: int32 1654 type: integer 1655 tcpSocket: 1656 description: TCPSocket specifies an action 1657 involving a TCP port. 1658 properties: 1659 host: 1660 description: 'Optional: Host name to connect 1661 to, defaults to the pod IP.' 1662 type: string 1663 port: 1664 anyOf: 1665 - type: integer 1666 - type: string 1667 description: |- 1668 Number or name of the port to access on the container. 1669 Number must be in the range 1 to 65535. 1670 Name must be an IANA_SVC_NAME. 1671 x-kubernetes-int-or-string: true 1672 required: 1673 - port 1674 type: object 1675 terminationGracePeriodSeconds: 1676 description: |- 1677 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 1678 The grace period is the duration in seconds after the processes running in the pod are sent 1679 a termination signal and the time when the processes are forcibly halted with a kill signal. 1680 Set this value longer than the expected cleanup time for your process. 1681 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 1682 value overrides the value provided by the pod spec. 1683 Value must be non-negative integer. The value zero indicates stop immediately via 1684 the kill signal (no opportunity to shut down). 1685 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 1686 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1687 format: int64 1688 type: integer 1689 timeoutSeconds: 1690 description: |- 1691 Number of seconds after which the probe times out. 1692 Defaults to 1 second. Minimum value is 1. 1693 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1694 format: int32 1695 type: integer 1696 type: object 1697 name: 1698 description: |- 1699 Name of the container specified as a DNS_LABEL. 1700 Each container in a pod must have a unique name (DNS_LABEL). 1701 Cannot be updated. 1702 type: string 1703 ports: 1704 description: |- 1705 List of ports to expose from the container. Not specifying a port here 1706 DOES NOT prevent that port from being exposed. Any port which is 1707 listening on the default "0.0.0.0" address inside a container will be 1708 accessible from the network. 1709 Modifying this array with strategic merge patch may corrupt the data. 1710 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 1711 Cannot be updated. 1712 items: 1713 description: ContainerPort represents a network 1714 port in a single container. 1715 properties: 1716 containerPort: 1717 description: |- 1718 Number of port to expose on the pod's IP address. 1719 This must be a valid port number, 0 < x < 65536. 1720 format: int32 1721 type: integer 1722 hostIP: 1723 description: What host IP to bind the external 1724 port to. 1725 type: string 1726 hostPort: 1727 description: |- 1728 Number of port to expose on the host. 1729 If specified, this must be a valid port number, 0 < x < 65536. 1730 If HostNetwork is specified, this must match ContainerPort. 1731 Most containers do not need this. 1732 format: int32 1733 type: integer 1734 name: 1735 description: |- 1736 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 1737 named port in a pod must have a unique name. Name for the port that can be 1738 referred to by services. 1739 type: string 1740 protocol: 1741 default: TCP 1742 description: |- 1743 Protocol for port. Must be UDP, TCP, or SCTP. 1744 Defaults to "TCP". 1745 type: string 1746 required: 1747 - containerPort 1748 type: object 1749 type: array 1750 x-kubernetes-list-map-keys: 1751 - containerPort 1752 - protocol 1753 x-kubernetes-list-type: map 1754 readinessProbe: 1755 description: |- 1756 Periodic probe of container service readiness. 1757 Container will be removed from service endpoints if the probe fails. 1758 Cannot be updated. 1759 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1760 properties: 1761 exec: 1762 description: Exec specifies the action to 1763 take. 1764 properties: 1765 command: 1766 description: |- 1767 Command is the command line to execute inside the container, the working directory for the 1768 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1769 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1770 a shell, you need to explicitly call out to that shell. 1771 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1772 items: 1773 type: string 1774 type: array 1775 type: object 1776 failureThreshold: 1777 description: |- 1778 Minimum consecutive failures for the probe to be considered failed after having succeeded. 1779 Defaults to 3. Minimum value is 1. 1780 format: int32 1781 type: integer 1782 grpc: 1783 description: GRPC specifies an action involving 1784 a GRPC port. 1785 properties: 1786 port: 1787 description: Port number of the gRPC service. 1788 Number must be in the range 1 to 65535. 1789 format: int32 1790 type: integer 1791 service: 1792 description: |- 1793 Service is the name of the service to place in the gRPC HealthCheckRequest 1794 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1795 1796 1797 If this is not specified, the default behavior is defined by gRPC. 1798 type: string 1799 required: 1800 - port 1801 type: object 1802 httpGet: 1803 description: HTTPGet specifies the http request 1804 to perform. 1805 properties: 1806 host: 1807 description: |- 1808 Host name to connect to, defaults to the pod IP. You probably want to set 1809 "Host" in httpHeaders instead. 1810 type: string 1811 httpHeaders: 1812 description: Custom headers to set in 1813 the request. HTTP allows repeated headers. 1814 items: 1815 description: HTTPHeader describes a 1816 custom header to be used in HTTP probes 1817 properties: 1818 name: 1819 description: |- 1820 The header field name. 1821 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1822 type: string 1823 value: 1824 description: The header field value 1825 type: string 1826 required: 1827 - name 1828 - value 1829 type: object 1830 type: array 1831 path: 1832 description: Path to access on the HTTP 1833 server. 1834 type: string 1835 port: 1836 anyOf: 1837 - type: integer 1838 - type: string 1839 description: |- 1840 Name or number of the port to access on the container. 1841 Number must be in the range 1 to 65535. 1842 Name must be an IANA_SVC_NAME. 1843 x-kubernetes-int-or-string: true 1844 scheme: 1845 description: |- 1846 Scheme to use for connecting to the host. 1847 Defaults to HTTP. 1848 type: string 1849 required: 1850 - port 1851 type: object 1852 initialDelaySeconds: 1853 description: |- 1854 Number of seconds after the container has started before liveness probes are initiated. 1855 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1856 format: int32 1857 type: integer 1858 periodSeconds: 1859 description: |- 1860 How often (in seconds) to perform the probe. 1861 Default to 10 seconds. Minimum value is 1. 1862 format: int32 1863 type: integer 1864 successThreshold: 1865 description: |- 1866 Minimum consecutive successes for the probe to be considered successful after having failed. 1867 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1868 format: int32 1869 type: integer 1870 tcpSocket: 1871 description: TCPSocket specifies an action 1872 involving a TCP port. 1873 properties: 1874 host: 1875 description: 'Optional: Host name to connect 1876 to, defaults to the pod IP.' 1877 type: string 1878 port: 1879 anyOf: 1880 - type: integer 1881 - type: string 1882 description: |- 1883 Number or name of the port to access on the container. 1884 Number must be in the range 1 to 65535. 1885 Name must be an IANA_SVC_NAME. 1886 x-kubernetes-int-or-string: true 1887 required: 1888 - port 1889 type: object 1890 terminationGracePeriodSeconds: 1891 description: |- 1892 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 1893 The grace period is the duration in seconds after the processes running in the pod are sent 1894 a termination signal and the time when the processes are forcibly halted with a kill signal. 1895 Set this value longer than the expected cleanup time for your process. 1896 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 1897 value overrides the value provided by the pod spec. 1898 Value must be non-negative integer. The value zero indicates stop immediately via 1899 the kill signal (no opportunity to shut down). 1900 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 1901 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1902 format: int64 1903 type: integer 1904 timeoutSeconds: 1905 description: |- 1906 Number of seconds after which the probe times out. 1907 Defaults to 1 second. Minimum value is 1. 1908 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1909 format: int32 1910 type: integer 1911 type: object 1912 resizePolicy: 1913 description: Resources resize policy for the container. 1914 items: 1915 description: ContainerResizePolicy represents 1916 resource resize policy for the container. 1917 properties: 1918 resourceName: 1919 description: |- 1920 Name of the resource to which this resource resize policy applies. 1921 Supported values: cpu, memory. 1922 type: string 1923 restartPolicy: 1924 description: |- 1925 Restart policy to apply when specified resource is resized. 1926 If not specified, it defaults to NotRequired. 1927 type: string 1928 required: 1929 - resourceName 1930 - restartPolicy 1931 type: object 1932 type: array 1933 x-kubernetes-list-type: atomic 1934 resources: 1935 description: |- 1936 Compute Resources required by this container. 1937 Cannot be updated. 1938 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1939 properties: 1940 claims: 1941 description: |- 1942 Claims lists the names of resources, defined in spec.resourceClaims, 1943 that are used by this container. 1944 1945 1946 This is an alpha field and requires enabling the 1947 DynamicResourceAllocation feature gate. 1948 1949 1950 This field is immutable. It can only be set for containers. 1951 items: 1952 description: ResourceClaim references one 1953 entry in PodSpec.ResourceClaims. 1954 properties: 1955 name: 1956 description: |- 1957 Name must match the name of one entry in pod.spec.resourceClaims of 1958 the Pod where this field is used. It makes that resource available 1959 inside a container. 1960 type: string 1961 required: 1962 - name 1963 type: object 1964 type: array 1965 x-kubernetes-list-map-keys: 1966 - name 1967 x-kubernetes-list-type: map 1968 limits: 1969 additionalProperties: 1970 anyOf: 1971 - type: integer 1972 - type: string 1973 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1974 x-kubernetes-int-or-string: true 1975 description: |- 1976 Limits describes the maximum amount of compute resources allowed. 1977 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1978 type: object 1979 requests: 1980 additionalProperties: 1981 anyOf: 1982 - type: integer 1983 - type: string 1984 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1985 x-kubernetes-int-or-string: true 1986 description: |- 1987 Requests describes the minimum amount of compute resources required. 1988 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 1989 otherwise to an implementation-defined value. Requests cannot exceed Limits. 1990 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1991 type: object 1992 type: object 1993 restartPolicy: 1994 description: |- 1995 RestartPolicy defines the restart behavior of individual containers in a pod. 1996 This field may only be set for init containers, and the only allowed value is "Always". 1997 For non-init containers or when this field is not specified, 1998 the restart behavior is defined by the Pod's restart policy and the container type. 1999 Setting the RestartPolicy as "Always" for the init container will have the following effect: 2000 this init container will be continually restarted on 2001 exit until all regular containers have terminated. Once all regular 2002 containers have completed, all init containers with restartPolicy "Always" 2003 will be shut down. This lifecycle differs from normal init containers and 2004 is often referred to as a "sidecar" container. Although this init 2005 container still starts in the init container sequence, it does not wait 2006 for the container to complete before proceeding to the next init 2007 container. Instead, the next init container starts immediately after this 2008 init container is started, or after any startupProbe has successfully 2009 completed. 2010 type: string 2011 securityContext: 2012 description: |- 2013 SecurityContext defines the security options the container should be run with. 2014 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 2015 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 2016 properties: 2017 allowPrivilegeEscalation: 2018 description: |- 2019 AllowPrivilegeEscalation controls whether a process can gain more 2020 privileges than its parent process. This bool directly controls if 2021 the no_new_privs flag will be set on the container process. 2022 AllowPrivilegeEscalation is true always when the container is: 2023 1) run as Privileged 2024 2) has CAP_SYS_ADMIN 2025 Note that this field cannot be set when spec.os.name is windows. 2026 type: boolean 2027 capabilities: 2028 description: |- 2029 The capabilities to add/drop when running containers. 2030 Defaults to the default set of capabilities granted by the container runtime. 2031 Note that this field cannot be set when spec.os.name is windows. 2032 properties: 2033 add: 2034 description: Added capabilities 2035 items: 2036 description: Capability represent POSIX 2037 capabilities type 2038 type: string 2039 type: array 2040 drop: 2041 description: Removed capabilities 2042 items: 2043 description: Capability represent POSIX 2044 capabilities type 2045 type: string 2046 type: array 2047 type: object 2048 privileged: 2049 description: |- 2050 Run container in privileged mode. 2051 Processes in privileged containers are essentially equivalent to root on the host. 2052 Defaults to false. 2053 Note that this field cannot be set when spec.os.name is windows. 2054 type: boolean 2055 procMount: 2056 description: |- 2057 procMount denotes the type of proc mount to use for the containers. 2058 The default is DefaultProcMount which uses the container runtime defaults for 2059 readonly paths and masked paths. 2060 This requires the ProcMountType feature flag to be enabled. 2061 Note that this field cannot be set when spec.os.name is windows. 2062 type: string 2063 readOnlyRootFilesystem: 2064 description: |- 2065 Whether this container has a read-only root filesystem. 2066 Default is false. 2067 Note that this field cannot be set when spec.os.name is windows. 2068 type: boolean 2069 runAsGroup: 2070 description: |- 2071 The GID to run the entrypoint of the container process. 2072 Uses runtime default if unset. 2073 May also be set in PodSecurityContext. If set in both SecurityContext and 2074 PodSecurityContext, the value specified in SecurityContext takes precedence. 2075 Note that this field cannot be set when spec.os.name is windows. 2076 format: int64 2077 type: integer 2078 runAsNonRoot: 2079 description: |- 2080 Indicates that the container must run as a non-root user. 2081 If true, the Kubelet will validate the image at runtime to ensure that it 2082 does not run as UID 0 (root) and fail to start the container if it does. 2083 If unset or false, no such validation will be performed. 2084 May also be set in PodSecurityContext. If set in both SecurityContext and 2085 PodSecurityContext, the value specified in SecurityContext takes precedence. 2086 type: boolean 2087 runAsUser: 2088 description: |- 2089 The UID to run the entrypoint of the container process. 2090 Defaults to user specified in image metadata if unspecified. 2091 May also be set in PodSecurityContext. If set in both SecurityContext and 2092 PodSecurityContext, the value specified in SecurityContext takes precedence. 2093 Note that this field cannot be set when spec.os.name is windows. 2094 format: int64 2095 type: integer 2096 seLinuxOptions: 2097 description: |- 2098 The SELinux context to be applied to the container. 2099 If unspecified, the container runtime will allocate a random SELinux context for each 2100 container. May also be set in PodSecurityContext. If set in both SecurityContext and 2101 PodSecurityContext, the value specified in SecurityContext takes precedence. 2102 Note that this field cannot be set when spec.os.name is windows. 2103 properties: 2104 level: 2105 description: Level is SELinux level label 2106 that applies to the container. 2107 type: string 2108 role: 2109 description: Role is a SELinux role label 2110 that applies to the container. 2111 type: string 2112 type: 2113 description: Type is a SELinux type label 2114 that applies to the container. 2115 type: string 2116 user: 2117 description: User is a SELinux user label 2118 that applies to the container. 2119 type: string 2120 type: object 2121 seccompProfile: 2122 description: |- 2123 The seccomp options to use by this container. If seccomp options are 2124 provided at both the pod & container level, the container options 2125 override the pod options. 2126 Note that this field cannot be set when spec.os.name is windows. 2127 properties: 2128 localhostProfile: 2129 description: |- 2130 localhostProfile indicates a profile defined in a file on the node should be used. 2131 The profile must be preconfigured on the node to work. 2132 Must be a descending path, relative to the kubelet's configured seccomp profile location. 2133 Must be set if type is "Localhost". Must NOT be set for any other type. 2134 type: string 2135 type: 2136 description: |- 2137 type indicates which kind of seccomp profile will be applied. 2138 Valid options are: 2139 2140 2141 Localhost - a profile defined in a file on the node should be used. 2142 RuntimeDefault - the container runtime default profile should be used. 2143 Unconfined - no profile should be applied. 2144 type: string 2145 required: 2146 - type 2147 type: object 2148 windowsOptions: 2149 description: |- 2150 The Windows specific settings applied to all containers. 2151 If unspecified, the options from the PodSecurityContext will be used. 2152 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2153 Note that this field cannot be set when spec.os.name is linux. 2154 properties: 2155 gmsaCredentialSpec: 2156 description: |- 2157 GMSACredentialSpec is where the GMSA admission webhook 2158 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 2159 GMSA credential spec named by the GMSACredentialSpecName field. 2160 type: string 2161 gmsaCredentialSpecName: 2162 description: GMSACredentialSpecName is 2163 the name of the GMSA credential spec 2164 to use. 2165 type: string 2166 hostProcess: 2167 description: |- 2168 HostProcess determines if a container should be run as a 'Host Process' container. 2169 All of a Pod's containers must have the same effective HostProcess value 2170 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 2171 In addition, if HostProcess is true then HostNetwork must also be set to true. 2172 type: boolean 2173 runAsUserName: 2174 description: |- 2175 The UserName in Windows to run the entrypoint of the container process. 2176 Defaults to the user specified in image metadata if unspecified. 2177 May also be set in PodSecurityContext. If set in both SecurityContext and 2178 PodSecurityContext, the value specified in SecurityContext takes precedence. 2179 type: string 2180 type: object 2181 type: object 2182 startupProbe: 2183 description: |- 2184 StartupProbe indicates that the Pod has successfully initialized. 2185 If specified, no other probes are executed until this completes successfully. 2186 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 2187 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 2188 when it might take a long time to load data or warm a cache, than during steady-state operation. 2189 This cannot be updated. 2190 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2191 properties: 2192 exec: 2193 description: Exec specifies the action to 2194 take. 2195 properties: 2196 command: 2197 description: |- 2198 Command is the command line to execute inside the container, the working directory for the 2199 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2200 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2201 a shell, you need to explicitly call out to that shell. 2202 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2203 items: 2204 type: string 2205 type: array 2206 type: object 2207 failureThreshold: 2208 description: |- 2209 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2210 Defaults to 3. Minimum value is 1. 2211 format: int32 2212 type: integer 2213 grpc: 2214 description: GRPC specifies an action involving 2215 a GRPC port. 2216 properties: 2217 port: 2218 description: Port number of the gRPC service. 2219 Number must be in the range 1 to 65535. 2220 format: int32 2221 type: integer 2222 service: 2223 description: |- 2224 Service is the name of the service to place in the gRPC HealthCheckRequest 2225 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2226 2227 2228 If this is not specified, the default behavior is defined by gRPC. 2229 type: string 2230 required: 2231 - port 2232 type: object 2233 httpGet: 2234 description: HTTPGet specifies the http request 2235 to perform. 2236 properties: 2237 host: 2238 description: |- 2239 Host name to connect to, defaults to the pod IP. You probably want to set 2240 "Host" in httpHeaders instead. 2241 type: string 2242 httpHeaders: 2243 description: Custom headers to set in 2244 the request. HTTP allows repeated headers. 2245 items: 2246 description: HTTPHeader describes a 2247 custom header to be used in HTTP probes 2248 properties: 2249 name: 2250 description: |- 2251 The header field name. 2252 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2253 type: string 2254 value: 2255 description: The header field value 2256 type: string 2257 required: 2258 - name 2259 - value 2260 type: object 2261 type: array 2262 path: 2263 description: Path to access on the HTTP 2264 server. 2265 type: string 2266 port: 2267 anyOf: 2268 - type: integer 2269 - type: string 2270 description: |- 2271 Name or number of the port to access on the container. 2272 Number must be in the range 1 to 65535. 2273 Name must be an IANA_SVC_NAME. 2274 x-kubernetes-int-or-string: true 2275 scheme: 2276 description: |- 2277 Scheme to use for connecting to the host. 2278 Defaults to HTTP. 2279 type: string 2280 required: 2281 - port 2282 type: object 2283 initialDelaySeconds: 2284 description: |- 2285 Number of seconds after the container has started before liveness probes are initiated. 2286 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2287 format: int32 2288 type: integer 2289 periodSeconds: 2290 description: |- 2291 How often (in seconds) to perform the probe. 2292 Default to 10 seconds. Minimum value is 1. 2293 format: int32 2294 type: integer 2295 successThreshold: 2296 description: |- 2297 Minimum consecutive successes for the probe to be considered successful after having failed. 2298 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2299 format: int32 2300 type: integer 2301 tcpSocket: 2302 description: TCPSocket specifies an action 2303 involving a TCP port. 2304 properties: 2305 host: 2306 description: 'Optional: Host name to connect 2307 to, defaults to the pod IP.' 2308 type: string 2309 port: 2310 anyOf: 2311 - type: integer 2312 - type: string 2313 description: |- 2314 Number or name of the port to access on the container. 2315 Number must be in the range 1 to 65535. 2316 Name must be an IANA_SVC_NAME. 2317 x-kubernetes-int-or-string: true 2318 required: 2319 - port 2320 type: object 2321 terminationGracePeriodSeconds: 2322 description: |- 2323 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 2324 The grace period is the duration in seconds after the processes running in the pod are sent 2325 a termination signal and the time when the processes are forcibly halted with a kill signal. 2326 Set this value longer than the expected cleanup time for your process. 2327 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 2328 value overrides the value provided by the pod spec. 2329 Value must be non-negative integer. The value zero indicates stop immediately via 2330 the kill signal (no opportunity to shut down). 2331 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 2332 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2333 format: int64 2334 type: integer 2335 timeoutSeconds: 2336 description: |- 2337 Number of seconds after which the probe times out. 2338 Defaults to 1 second. Minimum value is 1. 2339 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2340 format: int32 2341 type: integer 2342 type: object 2343 stdin: 2344 description: |- 2345 Whether this container should allocate a buffer for stdin in the container runtime. If this 2346 is not set, reads from stdin in the container will always result in EOF. 2347 Default is false. 2348 type: boolean 2349 stdinOnce: 2350 description: |- 2351 Whether the container runtime should close the stdin channel after it has been opened by 2352 a single attach. When stdin is true the stdin stream will remain open across multiple attach 2353 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 2354 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 2355 at which time stdin is closed and remains closed until the container is restarted. If this 2356 flag is false, a container processes that reads from stdin will never receive an EOF. 2357 Default is false 2358 type: boolean 2359 terminationMessagePath: 2360 description: |- 2361 Optional: Path at which the file to which the container's termination message 2362 will be written is mounted into the container's filesystem. 2363 Message written is intended to be brief final status, such as an assertion failure message. 2364 Will be truncated by the node if greater than 4096 bytes. The total message length across 2365 all containers will be limited to 12kb. 2366 Defaults to /dev/termination-log. 2367 Cannot be updated. 2368 type: string 2369 terminationMessagePolicy: 2370 description: |- 2371 Indicate how the termination message should be populated. File will use the contents of 2372 terminationMessagePath to populate the container status message on both success and failure. 2373 FallbackToLogsOnError will use the last chunk of container log output if the termination 2374 message file is empty and the container exited with an error. 2375 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 2376 Defaults to File. 2377 Cannot be updated. 2378 type: string 2379 tty: 2380 description: |- 2381 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 2382 Default is false. 2383 type: boolean 2384 volumeDevices: 2385 description: volumeDevices is the list of block 2386 devices to be used by the container. 2387 items: 2388 description: volumeDevice describes a mapping 2389 of a raw block device within a container. 2390 properties: 2391 devicePath: 2392 description: devicePath is the path inside 2393 of the container that the device will 2394 be mapped to. 2395 type: string 2396 name: 2397 description: name must match the name of 2398 a persistentVolumeClaim in the pod 2399 type: string 2400 required: 2401 - devicePath 2402 - name 2403 type: object 2404 type: array 2405 volumeMounts: 2406 description: |- 2407 Pod volumes to mount into the container's filesystem. 2408 Cannot be updated. 2409 items: 2410 description: VolumeMount describes a mounting 2411 of a Volume within a container. 2412 properties: 2413 mountPath: 2414 description: |- 2415 Path within the container at which the volume should be mounted. Must 2416 not contain ':'. 2417 type: string 2418 mountPropagation: 2419 description: |- 2420 mountPropagation determines how mounts are propagated from the host 2421 to container and the other way around. 2422 When not set, MountPropagationNone is used. 2423 This field is beta in 1.10. 2424 type: string 2425 name: 2426 description: This must match the Name of 2427 a Volume. 2428 type: string 2429 readOnly: 2430 description: |- 2431 Mounted read-only if true, read-write otherwise (false or unspecified). 2432 Defaults to false. 2433 type: boolean 2434 subPath: 2435 description: |- 2436 Path within the volume from which the container's volume should be mounted. 2437 Defaults to "" (volume's root). 