sigs.k8s.io/kueue@v0.6.2/config/components/crd/bases/kueue.x-k8s.io_workloads.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.14.0 7 name: workloads.kueue.x-k8s.io 8 spec: 9 group: kueue.x-k8s.io 10 names: 11 kind: Workload 12 listKind: WorkloadList 13 plural: workloads 14 shortNames: 15 - wl 16 singular: workload 17 scope: Namespaced 18 versions: 19 - additionalPrinterColumns: 20 - description: Name of the queue this workload was submitted to 21 jsonPath: .spec.queueName 22 name: Queue 23 type: string 24 - description: Name of the ClusterQueue that admitted this workload 25 jsonPath: .status.admission.clusterQueue 26 name: Admitted by 27 type: string 28 - description: Time this workload was created 29 jsonPath: .metadata.creationTimestamp 30 name: Age 31 type: date 32 name: v1beta1 33 schema: 34 openAPIV3Schema: 35 description: Workload is the Schema for the workloads API 36 properties: 37 apiVersion: 38 description: |- 39 APIVersion defines the versioned schema of this representation of an object. 40 Servers should convert recognized schemas to the latest internal value, and 41 may reject unrecognized values. 42 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 43 type: string 44 kind: 45 description: |- 46 Kind is a string value representing the REST resource this object represents. 47 Servers may infer this from the endpoint the client submits requests to. 48 Cannot be updated. 49 In CamelCase. 50 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 51 type: string 52 metadata: 53 type: object 54 spec: 55 description: WorkloadSpec defines the desired state of Workload 56 properties: 57 active: 58 default: true 59 description: |- 60 Active determines if a workload can be admitted into a queue. 61 Changing active from true to false will evict any running workloads. 62 Possible values are: 63 64 65 - false: indicates that a workload should never be admitted and evicts running workloads 66 - true: indicates that a workload can be evaluated for admission into it's respective queue. 67 68 69 Defaults to true 70 type: boolean 71 podSets: 72 description: |- 73 podSets is a list of sets of homogeneous pods, each described by a Pod spec 74 and a count. 75 There must be at least one element and at most 8. 76 podSets cannot be changed. 77 items: 78 properties: 79 count: 80 description: count is the number of pods for the spec. 81 format: int32 82 minimum: 1 83 type: integer 84 minCount: 85 description: |- 86 minCount is the minimum number of pods for the spec acceptable 87 if the workload supports partial admission. 88 89 90 If not provided, partial admission for the current PodSet is not 91 enabled. 92 93 94 Only one podSet within the workload can use this. 95 96 97 This is an alpha field and requires enabling PartialAdmission feature gate. 98 format: int32 99 type: integer 100 name: 101 description: name is the PodSet name. 102 type: string 103 template: 104 description: |- 105 template is the Pod template. 106 107 108 The only allowed fields in template.metadata are labels and annotations. 109 110 111 If requests are omitted for a container or initContainer, 112 they default to the limits if they are explicitly specified for the 113 container or initContainer. 114 115 116 During admission, the rules in nodeSelector and 117 nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution that match 118 the keys in the nodeLabels from the ResourceFlavors considered for this 119 Workload are used to filter the ResourceFlavors that can be assigned to 120 this podSet. 121 properties: 122 metadata: 123 description: |- 124 Standard object's metadata. 125 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 126 properties: 127 annotations: 128 additionalProperties: 129 type: string 130 type: object 131 finalizers: 132 items: 133 type: string 134 type: array 135 labels: 136 additionalProperties: 137 type: string 138 type: object 139 name: 140 type: string 141 namespace: 142 type: string 143 type: object 144 spec: 145 description: |- 146 Specification of the desired behavior of the pod. 147 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status 148 properties: 149 activeDeadlineSeconds: 150 description: |- 151 Optional duration in seconds the pod may be active on the node relative to 152 StartTime before the system will actively try to mark it failed and kill associated containers. 153 Value must be a positive integer. 154 format: int64 155 type: integer 156 affinity: 157 description: If specified, the pod's scheduling constraints 158 properties: 159 nodeAffinity: 160 description: Describes node affinity scheduling 161 rules for the pod. 162 properties: 163 preferredDuringSchedulingIgnoredDuringExecution: 164 description: |- 165 The scheduler will prefer to schedule pods to nodes that satisfy 166 the affinity expressions specified by this field, but it may choose 167 a node that violates one or more of the expressions. The node that is 168 most preferred is the one with the greatest sum of weights, i.e. 169 for each node that meets all of the scheduling requirements (resource 170 request, requiredDuringScheduling affinity expressions, etc.), 171 compute a sum by iterating through the elements of this field and adding 172 "weight" to the sum if the node matches the corresponding matchExpressions; the 173 node(s) with the highest sum are the most preferred. 