2438 type: string 2439 subPathExpr: 2440 description: |- 2441 Expanded path within the volume from which the container's volume should be mounted. 2442 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 2443 Defaults to "" (volume's root). 2444 SubPathExpr and SubPath are mutually exclusive. 2445 type: string 2446 required: 2447 - mountPath 2448 - name 2449 type: object 2450 type: array 2451 workingDir: 2452 description: |- 2453 Container's working directory. 2454 If not specified, the container runtime's default will be used, which 2455 might be configured in the container image. 2456 Cannot be updated. 2457 type: string 2458 required: 2459 - name 2460 type: object 2461 type: array 2462 dnsConfig: 2463 description: |- 2464 Specifies the DNS parameters of a pod. 2465 Parameters specified here will be merged to the generated DNS 2466 configuration based on DNSPolicy. 2467 properties: 2468 nameservers: 2469 description: |- 2470 A list of DNS name server IP addresses. 2471 This will be appended to the base nameservers generated from DNSPolicy. 2472 Duplicated nameservers will be removed. 2473 items: 2474 type: string 2475 type: array 2476 options: 2477 description: |- 2478 A list of DNS resolver options. 2479 This will be merged with the base options generated from DNSPolicy. 2480 Duplicated entries will be removed. Resolution options given in Options 2481 will override those that appear in the base DNSPolicy. 2482 items: 2483 description: PodDNSConfigOption defines DNS resolver 2484 options of a pod. 2485 properties: 2486 name: 2487 description: Required. 2488 type: string 2489 value: 2490 type: string 2491 type: object 2492 type: array 2493 searches: 2494 description: |- 2495 A list of DNS search domains for host-name lookup. 2496 This will be appended to the base search paths generated from DNSPolicy. 2497 Duplicated search paths will be removed. 2498 items: 2499 type: string 2500 type: array 2501 type: object 2502 dnsPolicy: 2503 description: |- 2504 Set DNS policy for the pod. 2505 Defaults to "ClusterFirst". 2506 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. 2507 DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. 2508 To have DNS options set along with hostNetwork, you have to specify DNS policy 2509 explicitly to 'ClusterFirstWithHostNet'. 2510 type: string 2511 enableServiceLinks: 2512 description: |- 2513 EnableServiceLinks indicates whether information about services should be injected into pod's 2514 environment variables, matching the syntax of Docker links. 2515 Optional: Defaults to true. 2516 type: boolean 2517 ephemeralContainers: 2518 description: |- 2519 List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing 2520 pod to perform user-initiated actions such as debugging. This list cannot be specified when 2521 creating a pod, and it cannot be modified by updating the pod spec. In order to add an 2522 ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 2523 items: 2524 description: |- 2525 An EphemeralContainer is a temporary container that you may add to an existing Pod for 2526 user-initiated activities such as debugging. Ephemeral containers have no resource or 2527 scheduling guarantees, and they will not be restarted when they exit or when a Pod is 2528 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the 2529 Pod to exceed its resource allocation. 2530 2531 2532 To add an ephemeral container, use the ephemeralcontainers subresource of an existing 2533 Pod. Ephemeral containers may not be removed or restarted. 2534 properties: 2535 args: 2536 description: |- 2537 Arguments to the entrypoint. 2538 The image's CMD is used if this is not provided. 2539 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 2540 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 2541 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2542 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 2543 of whether the variable exists or not. Cannot be updated. 2544 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 2545 items: 2546 type: string 2547 type: array 2548 command: 2549 description: |- 2550 Entrypoint array. Not executed within a shell. 2551 The image's ENTRYPOINT is used if this is not provided. 2552 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 2553 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 2554 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2555 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 2556 of whether the variable exists or not. Cannot be updated. 2557 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 2558 items: 2559 type: string 2560 type: array 2561 env: 2562 description: |- 2563 List of environment variables to set in the container. 2564 Cannot be updated. 2565 items: 2566 description: EnvVar represents an environment 2567 variable present in a Container. 2568 properties: 2569 name: 2570 description: Name of the environment variable. 2571 Must be a C_IDENTIFIER. 2572 type: string 2573 value: 2574 description: |- 2575 Variable references $(VAR_NAME) are expanded 2576 using the previously defined environment variables in the container and 2577 any service environment variables. If a variable cannot be resolved, 2578 the reference in the input string will be unchanged. Double $$ are reduced 2579 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 2580 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 2581 Escaped references will never be expanded, regardless of whether the variable 2582 exists or not. 2583 Defaults to "". 2584 type: string 2585 valueFrom: 2586 description: Source for the environment 2587 variable's value. Cannot be used if value 2588 is not empty. 2589 properties: 2590 configMapKeyRef: 2591 description: Selects a key of a ConfigMap. 2592 properties: 2593 key: 2594 description: The key to select. 2595 type: string 2596 name: 2597 description: |- 2598 Name of the referent. 2599 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2600 TODO: Add other useful fields. apiVersion, kind, uid? 2601 type: string 2602 optional: 2603 description: Specify whether the 2604 ConfigMap or its key must be defined 2605 type: boolean 2606 required: 2607 - key 2608 type: object 2609 x-kubernetes-map-type: atomic 2610 fieldRef: 2611 description: |- 2612 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 2613 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 2614 properties: 2615 apiVersion: 2616 description: Version of the schema 2617 the FieldPath is written in terms 2618 of, defaults to "v1". 2619 type: string 2620 fieldPath: 2621 description: Path of the field to 2622 select in the specified API version. 2623 type: string 2624 required: 2625 - fieldPath 2626 type: object 2627 x-kubernetes-map-type: atomic 2628 resourceFieldRef: 2629 description: |- 2630 Selects a resource of the container: only resources limits and requests 2631 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 2632 properties: 2633 containerName: 2634 description: 'Container name: required 2635 for volumes, optional for env 2636 vars' 2637 type: string 2638 divisor: 2639 anyOf: 2640 - type: integer 2641 - type: string 2642 description: Specifies the output 2643 format of the exposed resources, 2644 defaults to "1" 2645 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2646 x-kubernetes-int-or-string: true 2647 resource: 2648 description: 'Required: resource 2649 to select' 2650 type: string 2651 required: 2652 - resource 2653 type: object 2654 x-kubernetes-map-type: atomic 2655 secretKeyRef: 2656 description: Selects a key of a secret 2657 in the pod's namespace 2658 properties: 2659 key: 2660 description: The key of the secret 2661 to select from. Must be a valid 2662 secret key. 2663 type: string 2664 name: 2665 description: |- 2666 Name of the referent. 2667 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2668 TODO: Add other useful fields. apiVersion, kind, uid? 2669 type: string 2670 optional: 2671 description: Specify whether the 2672 Secret or its key must be defined 2673 type: boolean 2674 required: 2675 - key 2676 type: object 2677 x-kubernetes-map-type: atomic 2678 type: object 2679 required: 2680 - name 2681 type: object 2682 type: array 2683 envFrom: 2684 description: |- 2685 List of sources to populate environment variables in the container. 2686 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 2687 will be reported as an event when the container is starting. When a key exists in multiple 2688 sources, the value associated with the last source will take precedence. 2689 Values defined by an Env with a duplicate key will take precedence. 2690 Cannot be updated. 2691 items: 2692 description: EnvFromSource represents the source 2693 of a set of ConfigMaps 2694 properties: 2695 configMapRef: 2696 description: The ConfigMap to select from 2697 properties: 2698 name: 2699 description: |- 2700 Name of the referent. 2701 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2702 TODO: Add other useful fields. apiVersion, kind, uid? 2703 type: string 2704 optional: 2705 description: Specify whether the ConfigMap 2706 must be defined 2707 type: boolean 2708 type: object 2709 x-kubernetes-map-type: atomic 2710 prefix: 2711 description: An optional identifier to prepend 2712 to each key in the ConfigMap. Must be 2713 a C_IDENTIFIER. 2714 type: string 2715 secretRef: 2716 description: The Secret to select from 2717 properties: 2718 name: 2719 description: |- 2720 Name of the referent. 2721 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2722 TODO: Add other useful fields. apiVersion, kind, uid? 2723 type: string 2724 optional: 2725 description: Specify whether the Secret 2726 must be defined 2727 type: boolean 2728 type: object 2729 x-kubernetes-map-type: atomic 2730 type: object 2731 type: array 2732 image: 2733 description: |- 2734 Container image name. 2735 More info: https://kubernetes.io/docs/concepts/containers/images 2736 type: string 2737 imagePullPolicy: 2738 description: |- 2739 Image pull policy. 2740 One of Always, Never, IfNotPresent. 2741 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 2742 Cannot be updated. 2743 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 2744 type: string 2745 lifecycle: 2746 description: Lifecycle is not allowed for ephemeral 2747 containers. 2748 properties: 2749 postStart: 2750 description: |- 2751 PostStart is called immediately after a container is created. If the handler fails, 2752 the container is terminated and restarted according to its restart policy. 2753 Other management of the container blocks until the hook completes. 2754 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 2755 properties: 2756 exec: 2757 description: Exec specifies the action 2758 to take. 2759 properties: 2760 command: 2761 description: |- 2762 Command is the command line to execute inside the container, the working directory for the 2763 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2764 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2765 a shell, you need to explicitly call out to that shell. 2766 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2767 items: 2768 type: string 2769 type: array 2770 type: object 2771 httpGet: 2772 description: HTTPGet specifies the http 2773 request to perform. 2774 properties: 2775 host: 2776 description: |- 2777 Host name to connect to, defaults to the pod IP. You probably want to set 2778 "Host" in httpHeaders instead. 2779 type: string 2780 httpHeaders: 2781 description: Custom headers to set 2782 in the request. HTTP allows repeated 2783 headers. 2784 items: 2785 description: HTTPHeader describes 2786 a custom header to be used in 2787 HTTP probes 2788 properties: 2789 name: 2790 description: |- 2791 The header field name. 2792 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2793 type: string 2794 value: 2795 description: The header field 2796 value 2797 type: string 2798 required: 2799 - name 2800 - value 2801 type: object 2802 type: array 2803 path: 2804 description: Path to access on the 2805 HTTP server. 2806 type: string 2807 port: 2808 anyOf: 2809 - type: integer 2810 - type: string 2811 description: |- 2812 Name or number of the port to access on the container. 2813 Number must be in the range 1 to 65535. 2814 Name must be an IANA_SVC_NAME. 2815 x-kubernetes-int-or-string: true 2816 scheme: 2817 description: |- 2818 Scheme to use for connecting to the host. 2819 Defaults to HTTP. 2820 type: string 2821 required: 2822 - port 2823 type: object 2824 sleep: 2825 description: Sleep represents the duration 2826 that the container should sleep before 2827 being terminated. 2828 properties: 2829 seconds: 2830 description: Seconds is the number 2831 of seconds to sleep. 2832 format: int64 2833 type: integer 2834 required: 2835 - seconds 2836 type: object 2837 tcpSocket: 2838 description: |- 2839 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2840 for the backward compatibility. There are no validation of this field and 2841 lifecycle hooks will fail in runtime when tcp handler is specified. 2842 properties: 2843 host: 2844 description: 'Optional: Host name 2845 to connect to, defaults to the pod 2846 IP.' 2847 type: string 2848 port: 2849 anyOf: 2850 - type: integer 2851 - type: string 2852 description: |- 2853 Number or name of the port to access on the container. 2854 Number must be in the range 1 to 65535. 2855 Name must be an IANA_SVC_NAME. 2856 x-kubernetes-int-or-string: true 2857 required: 2858 - port 2859 type: object 2860 type: object 2861 preStop: 2862 description: |- 2863 PreStop is called immediately before a container is terminated due to an 2864 API request or management event such as liveness/startup probe failure, 2865 preemption, resource contention, etc. The handler is not called if the 2866 container crashes or exits. The Pod's termination grace period countdown begins before the 2867 PreStop hook is executed. Regardless of the outcome of the handler, the 2868 container will eventually terminate within the Pod's termination grace 2869 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 2870 or until the termination grace period is reached. 2871 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 2872 properties: 2873 exec: 2874 description: Exec specifies the action 2875 to take. 2876 properties: 2877 command: 2878 description: |- 2879 Command is the command line to execute inside the container, the working directory for the 2880 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2881 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2882 a shell, you need to explicitly call out to that shell. 2883 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2884 items: 2885 type: string 2886 type: array 2887 type: object 2888 httpGet: 2889 description: HTTPGet specifies the http 2890 request to perform. 2891 properties: 2892 host: 2893 description: |- 2894 Host name to connect to, defaults to the pod IP. You probably want to set 2895 "Host" in httpHeaders instead. 2896 type: string 2897 httpHeaders: 2898 description: Custom headers to set 2899 in the request. HTTP allows repeated 2900 headers. 2901 items: 2902 description: HTTPHeader describes 2903 a custom header to be used in 2904 HTTP probes 2905 properties: 2906 name: 2907 description: |- 2908 The header field name. 2909 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2910 type: string 2911 value: 2912 description: The header field 2913 value 2914 type: string 2915 required: 2916 - name 2917 - value 2918 type: object 2919 type: array 2920 path: 2921 description: Path to access on the 2922 HTTP server. 2923 type: string 2924 port: 2925 anyOf: 2926 - type: integer 2927 - type: string 2928 description: |- 2929 Name or number of the port to access on the container. 2930 Number must be in the range 1 to 65535. 2931 Name must be an IANA_SVC_NAME. 2932 x-kubernetes-int-or-string: true 2933 scheme: 2934 description: |- 2935 Scheme to use for connecting to the host. 2936 Defaults to HTTP. 2937 type: string 2938 required: 2939 - port 2940 type: object 2941 sleep: 2942 description: Sleep represents the duration 2943 that the container should sleep before 2944 being terminated. 2945 properties: 2946 seconds: 2947 description: Seconds is the number 2948 of seconds to sleep. 2949 format: int64 2950 type: integer 2951 required: 2952 - seconds 2953 type: object 2954 tcpSocket: 2955 description: |- 2956 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2957 for the backward compatibility. There are no validation of this field and 2958 lifecycle hooks will fail in runtime when tcp handler is specified. 2959 properties: 2960 host: 2961 description: 'Optional: Host name 2962 to connect to, defaults to the pod 2963 IP.' 2964 type: string 2965 port: 2966 anyOf: 2967 - type: integer 2968 - type: string 2969 description: |- 2970 Number or name of the port to access on the container. 2971 Number must be in the range 1 to 65535. 2972 Name must be an IANA_SVC_NAME. 2973 x-kubernetes-int-or-string: true 2974 required: 2975 - port 2976 type: object 2977 type: object 2978 type: object 2979 livenessProbe: 2980 description: Probes are not allowed for ephemeral 2981 containers. 2982 properties: 2983 exec: 2984 description: Exec specifies the action to 2985 take. 2986 properties: 2987 command: 2988 description: |- 2989 Command is the command line to execute inside the container, the working directory for the 2990 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2991 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2992 a shell, you need to explicitly call out to that shell. 2993 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2994 items: 2995 type: string 2996 type: array 2997 type: object 2998 failureThreshold: 2999 description: |- 3000 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3001 Defaults to 3. Minimum value is 1. 3002 format: int32 3003 type: integer 3004 grpc: 3005 description: GRPC specifies an action involving 3006 a GRPC port. 3007 properties: 3008 port: 3009 description: Port number of the gRPC service. 3010 Number must be in the range 1 to 65535. 3011 format: int32 3012 type: integer 3013 service: 3014 description: |- 3015 Service is the name of the service to place in the gRPC HealthCheckRequest 3016 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3017 3018 3019 If this is not specified, the default behavior is defined by gRPC. 3020 type: string 3021 required: 3022 - port 3023 type: object 3024 httpGet: 3025 description: HTTPGet specifies the http request 3026 to perform. 3027 properties: 3028 host: 3029 description: |- 3030 Host name to connect to, defaults to the pod IP. You probably want to set 3031 "Host" in httpHeaders instead. 3032 type: string 3033 httpHeaders: 3034 description: Custom headers to set in 3035 the request. HTTP allows repeated headers. 3036 items: 3037 description: HTTPHeader describes a 3038 custom header to be used in HTTP probes 3039 properties: 3040 name: 3041 description: |- 3042 The header field name. 3043 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3044 type: string 3045 value: 3046 description: The header field value 3047 type: string 3048 required: 3049 - name 3050 - value 3051 type: object 3052 type: array 3053 path: 3054 description: Path to access on the HTTP 3055 server. 3056 type: string 3057 port: 3058 anyOf: 3059 - type: integer 3060 - type: string 3061 description: |- 3062 Name or number of the port to access on the container. 3063 Number must be in the range 1 to 65535. 3064 Name must be an IANA_SVC_NAME. 3065 x-kubernetes-int-or-string: true 3066 scheme: 3067 description: |- 3068 Scheme to use for connecting to the host. 3069 Defaults to HTTP. 3070 type: string 3071 required: 3072 - port 3073 type: object 3074 initialDelaySeconds: 3075 description: |- 3076 Number of seconds after the container has started before liveness probes are initiated. 3077 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3078 format: int32 3079 type: integer 3080 periodSeconds: 3081 description: |- 3082 How often (in seconds) to perform the probe. 3083 Default to 10 seconds. Minimum value is 1. 3084 format: int32 3085 type: integer 3086 successThreshold: 3087 description: |- 3088 Minimum consecutive successes for the probe to be considered successful after having failed. 3089 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3090 format: int32 3091 type: integer 3092 tcpSocket: 3093 description: TCPSocket specifies an action 3094 involving a TCP port. 3095 properties: 3096 host: 3097 description: 'Optional: Host name to connect 3098 to, defaults to the pod IP.' 3099 type: string 3100 port: 3101 anyOf: 3102 - type: integer 3103 - type: string 3104 description: |- 3105 Number or name of the port to access on the container. 3106 Number must be in the range 1 to 65535. 3107 Name must be an IANA_SVC_NAME. 3108 x-kubernetes-int-or-string: true 3109 required: 3110 - port 3111 type: object 3112 terminationGracePeriodSeconds: 3113 description: |- 3114 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3115 The grace period is the duration in seconds after the processes running in the pod are sent 3116 a termination signal and the time when the processes are forcibly halted with a kill signal. 3117 Set this value longer than the expected cleanup time for your process. 3118 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3119 value overrides the value provided by the pod spec. 3120 Value must be non-negative integer. The value zero indicates stop immediately via 3121 the kill signal (no opportunity to shut down). 3122 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3123 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3124 format: int64 3125 type: integer 3126 timeoutSeconds: 3127 description: |- 3128 Number of seconds after which the probe times out. 3129 Defaults to 1 second. Minimum value is 1. 3130 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3131 format: int32 3132 type: integer 3133 type: object 3134 name: 3135 description: |- 3136 Name of the ephemeral container specified as a DNS_LABEL. 3137 This name must be unique among all containers, init containers and ephemeral containers. 3138 type: string 3139 ports: 3140 description: Ports are not allowed for ephemeral 3141 containers. 3142 items: 3143 description: ContainerPort represents a network 3144 port in a single container. 3145 properties: 3146 containerPort: 3147 description: |- 3148 Number of port to expose on the pod's IP address. 3149 This must be a valid port number, 0 < x < 65536. 3150 format: int32 3151 type: integer 3152 hostIP: 3153 description: What host IP to bind the external 3154 port to. 3155 type: string 3156 hostPort: 3157 description: |- 3158 Number of port to expose on the host. 3159 If specified, this must be a valid port number, 0 < x < 65536. 3160 If HostNetwork is specified, this must match ContainerPort. 3161 Most containers do not need this. 3162 format: int32 3163 type: integer 3164 name: 3165 description: |- 3166 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 3167 named port in a pod must have a unique name. Name for the port that can be 3168 referred to by services. 3169 type: string 3170 protocol: 3171 default: TCP 3172 description: |- 3173 Protocol for port. Must be UDP, TCP, or SCTP. 3174 Defaults to "TCP". 3175 type: string 3176 required: 3177 - containerPort 3178 type: object 3179 type: array 3180 x-kubernetes-list-map-keys: 3181 - containerPort 3182 - protocol 3183 x-kubernetes-list-type: map 3184 readinessProbe: 3185 description: Probes are not allowed for ephemeral 3186 containers. 3187 properties: 3188 exec: 3189 description: Exec specifies the action to 3190 take. 3191 properties: 3192 command: 3193 description: |- 3194 Command is the command line to execute inside the container, the working directory for the 3195 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3196 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3197 a shell, you need to explicitly call out to that shell. 3198 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3199 items: 3200 type: string 3201 type: array 3202 type: object 3203 failureThreshold: 3204 description: |- 3205 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3206 Defaults to 3. Minimum value is 1. 3207 format: int32 3208 type: integer 3209 grpc: 3210 description: GRPC specifies an action involving 3211 a GRPC port. 3212 properties: 3213 port: 3214 description: Port number of the gRPC service. 3215 Number must be in the range 1 to 65535. 3216 format: int32 3217 type: integer 3218 service: 3219 description: |- 3220 Service is the name of the service to place in the gRPC HealthCheckRequest 3221 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3222 3223 3224 If this is not specified, the default behavior is defined by gRPC. 3225 type: string 3226 required: 3227 - port 3228 type: object 3229 httpGet: 3230 description: HTTPGet specifies the http request 3231 to perform. 3232 properties: 3233 host: 3234 description: |- 3235 Host name to connect to, defaults to the pod IP. You probably want to set 3236 "Host" in httpHeaders instead. 3237 type: string 3238 httpHeaders: 3239 description: Custom headers to set in 3240 the request. HTTP allows repeated headers. 3241 items: 3242 description: HTTPHeader describes a 3243 custom header to be used in HTTP probes 3244 properties: 3245 name: 3246 description: |- 3247 The header field name. 3248 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3249 type: string 3250 value: 3251 description: The header field value 3252 type: string 3253 required: 3254 - name 3255 - value 3256 type: object 3257 type: array 3258 path: 3259 description: Path to access on the HTTP 3260 server. 3261 type: string 3262 port: 3263 anyOf: 3264 - type: integer 3265 - type: string 3266 description: |- 3267 Name or number of the port to access on the container. 3268 Number must be in the range 1 to 65535. 3269 Name must be an IANA_SVC_NAME. 3270 x-kubernetes-int-or-string: true 3271 scheme: 3272 description: |- 3273 Scheme to use for connecting to the host. 3274 Defaults to HTTP. 3275 type: string 3276 required: 3277 - port 3278 type: object 3279 initialDelaySeconds: 3280 description: |- 3281 Number of seconds after the container has started before liveness probes are initiated. 3282 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3283 format: int32 3284 type: integer 3285 periodSeconds: 3286 description: |- 3287 How often (in seconds) to perform the probe. 3288 Default to 10 seconds. Minimum value is 1. 3289 format: int32 3290 type: integer 3291 successThreshold: 3292 description: |- 3293 Minimum consecutive successes for the probe to be considered successful after having failed. 3294 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3295 format: int32 3296 type: integer 3297 tcpSocket: 3298 description: TCPSocket specifies an action 3299 involving a TCP port. 3300 properties: 3301 host: 3302 description: 'Optional: Host name to connect 3303 to, defaults to the pod IP.' 3304 type: string 3305 port: 3306 anyOf: 3307 - type: integer 3308 - type: string 3309 description: |- 3310 Number or name of the port to access on the container. 3311 Number must be in the range 1 to 65535. 3312 Name must be an IANA_SVC_NAME. 3313 x-kubernetes-int-or-string: true 3314 required: 3315 - port 3316 type: object 3317 terminationGracePeriodSeconds: 3318 description: |- 3319 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3320 The grace period is the duration in seconds after the processes running in the pod are sent 3321 a termination signal and the time when the processes are forcibly halted with a kill signal. 3322 Set this value longer than the expected cleanup time for your process. 3323 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3324 value overrides the value provided by the pod spec. 3325 Value must be non-negative integer. The value zero indicates stop immediately via 3326 the kill signal (no opportunity to shut down). 3327 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3328 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3329 format: int64 3330 type: integer 3331 timeoutSeconds: 3332 description: |- 3333 Number of seconds after which the probe times out. 3334 Defaults to 1 second. Minimum value is 1. 3335 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3336 format: int32 3337 type: integer 3338 type: object 3339 resizePolicy: 3340 description: Resources resize policy for the container. 3341 items: 3342 description: ContainerResizePolicy represents 3343 resource resize policy for the container. 3344 properties: 3345 resourceName: 3346 description: |- 3347 Name of the resource to which this resource resize policy applies. 3348 Supported values: cpu, memory. 3349 type: string 3350 restartPolicy: 3351 description: |- 3352 Restart policy to apply when specified resource is resized. 3353 If not specified, it defaults to NotRequired. 3354 type: string 3355 required: 3356 - resourceName 3357 - restartPolicy 3358 type: object 3359 type: array 3360 x-kubernetes-list-type: atomic 3361 resources: 3362 description: |- 3363 Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources 3364 already allocated to the pod. 3365 properties: 3366 claims: 3367 description: |- 3368 Claims lists the names of resources, defined in spec.resourceClaims, 3369 that are used by this container. 3370 3371 3372 This is an alpha field and requires enabling the 3373 DynamicResourceAllocation feature gate. 3374 3375 3376 This field is immutable. It can only be set for containers. 3377 items: 3378 description: ResourceClaim references one 3379 entry in PodSpec.ResourceClaims. 3380 properties: 3381 name: 3382 description: |- 3383 Name must match the name of one entry in pod.spec.resourceClaims of 3384 the Pod where this field is used. It makes that resource available 3385 inside a container. 3386 type: string 3387 required: 3388 - name 3389 type: object 3390 type: array 3391 x-kubernetes-list-map-keys: 3392 - name 3393 x-kubernetes-list-type: map 3394 limits: 3395 additionalProperties: 3396 anyOf: 3397 - type: integer 3398 - type: string 3399 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3400 x-kubernetes-int-or-string: true 3401 description: |- 3402 Limits describes the maximum amount of compute resources allowed. 3403 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 3404 type: object 3405 requests: 3406 additionalProperties: 3407 anyOf: 3408 - type: integer 3409 - type: string 3410 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3411 x-kubernetes-int-or-string: true 3412 description: |- 3413 Requests describes the minimum amount of compute resources required. 3414 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 3415 otherwise to an implementation-defined value. Requests cannot exceed Limits. 3416 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 3417 type: object 3418 type: object 3419 restartPolicy: 3420 description: |- 3421 Restart policy for the container to manage the restart behavior of each 3422 container within a pod. 3423 This may only be set for init containers. You cannot set this field on 3424 ephemeral containers. 3425 type: string 3426 securityContext: 3427 description: |- 3428 Optional: SecurityContext defines the security options the ephemeral container should be run with. 3429 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 3430 properties: 3431 allowPrivilegeEscalation: 3432 description: |- 3433 AllowPrivilegeEscalation controls whether a process can gain more 3434 privileges than its parent process. This bool directly controls if 3435 the no_new_privs flag will be set on the container process. 3436 AllowPrivilegeEscalation is true always when the container is: 3437 1) run as Privileged 3438 2) has CAP_SYS_ADMIN 3439 Note that this field cannot be set when spec.os.name is windows. 3440 type: boolean 3441 capabilities: 3442 description: |- 3443 The capabilities to add/drop when running containers. 3444 Defaults to the default set of capabilities granted by the container runtime. 3445 Note that this field cannot be set when spec.os.name is windows. 3446 properties: 3447 add: 3448 description: Added capabilities 3449 items: 3450 description: Capability represent POSIX 3451 capabilities type 3452 type: string 3453 type: array 3454 drop: 3455 description: Removed capabilities 3456 items: 3457 description: Capability represent POSIX 3458 capabilities type 3459 type: string 3460 type: array 3461 type: object 3462 privileged: 3463 description: |- 3464 Run container in privileged mode. 3465 Processes in privileged containers are essentially equivalent to root on the host. 3466 Defaults to false. 3467 Note that this field cannot be set when spec.os.name is windows. 3468 type: boolean 3469 procMount: 3470 description: |- 3471 procMount denotes the type of proc mount to use for the containers. 3472 The default is DefaultProcMount which uses the container runtime defaults for 3473 readonly paths and masked paths. 3474 This requires the ProcMountType feature flag to be enabled. 3475 Note that this field cannot be set when spec.os.name is windows. 3476 type: string 3477 readOnlyRootFilesystem: 3478 description: |- 3479 Whether this container has a read-only root filesystem. 3480 Default is false. 3481 Note that this field cannot be set when spec.os.name is windows. 3482 type: boolean 3483 runAsGroup: 3484 description: |- 3485 The GID to run the entrypoint of the container process. 3486 Uses runtime default if unset. 3487 May also be set in PodSecurityContext. If set in both SecurityContext and 3488 PodSecurityContext, the value specified in SecurityContext takes precedence. 3489 Note that this field cannot be set when spec.os.name is windows. 3490 format: int64 3491 type: integer 3492 runAsNonRoot: 3493 description: |- 3494 Indicates that the container must run as a non-root user. 3495 If true, the Kubelet will validate the image at runtime to ensure that it 3496 does not run as UID 0 (root) and fail to start the container if it does. 3497 If unset or false, no such validation will be performed. 3498 May also be set in PodSecurityContext. If set in both SecurityContext and 3499 PodSecurityContext, the value specified in SecurityContext takes precedence. 3500 type: boolean 3501 runAsUser: 3502 description: |- 3503 The UID to run the entrypoint of the container process. 3504 Defaults to user specified in image metadata if unspecified. 3505 May also be set in PodSecurityContext. If set in both SecurityContext and 3506 PodSecurityContext, the value specified in SecurityContext takes precedence. 3507 Note that this field cannot be set when spec.os.name is windows. 3508 format: int64 3509 type: integer 3510 seLinuxOptions: 3511 description: |- 3512 The SELinux context to be applied to the container. 3513 If unspecified, the container runtime will allocate a random SELinux context for each 3514 container. May also be set in PodSecurityContext. If set in both SecurityContext and 3515 PodSecurityContext, the value specified in SecurityContext takes precedence. 3516 Note that this field cannot be set when spec.os.name is windows. 3517 properties: 3518 level: 3519 description: Level is SELinux level label 3520 that applies to the container. 3521 type: string 3522 role: 3523 description: Role is a SELinux role label 3524 that applies to the container. 3525 type: string 3526 type: 3527 description: Type is a SELinux type label 3528 that applies to the container. 3529 type: string 3530 user: 3531 description: User is a SELinux user label 3532 that applies to the container. 3533 type: string 3534 type: object 3535 seccompProfile: 3536 description: |- 3537 The seccomp options to use by this container. If seccomp options are 3538 provided at both the pod & container level, the container options 3539 override the pod options. 3540 Note that this field cannot be set when spec.os.name is windows. 3541 properties: 3542 localhostProfile: 3543 description: |- 3544 localhostProfile indicates a profile defined in a file on the node should be used. 3545 The profile must be preconfigured on the node to work. 3546 Must be a descending path, relative to the kubelet's configured seccomp profile location. 3547 Must be set if type is "Localhost". Must NOT be set for any other type. 3548 type: string 3549 type: 3550 description: |- 3551 type indicates which kind of seccomp profile will be applied. 3552 Valid options are: 3553 3554 3555 Localhost - a profile defined in a file on the node should be used. 3556 RuntimeDefault - the container runtime default profile should be used. 3557 Unconfined - no profile should be applied. 3558 type: string 3559 required: 3560 - type 3561 type: object 3562 windowsOptions: 3563 description: |- 3564 The Windows specific settings applied to all containers. 3565 If unspecified, the options from the PodSecurityContext will be used. 3566 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3567 Note that this field cannot be set when spec.os.name is linux. 3568 properties: 3569 gmsaCredentialSpec: 3570 description: |- 3571 GMSACredentialSpec is where the GMSA admission webhook 3572 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 3573 GMSA credential spec named by the GMSACredentialSpecName field. 3574 type: string 3575 gmsaCredentialSpecName: 3576 description: GMSACredentialSpecName is 3577 the name of the GMSA credential spec 3578 to use. 3579 type: string 3580 hostProcess: 3581 description: |- 3582 HostProcess determines if a container should be run as a 'Host Process' container. 3583 All of a Pod's containers must have the same effective HostProcess value 3584 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 3585 In addition, if HostProcess is true then HostNetwork must also be set to true. 3586 type: boolean 3587 runAsUserName: 3588 description: |- 3589 The UserName in Windows to run the entrypoint of the container process. 3590 Defaults to the user specified in image metadata if unspecified. 3591 May also be set in PodSecurityContext. If set in both SecurityContext and 3592 PodSecurityContext, the value specified in SecurityContext takes precedence. 3593 type: string 3594 type: object 3595 type: object 3596 startupProbe: 3597 description: Probes are not allowed for ephemeral 3598 containers. 3599 properties: 3600 exec: 3601 description: Exec specifies the action to 3602 take. 3603 properties: 3604 command: 3605 description: |- 3606 Command is the command line to execute inside the container, the working directory for the 3607 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3608 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3609 a shell, you need to explicitly call out to that shell. 3610 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3611 items: 3612 type: string 3613 type: array 3614 type: object 3615 failureThreshold: 3616 description: |- 3617 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3618 Defaults to 3. Minimum value is 1. 3619 format: int32 3620 type: integer 3621 grpc: 3622 description: GRPC specifies an action involving 3623 a GRPC port. 3624 properties: 3625 port: 3626 description: Port number of the gRPC service. 3627 Number must be in the range 1 to 65535. 3628 format: int32 3629 type: integer 3630 service: 3631 description: |- 3632 Service is the name of the service to place in the gRPC HealthCheckRequest 3633 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3634 3635 3636 If this is not specified, the default behavior is defined by gRPC. 3637 type: string 3638 required: 3639 - port 3640 type: object 3641 httpGet: 3642 description: HTTPGet specifies the http request 3643 to perform. 3644 properties: 3645 host: 3646 description: |- 3647 Host name to connect to, defaults to the pod IP. You probably want to set 3648 "Host" in httpHeaders instead. 3649 type: string 3650 httpHeaders: 3651 description: Custom headers to set in 3652 the request. HTTP allows repeated headers. 3653 items: 3654 description: HTTPHeader describes a 3655 custom header to be used in HTTP probes 3656 properties: 3657 name: 3658 description: |- 3659 The header field name. 3660 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3661 type: string 3662 value: 3663 description: The header field value 3664 type: string 3665 required: 3666 - name 3667 - value 3668 type: object 3669 type: array 3670 path: 3671 description: Path to access on the HTTP 3672 server. 3673 type: string 3674 port: 3675 anyOf: 3676 - type: integer 3677 - type: string 3678 description: |- 3679 Name or number of the port to access on the container. 3680 Number must be in the range 1 to 65535. 3681 Name must be an IANA_SVC_NAME. 3682 x-kubernetes-int-or-string: true 3683 scheme: 3684 description: |- 3685 Scheme to use for connecting to the host. 3686 Defaults to HTTP. 3687 type: string 3688 required: 3689 - port 3690 type: object 3691 initialDelaySeconds: 3692 description: |- 3693 Number of seconds after the container has started before liveness probes are initiated. 3694 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3695 format: int32 3696 type: integer 3697 periodSeconds: 3698 description: |- 3699 How often (in seconds) to perform the probe. 3700 Default to 10 seconds. Minimum value is 1. 3701 format: int32 3702 type: integer 3703 successThreshold: 3704 description: |- 3705 Minimum consecutive successes for the probe to be considered successful after having failed. 3706 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3707 format: int32 3708 type: integer 3709 tcpSocket: 3710 description: TCPSocket specifies an action 3711 involving a TCP port. 3712 properties: 3713 host: 3714 description: 'Optional: Host name to connect 3715 to, defaults to the pod IP.' 3716 type: string 3717 port: 3718 anyOf: 3719 - type: integer 3720 - type: string 3721 description: |- 3722 Number or name of the port to access on the container. 3723 Number must be in the range 1 to 65535. 3724 Name must be an IANA_SVC_NAME. 3725 x-kubernetes-int-or-string: true 3726 required: 3727 - port 3728 type: object 3729 terminationGracePeriodSeconds: 3730 description: |- 3731 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3732 The grace period is the duration in seconds after the processes running in the pod are sent 3733 a termination signal and the time when the processes are forcibly halted with a kill signal. 3734 Set this value longer than the expected cleanup time for your process. 3735 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3736 value overrides the value provided by the pod spec. 3737 Value must be non-negative integer. The value zero indicates stop immediately via 3738 the kill signal (no opportunity to shut down). 3739 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3740 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3741 format: int64 3742 type: integer 3743 timeoutSeconds: 3744 description: |- 3745 Number of seconds after which the probe times out. 3746 Defaults to 1 second. Minimum value is 1. 3747 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3748 format: int32 3749 type: integer 3750 type: object 3751 stdin: 3752 description: |- 3753 Whether this container should allocate a buffer for stdin in the container runtime. If this 3754 is not set, reads from stdin in the container will always result in EOF. 3755 Default is false. 3756 type: boolean 3757 stdinOnce: 3758 description: |- 3759 Whether the container runtime should close the stdin channel after it has been opened by 3760 a single attach. When stdin is true the stdin stream will remain open across multiple attach 3761 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 3762 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 3763 at which time stdin is closed and remains closed until the container is restarted. If this 3764 flag is false, a container processes that reads from stdin will never receive an EOF. 3765 Default is false 3766 type: boolean 3767 targetContainerName: 3768 description: |- 3769 If set, the name of the container from PodSpec that this ephemeral container targets. 3770 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. 3771 If not set then the ephemeral container uses the namespaces configured in the Pod spec. 3772 3773 3774 The container runtime must implement support for this feature. If the runtime does not 3775 support namespace targeting then the result of setting this field is undefined. 3776 type: string 3777 terminationMessagePath: 3778 description: |- 3779 Optional: Path at which the file to which the container's termination message 3780 will be written is mounted into the container's filesystem. 3781 Message written is intended to be brief final status, such as an assertion failure message. 3782 Will be truncated by the node if greater than 4096 bytes. The total message length across 3783 all containers will be limited to 12kb. 3784 Defaults to /dev/termination-log. 3785 Cannot be updated. 3786 type: string 3787 terminationMessagePolicy: 3788 description: |- 3789 Indicate how the termination message should be populated. File will use the contents of 3790 terminationMessagePath to populate the container status message on both success and failure. 3791 FallbackToLogsOnError will use the last chunk of container log output if the termination 3792 message file is empty and the container exited with an error. 3793 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 3794 Defaults to File. 3795 Cannot be updated. 3796 type: string 3797 tty: 3798 description: |- 3799 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 3800 Default is false. 3801 type: boolean 3802 volumeDevices: 3803 description: volumeDevices is the list of block 3804 devices to be used by the container. 3805 items: 3806 description: volumeDevice describes a mapping 3807 of a raw block device within a container. 3808 properties: 3809 devicePath: 3810 description: devicePath is the path inside 3811 of the container that the device will 3812 be mapped to. 3813 type: string 3814 name: 3815 description: name must match the name of 3816 a persistentVolumeClaim in the pod 3817 type: string 3818 required: 3819 - devicePath 3820 - name 3821 type: object 3822 type: array 3823 volumeMounts: 3824 description: |- 3825 Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. 3826 Cannot be updated. 3827 items: 3828 description: VolumeMount describes a mounting 3829 of a Volume within a container. 3830 properties: 3831 mountPath: 3832 description: |- 3833 Path within the container at which the volume should be mounted. Must 3834 not contain ':'. 3835 type: string 3836 mountPropagation: 3837 description: |- 3838 mountPropagation determines how mounts are propagated from the host 3839 to container and the other way around. 3840 When not set, MountPropagationNone is used. 3841 This field is beta in 1.10. 3842 type: string 3843 name: 3844 description: This must match the Name of 3845 a Volume. 3846 type: string 3847 readOnly: 3848 description: |- 3849 Mounted read-only if true, read-write otherwise (false or unspecified). 3850 Defaults to false. 3851 type: boolean 3852 subPath: 3853 description: |- 3854 Path within the volume from which the container's volume should be mounted. 3855 Defaults to "" (volume's root). 3856 type: string 3857 subPathExpr: 3858 description: |- 3859 Expanded path within the volume from which the container's volume should be mounted. 3860 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 3861 Defaults to "" (volume's root). 3862 SubPathExpr and SubPath are mutually exclusive. 3863 type: string 3864 required: 3865 - mountPath 3866 - name 3867 type: object 3868 type: array 3869 workingDir: 3870 description: |- 3871 Container's working directory. 3872 If not specified, the container runtime's default will be used, which 3873 might be configured in the container image. 3874 Cannot be updated. 3875 type: string 3876 required: 3877 - name 3878 type: object 3879 type: array 3880 hostAliases: 3881 description: |- 3882 HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts 3883 file if specified. This is only valid for non-hostNetwork pods. 3884 items: 3885 description: |- 3886 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the 3887 pod's hosts file. 3888 properties: 3889 hostnames: 3890 description: Hostnames for the above IP address. 3891 items: 3892 type: string 3893 type: array 3894 ip: 3895 description: IP address of the host file entry. 3896 type: string 3897 type: object 3898 type: array 3899 hostIPC: 3900 description: |- 3901 Use the host's ipc namespace. 3902 Optional: Default to false. 3903 type: boolean 3904 hostNetwork: 3905 description: |- 3906 Host networking requested for this pod. Use the host's network namespace. 3907 If this option is set, the ports that will be used must be specified. 3908 Default to false. 3909 type: boolean 3910 hostPID: 3911 description: |- 3912 Use the host's pid namespace. 3913 Optional: Default to false. 3914 type: boolean 3915 hostUsers: 3916 description: |- 3917 Use the host's user namespace. 3918 Optional: Default to true. 3919 If set to true or not present, the pod will be run in the host user namespace, useful 3920 for when the pod needs a feature only available to the host user namespace, such as 3921 loading a kernel module with CAP_SYS_MODULE. 3922 When set to false, a new userns is created for the pod. Setting false is useful for 3923 mitigating container breakout vulnerabilities even allowing users to run their 3924 containers as root without actually having root privileges on the host. 3925 This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. 3926 type: boolean 3927 hostname: 3928 description: |- 3929 Specifies the hostname of the Pod 3930 If not specified, the pod's hostname will be set to a system-defined value. 3931 type: string 3932 imagePullSecrets: 3933 description: |- 3934 ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 3935 If specified, these secrets will be passed to individual puller implementations for them to use. 3936 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod 3937 items: 3938 description: |- 3939 LocalObjectReference contains enough information to let you locate the 3940 referenced object inside the same namespace. 3941 properties: 3942 name: 3943 description: |- 3944 Name of the referent. 3945 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3946 TODO: Add other useful fields. apiVersion, kind, uid? 3947 type: string 3948 type: object 3949 x-kubernetes-map-type: atomic 3950 type: array 3951 initContainers: 3952 description: |- 3953 List of initialization containers belonging to the pod. 3954 Init containers are executed in order prior to containers being started. If any 3955 init container fails, the pod is considered to have failed and is handled according 3956 to its restartPolicy. The name for an init container or normal container must be 3957 unique among all containers. 3958 Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. 3959 The resourceRequirements of an init container are taken into account during scheduling 3960 by finding the highest request/limit for each resource type, and then using the max of 3961 of that value or the sum of the normal containers. Limits are applied to init containers 3962 in a similar fashion. 3963 Init containers cannot currently be added or removed. 3964 Cannot be updated. 3965 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 3966 items: 3967 description: A single application container that you 3968 want to run within a pod. 3969 properties: 3970 args: 3971 description: |- 3972 Arguments to the entrypoint. 3973 The container image's CMD is used if this is not provided. 3974 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3975 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3976 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3977 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3978 of whether the variable exists or not. Cannot be updated. 3979 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3980 items: 3981 type: string 3982 type: array 3983 command: 3984 description: |- 3985 Entrypoint array. Not executed within a shell. 3986 The container image's ENTRYPOINT is used if this is not provided. 3987 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3988 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3989 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3990 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3991 of whether the variable exists or not. Cannot be updated. 3992 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3993 items: 3994 type: string 3995 type: array 3996 env: 3997 description: |- 3998 List of environment variables to set in the container. 3999 Cannot be updated. 4000 items: 4001 description: EnvVar represents an environment 4002 variable present in a Container. 4003 properties: 4004 name: 4005 description: Name of the environment variable. 4006 Must be a C_IDENTIFIER. 4007 type: string 4008 value: 4009 description: |- 4010 Variable references $(VAR_NAME) are expanded 4011 using the previously defined environment variables in the container and 4012 any service environment variables. If a variable cannot be resolved, 4013 the reference in the input string will be unchanged. Double $$ are reduced 4014 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 4015 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 4016 Escaped references will never be expanded, regardless of whether the variable 4017 exists or not. 4018 Defaults to "". 4019 type: string 4020 valueFrom: 4021 description: Source for the environment 4022 variable's value. Cannot be used if value 4023 is not empty. 4024 properties: 4025 configMapKeyRef: 4026 description: Selects a key of a ConfigMap. 4027 properties: 4028 key: 4029 description: The key to select. 4030 type: string 4031 name: 4032 description: |- 4033 Name of the referent. 4034 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4035 TODO: Add other useful fields. apiVersion, kind, uid? 4036 type: string 4037 optional: 4038 description: Specify whether the 4039 ConfigMap or its key must be defined 4040 type: boolean 4041 required: 4042 - key 4043 type: object 4044 x-kubernetes-map-type: atomic 4045 fieldRef: 4046 description: |- 4047 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 4048 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 4049 properties: 4050 apiVersion: 4051 description: Version of the schema 4052 the FieldPath is written in terms 4053 of, defaults to "v1". 4054 type: string 4055 fieldPath: 4056 description: Path of the field to 4057 select in the specified API version. 4058 type: string 4059 required: 4060 - fieldPath 4061 type: object 4062 x-kubernetes-map-type: atomic 4063 resourceFieldRef: 4064 description: |- 4065 Selects a resource of the container: only resources limits and requests 4066 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 4067 properties: 4068 containerName: 4069 description: 'Container name: required 4070 for volumes, optional for env 4071 vars' 4072 type: string 4073 divisor: 4074 anyOf: 4075 - type: integer 4076 - type: string 4077 description: Specifies the output 4078 format of the exposed resources, 4079 defaults to "1" 4080 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4081 x-kubernetes-int-or-string: true 4082 resource: 4083 description: 'Required: resource 4084 to select' 4085 type: string 4086 required: 4087 - resource 4088 type: object 4089 x-kubernetes-map-type: atomic 4090 secretKeyRef: 4091 description: Selects a key of a secret 4092 in the pod's namespace 4093 properties: 4094 key: 4095 description: The key of the secret 4096 to select from. Must be a valid 4097 secret key. 4098 type: string 4099 name: 4100 description: |- 4101 Name of the referent. 4102 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4103 TODO: Add other useful fields. apiVersion, kind, uid? 4104 type: string 4105 optional: 4106 description: Specify whether the 4107 Secret or its key must be defined 4108 type: boolean 4109 required: 4110 - key 4111 type: object 4112 x-kubernetes-map-type: atomic 4113 type: object 4114 required: 4115 - name 4116 type: object 4117 type: array 4118 envFrom: 4119 description: |- 4120 List of sources to populate environment variables in the container. 4121 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 4122 will be reported as an event when the container is starting. When a key exists in multiple 4123 sources, the value associated with the last source will take precedence. 4124 Values defined by an Env with a duplicate key will take precedence. 4125 Cannot be updated. 