174 items: 175 description: |- 176 An empty preferred scheduling term matches all objects with implicit weight 0 177 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 178 properties: 179 preference: 180 description: A node selector term, associated 181 with the corresponding weight. 182 properties: 183 matchExpressions: 184 description: A list of node selector 185 requirements by node's labels. 186 items: 187 description: |- 188 A node selector requirement is a selector that contains values, a key, and an operator 189 that relates the key and values. 190 properties: 191 key: 192 description: The label key that 193 the selector applies to. 194 type: string 195 operator: 196 description: |- 197 Represents a key's relationship to a set of values. 198 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 199 type: string 200 values: 201 description: |- 202 An array of string values. If the operator is In or NotIn, 203 the values array must be non-empty. If the operator is Exists or DoesNotExist, 204 the values array must be empty. If the operator is Gt or Lt, the values 205 array must have a single element, which will be interpreted as an integer. 206 This array is replaced during a strategic merge patch. 207 items: 208 type: string 209 type: array 210 required: 211 - key 212 - operator 213 type: object 214 type: array 215 matchFields: 216 description: A list of node selector 217 requirements by node's fields. 218 items: 219 description: |- 220 A node selector requirement is a selector that contains values, a key, and an operator 221 that relates the key and values. 222 properties: 223 key: 224 description: The label key that 225 the selector applies to. 226 type: string 227 operator: 228 description: |- 229 Represents a key's relationship to a set of values. 230 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 231 type: string 232 values: 233 description: |- 234 An array of string values. If the operator is In or NotIn, 235 the values array must be non-empty. If the operator is Exists or DoesNotExist, 236 the values array must be empty. If the operator is Gt or Lt, the values 237 array must have a single element, which will be interpreted as an integer. 238 This array is replaced during a strategic merge patch. 239 items: 240 type: string 241 type: array 242 required: 243 - key 244 - operator 245 type: object 246 type: array 247 type: object 248 x-kubernetes-map-type: atomic 249 weight: 250 description: Weight associated with matching 251 the corresponding nodeSelectorTerm, 252 in the range 1-100. 253 format: int32 254 type: integer 255 required: 256 - preference 257 - weight 258 type: object 259 type: array 260 requiredDuringSchedulingIgnoredDuringExecution: 261 description: |- 262 If the affinity requirements specified by this field are not met at 263 scheduling time, the pod will not be scheduled onto the node. 264 If the affinity requirements specified by this field cease to be met 265 at some point during pod execution (e.g. due to an update), the system 266 may or may not try to eventually evict the pod from its node. 267 properties: 268 nodeSelectorTerms: 269 description: Required. A list of node selector 270 terms. The terms are ORed. 271 items: 272 description: |- 273 A null or empty node selector term matches no objects. The requirements of 274 them are ANDed. 275 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 276 properties: 277 matchExpressions: 278 description: A list of node selector 279 requirements by node's labels. 280 items: 281 description: |- 282 A node selector requirement is a selector that contains values, a key, and an operator 283 that relates the key and values. 284 properties: 285 key: 286 description: The label key that 287 the selector applies to. 288 type: string 289 operator: 290 description: |- 291 Represents a key's relationship to a set of values. 292 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 293 type: string 294 values: 295 description: |- 296 An array of string values. If the operator is In or NotIn, 297 the values array must be non-empty. If the operator is Exists or DoesNotExist, 298 the values array must be empty. If the operator is Gt or Lt, the values 299 array must have a single element, which will be interpreted as an integer. 300 This array is replaced during a strategic merge patch. 301 items: 302 type: string 303 type: array 304 required: 305 - key 306 - operator 307 type: object 308 type: array 309 matchFields: 310 description: A list of node selector 311 requirements by node's fields. 312 items: 313 description: |- 314 A node selector requirement is a selector that contains values, a key, and an operator 315 that relates the key and values. 316 properties: 317 key: 318 description: The label key that 319 the selector applies to. 320 type: string 321 operator: 322 description: |- 323 Represents a key's relationship to a set of values. 