4126 items: 4127 description: EnvFromSource represents the source 4128 of a set of ConfigMaps 4129 properties: 4130 configMapRef: 4131 description: The ConfigMap to select from 4132 properties: 4133 name: 4134 description: |- 4135 Name of the referent. 4136 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4137 TODO: Add other useful fields. apiVersion, kind, uid? 4138 type: string 4139 optional: 4140 description: Specify whether the ConfigMap 4141 must be defined 4142 type: boolean 4143 type: object 4144 x-kubernetes-map-type: atomic 4145 prefix: 4146 description: An optional identifier to prepend 4147 to each key in the ConfigMap. Must be 4148 a C_IDENTIFIER. 4149 type: string 4150 secretRef: 4151 description: The Secret to select from 4152 properties: 4153 name: 4154 description: |- 4155 Name of the referent. 4156 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4157 TODO: Add other useful fields. apiVersion, kind, uid? 4158 type: string 4159 optional: 4160 description: Specify whether the Secret 4161 must be defined 4162 type: boolean 4163 type: object 4164 x-kubernetes-map-type: atomic 4165 type: object 4166 type: array 4167 image: 4168 description: |- 4169 Container image name. 4170 More info: https://kubernetes.io/docs/concepts/containers/images 4171 This field is optional to allow higher level config management to default or override 4172 container images in workload controllers like Deployments and StatefulSets. 4173 type: string 4174 imagePullPolicy: 4175 description: |- 4176 Image pull policy. 4177 One of Always, Never, IfNotPresent. 4178 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 4179 Cannot be updated. 4180 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 4181 type: string 4182 lifecycle: 4183 description: |- 4184 Actions that the management system should take in response to container lifecycle events. 4185 Cannot be updated. 4186 properties: 4187 postStart: 4188 description: |- 4189 PostStart is called immediately after a container is created. If the handler fails, 4190 the container is terminated and restarted according to its restart policy. 4191 Other management of the container blocks until the hook completes. 4192 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4193 properties: 4194 exec: 4195 description: Exec specifies the action 4196 to take. 4197 properties: 4198 command: 4199 description: |- 4200 Command is the command line to execute inside the container, the working directory for the 4201 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4202 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4203 a shell, you need to explicitly call out to that shell. 4204 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4205 items: 4206 type: string 4207 type: array 4208 type: object 4209 httpGet: 4210 description: HTTPGet specifies the http 4211 request to perform. 4212 properties: 4213 host: 4214 description: |- 4215 Host name to connect to, defaults to the pod IP. You probably want to set 4216 "Host" in httpHeaders instead. 4217 type: string 4218 httpHeaders: 4219 description: Custom headers to set 4220 in the request. HTTP allows repeated 4221 headers. 4222 items: 4223 description: HTTPHeader describes 4224 a custom header to be used in 4225 HTTP probes 4226 properties: 4227 name: 4228 description: |- 4229 The header field name. 4230 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4231 type: string 4232 value: 4233 description: The header field 4234 value 4235 type: string 4236 required: 4237 - name 4238 - value 4239 type: object 4240 type: array 4241 path: 4242 description: Path to access on the 4243 HTTP server. 4244 type: string 4245 port: 4246 anyOf: 4247 - type: integer 4248 - type: string 4249 description: |- 4250 Name or number of the port to access on the container. 4251 Number must be in the range 1 to 65535. 4252 Name must be an IANA_SVC_NAME. 4253 x-kubernetes-int-or-string: true 4254 scheme: 4255 description: |- 4256 Scheme to use for connecting to the host. 4257 Defaults to HTTP. 4258 type: string 4259 required: 4260 - port 4261 type: object 4262 sleep: 4263 description: Sleep represents the duration 4264 that the container should sleep before 4265 being terminated. 4266 properties: 4267 seconds: 4268 description: Seconds is the number 4269 of seconds to sleep. 4270 format: int64 4271 type: integer 4272 required: 4273 - seconds 4274 type: object 4275 tcpSocket: 4276 description: |- 4277 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 4278 for the backward compatibility. There are no validation of this field and 4279 lifecycle hooks will fail in runtime when tcp handler is specified. 4280 properties: 4281 host: 4282 description: 'Optional: Host name 4283 to connect to, defaults to the pod 4284 IP.' 4285 type: string 4286 port: 4287 anyOf: 4288 - type: integer 4289 - type: string 4290 description: |- 4291 Number or name of the port to access on the container. 4292 Number must be in the range 1 to 65535. 4293 Name must be an IANA_SVC_NAME. 4294 x-kubernetes-int-or-string: true 4295 required: 4296 - port 4297 type: object 4298 type: object 4299 preStop: 4300 description: |- 4301 PreStop is called immediately before a container is terminated due to an 4302 API request or management event such as liveness/startup probe failure, 4303 preemption, resource contention, etc. The handler is not called if the 4304 container crashes or exits. The Pod's termination grace period countdown begins before the 4305 PreStop hook is executed. Regardless of the outcome of the handler, the 4306 container will eventually terminate within the Pod's termination grace 4307 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 4308 or until the termination grace period is reached. 4309 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4310 properties: 4311 exec: 4312 description: Exec specifies the action 4313 to take. 4314 properties: 4315 command: 4316 description: |- 4317 Command is the command line to execute inside the container, the working directory for the 4318 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4319 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4320 a shell, you need to explicitly call out to that shell. 4321 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4322 items: 4323 type: string 4324 type: array 4325 type: object 4326 httpGet: 4327 description: HTTPGet specifies the http 4328 request to perform. 4329 properties: 4330 host: 4331 description: |- 4332 Host name to connect to, defaults to the pod IP. You probably want to set 4333 "Host" in httpHeaders instead. 4334 type: string 4335 httpHeaders: 4336 description: Custom headers to set 4337 in the request. HTTP allows repeated 4338 headers. 4339 items: 4340 description: HTTPHeader describes 4341 a custom header to be used in 4342 HTTP probes 4343 properties: 4344 name: 4345 description: |- 4346 The header field name. 4347 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4348 type: string 4349 value: 4350 description: The header field 4351 value 4352 type: string 4353 required: 4354 - name 4355 - value 4356 type: object 4357 type: array 4358 path: 4359 description: Path to access on the 4360 HTTP server. 4361 type: string 4362 port: 4363 anyOf: 4364 - type: integer 4365 - type: string 4366 description: |- 4367 Name or number of the port to access on the container. 4368 Number must be in the range 1 to 65535. 4369 Name must be an IANA_SVC_NAME. 4370 x-kubernetes-int-or-string: true 4371 scheme: 4372 description: |- 4373 Scheme to use for connecting to the host. 4374 Defaults to HTTP. 4375 type: string 4376 required: 4377 - port 4378 type: object 4379 sleep: 4380 description: Sleep represents the duration 4381 that the container should sleep before 4382 being terminated. 4383 properties: 4384 seconds: 4385 description: Seconds is the number 4386 of seconds to sleep. 4387 format: int64 4388 type: integer 4389 required: 4390 - seconds 4391 type: object 4392 tcpSocket: 4393 description: |- 4394 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 4395 for the backward compatibility. There are no validation of this field and 4396 lifecycle hooks will fail in runtime when tcp handler is specified. 4397 properties: 4398 host: 4399 description: 'Optional: Host name 4400 to connect to, defaults to the pod 4401 IP.' 4402 type: string 4403 port: 4404 anyOf: 4405 - type: integer 4406 - type: string 4407 description: |- 4408 Number or name of the port to access on the container. 4409 Number must be in the range 1 to 65535. 4410 Name must be an IANA_SVC_NAME. 4411 x-kubernetes-int-or-string: true 4412 required: 4413 - port 4414 type: object 4415 type: object 4416 type: object 4417 livenessProbe: 4418 description: |- 4419 Periodic probe of container liveness. 4420 Container will be restarted if the probe fails. 4421 Cannot be updated. 4422 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4423 properties: 4424 exec: 4425 description: Exec specifies the action to 4426 take. 4427 properties: 4428 command: 4429 description: |- 4430 Command is the command line to execute inside the container, the working directory for the 4431 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4432 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4433 a shell, you need to explicitly call out to that shell. 4434 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4435 items: 4436 type: string 4437 type: array 4438 type: object 4439 failureThreshold: 4440 description: |- 4441 Minimum consecutive failures for the probe to be considered failed after having succeeded. 4442 Defaults to 3. Minimum value is 1. 4443 format: int32 4444 type: integer 4445 grpc: 4446 description: GRPC specifies an action involving 4447 a GRPC port. 4448 properties: 4449 port: 4450 description: Port number of the gRPC service. 4451 Number must be in the range 1 to 65535. 4452 format: int32 4453 type: integer 4454 service: 4455 description: |- 4456 Service is the name of the service to place in the gRPC HealthCheckRequest 4457 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4458 4459 4460 If this is not specified, the default behavior is defined by gRPC. 4461 type: string 4462 required: 4463 - port 4464 type: object 4465 httpGet: 4466 description: HTTPGet specifies the http request 4467 to perform. 4468 properties: 4469 host: 4470 description: |- 4471 Host name to connect to, defaults to the pod IP. You probably want to set 4472 "Host" in httpHeaders instead. 4473 type: string 4474 httpHeaders: 4475 description: Custom headers to set in 4476 the request. HTTP allows repeated headers. 4477 items: 4478 description: HTTPHeader describes a 4479 custom header to be used in HTTP probes 4480 properties: 4481 name: 4482 description: |- 4483 The header field name. 4484 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4485 type: string 4486 value: 4487 description: The header field value 4488 type: string 4489 required: 4490 - name 4491 - value 4492 type: object 4493 type: array 4494 path: 4495 description: Path to access on the HTTP 4496 server. 4497 type: string 4498 port: 4499 anyOf: 4500 - type: integer 4501 - type: string 4502 description: |- 4503 Name or number of the port to access on the container. 4504 Number must be in the range 1 to 65535. 4505 Name must be an IANA_SVC_NAME. 4506 x-kubernetes-int-or-string: true 4507 scheme: 4508 description: |- 4509 Scheme to use for connecting to the host. 4510 Defaults to HTTP. 4511 type: string 4512 required: 4513 - port 4514 type: object 4515 initialDelaySeconds: 4516 description: |- 4517 Number of seconds after the container has started before liveness probes are initiated. 4518 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4519 format: int32 4520 type: integer 4521 periodSeconds: 4522 description: |- 4523 How often (in seconds) to perform the probe. 4524 Default to 10 seconds. Minimum value is 1. 4525 format: int32 4526 type: integer 4527 successThreshold: 4528 description: |- 4529 Minimum consecutive successes for the probe to be considered successful after having failed. 4530 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4531 format: int32 4532 type: integer 4533 tcpSocket: 4534 description: TCPSocket specifies an action 4535 involving a TCP port. 4536 properties: 4537 host: 4538 description: 'Optional: Host name to connect 4539 to, defaults to the pod IP.' 4540 type: string 4541 port: 4542 anyOf: 4543 - type: integer 4544 - type: string 4545 description: |- 4546 Number or name of the port to access on the container. 4547 Number must be in the range 1 to 65535. 4548 Name must be an IANA_SVC_NAME. 4549 x-kubernetes-int-or-string: true 4550 required: 4551 - port 4552 type: object 4553 terminationGracePeriodSeconds: 4554 description: |- 4555 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 4556 The grace period is the duration in seconds after the processes running in the pod are sent 4557 a termination signal and the time when the processes are forcibly halted with a kill signal. 4558 Set this value longer than the expected cleanup time for your process. 4559 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 4560 value overrides the value provided by the pod spec. 4561 Value must be non-negative integer. The value zero indicates stop immediately via 4562 the kill signal (no opportunity to shut down). 4563 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 4564 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4565 format: int64 4566 type: integer 4567 timeoutSeconds: 4568 description: |- 4569 Number of seconds after which the probe times out. 4570 Defaults to 1 second. Minimum value is 1. 4571 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4572 format: int32 4573 type: integer 4574 type: object 4575 name: 4576 description: |- 4577 Name of the container specified as a DNS_LABEL. 4578 Each container in a pod must have a unique name (DNS_LABEL). 4579 Cannot be updated. 4580 type: string 4581 ports: 4582 description: |- 4583 List of ports to expose from the container. Not specifying a port here 4584 DOES NOT prevent that port from being exposed. Any port which is 4585 listening on the default "0.0.0.0" address inside a container will be 4586 accessible from the network. 4587 Modifying this array with strategic merge patch may corrupt the data. 4588 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 4589 Cannot be updated. 4590 items: 4591 description: ContainerPort represents a network 4592 port in a single container. 4593 properties: 4594 containerPort: 4595 description: |- 4596 Number of port to expose on the pod's IP address. 4597 This must be a valid port number, 0 < x < 65536. 4598 format: int32 4599 type: integer 4600 hostIP: 4601 description: What host IP to bind the external 4602 port to. 4603 type: string 4604 hostPort: 4605 description: |- 4606 Number of port to expose on the host. 4607 If specified, this must be a valid port number, 0 < x < 65536. 4608 If HostNetwork is specified, this must match ContainerPort. 4609 Most containers do not need this. 4610 format: int32 4611 type: integer 4612 name: 4613 description: |- 4614 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 4615 named port in a pod must have a unique name. Name for the port that can be 4616 referred to by services. 4617 type: string 4618 protocol: 4619 default: TCP 4620 description: |- 4621 Protocol for port. Must be UDP, TCP, or SCTP. 4622 Defaults to "TCP". 4623 type: string 4624 required: 4625 - containerPort 4626 type: object 4627 type: array 4628 x-kubernetes-list-map-keys: 4629 - containerPort 4630 - protocol 4631 x-kubernetes-list-type: map 4632 readinessProbe: 4633 description: |- 4634 Periodic probe of container service readiness. 4635 Container will be removed from service endpoints if the probe fails. 4636 Cannot be updated. 4637 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4638 properties: 4639 exec: 4640 description: Exec specifies the action to 4641 take. 4642 properties: 4643 command: 4644 description: |- 4645 Command is the command line to execute inside the container, the working directory for the 4646 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4647 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4648 a shell, you need to explicitly call out to that shell. 4649 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4650 items: 4651 type: string 4652 type: array 4653 type: object 4654 failureThreshold: 4655 description: |- 4656 Minimum consecutive failures for the probe to be considered failed after having succeeded. 4657 Defaults to 3. Minimum value is 1. 4658 format: int32 4659 type: integer 4660 grpc: 4661 description: GRPC specifies an action involving 4662 a GRPC port. 4663 properties: 4664 port: 4665 description: Port number of the gRPC service. 4666 Number must be in the range 1 to 65535. 4667 format: int32 4668 type: integer 4669 service: 4670 description: |- 4671 Service is the name of the service to place in the gRPC HealthCheckRequest 4672 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4673 4674 4675 If this is not specified, the default behavior is defined by gRPC. 4676 type: string 4677 required: 4678 - port 4679 type: object 4680 httpGet: 4681 description: HTTPGet specifies the http request 4682 to perform. 4683 properties: 4684 host: 4685 description: |- 4686 Host name to connect to, defaults to the pod IP. You probably want to set 4687 "Host" in httpHeaders instead. 4688 type: string 4689 httpHeaders: 4690 description: Custom headers to set in 4691 the request. HTTP allows repeated headers. 4692 items: 4693 description: HTTPHeader describes a 4694 custom header to be used in HTTP probes 4695 properties: 4696 name: 4697 description: |- 4698 The header field name. 4699 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4700 type: string 4701 value: 4702 description: The header field value 4703 type: string 4704 required: 4705 - name 4706 - value 4707 type: object 4708 type: array 4709 path: 4710 description: Path to access on the HTTP 4711 server. 4712 type: string 4713 port: 4714 anyOf: 4715 - type: integer 4716 - type: string 4717 description: |- 4718 Name or number of the port to access on the container. 4719 Number must be in the range 1 to 65535. 4720 Name must be an IANA_SVC_NAME. 4721 x-kubernetes-int-or-string: true 4722 scheme: 4723 description: |- 4724 Scheme to use for connecting to the host. 4725 Defaults to HTTP. 4726 type: string 4727 required: 4728 - port 4729 type: object 4730 initialDelaySeconds: 4731 description: |- 4732 Number of seconds after the container has started before liveness probes are initiated. 4733 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4734 format: int32 4735 type: integer 4736 periodSeconds: 4737 description: |- 4738 How often (in seconds) to perform the probe. 4739 Default to 10 seconds. Minimum value is 1. 4740 format: int32 4741 type: integer 4742 successThreshold: 4743 description: |- 4744 Minimum consecutive successes for the probe to be considered successful after having failed. 4745 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4746 format: int32 4747 type: integer 4748 tcpSocket: 4749 description: TCPSocket specifies an action 4750 involving a TCP port. 4751 properties: 4752 host: 4753 description: 'Optional: Host name to connect 4754 to, defaults to the pod IP.' 4755 type: string 4756 port: 4757 anyOf: 4758 - type: integer 4759 - type: string 4760 description: |- 4761 Number or name of the port to access on the container. 4762 Number must be in the range 1 to 65535. 4763 Name must be an IANA_SVC_NAME. 4764 x-kubernetes-int-or-string: true 4765 required: 4766 - port 4767 type: object 4768 terminationGracePeriodSeconds: 4769 description: |- 4770 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 4771 The grace period is the duration in seconds after the processes running in the pod are sent 4772 a termination signal and the time when the processes are forcibly halted with a kill signal. 4773 Set this value longer than the expected cleanup time for your process. 4774 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 4775 value overrides the value provided by the pod spec. 4776 Value must be non-negative integer. The value zero indicates stop immediately via 4777 the kill signal (no opportunity to shut down). 4778 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 4779 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4780 format: int64 4781 type: integer 4782 timeoutSeconds: 4783 description: |- 4784 Number of seconds after which the probe times out. 4785 Defaults to 1 second. Minimum value is 1. 4786 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4787 format: int32 4788 type: integer 4789 type: object 4790 resizePolicy: 4791 description: Resources resize policy for the container. 4792 items: 4793 description: ContainerResizePolicy represents 4794 resource resize policy for the container. 4795 properties: 4796 resourceName: 4797 description: |- 4798 Name of the resource to which this resource resize policy applies. 4799 Supported values: cpu, memory. 4800 type: string 4801 restartPolicy: 4802 description: |- 4803 Restart policy to apply when specified resource is resized. 4804 If not specified, it defaults to NotRequired. 4805 type: string 4806 required: 4807 - resourceName 4808 - restartPolicy 4809 type: object 4810 type: array 4811 x-kubernetes-list-type: atomic 4812 resources: 4813 description: |- 4814 Compute Resources required by this container. 4815 Cannot be updated. 4816 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4817 properties: 4818 claims: 4819 description: |- 4820 Claims lists the names of resources, defined in spec.resourceClaims, 4821 that are used by this container. 4822 4823 4824 This is an alpha field and requires enabling the 4825 DynamicResourceAllocation feature gate. 4826 4827 4828 This field is immutable. It can only be set for containers. 4829 items: 4830 description: ResourceClaim references one 4831 entry in PodSpec.ResourceClaims. 4832 properties: 4833 name: 4834 description: |- 4835 Name must match the name of one entry in pod.spec.resourceClaims of 4836 the Pod where this field is used. It makes that resource available 4837 inside a container. 4838 type: string 4839 required: 4840 - name 4841 type: object 4842 type: array 4843 x-kubernetes-list-map-keys: 4844 - name 4845 x-kubernetes-list-type: map 4846 limits: 4847 additionalProperties: 4848 anyOf: 4849 - type: integer 4850 - type: string 4851 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4852 x-kubernetes-int-or-string: true 4853 description: |- 4854 Limits describes the maximum amount of compute resources allowed. 4855 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4856 type: object 4857 requests: 4858 additionalProperties: 4859 anyOf: 4860 - type: integer 4861 - type: string 4862 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4863 x-kubernetes-int-or-string: true 4864 description: |- 4865 Requests describes the minimum amount of compute resources required. 4866 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 4867 otherwise to an implementation-defined value. Requests cannot exceed Limits. 4868 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4869 type: object 4870 type: object 4871 restartPolicy: 4872 description: |- 4873 RestartPolicy defines the restart behavior of individual containers in a pod. 4874 This field may only be set for init containers, and the only allowed value is "Always". 4875 For non-init containers or when this field is not specified, 4876 the restart behavior is defined by the Pod's restart policy and the container type. 4877 Setting the RestartPolicy as "Always" for the init container will have the following effect: 4878 this init container will be continually restarted on 4879 exit until all regular containers have terminated. Once all regular 4880 containers have completed, all init containers with restartPolicy "Always" 4881 will be shut down. This lifecycle differs from normal init containers and 4882 is often referred to as a "sidecar" container. Although this init 4883 container still starts in the init container sequence, it does not wait 4884 for the container to complete before proceeding to the next init 4885 container. Instead, the next init container starts immediately after this 4886 init container is started, or after any startupProbe has successfully 4887 completed. 4888 type: string 4889 securityContext: 4890 description: |- 4891 SecurityContext defines the security options the container should be run with. 4892 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 4893 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 4894 properties: 4895 allowPrivilegeEscalation: 4896 description: |- 4897 AllowPrivilegeEscalation controls whether a process can gain more 4898 privileges than its parent process. This bool directly controls if 4899 the no_new_privs flag will be set on the container process. 4900 AllowPrivilegeEscalation is true always when the container is: 4901 1) run as Privileged 4902 2) has CAP_SYS_ADMIN 4903 Note that this field cannot be set when spec.os.name is windows. 4904 type: boolean 4905 capabilities: 4906 description: |- 4907 The capabilities to add/drop when running containers. 4908 Defaults to the default set of capabilities granted by the container runtime. 4909 Note that this field cannot be set when spec.os.name is windows. 4910 properties: 4911 add: 4912 description: Added capabilities 4913 items: 4914 description: Capability represent POSIX 4915 capabilities type 4916 type: string 4917 type: array 4918 drop: 4919 description: Removed capabilities 4920 items: 4921 description: Capability represent POSIX 4922 capabilities type 4923 type: string 4924 type: array 4925 type: object 4926 privileged: 4927 description: |- 4928 Run container in privileged mode. 4929 Processes in privileged containers are essentially equivalent to root on the host. 4930 Defaults to false. 4931 Note that this field cannot be set when spec.os.name is windows. 4932 type: boolean 4933 procMount: 4934 description: |- 4935 procMount denotes the type of proc mount to use for the containers. 4936 The default is DefaultProcMount which uses the container runtime defaults for 4937 readonly paths and masked paths. 4938 This requires the ProcMountType feature flag to be enabled. 4939 Note that this field cannot be set when spec.os.name is windows. 4940 type: string 4941 readOnlyRootFilesystem: 4942 description: |- 4943 Whether this container has a read-only root filesystem. 4944 Default is false. 4945 Note that this field cannot be set when spec.os.name is windows. 4946 type: boolean 4947 runAsGroup: 4948 description: |- 4949 The GID to run the entrypoint of the container process. 4950 Uses runtime default if unset. 4951 May also be set in PodSecurityContext. If set in both SecurityContext and 4952 PodSecurityContext, the value specified in SecurityContext takes precedence. 4953 Note that this field cannot be set when spec.os.name is windows. 4954 format: int64 4955 type: integer 4956 runAsNonRoot: 4957 description: |- 4958 Indicates that the container must run as a non-root user. 4959 If true, the Kubelet will validate the image at runtime to ensure that it 4960 does not run as UID 0 (root) and fail to start the container if it does. 4961 If unset or false, no such validation will be performed. 4962 May also be set in PodSecurityContext. If set in both SecurityContext and 4963 PodSecurityContext, the value specified in SecurityContext takes precedence. 4964 type: boolean 4965 runAsUser: 4966 description: |- 4967 The UID to run the entrypoint of the container process. 4968 Defaults to user specified in image metadata if unspecified. 4969 May also be set in PodSecurityContext. If set in both SecurityContext and 4970 PodSecurityContext, the value specified in SecurityContext takes precedence. 4971 Note that this field cannot be set when spec.os.name is windows. 4972 format: int64 4973 type: integer 4974 seLinuxOptions: 4975 description: |- 4976 The SELinux context to be applied to the container. 4977 If unspecified, the container runtime will allocate a random SELinux context for each 4978 container. May also be set in PodSecurityContext. If set in both SecurityContext and 4979 PodSecurityContext, the value specified in SecurityContext takes precedence. 4980 Note that this field cannot be set when spec.os.name is windows. 