324 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 325 type: string 326 values: 327 description: |- 328 An array of string values. If the operator is In or NotIn, 329 the values array must be non-empty. If the operator is Exists or DoesNotExist, 330 the values array must be empty. If the operator is Gt or Lt, the values 331 array must have a single element, which will be interpreted as an integer. 332 This array is replaced during a strategic merge patch. 333 items: 334 type: string 335 type: array 336 required: 337 - key 338 - operator 339 type: object 340 type: array 341 type: object 342 x-kubernetes-map-type: atomic 343 type: array 344 required: 345 - nodeSelectorTerms 346 type: object 347 x-kubernetes-map-type: atomic 348 type: object 349 podAffinity: 350 description: Describes pod affinity scheduling rules 351 (e.g. co-locate this pod in the same node, zone, 352 etc. as some other pod(s)). 353 properties: 354 preferredDuringSchedulingIgnoredDuringExecution: 355 description: |- 356 The scheduler will prefer to schedule pods to nodes that satisfy 357 the affinity expressions specified by this field, but it may choose 358 a node that violates one or more of the expressions. The node that is 359 most preferred is the one with the greatest sum of weights, i.e. 360 for each node that meets all of the scheduling requirements (resource 361 request, requiredDuringScheduling affinity expressions, etc.), 362 compute a sum by iterating through the elements of this field and adding 363 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 364 node(s) with the highest sum are the most preferred. 365 items: 366 description: The weights of all of the matched 367 WeightedPodAffinityTerm fields are added 368 per-node to find the most preferred node(s) 369 properties: 370 podAffinityTerm: 371 description: Required. A pod affinity 372 term, associated with the corresponding 373 weight. 374 properties: 375 labelSelector: 376 description: |- 377 A label query over a set of resources, in this case pods. 378 If it's null, this PodAffinityTerm matches with no Pods. 379 properties: 380 matchExpressions: 381 description: matchExpressions 382 is a list of label selector 383 requirements. The requirements 384 are ANDed. 385 items: 386 description: |- 387 A label selector requirement is a selector that contains values, a key, and an operator that 388 relates the key and values. 389 properties: 390 key: 391 description: key is the 392 label key that the selector 393 applies to. 394 type: string 395 operator: 396 description: |- 397 operator represents a key's relationship to a set of values. 398 Valid operators are In, NotIn, Exists and DoesNotExist. 399 type: string 400 values: 401 description: |- 402 values is an array of string values. If the operator is In or NotIn, 403 the values array must be non-empty. If the operator is Exists or DoesNotExist, 404 the values array must be empty. This array is replaced during a strategic 405 merge patch. 406 items: 407 type: string 408 type: array 409 required: 410 - key 411 - operator 412 type: object 413 type: array 414 matchLabels: 415 additionalProperties: 416 type: string 417 description: |- 418 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 419 map is equivalent to an element of matchExpressions, whose key field is "key", the 420 operator is "In", and the values array contains only "value". The requirements are ANDed. 421 type: object 422 type: object 423 x-kubernetes-map-type: atomic 424 matchLabelKeys: 425 description: |- 426 MatchLabelKeys is a set of pod label keys to select which pods will 427 be taken into consideration. The keys are used to lookup values from the 428 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 429 to select the group of existing pods which pods will be taken into consideration 430 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 431 pod labels will be ignored. The default value is empty. 432 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 433 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 434 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 435 items: 436 type: string 437 type: array 438 x-kubernetes-list-type: atomic 439 mismatchLabelKeys: 440 description: |- 441 MismatchLabelKeys is a set of pod label keys to select which pods will 442 be taken into consideration. The keys are used to lookup values from the 443 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 444 to select the group of existing pods which pods will be taken into consideration 445 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 446 pod labels will be ignored. The default value is empty. 447 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 448 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 449 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 450 items: 451 type: string 452 type: array 453 x-kubernetes-list-type: atomic 454 namespaceSelector: 455 description: |- 456 A label query over the set of namespaces that the term applies to. 457 The term is applied to the union of the namespaces selected by this field 458 and the ones listed in the namespaces field. 459 null selector and null or empty namespaces list means "this pod's namespace". 460 An empty selector ({}) matches all namespaces. 461 properties: 462 matchExpressions: 463 description: matchExpressions 464 is a list of label selector 465 requirements. The requirements 466 are ANDed. 467 items: 468 description: |- 469 A label selector requirement is a selector that contains values, a key, and an operator that 470 relates the key and values. 471 properties: 472 key: 473 description: key is the 474 label key that the selector 475 applies to. 476 type: string 477 operator: 478 description: |- 479 operator represents a key's relationship to a set of values. 480 Valid operators are In, NotIn, Exists and DoesNotExist. 481 type: string 482 values: 483 description: |- 484 values is an array of string values. If the operator is In or NotIn, 485 the values array must be non-empty. If the operator is Exists or DoesNotExist, 486 the values array must be empty. This array is replaced during a strategic 487 merge patch. 488 items: 489 type: string 490 type: array 491 required: 492 - key 493 - operator 494 type: object 495 type: array 496 matchLabels: 497 additionalProperties: 498 type: string 499 description: |- 500 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 501 map is equivalent to an element of matchExpressions, whose key field is "key", the 502 operator is "In", and the values array contains only "value". The requirements are ANDed. 503 type: object 504 type: object 505 x-kubernetes-map-type: atomic 506 namespaces: 507 description: |- 508 namespaces specifies a static list of namespace names that the term applies to. 509 The term is applied to the union of the namespaces listed in this field 510 and the ones selected by namespaceSelector. 511 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 512 items: 513 type: string 514 type: array 515 topologyKey: 516 description: |- 517 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 518 the labelSelector in the specified namespaces, where co-located is defined as running on a node 519 whose value of the label with key topologyKey matches that of any node on which any of the 520 selected pods is running. 521 Empty topologyKey is not allowed. 522 type: string 523 required: 524 - topologyKey 525 type: object 526 weight: 527 description: |- 528 weight associated with matching the corresponding podAffinityTerm, 529 in the range 1-100. 530 format: int32 531 type: integer 532 required: 533 - podAffinityTerm 534 - weight 535 type: object 536 type: array 537 requiredDuringSchedulingIgnoredDuringExecution: 538 description: |- 539 If the affinity requirements specified by this field are not met at 540 scheduling time, the pod will not be scheduled onto the node. 541 If the affinity requirements specified by this field cease to be met 542 at some point during pod execution (e.g. due to a pod label update), the 543 system may or may not try to eventually evict the pod from its node. 544 When there are multiple elements, the lists of nodes corresponding to each 545 podAffinityTerm are intersected, i.e. all terms must be satisfied. 546 items: 547 description: |- 548 Defines a set of pods (namely those matching the labelSelector 549 relative to the given namespace(s)) that this pod should be 550 co-located (affinity) or not co-located (anti-affinity) with, 551 where co-located is defined as running on a node whose value of 552 the label with key <topologyKey> matches that of any node on which 553 a pod of the set of pods is running 554 properties: 555 labelSelector: 556 description: |- 557 A label query over a set of resources, in this case pods. 558 If it's null, this PodAffinityTerm matches with no Pods. 559 properties: 560 matchExpressions: 561 description: matchExpressions is a 562 list of label selector requirements. 563 The requirements are ANDed. 564 items: 565 description: |- 566 A label selector requirement is a selector that contains values, a key, and an operator that 567 relates the key and values. 568 properties: 569 key: 570 description: key is the label 571 key that the selector applies 572 to. 573 type: string 574 operator: 575 description: |- 576 operator represents a key's relationship to a set of values. 577 Valid operators are In, NotIn, Exists and DoesNotExist. 578 type: string 579 values: 580 description: |- 581 values is an array of string values. If the operator is In or NotIn, 582 the values array must be non-empty. If the operator is Exists or DoesNotExist, 583 the values array must be empty. This array is replaced during a strategic 584 merge patch. 585 items: 586 type: string 587 type: array 588 required: 589 - key 590 - operator 591 type: object 592 type: array 593 matchLabels: 594 additionalProperties: 595 type: string 596 description: |- 597 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 598 map is equivalent to an element of matchExpressions, whose key field is "key", the 599 operator is "In", and the values array contains only "value". The requirements are ANDed. 600 type: object 601 type: object 602 x-kubernetes-map-type: atomic 603 matchLabelKeys: 604 description: |- 605 MatchLabelKeys is a set of pod label keys to select which pods will 606 be taken into consideration. The keys are used to lookup values from the 607 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 608 to select the group of existing pods which pods will be taken into consideration 609 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 610 pod labels will be ignored. The default value is empty. 