4981 properties: 4982 level: 4983 description: Level is SELinux level label 4984 that applies to the container. 4985 type: string 4986 role: 4987 description: Role is a SELinux role label 4988 that applies to the container. 4989 type: string 4990 type: 4991 description: Type is a SELinux type label 4992 that applies to the container. 4993 type: string 4994 user: 4995 description: User is a SELinux user label 4996 that applies to the container. 4997 type: string 4998 type: object 4999 seccompProfile: 5000 description: |- 5001 The seccomp options to use by this container. If seccomp options are 5002 provided at both the pod & container level, the container options 5003 override the pod options. 5004 Note that this field cannot be set when spec.os.name is windows. 5005 properties: 5006 localhostProfile: 5007 description: |- 5008 localhostProfile indicates a profile defined in a file on the node should be used. 5009 The profile must be preconfigured on the node to work. 5010 Must be a descending path, relative to the kubelet's configured seccomp profile location. 5011 Must be set if type is "Localhost". Must NOT be set for any other type. 5012 type: string 5013 type: 5014 description: |- 5015 type indicates which kind of seccomp profile will be applied. 5016 Valid options are: 5017 5018 5019 Localhost - a profile defined in a file on the node should be used. 5020 RuntimeDefault - the container runtime default profile should be used. 5021 Unconfined - no profile should be applied. 5022 type: string 5023 required: 5024 - type 5025 type: object 5026 windowsOptions: 5027 description: |- 5028 The Windows specific settings applied to all containers. 5029 If unspecified, the options from the PodSecurityContext will be used. 5030 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 5031 Note that this field cannot be set when spec.os.name is linux. 5032 properties: 5033 gmsaCredentialSpec: 5034 description: |- 5035 GMSACredentialSpec is where the GMSA admission webhook 5036 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5037 GMSA credential spec named by the GMSACredentialSpecName field. 5038 type: string 5039 gmsaCredentialSpecName: 5040 description: GMSACredentialSpecName is 5041 the name of the GMSA credential spec 5042 to use. 5043 type: string 5044 hostProcess: 5045 description: |- 5046 HostProcess determines if a container should be run as a 'Host Process' container. 5047 All of a Pod's containers must have the same effective HostProcess value 5048 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 5049 In addition, if HostProcess is true then HostNetwork must also be set to true. 5050 type: boolean 5051 runAsUserName: 5052 description: |- 5053 The UserName in Windows to run the entrypoint of the container process. 5054 Defaults to the user specified in image metadata if unspecified. 5055 May also be set in PodSecurityContext. If set in both SecurityContext and 5056 PodSecurityContext, the value specified in SecurityContext takes precedence. 5057 type: string 5058 type: object 5059 type: object 5060 startupProbe: 5061 description: |- 5062 StartupProbe indicates that the Pod has successfully initialized. 5063 If specified, no other probes are executed until this completes successfully. 5064 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 5065 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 5066 when it might take a long time to load data or warm a cache, than during steady-state operation. 5067 This cannot be updated. 5068 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5069 properties: 5070 exec: 5071 description: Exec specifies the action to 5072 take. 5073 properties: 5074 command: 5075 description: |- 5076 Command is the command line to execute inside the container, the working directory for the 5077 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 5078 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 5079 a shell, you need to explicitly call out to that shell. 5080 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 5081 items: 5082 type: string 5083 type: array 5084 type: object 5085 failureThreshold: 5086 description: |- 5087 Minimum consecutive failures for the probe to be considered failed after having succeeded. 5088 Defaults to 3. Minimum value is 1. 5089 format: int32 5090 type: integer 5091 grpc: 5092 description: GRPC specifies an action involving 5093 a GRPC port. 5094 properties: 5095 port: 5096 description: Port number of the gRPC service. 5097 Number must be in the range 1 to 65535. 5098 format: int32 5099 type: integer 5100 service: 5101 description: |- 5102 Service is the name of the service to place in the gRPC HealthCheckRequest 5103 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5104 5105 5106 If this is not specified, the default behavior is defined by gRPC. 5107 type: string 5108 required: 5109 - port 5110 type: object 5111 httpGet: 5112 description: HTTPGet specifies the http request 5113 to perform. 5114 properties: 5115 host: 5116 description: |- 5117 Host name to connect to, defaults to the pod IP. You probably want to set 5118 "Host" in httpHeaders instead. 5119 type: string 5120 httpHeaders: 5121 description: Custom headers to set in 5122 the request. HTTP allows repeated headers. 5123 items: 5124 description: HTTPHeader describes a 5125 custom header to be used in HTTP probes 5126 properties: 5127 name: 5128 description: |- 5129 The header field name. 5130 This will be canonicalized upon output, so case-variant names will be understood as the same header. 5131 type: string 5132 value: 5133 description: The header field value 5134 type: string 5135 required: 5136 - name 5137 - value 5138 type: object 5139 type: array 5140 path: 5141 description: Path to access on the HTTP 5142 server. 5143 type: string 5144 port: 5145 anyOf: 5146 - type: integer 5147 - type: string 5148 description: |- 5149 Name or number of the port to access on the container. 5150 Number must be in the range 1 to 65535. 5151 Name must be an IANA_SVC_NAME. 5152 x-kubernetes-int-or-string: true 5153 scheme: 5154 description: |- 5155 Scheme to use for connecting to the host. 5156 Defaults to HTTP. 5157 type: string 5158 required: 5159 - port 5160 type: object 5161 initialDelaySeconds: 5162 description: |- 5163 Number of seconds after the container has started before liveness probes are initiated. 5164 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5165 format: int32 5166 type: integer 5167 periodSeconds: 5168 description: |- 5169 How often (in seconds) to perform the probe. 5170 Default to 10 seconds. Minimum value is 1. 5171 format: int32 5172 type: integer 5173 successThreshold: 5174 description: |- 5175 Minimum consecutive successes for the probe to be considered successful after having failed. 5176 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 5177 format: int32 5178 type: integer 5179 tcpSocket: 5180 description: TCPSocket specifies an action 5181 involving a TCP port. 5182 properties: 5183 host: 5184 description: 'Optional: Host name to connect 5185 to, defaults to the pod IP.' 5186 type: string 5187 port: 5188 anyOf: 5189 - type: integer 5190 - type: string 5191 description: |- 5192 Number or name of the port to access on the container. 5193 Number must be in the range 1 to 65535. 5194 Name must be an IANA_SVC_NAME. 5195 x-kubernetes-int-or-string: true 5196 required: 5197 - port 5198 type: object 5199 terminationGracePeriodSeconds: 5200 description: |- 5201 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 5202 The grace period is the duration in seconds after the processes running in the pod are sent 5203 a termination signal and the time when the processes are forcibly halted with a kill signal. 5204 Set this value longer than the expected cleanup time for your process. 5205 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 5206 value overrides the value provided by the pod spec. 5207 Value must be non-negative integer. The value zero indicates stop immediately via 5208 the kill signal (no opportunity to shut down). 5209 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 5210 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 5211 format: int64 5212 type: integer 5213 timeoutSeconds: 5214 description: |- 5215 Number of seconds after which the probe times out. 5216 Defaults to 1 second. Minimum value is 1. 5217 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5218 format: int32 5219 type: integer 5220 type: object 5221 stdin: 5222 description: |- 5223 Whether this container should allocate a buffer for stdin in the container runtime. If this 5224 is not set, reads from stdin in the container will always result in EOF. 5225 Default is false. 5226 type: boolean 5227 stdinOnce: 5228 description: |- 5229 Whether the container runtime should close the stdin channel after it has been opened by 5230 a single attach. When stdin is true the stdin stream will remain open across multiple attach 5231 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 5232 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 5233 at which time stdin is closed and remains closed until the container is restarted. If this 5234 flag is false, a container processes that reads from stdin will never receive an EOF. 5235 Default is false 5236 type: boolean 5237 terminationMessagePath: 5238 description: |- 5239 Optional: Path at which the file to which the container's termination message 5240 will be written is mounted into the container's filesystem. 5241 Message written is intended to be brief final status, such as an assertion failure message. 5242 Will be truncated by the node if greater than 4096 bytes. The total message length across 5243 all containers will be limited to 12kb. 5244 Defaults to /dev/termination-log. 5245 Cannot be updated. 5246 type: string 5247 terminationMessagePolicy: 5248 description: |- 5249 Indicate how the termination message should be populated. File will use the contents of 5250 terminationMessagePath to populate the container status message on both success and failure. 5251 FallbackToLogsOnError will use the last chunk of container log output if the termination 5252 message file is empty and the container exited with an error. 5253 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 5254 Defaults to File. 5255 Cannot be updated. 5256 type: string 5257 tty: 5258 description: |- 5259 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 5260 Default is false. 5261 type: boolean 5262 volumeDevices: 5263 description: volumeDevices is the list of block 5264 devices to be used by the container. 5265 items: 5266 description: volumeDevice describes a mapping 5267 of a raw block device within a container. 5268 properties: 5269 devicePath: 5270 description: devicePath is the path inside 5271 of the container that the device will 5272 be mapped to. 5273 type: string 5274 name: 5275 description: name must match the name of 5276 a persistentVolumeClaim in the pod 5277 type: string 5278 required: 5279 - devicePath 5280 - name 5281 type: object 5282 type: array 5283 volumeMounts: 5284 description: |- 5285 Pod volumes to mount into the container's filesystem. 5286 Cannot be updated. 5287 items: 5288 description: VolumeMount describes a mounting 5289 of a Volume within a container. 5290 properties: 5291 mountPath: 5292 description: |- 5293 Path within the container at which the volume should be mounted. Must 5294 not contain ':'. 5295 type: string 5296 mountPropagation: 5297 description: |- 5298 mountPropagation determines how mounts are propagated from the host 5299 to container and the other way around. 5300 When not set, MountPropagationNone is used. 5301 This field is beta in 1.10. 5302 type: string 5303 name: 5304 description: This must match the Name of 5305 a Volume. 5306 type: string 5307 readOnly: 5308 description: |- 5309 Mounted read-only if true, read-write otherwise (false or unspecified). 5310 Defaults to false. 5311 type: boolean 5312 subPath: 5313 description: |- 5314 Path within the volume from which the container's volume should be mounted. 5315 Defaults to "" (volume's root). 5316 type: string 5317 subPathExpr: 5318 description: |- 5319 Expanded path within the volume from which the container's volume should be mounted. 5320 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 5321 Defaults to "" (volume's root). 5322 SubPathExpr and SubPath are mutually exclusive. 5323 type: string 5324 required: 5325 - mountPath 5326 - name 5327 type: object 5328 type: array 5329 workingDir: 5330 description: |- 5331 Container's working directory. 5332 If not specified, the container runtime's default will be used, which 5333 might be configured in the container image. 5334 Cannot be updated. 5335 type: string 5336 required: 5337 - name 5338 type: object 5339 type: array 5340 nodeName: 5341 description: |- 5342 NodeName is a request to schedule this pod onto a specific node. If it is non-empty, 5343 the scheduler simply schedules this pod onto that node, assuming that it fits resource 5344 requirements. 5345 type: string 5346 nodeSelector: 5347 additionalProperties: 5348 type: string 5349 description: |- 5350 NodeSelector is a selector which must be true for the pod to fit on a node. 5351 Selector which must match a node's labels for the pod to be scheduled on that node. 5352 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 5353 type: object 5354 x-kubernetes-map-type: atomic 5355 os: 5356 description: |- 5357 Specifies the OS of the containers in the pod. 5358 Some pod and container fields are restricted if this is set. 5359 5360 5361 If the OS field is set to linux, the following fields must be unset: 5362 -securityContext.windowsOptions 5363 5364 5365 If the OS field is set to windows, following fields must be unset: 5366 - spec.hostPID 5367 - spec.hostIPC 5368 - spec.hostUsers 5369 - spec.securityContext.seLinuxOptions 5370 - spec.securityContext.seccompProfile 5371 - spec.securityContext.fsGroup 5372 - spec.securityContext.fsGroupChangePolicy 5373 - spec.securityContext.sysctls 5374 - spec.shareProcessNamespace 5375 - spec.securityContext.runAsUser 5376 - spec.securityContext.runAsGroup 5377 - spec.securityContext.supplementalGroups 5378 - spec.containers[*].securityContext.seLinuxOptions 5379 - spec.containers[*].securityContext.seccompProfile 5380 - spec.containers[*].securityContext.capabilities 5381 - spec.containers[*].securityContext.readOnlyRootFilesystem 5382 - spec.containers[*].securityContext.privileged 5383 - spec.containers[*].securityContext.allowPrivilegeEscalation 5384 - spec.containers[*].securityContext.procMount 5385 - spec.containers[*].securityContext.runAsUser 5386 - spec.containers[*].securityContext.runAsGroup 5387 properties: 5388 name: 5389 description: |- 5390 Name is the name of the operating system. The currently supported values are linux and windows. 5391 Additional value may be defined in future and can be one of: 5392 https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5393 Clients should expect to handle additional values and treat unrecognized values in this field as os: null 5394 type: string 5395 required: 5396 - name 5397 type: object 5398 overhead: 5399 additionalProperties: 5400 anyOf: 5401 - type: integer 5402 - type: string 5403 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5404 x-kubernetes-int-or-string: true 5405 description: |- 5406 Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. 5407 This field will be autopopulated at admission time by the RuntimeClass admission controller. If 5408 the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. 5409 The RuntimeClass admission controller will reject Pod create requests which have the overhead already 5410 set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value 5411 defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. 5412 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md 5413 type: object 5414 preemptionPolicy: 5415 description: |- 5416 PreemptionPolicy is the Policy for preempting pods with lower priority. 5417 One of Never, PreemptLowerPriority. 5418 Defaults to PreemptLowerPriority if unset. 5419 type: string 5420 priority: 5421 description: |- 5422 The priority value. Various system components use this field to find the 5423 priority of the pod. When Priority Admission Controller is enabled, it 5424 prevents users from setting this field. The admission controller populates 5425 this field from PriorityClassName. 5426 The higher the value, the higher the priority. 5427 format: int32 5428 type: integer 5429 priorityClassName: 5430 description: |- 5431 If specified, indicates the pod's priority. "system-node-critical" and 5432 "system-cluster-critical" are two special keywords which indicate the 5433 highest priorities with the former being the highest priority. Any other 5434 name must be defined by creating a PriorityClass object with that name. 5435 If not specified, the pod priority will be default or zero if there is no 5436 default. 5437 type: string 5438 readinessGates: 5439 description: |- 5440 If specified, all readiness gates will be evaluated for pod readiness. 5441 A pod is ready when all its containers are ready AND 5442 all conditions specified in the readiness gates have status equal to "True" 5443 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates 5444 items: 5445 description: PodReadinessGate contains the reference 5446 to a pod condition 5447 properties: 5448 conditionType: 5449 description: ConditionType refers to a condition 5450 in the pod's condition list with matching type. 5451 type: string 5452 required: 5453 - conditionType 5454 type: object 5455 type: array 5456 resourceClaims: 5457 description: |- 5458 ResourceClaims defines which ResourceClaims must be allocated 5459 and reserved before the Pod is allowed to start. The resources 5460 will be made available to those containers which consume them 5461 by name. 5462 5463 5464 This is an alpha field and requires enabling the 5465 DynamicResourceAllocation feature gate. 5466 5467 5468 This field is immutable. 5469 items: 5470 description: |- 5471 PodResourceClaim references exactly one ResourceClaim through a ClaimSource. 5472 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. 5473 Containers that need access to the ResourceClaim reference it with this name. 5474 properties: 5475 name: 5476 description: |- 5477 Name uniquely identifies this resource claim inside the pod. 5478 This must be a DNS_LABEL. 5479 type: string 5480 source: 5481 description: Source describes where to find the 5482 ResourceClaim. 5483 properties: 5484 resourceClaimName: 5485 description: |- 5486 ResourceClaimName is the name of a ResourceClaim object in the same 5487 namespace as this pod. 5488 type: string 5489 resourceClaimTemplateName: 5490 description: |- 5491 ResourceClaimTemplateName is the name of a ResourceClaimTemplate 5492 object in the same namespace as this pod. 5493 5494 5495 The template will be used to create a new ResourceClaim, which will 5496 be bound to this pod. When this pod is deleted, the ResourceClaim 5497 will also be deleted. The pod name and resource name, along with a 5498 generated component, will be used to form a unique name for the 5499 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 5500 5501 5502 This field is immutable and no changes will be made to the 5503 corresponding ResourceClaim by the control plane after creating the 5504 ResourceClaim. 5505 type: string 5506 type: object 5507 required: 5508 - name 5509 type: object 5510 type: array 5511 x-kubernetes-list-map-keys: 5512 - name 5513 x-kubernetes-list-type: map 5514 restartPolicy: 5515 description: |- 5516 Restart policy for all containers within the pod. 5517 One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. 5518 Default to Always. 5519 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 5520 type: string 5521 runtimeClassName: 5522 description: |- 5523 RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used 5524 to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. 5525 If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an 5526 empty definition that uses the default runtime handler. 5527 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class 5528 type: string 5529 schedulerName: 5530 description: |- 5531 If specified, the pod will be dispatched by specified scheduler. 5532 If not specified, the pod will be dispatched by default scheduler. 5533 type: string 5534 schedulingGates: 5535 description: |- 5536 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. 5537 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the 5538 scheduler will not attempt to schedule the pod. 5539 5540 5541 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 5542 5543 5544 This is a beta feature enabled by the PodSchedulingReadiness feature gate. 5545 items: 5546 description: PodSchedulingGate is associated to a 5547 Pod to guard its scheduling. 5548 properties: 5549 name: 5550 description: |- 5551 Name of the scheduling gate. 5552 Each scheduling gate must have a unique name field. 5553 type: string 5554 required: 5555 - name 5556 type: object 5557 type: array 5558 x-kubernetes-list-map-keys: 5559 - name 5560 x-kubernetes-list-type: map 5561 securityContext: 5562 description: |- 5563 SecurityContext holds pod-level security attributes and common container settings. 5564 Optional: Defaults to empty. See type description for default values of each field. 5565 properties: 5566 fsGroup: 5567 description: |- 5568 A special supplemental group that applies to all containers in a pod. 5569 Some volume types allow the Kubelet to change the ownership of that volume 5570 to be owned by the pod: 5571 5572 5573 1. The owning GID will be the FSGroup 5574 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 5575 3. The permission bits are OR'd with rw-rw---- 5576 5577 5578 If unset, the Kubelet will not modify the ownership and permissions of any volume. 5579 Note that this field cannot be set when spec.os.name is windows. 5580 format: int64 5581 type: integer 5582 fsGroupChangePolicy: 5583 description: |- 5584 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume 5585 before being exposed inside Pod. This field will only apply to 5586 volume types which support fsGroup based ownership(and permissions). 5587 It will have no effect on ephemeral volume types such as: secret, configmaps 5588 and emptydir. 5589 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. 5590 Note that this field cannot be set when spec.os.name is windows. 5591 type: string 5592 runAsGroup: 5593 description: |- 5594 The GID to run the entrypoint of the container process. 5595 Uses runtime default if unset. 5596 May also be set in SecurityContext. If set in both SecurityContext and 5597 PodSecurityContext, the value specified in SecurityContext takes precedence 5598 for that container. 5599 Note that this field cannot be set when spec.os.name is windows. 5600 format: int64 5601 type: integer 5602 runAsNonRoot: 5603 description: |- 5604 Indicates that the container must run as a non-root user. 5605 If true, the Kubelet will validate the image at runtime to ensure that it 5606 does not run as UID 0 (root) and fail to start the container if it does. 5607 If unset or false, no such validation will be performed. 5608 May also be set in SecurityContext. If set in both SecurityContext and 5609 PodSecurityContext, the value specified in SecurityContext takes precedence. 5610 type: boolean 5611 runAsUser: 5612 description: |- 5613 The UID to run the entrypoint of the container process. 5614 Defaults to user specified in image metadata if unspecified. 5615 May also be set in SecurityContext. If set in both SecurityContext and 5616 PodSecurityContext, the value specified in SecurityContext takes precedence 5617 for that container. 5618 Note that this field cannot be set when spec.os.name is windows. 5619 format: int64 5620 type: integer 5621 seLinuxOptions: 5622 description: |- 5623 The SELinux context to be applied to all containers. 5624 If unspecified, the container runtime will allocate a random SELinux context for each 5625 container. May also be set in SecurityContext. If set in 5626 both SecurityContext and PodSecurityContext, the value specified in SecurityContext 5627 takes precedence for that container. 5628 Note that this field cannot be set when spec.os.name is windows. 5629 properties: 5630 level: 5631 description: Level is SELinux level label that 5632 applies to the container. 5633 type: string 5634 role: 5635 description: Role is a SELinux role label that 5636 applies to the container. 5637 type: string 5638 type: 5639 description: Type is a SELinux type label that 5640 applies to the container. 5641 type: string 5642 user: 5643 description: User is a SELinux user label that 5644 applies to the container. 5645 type: string 5646 type: object 5647 seccompProfile: 5648 description: |- 5649 The seccomp options to use by the containers in this pod. 5650 Note that this field cannot be set when spec.os.name is windows. 5651 properties: 5652 localhostProfile: 5653 description: |- 5654 localhostProfile indicates a profile defined in a file on the node should be used. 5655 The profile must be preconfigured on the node to work. 5656 Must be a descending path, relative to the kubelet's configured seccomp profile location. 5657 Must be set if type is "Localhost". Must NOT be set for any other type. 5658 type: string 5659 type: 5660 description: |- 5661 type indicates which kind of seccomp profile will be applied. 5662 Valid options are: 5663 5664 5665 Localhost - a profile defined in a file on the node should be used. 5666 RuntimeDefault - the container runtime default profile should be used. 5667 Unconfined - no profile should be applied. 5668 type: string 5669 required: 5670 - type 5671 type: object 5672 supplementalGroups: 5673 description: |- 5674 A list of groups applied to the first process run in each container, in addition 5675 to the container's primary GID, the fsGroup (if specified), and group memberships 5676 defined in the container image for the uid of the container process. If unspecified, 5677 no additional groups are added to any container. Note that group memberships 5678 defined in the container image for the uid of the container process are still effective, 5679 even if they are not included in this list. 5680 Note that this field cannot be set when spec.os.name is windows. 5681 items: 5682 format: int64 5683 type: integer 5684 type: array 5685 sysctls: 5686 description: |- 5687 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported 5688 sysctls (by the container runtime) might fail to launch. 5689 Note that this field cannot be set when spec.os.name is windows. 5690 items: 5691 description: Sysctl defines a kernel parameter 5692 to be set 5693 properties: 5694 name: 5695 description: Name of a property to set 5696 type: string 5697 value: 5698 description: Value of a property to set 5699 type: string 5700 required: 5701 - name 5702 - value 5703 type: object 5704 type: array 5705 windowsOptions: 5706 description: |- 5707 The Windows specific settings applied to all containers. 5708 If unspecified, the options within a container's SecurityContext will be used. 5709 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 5710 Note that this field cannot be set when spec.os.name is linux. 5711 properties: 5712 gmsaCredentialSpec: 5713 description: |- 5714 GMSACredentialSpec is where the GMSA admission webhook 5715 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5716 GMSA credential spec named by the GMSACredentialSpecName field. 5717 type: string 5718 gmsaCredentialSpecName: 5719 description: GMSACredentialSpecName is the name 5720 of the GMSA credential spec to use. 5721 type: string 5722 hostProcess: 5723 description: |- 5724 HostProcess determines if a container should be run as a 'Host Process' container. 5725 All of a Pod's containers must have the same effective HostProcess value 5726 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 5727 In addition, if HostProcess is true then HostNetwork must also be set to true. 5728 type: boolean 5729 runAsUserName: 5730 description: |- 5731 The UserName in Windows to run the entrypoint of the container process. 