611 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 612 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 613 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 614 items: 615 type: string 616 type: array 617 x-kubernetes-list-type: atomic 618 mismatchLabelKeys: 619 description: |- 620 MismatchLabelKeys is a set of pod label keys to select which pods will 621 be taken into consideration. The keys are used to lookup values from the 622 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 623 to select the group of existing pods which pods will be taken into consideration 624 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 625 pod labels will be ignored. The default value is empty. 626 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 627 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 628 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 629 items: 630 type: string 631 type: array 632 x-kubernetes-list-type: atomic 633 namespaceSelector: 634 description: |- 635 A label query over the set of namespaces that the term applies to. 636 The term is applied to the union of the namespaces selected by this field 637 and the ones listed in the namespaces field. 638 null selector and null or empty namespaces list means "this pod's namespace". 639 An empty selector ({}) matches all namespaces. 640 properties: 641 matchExpressions: 642 description: matchExpressions is a 643 list of label selector requirements. 644 The requirements are ANDed. 645 items: 646 description: |- 647 A label selector requirement is a selector that contains values, a key, and an operator that 648 relates the key and values. 649 properties: 650 key: 651 description: key is the label 652 key that the selector applies 653 to. 654 type: string 655 operator: 656 description: |- 657 operator represents a key's relationship to a set of values. 658 Valid operators are In, NotIn, Exists and DoesNotExist. 659 type: string 660 values: 661 description: |- 662 values is an array of string values. If the operator is In or NotIn, 663 the values array must be non-empty. If the operator is Exists or DoesNotExist, 664 the values array must be empty. This array is replaced during a strategic 665 merge patch. 666 items: 667 type: string 668 type: array 669 required: 670 - key 671 - operator 672 type: object 673 type: array 674 matchLabels: 675 additionalProperties: 676 type: string 677 description: |- 678 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 679 map is equivalent to an element of matchExpressions, whose key field is "key", the 680 operator is "In", and the values array contains only "value". The requirements are ANDed. 681 type: object 682 type: object 683 x-kubernetes-map-type: atomic 684 namespaces: 685 description: |- 686 namespaces specifies a static list of namespace names that the term applies to. 687 The term is applied to the union of the namespaces listed in this field 688 and the ones selected by namespaceSelector. 689 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 690 items: 691 type: string 692 type: array 693 topologyKey: 694 description: |- 695 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 696 the labelSelector in the specified namespaces, where co-located is defined as running on a node 697 whose value of the label with key topologyKey matches that of any node on which any of the 698 selected pods is running. 699 Empty topologyKey is not allowed. 700 type: string 701 required: 702 - topologyKey 703 type: object 704 type: array 705 type: object 706 podAntiAffinity: 707 description: Describes pod anti-affinity scheduling 708 rules (e.g. avoid putting this pod in the same 709 node, zone, etc. as some other pod(s)). 710 properties: 711 preferredDuringSchedulingIgnoredDuringExecution: 712 description: |- 713 The scheduler will prefer to schedule pods to nodes that satisfy 714 the anti-affinity expressions specified by this field, but it may choose 715 a node that violates one or more of the expressions. The node that is 716 most preferred is the one with the greatest sum of weights, i.e. 717 for each node that meets all of the scheduling requirements (resource 718 request, requiredDuringScheduling anti-affinity expressions, etc.), 719 compute a sum by iterating through the elements of this field and adding 720 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 721 node(s) with the highest sum are the most preferred. 722 items: 723 description: The weights of all of the matched 724 WeightedPodAffinityTerm fields are added 725 per-node to find the most preferred node(s) 726 properties: 727 podAffinityTerm: 728 description: Required. A pod affinity 729 term, associated with the corresponding 730 weight. 731 properties: 732 labelSelector: 733 description: |- 734 A label query over a set of resources, in this case pods. 735 If it's null, this PodAffinityTerm matches with no Pods. 736 properties: 737 matchExpressions: 738 description: matchExpressions 739 is a list of label selector 740 requirements. The requirements 741 are ANDed. 742 items: 743 description: |- 744 A label selector requirement is a selector that contains values, a key, and an operator that 745 relates the key and values. 746 properties: 747 key: 748 description: key is the 749 label key that the selector 750 applies to. 751 type: string 752 operator: 753 description: |- 754 operator represents a key's relationship to a set of values. 755 Valid operators are In, NotIn, Exists and DoesNotExist. 756 type: string 757 values: 758 description: |- 759 values is an array of string values. If the operator is In or NotIn, 760 the values array must be non-empty. If the operator is Exists or DoesNotExist, 761 the values array must be empty. This array is replaced during a strategic 762 merge patch. 763 items: 764 type: string 765 type: array 766 required: 767 - key 768 - operator 769 type: object 770 type: array 771 matchLabels: 772 additionalProperties: 773 type: string 774 description: |- 775 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 776 map is equivalent to an element of matchExpressions, whose key field is "key", the 777 operator is "In", and the values array contains only "value". The requirements are ANDed. 778 type: object 779 type: object 780 x-kubernetes-map-type: atomic 781 matchLabelKeys: 782 description: |- 783 MatchLabelKeys is a set of pod label keys to select which pods will 784 be taken into consideration. The keys are used to lookup values from the 785 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 786 to select the group of existing pods which pods will be taken into consideration 787 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 788 pod labels will be ignored. The default value is empty. 789 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 790 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 791 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 792 items: 793 type: string 794 type: array 795 x-kubernetes-list-type: atomic 796 mismatchLabelKeys: 797 description: |- 798 MismatchLabelKeys is a set of pod label keys to select which pods will 799 be taken into consideration. The keys are used to lookup values from the 800 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 801 to select the group of existing pods which pods will be taken into consideration 802 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 803 pod labels will be ignored. The default value is empty. 804 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 805 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 806 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 807 items: 808 type: string 809 type: array 810 x-kubernetes-list-type: atomic 811 namespaceSelector: 812 description: |- 813 A label query over the set of namespaces that the term applies to. 814 The term is applied to the union of the namespaces selected by this field 815 and the ones listed in the namespaces field. 816 null selector and null or empty namespaces list means "this pod's namespace". 817 An empty selector ({}) matches all namespaces. 818 properties: 819 matchExpressions: 820 description: matchExpressions 821 is a list of label selector 822 requirements. The requirements 823 are ANDed. 824 items: 825 description: |- 826 A label selector requirement is a selector that contains values, a key, and an operator that 827 relates the key and values. 828 properties: 829 key: 830 description: key is the 831 label key that the selector 832 applies to. 833 type: string 834 operator: 835 description: |- 836 operator represents a key's relationship to a set of values. 837 Valid operators are In, NotIn, Exists and DoesNotExist. 838 type: string 839 values: 840 description: |- 841 values is an array of string values. If the operator is In or NotIn, 842 the values array must be non-empty. If the operator is Exists or DoesNotExist, 843 the values array must be empty. This array is replaced during a strategic 844 merge patch. 845 items: 846 type: string 847 type: array 848 required: 849 - key 850 - operator 851 type: object 852 type: array 853 matchLabels: 854 additionalProperties: 855 type: string 856 description: |- 857 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 858 map is equivalent to an element of matchExpressions, whose key field is "key", the 859 operator is "In", and the values array contains only "value". The requirements are ANDed. 860 type: object 861 type: object 862 x-kubernetes-map-type: atomic 863 namespaces: 864 description: |- 865 namespaces specifies a static list of namespace names that the term applies to. 866 The term is applied to the union of the namespaces listed in this field 867 and the ones selected by namespaceSelector. 868 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 869 items: 870 type: string 871 type: array 872 topologyKey: 873 description: |- 874 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 875 the labelSelector in the specified namespaces, where co-located is defined as running on a node 876 whose value of the label with key topologyKey matches that of any node on which any of the 877 selected pods is running. 878 Empty topologyKey is not allowed. 