5732 Defaults to the user specified in image metadata if unspecified. 5733 May also be set in PodSecurityContext. If set in both SecurityContext and 5734 PodSecurityContext, the value specified in SecurityContext takes precedence. 5735 type: string 5736 type: object 5737 type: object 5738 serviceAccount: 5739 description: |- 5740 DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. 5741 Deprecated: Use serviceAccountName instead. 5742 type: string 5743 serviceAccountName: 5744 description: |- 5745 ServiceAccountName is the name of the ServiceAccount to use to run this pod. 5746 More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 5747 type: string 5748 setHostnameAsFQDN: 5749 description: |- 5750 If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). 5751 In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). 5752 In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. 5753 If a pod does not have FQDN, this has no effect. 5754 Default to false. 5755 type: boolean 5756 shareProcessNamespace: 5757 description: |- 5758 Share a single process namespace between all of the containers in a pod. 5759 When this is set containers will be able to view and signal processes from other containers 5760 in the same pod, and the first process in each container will not be assigned PID 1. 5761 HostPID and ShareProcessNamespace cannot both be set. 5762 Optional: Default to false. 5763 type: boolean 5764 subdomain: 5765 description: |- 5766 If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 5767 If not specified, the pod will not have a domainname at all. 5768 type: string 5769 terminationGracePeriodSeconds: 5770 description: |- 5771 Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 5772 Value must be non-negative integer. The value zero indicates stop immediately via 5773 the kill signal (no opportunity to shut down). 5774 If this value is nil, the default grace period will be used instead. 5775 The grace period is the duration in seconds after the processes running in the pod are sent 5776 a termination signal and the time when the processes are forcibly halted with a kill signal. 5777 Set this value longer than the expected cleanup time for your process. 5778 Defaults to 30 seconds. 5779 format: int64 5780 type: integer 5781 tolerations: 5782 description: If specified, the pod's tolerations. 5783 items: 5784 description: |- 5785 The pod this Toleration is attached to tolerates any taint that matches 5786 the triple <key,value,effect> using the matching operator <operator>. 5787 properties: 5788 effect: 5789 description: |- 5790 Effect indicates the taint effect to match. Empty means match all taint effects. 5791 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 5792 type: string 5793 key: 5794 description: |- 5795 Key is the taint key that the toleration applies to. Empty means match all taint keys. 5796 If the key is empty, operator must be Exists; this combination means to match all values and all keys. 5797 type: string 5798 operator: 5799 description: |- 5800 Operator represents a key's relationship to the value. 5801 Valid operators are Exists and Equal. Defaults to Equal. 5802 Exists is equivalent to wildcard for value, so that a pod can 5803 tolerate all taints of a particular category. 5804 type: string 5805 tolerationSeconds: 5806 description: |- 5807 TolerationSeconds represents the period of time the toleration (which must be 5808 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 5809 it is not set, which means tolerate the taint forever (do not evict). Zero and 5810 negative values will be treated as 0 (evict immediately) by the system. 5811 format: int64 5812 type: integer 5813 value: 5814 description: |- 5815 Value is the taint value the toleration matches to. 5816 If the operator is Exists, the value should be empty, otherwise just a regular string. 5817 type: string 5818 type: object 5819 type: array 5820 topologySpreadConstraints: 5821 description: |- 5822 TopologySpreadConstraints describes how a group of pods ought to spread across topology 5823 domains. Scheduler will schedule pods in a way which abides by the constraints. 5824 All topologySpreadConstraints are ANDed. 5825 items: 5826 description: TopologySpreadConstraint specifies how 5827 to spread matching pods among the given topology. 5828 properties: 5829 labelSelector: 5830 description: |- 5831 LabelSelector is used to find matching pods. 5832 Pods that match this label selector are counted to determine the number of pods 5833 in their corresponding topology domain. 5834 properties: 5835 matchExpressions: 5836 description: matchExpressions is a list of 5837 label selector requirements. The requirements 5838 are ANDed. 5839 items: 5840 description: |- 5841 A label selector requirement is a selector that contains values, a key, and an operator that 5842 relates the key and values. 5843 properties: 5844 key: 5845 description: key is the label key that 5846 the selector applies to. 5847 type: string 5848 operator: 5849 description: |- 5850 operator represents a key's relationship to a set of values. 5851 Valid operators are In, NotIn, Exists and DoesNotExist. 5852 type: string 5853 values: 5854 description: |- 5855 values is an array of string values. If the operator is In or NotIn, 5856 the values array must be non-empty. If the operator is Exists or DoesNotExist, 5857 the values array must be empty. This array is replaced during a strategic 5858 merge patch. 5859 items: 5860 type: string 5861 type: array 5862 required: 5863 - key 5864 - operator 5865 type: object 5866 type: array 5867 matchLabels: 5868 additionalProperties: 5869 type: string 5870 description: |- 5871 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 5872 map is equivalent to an element of matchExpressions, whose key field is "key", the 5873 operator is "In", and the values array contains only "value". The requirements are ANDed. 5874 type: object 5875 type: object 5876 x-kubernetes-map-type: atomic 5877 matchLabelKeys: 5878 description: |- 5879 MatchLabelKeys is a set of pod label keys to select the pods over which 5880 spreading will be calculated. The keys are used to lookup values from the 5881 incoming pod labels, those key-value labels are ANDed with labelSelector 5882 to select the group of existing pods over which spreading will be calculated 5883 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 5884 MatchLabelKeys cannot be set when LabelSelector isn't set. 5885 Keys that don't exist in the incoming pod labels will 5886 be ignored. A null or empty list means only match against labelSelector. 5887 5888 5889 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 5890 items: 5891 type: string 5892 type: array 5893 x-kubernetes-list-type: atomic 5894 maxSkew: 5895 description: |- 5896 MaxSkew describes the degree to which pods may be unevenly distributed. 5897 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference 5898 between the number of matching pods in the target topology and the global minimum. 5899 The global minimum is the minimum number of matching pods in an eligible domain 5900 or zero if the number of eligible domains is less than MinDomains. 5901 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5902 labelSelector spread as 2/2/1: 5903 In this case, the global minimum is 1. 5904 | zone1 | zone2 | zone3 | 5905 | P P | P P | P | 5906 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; 5907 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) 5908 violate MaxSkew(1). 5909 - if MaxSkew is 2, incoming pod can be scheduled onto any zone. 5910 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence 5911 to topologies that satisfy it. 5912 It's a required field. Default value is 1 and 0 is not allowed. 5913 format: int32 5914 type: integer 5915 minDomains: 5916 description: |- 5917 MinDomains indicates a minimum number of eligible domains. 5918 When the number of eligible domains with matching topology keys is less than minDomains, 5919 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. 5920 And when the number of eligible domains with matching topology keys equals or greater than minDomains, 5921 this value has no effect on scheduling. 5922 As a result, when the number of eligible domains is less than minDomains, 5923 scheduler won't schedule more than maxSkew Pods to those domains. 5924 If value is nil, the constraint behaves as if MinDomains is equal to 1. 5925 Valid values are integers greater than 0. 5926 When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 5927 5928 5929 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same 5930 labelSelector spread as 2/2/2: 5931 | zone1 | zone2 | zone3 | 5932 | P P | P P | P P | 5933 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. 5934 In this situation, new pod with the same labelSelector cannot be scheduled, 5935 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, 5936 it will violate MaxSkew. 5937 5938 5939 This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). 5940 format: int32 5941 type: integer 5942 nodeAffinityPolicy: 5943 description: |- 5944 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector 5945 when calculating pod topology spread skew. Options are: 5946 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. 5947 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 5948 5949 5950 If this value is nil, the behavior is equivalent to the Honor policy. 5951 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 5952 type: string 5953 nodeTaintsPolicy: 5954 description: |- 5955 NodeTaintsPolicy indicates how we will treat node taints when calculating 5956 pod topology spread skew. Options are: 5957 - Honor: nodes without taints, along with tainted nodes for which the incoming pod 5958 has a toleration, are included. 5959 - Ignore: node taints are ignored. All nodes are included. 5960 5961 5962 If this value is nil, the behavior is equivalent to the Ignore policy. 5963 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 5964 type: string 5965 topologyKey: 5966 description: |- 5967 TopologyKey is the key of node labels. Nodes that have a label with this key 5968 and identical values are considered to be in the same topology. 5969 We consider each <key, value> as a "bucket", and try to put balanced number 5970 of pods into each bucket. 5971 We define a domain as a particular instance of a topology. 5972 Also, we define an eligible domain as a domain whose nodes meet the requirements of 5973 nodeAffinityPolicy and nodeTaintsPolicy. 5974 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. 5975 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. 5976 It's a required field. 5977 type: string 5978 whenUnsatisfiable: 5979 description: |- 5980 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy 5981 the spread constraint. 5982 - DoNotSchedule (default) tells the scheduler not to schedule it. 5983 - ScheduleAnyway tells the scheduler to schedule the pod in any location, 5984 but giving higher precedence to topologies that would help reduce the 5985 skew. 5986 A constraint is considered "Unsatisfiable" for an incoming pod 5987 if and only if every possible node assignment for that pod would violate 5988 "MaxSkew" on some topology. 5989 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5990 labelSelector spread as 3/1/1: 5991 | zone1 | zone2 | zone3 | 5992 | P P P | P | P | 5993 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled 5994 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies 5995 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler 5996 won't make it *more* imbalanced. 5997 It's a required field. 5998 type: string 5999 required: 6000 - maxSkew 6001 - topologyKey 6002 - whenUnsatisfiable 6003 type: object 6004 type: array 6005 x-kubernetes-list-map-keys: 6006 - topologyKey 6007 - whenUnsatisfiable 6008 x-kubernetes-list-type: map 6009 volumes: 6010 description: |- 6011 List of volumes that can be mounted by containers belonging to the pod. 6012 More info: https://kubernetes.io/docs/concepts/storage/volumes 6013 items: 6014 description: Volume represents a named volume in a 6015 pod that may be accessed by any container in the 6016 pod. 6017 properties: 6018 awsElasticBlockStore: 6019 description: |- 6020 awsElasticBlockStore represents an AWS Disk resource that is attached to a 6021 kubelet's host machine and then exposed to the pod. 6022 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6023 properties: 6024 fsType: 6025 description: |- 6026 fsType is the filesystem type of the volume that you want to mount. 6027 Tip: Ensure that the filesystem type is supported by the host operating system. 6028 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6029 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6030 TODO: how do we prevent errors in the filesystem from compromising the machine 6031 type: string 6032 partition: 6033 description: |- 6034 partition is the partition in the volume that you want to mount. 6035 If omitted, the default is to mount by volume name. 6036 Examples: For volume /dev/sda1, you specify the partition as "1". 6037 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 6038 format: int32 6039 type: integer 6040 readOnly: 6041 description: |- 6042 readOnly value true will force the readOnly setting in VolumeMounts. 6043 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6044 type: boolean 6045 volumeID: 6046 description: |- 6047 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). 6048 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6049 type: string 6050 required: 6051 - volumeID 6052 type: object 6053 azureDisk: 6054 description: azureDisk represents an Azure Data 6055 Disk mount on the host and bind mount to the 6056 pod. 6057 properties: 6058 cachingMode: 6059 description: 'cachingMode is the Host Caching 6060 mode: None, Read Only, Read Write.' 6061 type: string 6062 diskName: 6063 description: diskName is the Name of the data 6064 disk in the blob storage 6065 type: string 6066 diskURI: 6067 description: diskURI is the URI of data disk 6068 in the blob storage 6069 type: string 6070 fsType: 6071 description: |- 6072 fsType is Filesystem type to mount. 6073 Must be a filesystem type supported by the host operating system. 6074 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6075 type: string 6076 kind: 6077 description: 'kind expected values are Shared: 6078 multiple blob disks per storage account Dedicated: 6079 single blob disk per storage account Managed: 6080 azure managed data disk (only in managed 6081 availability set). defaults to shared' 6082 type: string 6083 readOnly: 6084 description: |- 6085 readOnly Defaults to false (read/write). ReadOnly here will force 6086 the ReadOnly setting in VolumeMounts. 6087 type: boolean 6088 required: 6089 - diskName 6090 - diskURI 6091 type: object 6092 azureFile: 6093 description: azureFile represents an Azure File 6094 Service mount on the host and bind mount to 6095 the pod. 6096 properties: 6097 readOnly: 6098 description: |- 6099 readOnly defaults to false (read/write). ReadOnly here will force 6100 the ReadOnly setting in VolumeMounts. 6101 type: boolean 6102 secretName: 6103 description: secretName is the name of secret 6104 that contains Azure Storage Account Name 6105 and Key 6106 type: string 6107 shareName: 6108 description: shareName is the azure share 6109 Name 6110 type: string 6111 required: 6112 - secretName 6113 - shareName 6114 type: object 6115 cephfs: 6116 description: cephFS represents a Ceph FS mount 6117 on the host that shares a pod's lifetime 6118 properties: 6119 monitors: 6120 description: |- 6121 monitors is Required: Monitors is a collection of Ceph monitors 6122 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6123 items: 6124 type: string 6125 type: array 6126 path: 6127 description: 'path is Optional: Used as the 6128 mounted root, rather than the full Ceph 6129 tree, default is /' 6130 type: string 6131 readOnly: 6132 description: |- 6133 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 6134 the ReadOnly setting in VolumeMounts. 6135 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6136 type: boolean 6137 secretFile: 6138 description: |- 6139 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 6140 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6141 type: string 6142 secretRef: 6143 description: |- 6144 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. 6145 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6146 properties: 6147 name: 6148 description: |- 6149 Name of the referent. 6150 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6151 TODO: Add other useful fields. apiVersion, kind, uid? 6152 type: string 6153 type: object 6154 x-kubernetes-map-type: atomic 6155 user: 6156 description: |- 6157 user is optional: User is the rados user name, default is admin 6158 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6159 type: string 6160 required: 6161 - monitors 6162 type: object 6163 cinder: 6164 description: |- 6165 cinder represents a cinder volume attached and mounted on kubelets host machine. 6166 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6167 properties: 6168 fsType: 6169 description: |- 6170 fsType is the filesystem type to mount. 6171 Must be a filesystem type supported by the host operating system. 6172 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6173 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6174 type: string 6175 readOnly: 6176 description: |- 6177 readOnly defaults to false (read/write). ReadOnly here will force 6178 the ReadOnly setting in VolumeMounts. 6179 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6180 type: boolean 6181 secretRef: 6182 description: |- 6183 secretRef is optional: points to a secret object containing parameters used to connect 6184 to OpenStack. 6185 properties: 6186 name: 6187 description: |- 6188 Name of the referent. 6189 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6190 TODO: Add other useful fields. apiVersion, kind, uid? 6191 type: string 6192 type: object 6193 x-kubernetes-map-type: atomic 6194 volumeID: 6195 description: |- 6196 volumeID used to identify the volume in cinder. 6197 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6198 type: string 6199 required: 6200 - volumeID 6201 type: object 6202 configMap: 6203 description: configMap represents a configMap 6204 that should populate this volume 6205 properties: 6206 defaultMode: 6207 description: |- 6208 defaultMode is optional: mode bits used to set permissions on created files by default. 6209 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6210 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6211 Defaults to 0644. 6212 Directories within the path are not affected by this setting. 6213 This might be in conflict with other options that affect the file 6214 mode, like fsGroup, and the result can be other mode bits set. 6215 format: int32 6216 type: integer 6217 items: 6218 description: |- 6219 items if unspecified, each key-value pair in the Data field of the referenced 6220 ConfigMap will be projected into the volume as a file whose name is the 6221 key and content is the value. If specified, the listed keys will be 6222 projected into the specified paths, and unlisted keys will not be 6223 present. If a key is specified which is not present in the ConfigMap, 6224 the volume setup will error unless it is marked optional. Paths must be 6225 relative and may not contain the '..' path or start with '..'. 6226 items: 6227 description: Maps a string key to a path 6228 within a volume. 6229 properties: 6230 key: 6231 description: key is the key to project. 6232 type: string 6233 mode: 6234 description: |- 6235 mode is Optional: mode bits used to set permissions on this file. 6236 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6237 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6238 If not specified, the volume defaultMode will be used. 6239 This might be in conflict with other options that affect the file 6240 mode, like fsGroup, and the result can be other mode bits set. 6241 format: int32 6242 type: integer 6243 path: 6244 description: |- 6245 path is the relative path of the file to map the key to. 6246 May not be an absolute path. 6247 May not contain the path element '..'. 6248 May not start with the string '..'. 6249 type: string 6250 required: 6251 - key 6252 - path 6253 type: object 6254 type: array 6255 name: 6256 description: |- 6257 Name of the referent. 6258 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6259 TODO: Add other useful fields. apiVersion, kind, uid? 6260 type: string 6261 optional: 6262 description: optional specify whether the 6263 ConfigMap or its keys must be defined 6264 type: boolean 6265 type: object 6266 x-kubernetes-map-type: atomic 6267 csi: 6268 description: csi (Container Storage Interface) 6269 represents ephemeral storage that is handled 6270 by certain external CSI drivers (Beta feature). 6271 properties: 6272 driver: 6273 description: |- 6274 driver is the name of the CSI driver that handles this volume. 6275 Consult with your admin for the correct name as registered in the cluster. 6276 type: string 6277 fsType: 6278 description: |- 6279 fsType to mount. Ex. "ext4", "xfs", "ntfs". 6280 If not provided, the empty value is passed to the associated CSI driver 6281 which will determine the default filesystem to apply. 6282 type: string 6283 nodePublishSecretRef: 6284 description: |- 6285 nodePublishSecretRef is a reference to the secret object containing 6286 sensitive information to pass to the CSI driver to complete the CSI 6287 NodePublishVolume and NodeUnpublishVolume calls. 6288 This field is optional, and may be empty if no secret is required. If the 6289 secret object contains more than one secret, all secret references are passed. 6290 properties: 6291 name: 6292 description: |- 6293 Name of the referent. 6294 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6295 TODO: Add other useful fields. apiVersion, kind, uid? 6296 type: string 6297 type: object 6298 x-kubernetes-map-type: atomic 6299 readOnly: 6300 description: |- 6301 readOnly specifies a read-only configuration for the volume. 6302 Defaults to false (read/write). 6303 type: boolean 6304 volumeAttributes: 6305 additionalProperties: 6306 type: string 6307 description: |- 6308 volumeAttributes stores driver-specific properties that are passed to the CSI 6309 driver. Consult your driver's documentation for supported values. 6310 type: object 6311 required: 6312 - driver 6313 type: object 6314 downwardAPI: 6315 description: downwardAPI represents downward API 6316 about the pod that should populate this volume 6317 properties: 6318 defaultMode: 6319 description: |- 6320 Optional: mode bits to use on created files by default. Must be a 6321 Optional: mode bits used to set permissions on created files by default. 6322 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6323 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6324 Defaults to 0644. 6325 Directories within the path are not affected by this setting. 6326 This might be in conflict with other options that affect the file 6327 mode, like fsGroup, and the result can be other mode bits set. 6328 format: int32 6329 type: integer 6330 items: 6331 description: Items is a list of downward API 6332 volume file 6333 items: 6334 description: DownwardAPIVolumeFile represents 6335 information to create the file containing 6336 the pod field 6337 properties: 6338 fieldRef: 6339 description: 'Required: Selects a field 6340 of the pod: only annotations, labels, 6341 name and namespace are supported.' 6342 properties: 6343 apiVersion: 6344 description: Version of the schema 6345 the FieldPath is written in terms 6346 of, defaults to "v1". 6347 type: string 6348 fieldPath: 6349 description: Path of the field to 6350 select in the specified API version. 6351 type: string 6352 required: 6353 - fieldPath 6354 type: object 6355 x-kubernetes-map-type: atomic 6356 mode: 6357 description: |- 6358 Optional: mode bits used to set permissions on this file, must be an octal value 6359 between 0000 and 0777 or a decimal value between 0 and 511. 6360 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6361 If not specified, the volume defaultMode will be used. 6362 This might be in conflict with other options that affect the file 6363 mode, like fsGroup, and the result can be other mode bits set. 6364 format: int32 6365 type: integer 6366 path: 6367 description: 'Required: Path is the 6368 relative path name of the file to 6369 be created. Must not be absolute or 6370 contain the ''..'' path. Must be utf-8 6371 encoded. The first item of the relative 6372 path must not start with ''..''' 6373 type: string 6374 resourceFieldRef: 6375 description: |- 6376 Selects a resource of the container: only resources limits and requests 6377 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 6378 properties: 6379 containerName: 6380 description: 'Container name: required 6381 for volumes, optional for env 6382 vars' 6383 type: string 6384 divisor: 6385 anyOf: 6386 - type: integer 6387 - type: string 6388 description: Specifies the output 6389 format of the exposed resources, 6390 defaults to "1" 6391 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6392 x-kubernetes-int-or-string: true 6393 resource: 6394 description: 'Required: resource 6395 to select' 6396 type: string 6397 required: 6398 - resource 6399 type: object 6400 x-kubernetes-map-type: atomic 6401 required: 6402 - path 6403 type: object 6404 type: array 6405 type: object 6406 emptyDir: 6407 description: |- 6408 emptyDir represents a temporary directory that shares a pod's lifetime. 6409 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6410 properties: 6411 medium: 6412 description: |- 6413 medium represents what type of storage medium should back this directory. 6414 The default is "" which means to use the node's default medium. 6415 Must be an empty string (default) or Memory. 6416 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6417 type: string 6418 sizeLimit: 6419 anyOf: 6420 - type: integer 6421 - type: string 6422 description: |- 6423 sizeLimit is the total amount of local storage required for this EmptyDir volume. 6424 The size limit is also applicable for memory medium. 6425 The maximum usage on memory medium EmptyDir would be the minimum value between 6426 the SizeLimit specified here and the sum of memory limits of all containers in a pod. 6427 The default is nil which means that the limit is undefined. 6428 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6429 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6430 x-kubernetes-int-or-string: true 6431 type: object 6432 ephemeral: 6433 description: |- 6434 ephemeral represents a volume that is handled by a cluster storage driver. 6435 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, 6436 and deleted when the pod is removed. 6437 6438 6439 Use this if: 6440 a) the volume is only needed while the pod runs, 6441 b) features of normal volumes like restoring from snapshot or capacity 6442 tracking are needed, 6443 c) the storage driver is specified through a storage class, and 6444 d) the storage driver supports dynamic volume provisioning through 6445 a PersistentVolumeClaim (see EphemeralVolumeSource for more 6446 information on the connection between this volume type 6447 and PersistentVolumeClaim). 6448 6449 6450 Use PersistentVolumeClaim or one of the vendor-specific 6451 APIs for volumes that persist for longer than the lifecycle 6452 of an individual pod. 6453 6454 6455 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to 6456 be used that way - see the documentation of the driver for 6457 more information. 6458 6459 6460 A pod can use both types of ephemeral volumes and 6461 persistent volumes at the same time. 6462 properties: 6463 volumeClaimTemplate: 6464 description: |- 6465 Will be used to create a stand-alone PVC to provision the volume. 6466 The pod in which this EphemeralVolumeSource is embedded will be the 6467 owner of the PVC, i.e. the PVC will be deleted together with the 6468 pod. The name of the PVC will be `<pod name>-<volume name>` where 6469 `<volume name>` is the name from the `PodSpec.Volumes` array 6470 entry. Pod validation will reject the pod if the concatenated name 6471 is not valid for a PVC (for example, too long). 