879 type: string 880 required: 881 - topologyKey 882 type: object 883 weight: 884 description: |- 885 weight associated with matching the corresponding podAffinityTerm, 886 in the range 1-100. 887 format: int32 888 type: integer 889 required: 890 - podAffinityTerm 891 - weight 892 type: object 893 type: array 894 requiredDuringSchedulingIgnoredDuringExecution: 895 description: |- 896 If the anti-affinity requirements specified by this field are not met at 897 scheduling time, the pod will not be scheduled onto the node. 898 If the anti-affinity requirements specified by this field cease to be met 899 at some point during pod execution (e.g. due to a pod label update), the 900 system may or may not try to eventually evict the pod from its node. 901 When there are multiple elements, the lists of nodes corresponding to each 902 podAffinityTerm are intersected, i.e. all terms must be satisfied. 903 items: 904 description: |- 905 Defines a set of pods (namely those matching the labelSelector 906 relative to the given namespace(s)) that this pod should be 907 co-located (affinity) or not co-located (anti-affinity) with, 908 where co-located is defined as running on a node whose value of 909 the label with key <topologyKey> matches that of any node on which 910 a pod of the set of pods is running 911 properties: 912 labelSelector: 913 description: |- 914 A label query over a set of resources, in this case pods. 915 If it's null, this PodAffinityTerm matches with no Pods. 916 properties: 917 matchExpressions: 918 description: matchExpressions is a 919 list of label selector requirements. 920 The requirements are ANDed. 921 items: 922 description: |- 923 A label selector requirement is a selector that contains values, a key, and an operator that 924 relates the key and values. 925 properties: 926 key: 927 description: key is the label 928 key that the selector applies 929 to. 930 type: string 931 operator: 932 description: |- 933 operator represents a key's relationship to a set of values. 934 Valid operators are In, NotIn, Exists and DoesNotExist. 935 type: string 936 values: 937 description: |- 938 values is an array of string values. If the operator is In or NotIn, 939 the values array must be non-empty. If the operator is Exists or DoesNotExist, 940 the values array must be empty. This array is replaced during a strategic 941 merge patch. 942 items: 943 type: string 944 type: array 945 required: 946 - key 947 - operator 948 type: object 949 type: array 950 matchLabels: 951 additionalProperties: 952 type: string 953 description: |- 954 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 955 map is equivalent to an element of matchExpressions, whose key field is "key", the 956 operator is "In", and the values array contains only "value". The requirements are ANDed. 957 type: object 958 type: object 959 x-kubernetes-map-type: atomic 960 matchLabelKeys: 961 description: |- 962 MatchLabelKeys is a set of pod label keys to select which pods will 963 be taken into consideration. The keys are used to lookup values from the 964 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` 965 to select the group of existing pods which pods will be taken into consideration 966 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 967 pod labels will be ignored. The default value is empty. 968 The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 969 Also, MatchLabelKeys cannot be set when LabelSelector isn't set. 970 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 971 items: 972 type: string 973 type: array 974 x-kubernetes-list-type: atomic 975 mismatchLabelKeys: 976 description: |- 977 MismatchLabelKeys is a set of pod label keys to select which pods will 978 be taken into consideration. The keys are used to lookup values from the 979 incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` 980 to select the group of existing pods which pods will be taken into consideration 981 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 982 pod labels will be ignored. The default value is empty. 983 The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. 984 Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. 985 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. 986 items: 987 type: string 988 type: array 989 x-kubernetes-list-type: atomic 990 namespaceSelector: 991 description: |- 992 A label query over the set of namespaces that the term applies to. 993 The term is applied to the union of the namespaces selected by this field 994 and the ones listed in the namespaces field. 995 null selector and null or empty namespaces list means "this pod's namespace". 996 An empty selector ({}) matches all namespaces. 997 properties: 998 matchExpressions: 999 description: matchExpressions is a 1000 list of label selector requirements. 1001 The requirements are ANDed. 1002 items: 1003 description: |- 1004 A label selector requirement is a selector that contains values, a key, and an operator that 1005 relates the key and values. 1006 properties: 1007 key: 1008 description: key is the label 1009 key that the selector applies 1010 to. 1011 type: string 1012 operator: 1013 description: |- 1014 operator represents a key's relationship to a set of values. 