6472 6473 6474 An existing PVC with that name that is not owned by the pod 6475 will *not* be used for the pod to avoid using an unrelated 6476 volume by mistake. Starting the pod is then blocked until 6477 the unrelated PVC is removed. If such a pre-created PVC is 6478 meant to be used by the pod, the PVC has to updated with an 6479 owner reference to the pod once the pod exists. Normally 6480 this should not be necessary, but it may be useful when 6481 manually reconstructing a broken cluster. 6482 6483 6484 This field is read-only and no changes will be made by Kubernetes 6485 to the PVC after it has been created. 6486 6487 6488 Required, must not be nil. 6489 properties: 6490 metadata: 6491 description: |- 6492 May contain labels and annotations that will be copied into the PVC 6493 when creating it. No other fields are allowed and will be rejected during 6494 validation. 6495 properties: 6496 annotations: 6497 additionalProperties: 6498 type: string 6499 type: object 6500 finalizers: 6501 items: 6502 type: string 6503 type: array 6504 labels: 6505 additionalProperties: 6506 type: string 6507 type: object 6508 name: 6509 type: string 6510 namespace: 6511 type: string 6512 type: object 6513 spec: 6514 description: |- 6515 The specification for the PersistentVolumeClaim. The entire content is 6516 copied unchanged into the PVC that gets created from this 6517 template. The same fields as in a PersistentVolumeClaim 6518 are also valid here. 6519 properties: 6520 accessModes: 6521 description: |- 6522 accessModes contains the desired access modes the volume should have. 6523 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 6524 items: 6525 type: string 6526 type: array 6527 dataSource: 6528 description: |- 6529 dataSource field can be used to specify either: 6530 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 6531 * An existing PVC (PersistentVolumeClaim) 6532 If the provisioner or an external controller can support the specified data source, 6533 it will create a new volume based on the contents of the specified data source. 6534 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, 6535 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. 6536 If the namespace is specified, then dataSourceRef will not be copied to dataSource. 6537 properties: 6538 apiGroup: 6539 description: |- 6540 APIGroup is the group for the resource being referenced. 6541 If APIGroup is not specified, the specified Kind must be in the core API group. 6542 For any other third-party types, APIGroup is required. 6543 type: string 6544 kind: 6545 description: Kind is the type 6546 of resource being referenced 6547 type: string 6548 name: 6549 description: Name is the name 6550 of resource being referenced 6551 type: string 6552 required: 6553 - kind 6554 - name 6555 type: object 6556 x-kubernetes-map-type: atomic 6557 dataSourceRef: 6558 description: |- 6559 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty 6560 volume is desired. This may be any object from a non-empty API group (non 6561 core object) or a PersistentVolumeClaim object. 6562 When this field is specified, volume binding will only succeed if the type of 6563 the specified object matches some installed volume populator or dynamic 6564 provisioner. 6565 This field will replace the functionality of the dataSource field and as such 6566 if both fields are non-empty, they must have the same value. For backwards 6567 compatibility, when namespace isn't specified in dataSourceRef, 6568 both fields (dataSource and dataSourceRef) will be set to the same 6569 value automatically if one of them is empty and the other is non-empty. 6570 When namespace is specified in dataSourceRef, 6571 dataSource isn't set to the same value and must be empty. 6572 There are three important differences between dataSource and dataSourceRef: 6573 * While dataSource only allows two specific types of objects, dataSourceRef 6574 allows any non-core object, as well as PersistentVolumeClaim objects. 6575 * While dataSource ignores disallowed values (dropping them), dataSourceRef 6576 preserves all values, and generates an error if a disallowed value is 6577 specified. 6578 * While dataSource only allows local objects, dataSourceRef allows objects 6579 in any namespaces. 6580 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. 6581 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 6582 properties: 6583 apiGroup: 6584 description: |- 6585 APIGroup is the group for the resource being referenced. 6586 If APIGroup is not specified, the specified Kind must be in the core API group. 6587 For any other third-party types, APIGroup is required. 6588 type: string 6589 kind: 6590 description: Kind is the type 6591 of resource being referenced 6592 type: string 6593 name: 6594 description: Name is the name 6595 of resource being referenced 6596 type: string 6597 namespace: 6598 description: |- 6599 Namespace is the namespace of resource being referenced 6600 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. 6601 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 6602 type: string 6603 required: 6604 - kind 6605 - name 6606 type: object 6607 resources: 6608 description: |- 6609 resources represents the minimum resources the volume should have. 6610 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements 6611 that are lower than previous value but must still be higher than capacity recorded in the 6612 status field of the claim. 6613 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 6614 properties: 6615 limits: 6616 additionalProperties: 6617 anyOf: 6618 - type: integer 6619 - type: string 6620 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6621 x-kubernetes-int-or-string: true 6622 description: |- 6623 Limits describes the maximum amount of compute resources allowed. 6624 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 6625 type: object 6626 requests: 6627 additionalProperties: 6628 anyOf: 6629 - type: integer 6630 - type: string 6631 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6632 x-kubernetes-int-or-string: true 6633 description: |- 6634 Requests describes the minimum amount of compute resources required. 6635 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 6636 otherwise to an implementation-defined value. Requests cannot exceed Limits. 6637 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 6638 type: object 6639 type: object 6640 selector: 6641 description: selector is a label query 6642 over volumes to consider for binding. 6643 properties: 6644 matchExpressions: 6645 description: matchExpressions 6646 is a list of label selector 6647 requirements. The requirements 6648 are ANDed. 6649 items: 6650 description: |- 6651 A label selector requirement is a selector that contains values, a key, and an operator that 6652 relates the key and values. 6653 properties: 6654 key: 6655 description: key is the 6656 label key that the selector 6657 applies to. 6658 type: string 6659 operator: 6660 description: |- 6661 operator represents a key's relationship to a set of values. 6662 Valid operators are In, NotIn, Exists and DoesNotExist. 6663 type: string 6664 values: 6665 description: |- 6666 values is an array of string values. If the operator is In or NotIn, 6667 the values array must be non-empty. If the operator is Exists or DoesNotExist, 6668 the values array must be empty. This array is replaced during a strategic 6669 merge patch. 6670 items: 6671 type: string 6672 type: array 6673 required: 6674 - key 6675 - operator 6676 type: object 6677 type: array 6678 matchLabels: 6679 additionalProperties: 6680 type: string 6681 description: |- 6682 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 6683 map is equivalent to an element of matchExpressions, whose key field is "key", the 6684 operator is "In", and the values array contains only "value". The requirements are ANDed. 6685 type: object 6686 type: object 6687 x-kubernetes-map-type: atomic 6688 storageClassName: 6689 description: |- 6690 storageClassName is the name of the StorageClass required by the claim. 6691 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 6692 type: string 6693 volumeAttributesClassName: 6694 description: |- 6695 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. 6696 If specified, the CSI driver will create or update the volume with the attributes defined 6697 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, 6698 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass 6699 will be applied to the claim but it's not allowed to reset this field to empty string once it is set. 6700 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass 6701 will be set by the persistentvolume controller if it exists. 6702 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be 6703 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource 6704 exists. 6705 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass 6706 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. 6707 type: string 6708 volumeMode: 6709 description: |- 6710 volumeMode defines what type of volume is required by the claim. 6711 Value of Filesystem is implied when not included in claim spec. 6712 type: string 6713 volumeName: 6714 description: volumeName is the binding 6715 reference to the PersistentVolume 6716 backing this claim. 6717 type: string 6718 type: object 6719 required: 6720 - spec 6721 type: object 6722 type: object 6723 fc: 6724 description: fc represents a Fibre Channel resource 6725 that is attached to a kubelet's host machine 6726 and then exposed to the pod. 6727 properties: 6728 fsType: 6729 description: |- 6730 fsType is the filesystem type to mount. 6731 Must be a filesystem type supported by the host operating system. 6732 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6733 TODO: how do we prevent errors in the filesystem from compromising the machine 6734 type: string 6735 lun: 6736 description: 'lun is Optional: FC target lun 6737 number' 6738 format: int32 6739 type: integer 6740 readOnly: 6741 description: |- 6742 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 6743 the ReadOnly setting in VolumeMounts. 6744 type: boolean 6745 targetWWNs: 6746 description: 'targetWWNs is Optional: FC target 6747 worldwide names (WWNs)' 6748 items: 6749 type: string 6750 type: array 6751 wwids: 6752 description: |- 6753 wwids Optional: FC volume world wide identifiers (wwids) 6754 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. 6755 items: 6756 type: string 6757 type: array 6758 type: object 6759 flexVolume: 6760 description: |- 6761 flexVolume represents a generic volume resource that is 6762 provisioned/attached using an exec based plugin. 6763 properties: 6764 driver: 6765 description: driver is the name of the driver 6766 to use for this volume. 6767 type: string 6768 fsType: 6769 description: |- 6770 fsType is the filesystem type to mount. 6771 Must be a filesystem type supported by the host operating system. 6772 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 6773 type: string 6774 options: 6775 additionalProperties: 6776 type: string 6777 description: 'options is Optional: this field 6778 holds extra command options if any.' 6779 type: object 6780 readOnly: 6781 description: |- 6782 readOnly is Optional: defaults to false (read/write). ReadOnly here will force 6783 the ReadOnly setting in VolumeMounts. 6784 type: boolean 6785 secretRef: 6786 description: |- 6787 secretRef is Optional: secretRef is reference to the secret object containing 6788 sensitive information to pass to the plugin scripts. This may be 6789 empty if no secret object is specified. If the secret object 6790 contains more than one secret, all secrets are passed to the plugin 6791 scripts. 6792 properties: 6793 name: 6794 description: |- 6795 Name of the referent. 6796 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6797 TODO: Add other useful fields. apiVersion, kind, uid? 6798 type: string 6799 type: object 6800 x-kubernetes-map-type: atomic 6801 required: 6802 - driver 6803 type: object 6804 flocker: 6805 description: flocker represents a Flocker volume 6806 attached to a kubelet's host machine. This depends 6807 on the Flocker control service being running 6808 properties: 6809 datasetName: 6810 description: |- 6811 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker 6812 should be considered as deprecated 6813 type: string 6814 datasetUUID: 6815 description: datasetUUID is the UUID of the 6816 dataset. This is unique identifier of a 6817 Flocker dataset 6818 type: string 6819 type: object 6820 gcePersistentDisk: 6821 description: |- 6822 gcePersistentDisk represents a GCE Disk resource that is attached to a 6823 kubelet's host machine and then exposed to the pod. 6824 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6825 properties: 6826 fsType: 6827 description: |- 6828 fsType is filesystem type of the volume that you want to mount. 6829 Tip: Ensure that the filesystem type is supported by the host operating system. 6830 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6831 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6832 TODO: how do we prevent errors in the filesystem from compromising the machine 6833 type: string 6834 partition: 6835 description: |- 6836 partition is the partition in the volume that you want to mount. 6837 If omitted, the default is to mount by volume name. 6838 Examples: For volume /dev/sda1, you specify the partition as "1". 6839 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 6840 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6841 format: int32 6842 type: integer 6843 pdName: 6844 description: |- 6845 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. 6846 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6847 type: string 6848 readOnly: 6849 description: |- 6850 readOnly here will force the ReadOnly setting in VolumeMounts. 6851 Defaults to false. 6852 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6853 type: boolean 6854 required: 6855 - pdName 6856 type: object 6857 gitRepo: 6858 description: |- 6859 gitRepo represents a git repository at a particular revision. 6860 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 6861 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 6862 into the Pod's container. 6863 properties: 6864 directory: 6865 description: |- 6866 directory is the target directory name. 6867 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the 6868 git repository. Otherwise, if specified, the volume will contain the git repository in 6869 the subdirectory with the given name. 6870 type: string 6871 repository: 6872 description: repository is the URL 6873 type: string 6874 revision: 6875 description: revision is the commit hash for 6876 the specified revision. 6877 type: string 6878 required: 6879 - repository 6880 type: object 6881 glusterfs: 6882 description: |- 6883 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. 6884 More info: https://examples.k8s.io/volumes/glusterfs/README.md 6885 properties: 6886 endpoints: 6887 description: |- 6888 endpoints is the endpoint name that details Glusterfs topology. 6889 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6890 type: string 6891 path: 6892 description: |- 6893 path is the Glusterfs volume path. 6894 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6895 type: string 6896 readOnly: 6897 description: |- 6898 readOnly here will force the Glusterfs volume to be mounted with read-only permissions. 6899 Defaults to false. 6900 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6901 type: boolean 6902 required: 6903 - endpoints 6904 - path 6905 type: object 6906 hostPath: 6907 description: |- 6908 hostPath represents a pre-existing file or directory on the host 6909 machine that is directly exposed to the container. This is generally 6910 used for system agents or other privileged things that are allowed 6911 to see the host machine. Most containers will NOT need this. 6912 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6913 --- 6914 TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not 6915 mount host directories as read/write. 6916 properties: 6917 path: 6918 description: |- 6919 path of the directory on the host. 6920 If the path is a symlink, it will follow the link to the real path. 6921 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6922 type: string 6923 type: 6924 description: |- 6925 type for HostPath Volume 6926 Defaults to "" 6927 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6928 type: string 6929 required: 6930 - path 6931 type: object 6932 iscsi: 6933 description: |- 6934 iscsi represents an ISCSI Disk resource that is attached to a 6935 kubelet's host machine and then exposed to the pod. 6936 More info: https://examples.k8s.io/volumes/iscsi/README.md 6937 properties: 6938 chapAuthDiscovery: 6939 description: chapAuthDiscovery defines whether 6940 support iSCSI Discovery CHAP authentication 6941 type: boolean 6942 chapAuthSession: 6943 description: chapAuthSession defines whether 6944 support iSCSI Session CHAP authentication 6945 type: boolean 6946 fsType: 6947 description: |- 6948 fsType is the filesystem type of the volume that you want to mount. 6949 Tip: Ensure that the filesystem type is supported by the host operating system. 6950 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6951 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 6952 TODO: how do we prevent errors in the filesystem from compromising the machine 6953 type: string 6954 initiatorName: 6955 description: |- 6956 initiatorName is the custom iSCSI Initiator Name. 6957 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 6958 <target portal>:<volume name> will be created for the connection. 6959 type: string 6960 iqn: 6961 description: iqn is the target iSCSI Qualified 6962 Name. 6963 type: string 6964 iscsiInterface: 6965 description: |- 6966 iscsiInterface is the interface Name that uses an iSCSI transport. 6967 Defaults to 'default' (tcp). 6968 type: string 6969 lun: 6970 description: lun represents iSCSI Target Lun 6971 number. 6972 format: int32 6973 type: integer 6974 portals: 6975 description: |- 6976 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port 6977 is other than default (typically TCP ports 860 and 3260). 6978 items: 6979 type: string 6980 type: array 6981 readOnly: 6982 description: |- 6983 readOnly here will force the ReadOnly setting in VolumeMounts. 6984 Defaults to false. 6985 type: boolean 6986 secretRef: 6987 description: secretRef is the CHAP Secret 6988 for iSCSI target and initiator authentication 6989 properties: 6990 name: 6991 description: |- 6992 Name of the referent. 6993 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6994 TODO: Add other useful fields. apiVersion, kind, uid? 6995 type: string 6996 type: object 6997 x-kubernetes-map-type: atomic 6998 targetPortal: 6999 description: |- 7000 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 7001 is other than default (typically TCP ports 860 and 3260). 7002 type: string 7003 required: 7004 - iqn 7005 - lun 7006 - targetPortal 7007 type: object 7008 name: 7009 description: |- 7010 name of the volume. 7011 Must be a DNS_LABEL and unique within the pod. 7012 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7013 type: string 7014 nfs: 7015 description: |- 7016 nfs represents an NFS mount on the host that shares a pod's lifetime 7017 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7018 properties: 7019 path: 7020 description: |- 7021 path that is exported by the NFS server. 7022 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7023 type: string 7024 readOnly: 7025 description: |- 7026 readOnly here will force the NFS export to be mounted with read-only permissions. 7027 Defaults to false. 7028 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7029 type: boolean 7030 server: 7031 description: |- 7032 server is the hostname or IP address of the NFS server. 7033 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7034 type: string 7035 required: 7036 - path 7037 - server 7038 type: object 7039 persistentVolumeClaim: 7040 description: |- 7041 persistentVolumeClaimVolumeSource represents a reference to a 7042 PersistentVolumeClaim in the same namespace. 7043 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7044 properties: 7045 claimName: 7046 description: |- 7047 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. 7048 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7049 type: string 7050 readOnly: 7051 description: |- 7052 readOnly Will force the ReadOnly setting in VolumeMounts. 7053 Default false. 7054 type: boolean 7055 required: 7056 - claimName 7057 type: object 7058 photonPersistentDisk: 7059 description: photonPersistentDisk represents a 7060 PhotonController persistent disk attached and 7061 mounted on kubelets host machine 7062 properties: 7063 fsType: 7064 description: |- 7065 fsType is the filesystem type to mount. 7066 Must be a filesystem type supported by the host operating system. 7067 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7068 type: string 7069 pdID: 7070 description: pdID is the ID that identifies 7071 Photon Controller persistent disk 7072 type: string 7073 required: 7074 - pdID 7075 type: object 7076 portworxVolume: 7077 description: portworxVolume represents a portworx 7078 volume attached and mounted on kubelets host 7079 machine 7080 properties: 7081 fsType: 7082 description: |- 7083 fSType represents the filesystem type to mount 7084 Must be a filesystem type supported by the host operating system. 7085 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 7086 type: string 7087 readOnly: 7088 description: |- 7089 readOnly defaults to false (read/write). ReadOnly here will force 7090 the ReadOnly setting in VolumeMounts. 7091 type: boolean 7092 volumeID: 7093 description: volumeID uniquely identifies 7094 a Portworx volume 7095 type: string 7096 required: 7097 - volumeID 7098 type: object 7099 projected: 7100 description: projected items for all in one resources 7101 secrets, configmaps, and downward API 7102 properties: 7103 defaultMode: 7104 description: |- 7105 defaultMode are the mode bits used to set permissions on created files by default. 7106 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7107 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7108 Directories within the path are not affected by this setting. 7109 This might be in conflict with other options that affect the file 7110 mode, like fsGroup, and the result can be other mode bits set. 7111 format: int32 7112 type: integer 7113 sources: 7114 description: sources is the list of volume 7115 projections 7116 items: 7117 description: Projection that may be projected 7118 along with other supported volume types 7119 properties: 7120 clusterTrustBundle: 7121 description: |- 7122 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field 7123 of ClusterTrustBundle objects in an auto-updating file. 7124 7125 7126 Alpha, gated by the ClusterTrustBundleProjection feature gate. 7127 7128 7129 ClusterTrustBundle objects can either be selected by name, or by the 7130 combination of signer name and a label selector. 7131 7132 7133 Kubelet performs aggressive normalization of the PEM contents written 7134 into the pod filesystem. Esoteric PEM features such as inter-block 7135 comments and block headers are stripped. Certificates are deduplicated. 7136 The ordering of certificates within the file is arbitrary, and Kubelet 7137 may change the order over time. 7138 properties: 7139 labelSelector: 7140 description: |- 7141 Select all ClusterTrustBundles that match this label selector. Only has 7142 effect if signerName is set. Mutually-exclusive with name. If unset, 7143 interpreted as "match nothing". If set but empty, interpreted as "match 7144 everything". 7145 properties: 7146 matchExpressions: 7147 description: matchExpressions 7148 is a list of label selector 7149 requirements. The requirements 7150 are ANDed. 7151 items: 7152 description: |- 7153 A label selector requirement is a selector that contains values, a key, and an operator that 7154 relates the key and values. 7155 properties: 7156 key: 7157 description: key is the 7158 label key that the selector 7159 applies to. 7160 type: string 7161 operator: 7162 description: |- 7163 operator represents a key's relationship to a set of values. 7164 Valid operators are In, NotIn, Exists and DoesNotExist. 7165 type: string 7166 values: 7167 description: |- 7168 values is an array of string values. If the operator is In or NotIn, 7169 the values array must be non-empty. If the operator is Exists or DoesNotExist, 7170 the values array must be empty. This array is replaced during a strategic 7171 merge patch. 7172 items: 7173 type: string 7174 type: array 7175 required: 7176 - key 7177 - operator 7178 type: object 7179 type: array 7180 matchLabels: 7181 additionalProperties: 7182 type: string 7183 description: |- 7184 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 7185 map is equivalent to an element of matchExpressions, whose key field is "key", the 7186 operator is "In", and the values array contains only "value". The requirements are ANDed. 7187 type: object 7188 type: object 7189 x-kubernetes-map-type: atomic 7190 name: 7191 description: |- 7192 Select a single ClusterTrustBundle by object name. Mutually-exclusive 7193 with signerName and labelSelector. 7194 type: string 7195 optional: 7196 description: |- 7197 If true, don't block pod startup if the referenced ClusterTrustBundle(s) 7198 aren't available. If using name, then the named ClusterTrustBundle is 7199 allowed not to exist. If using signerName, then the combination of 7200 signerName and labelSelector is allowed to match zero 7201 ClusterTrustBundles. 7202 type: boolean 7203 path: 7204 description: Relative path from 7205 the volume root to write the bundle. 7206 type: string 7207 signerName: 7208 description: |- 7209 Select all ClusterTrustBundles that match this signer name. 7210 Mutually-exclusive with name. The contents of all selected 7211 ClusterTrustBundles will be unified and deduplicated. 7212 type: string 7213 required: 7214 - path 7215 type: object 7216 configMap: 7217 description: configMap information about 7218 the configMap data to project 7219 properties: 7220 items: 7221 description: |- 7222 items if unspecified, each key-value pair in the Data field of the referenced 7223 ConfigMap will be projected into the volume as a file whose name is the 7224 key and content is the value. If specified, the listed keys will be 7225 projected into the specified paths, and unlisted keys will not be 7226 present. If a key is specified which is not present in the ConfigMap, 7227 the volume setup will error unless it is marked optional. Paths must be 7228 relative and may not contain the '..' path or start with '..'. 7229 items: 7230 description: Maps a string key 7231 to a path within a volume. 7232 properties: 7233 key: 7234 description: key is the key 7235 to project. 7236 type: string 7237 mode: 7238 description: |- 7239 mode is Optional: mode bits used to set permissions on this file. 7240 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7241 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7242 If not specified, the volume defaultMode will be used. 7243 This might be in conflict with other options that affect the file 7244 mode, like fsGroup, and the result can be other mode bits set. 7245 format: int32 7246 type: integer 7247 path: 7248 description: |- 7249 path is the relative path of the file to map the key to. 7250 May not be an absolute path. 7251 May not contain the path element '..'. 7252 May not start with the string '..'. 7253 type: string 7254 required: 7255 - key 7256 - path 7257 type: object 7258 type: array 7259 name: 7260 description: |- 7261 Name of the referent. 7262 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7263 TODO: Add other useful fields. apiVersion, kind, uid? 7264 type: string 7265 optional: 7266 description: optional specify whether 7267 the ConfigMap or its keys must 7268 be defined 7269 type: boolean 7270 type: object 7271 x-kubernetes-map-type: atomic 7272 downwardAPI: 7273 description: downwardAPI information 7274 about the downwardAPI data to project 7275 properties: 7276 items: 7277 description: Items is a list of 7278 DownwardAPIVolume file 7279 items: 7280 description: DownwardAPIVolumeFile 7281 represents information to create 7282 the file containing the pod 7283 field 7284 properties: 7285 fieldRef: 7286 description: 'Required: Selects 7287 a field of the pod: only 7288 annotations, labels, name 7289 and namespace are supported.' 7290 properties: 7291 apiVersion: 7292 description: Version of 7293 the schema the FieldPath 7294 is written in terms 7295 of, defaults to "v1". 7296 type: string 7297 fieldPath: 7298 description: Path of the 7299 field to select in the 7300 specified API version. 7301 type: string 7302 required: 7303 - fieldPath 7304 type: object 7305 x-kubernetes-map-type: atomic 7306 mode: 7307 description: |- 7308 Optional: mode bits used to set permissions on this file, must be an octal value 7309 between 0000 and 0777 or a decimal value between 0 and 511. 7310 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7311 If not specified, the volume defaultMode will be used. 7312 This might be in conflict with other options that affect the file 7313 mode, like fsGroup, and the result can be other mode bits set. 7314 format: int32 7315 type: integer 7316 path: 7317 description: 'Required: Path 7318 is the relative path name 7319 of the file to be created. 7320 Must not be absolute or 7321 contain the ''..'' path. 7322 Must be utf-8 encoded. The 7323 first item of the relative 7324 path must not start with 7325 ''..''' 7326 type: string 7327 resourceFieldRef: 7328 description: |- 7329 Selects a resource of the container: only resources limits and requests 7330 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 7331 properties: 7332 containerName: 7333 description: 'Container 7334 name: required for volumes, 7335 optional for env vars' 7336 type: string 7337 divisor: 7338 anyOf: 7339 - type: integer 7340 - type: string 7341 description: Specifies 7342 the output format of 7343 the exposed resources, 7344 defaults to "1" 7345 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7346 x-kubernetes-int-or-string: true 7347 resource: 7348 description: 'Required: 7349 resource to select' 7350 type: string 7351 required: 7352 - resource 7353 type: object 7354 x-kubernetes-map-type: atomic 7355 required: 7356 - path 7357 type: object 7358 type: array 7359 type: object 7360 secret: 7361 description: secret information about 7362 the secret data to project 7363 properties: 7364 items: 7365 description: |- 7366 items if unspecified, each key-value pair in the Data field of the referenced 7367 Secret will be projected into the volume as a file whose name is the 7368 key and content is the value. If specified, the listed keys will be 7369 projected into the specified paths, and unlisted keys will not be 7370 present. If a key is specified which is not present in the Secret, 7371 the volume setup will error unless it is marked optional. Paths must be 7372 relative and may not contain the '..' path or start with '..'. 7373 items: 7374 description: Maps a string key 7375 to a path within a volume. 7376 properties: 7377 key: 7378 description: key is the key 7379 to project. 7380 type: string 7381 mode: 7382 description: |- 7383 mode is Optional: mode bits used to set permissions on this file. 7384 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7385 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7386 If not specified, the volume defaultMode will be used. 7387 This might be in conflict with other options that affect the file 7388 mode, like fsGroup, and the result can be other mode bits set. 7389 format: int32 7390 type: integer 7391 path: 7392 description: |- 7393 path is the relative path of the file to map the key to. 7394 May not be an absolute path. 7395 May not contain the path element '..'. 7396 May not start with the string '..'. 7397 type: string 7398 required: 7399 - key 7400 - path 7401 type: object 7402 type: array 7403 name: 7404 description: |- 7405 Name of the referent. 7406 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7407 TODO: Add other useful fields. apiVersion, kind, uid? 7408 type: string 7409 optional: 7410 description: optional field specify 7411 whether the Secret or its key 7412 must be defined 7413 type: boolean 7414 type: object 7415 x-kubernetes-map-type: atomic 7416 serviceAccountToken: 7417 description: serviceAccountToken is 7418 information about the serviceAccountToken 7419 data to project 7420 properties: 7421 audience: 7422 description: |- 7423 audience is the intended audience of the token. A recipient of a token 7424 must identify itself with an identifier specified in the audience of the 7425 token, and otherwise should reject the token. The audience defaults to the 7426 identifier of the apiserver. 7427 type: string 7428 expirationSeconds: 7429 description: |- 7430 expirationSeconds is the requested duration of validity of the service 7431 account token. As the token approaches expiration, the kubelet volume 7432 plugin will proactively rotate the service account token. The kubelet will 7433 start trying to rotate the token if the token is older than 80 percent of 7434 its time to live or if the token is older than 24 hours.Defaults to 1 hour 7435 and must be at least 10 minutes. 7436 format: int64 7437 type: integer 7438 path: 7439 description: |- 7440 path is the path relative to the mount point of the file to project the 7441 token into. 7442 type: string 7443 required: 7444 - path 7445 type: object 7446 type: object 7447 type: array 7448 type: object 7449 quobyte: 7450 description: quobyte represents a Quobyte mount 7451 on the host that shares a pod's lifetime 7452 properties: 7453 group: 7454 description: |- 7455 group to map volume access to 7456 Default is no group 7457 type: string 7458 readOnly: 7459 description: |- 7460 readOnly here will force the Quobyte volume to be mounted with read-only permissions. 7461 Defaults to false. 7462 type: boolean 7463 registry: 7464 description: |- 7465 registry represents a single or multiple Quobyte Registry services 7466 specified as a string as host:port pair (multiple entries are separated with commas) 7467 which acts as the central registry for volumes 7468 type: string 7469 tenant: 7470 description: |- 7471 tenant owning the given Quobyte volume in the Backend 7472 Used with dynamically provisioned Quobyte volumes, value is set by the plugin 7473 type: string 7474 user: 7475 description: |- 7476 user to map volume access to 7477 Defaults to serivceaccount user 7478 type: string 7479 volume: 7480 description: volume is a string that references 7481 an already created Quobyte volume by name. 7482 type: string 7483 required: 7484 - registry 7485 - volume 7486 type: object 7487 rbd: 7488 description: |- 7489 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. 7490 More info: https://examples.k8s.io/volumes/rbd/README.md 7491 properties: 7492 fsType: 7493 description: |- 7494 fsType is the filesystem type of the volume that you want to mount. 7495 Tip: Ensure that the filesystem type is supported by the host operating system. 7496 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7497 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 7498 TODO: how do we prevent errors in the filesystem from compromising the machine 7499 type: string 7500 image: 7501 description: |- 7502 image is the rados image name. 7503 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7504 type: string 7505 keyring: 7506 description: |- 7507 keyring is the path to key ring for RBDUser. 7508 Default is /etc/ceph/keyring. 7509 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7510 type: string 7511 monitors: 7512 description: |- 7513 monitors is a collection of Ceph monitors. 7514 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7515 items: 7516 type: string 7517 type: array 7518 pool: 7519 description: |- 7520 pool is the rados pool name. 7521 Default is rbd. 7522 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7523 type: string 7524 readOnly: 7525 description: |- 7526 readOnly here will force the ReadOnly setting in VolumeMounts. 7527 Defaults to false. 7528 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7529 type: boolean 7530 secretRef: 7531 description: |- 7532 secretRef is name of the authentication secret for RBDUser. If provided 7533 overrides keyring. 7534 Default is nil. 7535 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7536 properties: 7537 name: 7538 description: |- 7539 Name of the referent. 7540 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7541 TODO: Add other useful fields. apiVersion, kind, uid? 7542 type: string 7543 type: object 7544 x-kubernetes-map-type: atomic 7545 user: 7546 description: |- 7547 user is the rados user name. 7548 Default is admin. 7549 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7550 type: string 7551 required: 7552 - image 7553 - monitors 7554 type: object 7555 scaleIO: 7556 description: scaleIO represents a ScaleIO persistent 7557 volume attached and mounted on Kubernetes nodes. 7558 properties: 7559 fsType: 7560 description: |- 7561 fsType is the filesystem type to mount. 7562 Must be a filesystem type supported by the host operating system. 7563 Ex. "ext4", "xfs", "ntfs". 7564 Default is "xfs". 7565 type: string 7566 gateway: 7567 description: gateway is the host address of 7568 the ScaleIO API Gateway. 7569 type: string 7570 protectionDomain: 7571 description: protectionDomain is the name 7572 of the ScaleIO Protection Domain for the 7573 configured storage. 7574 type: string 7575 readOnly: 7576 description: |- 7577 readOnly Defaults to false (read/write). ReadOnly here will force 7578 the ReadOnly setting in VolumeMounts. 7579 type: boolean 7580 secretRef: 7581 description: |- 7582 secretRef references to the secret for ScaleIO user and other 7583 sensitive information. If this is not provided, Login operation will fail. 7584 properties: 7585 name: 7586 description: |- 7587 Name of the referent. 7588 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7589 TODO: Add other useful fields. apiVersion, kind, uid? 7590 type: string 7591 type: object 7592 x-kubernetes-map-type: atomic 7593 sslEnabled: 7594 description: sslEnabled Flag enable/disable 7595 SSL communication with Gateway, default 7596 false 7597 type: boolean 7598 storageMode: 7599 description: |- 7600 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 7601 Default is ThinProvisioned. 7602 type: string 7603 storagePool: 7604 description: storagePool is the ScaleIO Storage 7605 Pool associated with the protection domain. 7606 type: string 7607 system: 7608 description: system is the name of the storage 7609 system as configured in ScaleIO. 7610 type: string 7611 volumeName: 7612 description: |- 7613 volumeName is the name of a volume already created in the ScaleIO system 7614 that is associated with this volume source. 7615 type: string 7616 required: 7617 - gateway 7618 - secretRef 7619 - system 7620 type: object 7621 secret: 7622 description: |- 7623 secret represents a secret that should populate this volume. 7624 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 7625 properties: 7626 defaultMode: 7627 description: |- 7628 defaultMode is Optional: mode bits used to set permissions on created files by default. 7629 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7630 YAML accepts both octal and decimal values, JSON requires decimal values 7631 for mode bits. Defaults to 0644. 7632 Directories within the path are not affected by this setting. 7633 This might be in conflict with other options that affect the file 7634 mode, like fsGroup, and the result can be other mode bits set. 7635 format: int32 7636 type: integer 7637 items: 7638 description: |- 7639 items If unspecified, each key-value pair in the Data field of the referenced 7640 Secret will be projected into the volume as a file whose name is the 7641 key and content is the value. If specified, the listed keys will be 7642 projected into the specified paths, and unlisted keys will not be 7643 present. If a key is specified which is not present in the Secret, 7644 the volume setup will error unless it is marked optional. Paths must be 7645 relative and may not contain the '..' path or start with '..'. 7646 items: 7647 description: Maps a string key to a path 7648 within a volume. 7649 properties: 7650 key: 7651 description: key is the key to project. 7652 type: string 7653 mode: 7654 description: |- 7655 mode is Optional: mode bits used to set permissions on this file. 7656 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7657 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7658 If not specified, the volume defaultMode will be used. 7659 This might be in conflict with other options that affect the file 7660 mode, like fsGroup, and the result can be other mode bits set. 7661 format: int32 7662 type: integer 7663 path: 7664 description: |- 7665 path is the relative path of the file to map the key to. 7666 May not be an absolute path. 7667 May not contain the path element '..'. 7668 May not start with the string '..'. 7669 type: string 7670 required: 7671 - key 7672 - path 7673 type: object 7674 type: array 7675 optional: 7676 description: optional field specify whether 7677 the Secret or its keys must be defined 7678 type: boolean 7679 secretName: 7680 description: |- 7681 secretName is the name of the secret in the pod's namespace to use. 7682 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 7683 type: string 7684 type: object 7685 storageos: 7686 description: storageOS represents a StorageOS 7687 volume attached and mounted on Kubernetes nodes. 7688 properties: 7689 fsType: 7690 description: |- 7691 fsType is the filesystem type to mount. 7692 Must be a filesystem type supported by the host operating system. 7693 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7694 type: string 7695 readOnly: 7696 description: |- 7697 readOnly defaults to false (read/write). ReadOnly here will force 7698 the ReadOnly setting in VolumeMounts. 7699 type: boolean 7700 secretRef: 7701 description: |- 7702 secretRef specifies the secret to use for obtaining the StorageOS API 7703 credentials. If not specified, default values will be attempted. 7704 properties: 7705 name: 7706 description: |- 7707 Name of the referent. 7708 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7709 TODO: Add other useful fields. apiVersion, kind, uid? 7710 type: string 7711 type: object 7712 x-kubernetes-map-type: atomic 7713 volumeName: 7714 description: |- 7715 volumeName is the human-readable name of the StorageOS volume. Volume 7716 names are only unique within a namespace. 7717 type: string 7718 volumeNamespace: 7719 description: |- 7720 volumeNamespace specifies the scope of the volume within StorageOS. If no 7721 namespace is specified then the Pod's namespace will be used. This allows the 7722 Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 7723 Set VolumeName to any name to override the default behaviour. 7724 Set to "default" if you are not using namespaces within StorageOS. 7725 Namespaces that do not pre-exist within StorageOS will be created. 7726 type: string 7727 type: object 7728 vsphereVolume: 7729 description: vsphereVolume represents a vSphere 7730 volume attached and mounted on kubelets host 7731 machine 7732 properties: 7733 fsType: 7734 description: |- 7735 fsType is filesystem type to mount. 7736 Must be a filesystem type supported by the host operating system. 7737 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7738 type: string 7739 storagePolicyID: 7740 description: storagePolicyID is the storage 7741 Policy Based Management (SPBM) profile ID 7742 associated with the StoragePolicyName. 7743 type: string 7744 storagePolicyName: 7745 description: storagePolicyName is the storage 7746 Policy Based Management (SPBM) profile name. 7747 type: string 7748 volumePath: 7749 description: volumePath is the path that identifies 7750 vSphere volume vmdk 7751 type: string 7752 required: 7753 - volumePath 7754 type: object 7755 required: 7756 - name 7757 type: object 7758 type: array 7759 required: 7760 - containers 7761 type: object 7762 type: object 7763 required: 7764 - count 7765 - name 7766 - template 7767 type: object 7768 maxItems: 8 7769 minItems: 1 7770 type: array 7771 x-kubernetes-list-map-keys: 7772 - name 7773 x-kubernetes-list-type: map 7774 priority: 7775 description: |- 7776 Priority determines the order of access to the resources managed by the 7777 ClusterQueue where the workload is queued. 7778 The priority value is populated from PriorityClassName. 7779 The higher the value, the higher the priority. 7780 If priorityClassName is specified, priority must not be null. 7781 format: int32 7782 type: integer 7783 priorityClassName: 7784 description: |- 7785 If specified, indicates the workload's priority. 7786 "system-node-critical" and "system-cluster-critical" are two special 7787 keywords which indicate the highest priorities with the former being 7788 the highest priority. Any other name must be defined by creating a 7789 PriorityClass object with that name. If not specified, the workload 7790 priority will be default or zero if there is no default. 7791 type: string 7792 priorityClassSource: 7793 default: "" 7794 description: |- 7795 priorityClassSource determines whether the priorityClass field refers to a pod PriorityClass or kueue.x-k8s.io/workloadpriorityclass. 7796 Workload's PriorityClass can accept the name of a pod priorityClass or a workloadPriorityClass. 7797 When using pod PriorityClass, a priorityClassSource field has the scheduling.k8s.io/priorityclass value. 7798 enum: 7799 - kueue.x-k8s.io/workloadpriorityclass 7800 - scheduling.k8s.io/priorityclass 7801 - "" 7802 type: string 7803 queueName: 7804 description: |- 7805 queueName is the name of the LocalQueue the Workload is associated with. 7806 queueName cannot be changed while .status.admission is not null. 7807 type: string 7808 required: 7809 - podSets 7810 type: object 7811 status: 7812 description: WorkloadStatus defines the observed state of Workload 7813 properties: 7814 admission: 7815 description: |- 7816 admission holds the parameters of the admission of the workload by a 7817 ClusterQueue. admission can be set back to null, but its fields cannot be 7818 changed once set. 7819 properties: 7820 clusterQueue: 7821 description: clusterQueue is the name of the ClusterQueue that 7822 admitted this workload. 7823 type: string 7824 podSetAssignments: 7825 description: PodSetAssignments hold the admission results for 7826 each of the .spec.podSets entries. 7827 items: 7828 properties: 7829 count: 7830 description: |- 7831 count is the number of pods taken into account at admission time. 7832 This field will not change in case of quota reclaim. 7833 Value could be missing for Workloads created before this field was added, 7834 in that case spec.podSets[*].count value will be used. 7835 format: int32 7836 minimum: 0 7837 type: integer 7838 flavors: 7839 additionalProperties: 7840 description: ResourceFlavorReference is the name of the 7841 ResourceFlavor. 7842 type: string 7843 description: Flavors are the flavors assigned to the workload 7844 for each resource. 7845 type: object 7846 name: 7847 default: main 7848 description: Name is the name of the podSet. It should match 7849 one of the names in .spec.podSets. 7850 type: string 7851 resourceUsage: 7852 additionalProperties: 7853 anyOf: 7854 - type: integer 7855 - type: string 7856 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7857 x-kubernetes-int-or-string: true 7858 description: |- 7859 resourceUsage keeps track of the total resources all the pods in the podset need to run. 7860 7861 7862 Beside what is provided in podSet's specs, this calculation takes into account 7863 the LimitRange defaults and RuntimeClass overheads at the moment of admission. 7864 This field will not change in case of quota reclaim. 7865 type: object 7866 required: 7867 - name 7868 type: object 7869 type: array 7870 x-kubernetes-list-map-keys: 7871 - name 7872 x-kubernetes-list-type: map 7873 required: 7874 - clusterQueue 7875 - podSetAssignments 7876 type: object 7877 admissionChecks: 7878 description: admissionChecks list all the admission checks required 7879 by the workload and the current status 7880 items: 7881 properties: 7882 lastTransitionTime: 7883 description: |- 7884 lastTransitionTime is the last time the condition transitioned from one status to another. 7885 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 7886 format: date-time 7887 type: string 7888 message: 7889 description: |- 7890 message is a human readable message indicating details about the transition. 7891 This may be an empty string. 7892 maxLength: 32768 7893 type: string 7894 name: 7895 description: name identifies the admission check. 7896 maxLength: 316 7897 type: string 7898 podSetUpdates: 7899 items: 7900 description: |- 7901 PodSetUpdate contains a list of pod set modifications suggested by AdmissionChecks. 7902 The modifications should be additive only - modifications of already existing keys 7903 or having the same key provided by multiple AdmissionChecks is not allowed and will 7904 result in failure during workload admission. 7905 properties: 7906 annotations: 7907 additionalProperties: 7908 type: string 7909 type: object 7910 labels: 7911 additionalProperties: 7912 type: string 7913 type: object 7914 name: 7915 description: Name of the PodSet to modify. Should match 7916 to one of the Workload's PodSets. 7917 type: string 7918 nodeSelector: 7919 additionalProperties: 7920 type: string 7921 type: object 7922 tolerations: 7923 items: 7924 description: |- 7925 The pod this Toleration is attached to tolerates any taint that matches 7926 the triple <key,value,effect> using the matching operator <operator>. 7927 properties: 7928 effect: 7929 description: |- 7930 Effect indicates the taint effect to match. Empty means match all taint effects. 7931 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 7932 type: string 7933 key: 7934 description: |- 7935 Key is the taint key that the toleration applies to. Empty means match all taint keys. 7936 If the key is empty, operator must be Exists; this combination means to match all values and all keys. 7937 type: string 7938 operator: 7939 description: |- 7940 Operator represents a key's relationship to the value. 7941 Valid operators are Exists and Equal. Defaults to Equal. 7942 Exists is equivalent to wildcard for value, so that a pod can 7943 tolerate all taints of a particular category. 7944 type: string 7945 tolerationSeconds: 7946 description: |- 7947 TolerationSeconds represents the period of time the toleration (which must be 7948 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 7949 it is not set, which means tolerate the taint forever (do not evict). Zero and 7950 negative values will be treated as 0 (evict immediately) by the system. 7951 format: int64 7952 type: integer 7953 value: 7954 description: |- 7955 Value is the taint value the toleration matches to. 7956 If the operator is Exists, the value should be empty, otherwise just a regular string. 7957 type: string 7958 type: object 7959 type: array 7960 required: 7961 - name 7962 type: object 7963 type: array 7964 x-kubernetes-list-type: atomic 7965 state: 7966 description: state of the admissionCheck, one of Pending, Ready, 7967 Retry, Rejected 7968 enum: 7969 - Pending 7970 - Ready 7971 - Retry 7972 - Rejected 7973 type: string 7974 required: 7975 - lastTransitionTime 7976 - message 7977 - name 7978 - state 7979 type: object 7980 type: array 7981 x-kubernetes-list-map-keys: 7982 - name 7983 x-kubernetes-list-type: map 7984 conditions: 7985 description: |- 7986 conditions hold the latest available observations of the Workload 7987 current state. 7988 7989 7990 The type of the condition could be: 7991 7992 7993 - Admitted: the Workload was admitted through a ClusterQueue. 7994 - Finished: the associated workload finished running (failed or succeeded). 7995 - PodsReady: at least `.spec.podSets[*].count` Pods are ready or have 7996 succeeded. 7997 items: 7998 description: "Condition contains details for one aspect of the current 7999 state of this API Resource.\n---\nThis struct is intended for 8000 direct use as an array at the field path .status.conditions. For 8001 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the 8002 observations of a foo's current state.\n\t // Known .status.conditions.type 8003 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // 8004 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t 8005 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" 8006 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t 8007 \ // other fields\n\t}" 8008 properties: 8009 lastTransitionTime: 8010 description: |- 8011 lastTransitionTime is the last time the condition transitioned from one status to another. 8012 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 8013 format: date-time 8014 type: string 8015 message: 8016 description: |- 8017 message is a human readable message indicating details about the transition. 8018 This may be an empty string. 8019 maxLength: 32768 8020 type: string 8021 observedGeneration: 8022 description: |- 8023 observedGeneration represents the .metadata.generation that the condition was set based upon. 8024 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 8025 with respect to the current state of the instance. 8026 format: int64 8027 minimum: 0 8028 type: integer 8029 reason: 8030 description: |- 8031 reason contains a programmatic identifier indicating the reason for the condition's last transition. 8032 Producers of specific condition types may define expected values and meanings for this field, 8033 and whether the values are considered a guaranteed API. 8034 The value should be a CamelCase string. 8035 This field may not be empty. 8036 maxLength: 1024 8037 minLength: 1 8038 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 8039 type: string 8040 status: 8041 description: status of the condition, one of True, False, Unknown. 8042 enum: 8043 - "True" 8044 - "False" 8045 - Unknown 8046 type: string 8047 type: 8048 description: |- 8049 type of condition in CamelCase or in foo.example.com/CamelCase. 8050 --- 8051 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be 8052 useful (see .node.status.conditions), the ability to deconflict is important. 8053 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 8054 maxLength: 316 8055 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 8056 type: string 8057 required: 8058 - lastTransitionTime 8059 - message 8060 - reason 8061 - status 8062 - type 8063 type: object 8064 type: array 8065 x-kubernetes-list-map-keys: 8066 - type 8067 x-kubernetes-list-type: map 8068 reclaimablePods: 8069 description: |- 8070 reclaimablePods keeps track of the number pods within a podset for which 8071 the resource reservation is no longer needed. 8072 items: 8073 properties: 8074 count: 8075 description: count is the number of pods for which the requested 8076 resources are no longer needed. 8077 format: int32 8078 minimum: 0 8079 type: integer 8080 name: 8081 description: name is the PodSet name. 8082 type: string 8083 required: 8084 - count 8085 - name 8086 type: object 8087 type: array 8088 x-kubernetes-list-map-keys: 8089 - name 8090 x-kubernetes-list-type: map 8091 requeueState: 8092 description: |- 8093 requeueState holds the re-queue state 8094 when a workload meets Eviction with PodsReadyTimeout reason. 8095 properties: 8096 count: 8097 description: |- 8098 count records the number of times a workload has been re-queued 8099 When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`), 8100 this count would be reset to null. 8101 format: int32 8102 minimum: 0 8103 type: integer 8104 requeueAt: 8105 description: |- 8106 requeueAt records the time when a workload will be re-queued. 8107 When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`), 8108 this time would be reset to null. 8109 format: date-time 8110 type: string 8111 type: object 8112 type: object 8113 type: object 8114 served: true 8115 storage: true 8116 subresources: 8117 status: {}