1015 Valid operators are In, NotIn, Exists and DoesNotExist. 1016 type: string 1017 values: 1018 description: |- 1019 values is an array of string values. If the operator is In or NotIn, 1020 the values array must be non-empty. If the operator is Exists or DoesNotExist, 1021 the values array must be empty. This array is replaced during a strategic 1022 merge patch. 1023 items: 1024 type: string 1025 type: array 1026 required: 1027 - key 1028 - operator 1029 type: object 1030 type: array 1031 matchLabels: 1032 additionalProperties: 1033 type: string 1034 description: |- 1035 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1036 map is equivalent to an element of matchExpressions, whose key field is "key", the 1037 operator is "In", and the values array contains only "value". The requirements are ANDed. 1038 type: object 1039 type: object 1040 x-kubernetes-map-type: atomic 1041 namespaces: 1042 description: |- 1043 namespaces specifies a static list of namespace names that the term applies to. 1044 The term is applied to the union of the namespaces listed in this field 1045 and the ones selected by namespaceSelector. 1046 null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1047 items: 1048 type: string 1049 type: array 1050 topologyKey: 1051 description: |- 1052 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1053 the labelSelector in the specified namespaces, where co-located is defined as running on a node 1054 whose value of the label with key topologyKey matches that of any node on which any of the 1055 selected pods is running. 1056 Empty topologyKey is not allowed. 1057 type: string 1058 required: 1059 - topologyKey 1060 type: object 1061 type: array 1062 type: object 1063 type: object 1064 automountServiceAccountToken: 1065 description: AutomountServiceAccountToken indicates 1066 whether a service account token should be automatically 1067 mounted. 1068 type: boolean 1069 containers: 1070 description: |- 1071 List of containers belonging to the pod. 1072 Containers cannot currently be added or removed. 1073 There must be at least one container in a Pod. 1074 Cannot be updated. 1075 items: 1076 description: A single application container that you 1077 want to run within a pod. 1078 properties: 1079 args: 1080 description: |- 1081 Arguments to the entrypoint. 1082 The container image's CMD is used if this is not provided. 1083 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1084 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1085 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1086 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1087 of whether the variable exists or not. Cannot be updated. 1088 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1089 items: 1090 type: string 1091 type: array 1092 command: 1093 description: |- 1094 Entrypoint array. Not executed within a shell. 1095 The container image's ENTRYPOINT is used if this is not provided. 1096 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 1097 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 1098 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 1099 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 1100 of whether the variable exists or not. Cannot be updated. 1101 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 1102 items: 1103 type: string 1104 type: array 1105 env: 1106 description: |- 1107 List of environment variables to set in the container. 1108 Cannot be updated. 1109 items: 1110 description: EnvVar represents an environment 1111 variable present in a Container. 1112 properties: 1113 name: 1114 description: Name of the environment variable. 1115 Must be a C_IDENTIFIER. 1116 type: string 1117 value: 1118 description: |- 1119 Variable references $(VAR_NAME) are expanded 1120 using the previously defined environment variables in the container and 1121 any service environment variables. If a variable cannot be resolved, 1122 the reference in the input string will be unchanged. Double $$ are reduced 1123 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 1124 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 1125 Escaped references will never be expanded, regardless of whether the variable 1126 exists or not. 1127 Defaults to "". 1128 type: string 1129 valueFrom: 1130 description: Source for the environment 1131 variable's value. Cannot be used if value 1132 is not empty. 1133 properties: 1134 configMapKeyRef: 1135 description: Selects a key of a ConfigMap. 1136 properties: 1137 key: 1138 description: The key to select. 1139 type: string 1140 name: 1141 description: |- 1142 Name of the referent. 1143 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1144 TODO: Add other useful fields. apiVersion, kind, uid? 1145 type: string 1146 optional: 1147 description: Specify whether the 1148 ConfigMap or its key must be defined 1149 type: boolean 1150 required: 1151 - key 1152 type: object 1153 x-kubernetes-map-type: atomic 1154 fieldRef: 1155 description: |- 1156 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 1157 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 1158 properties: 1159 apiVersion: 1160 description: Version of the schema 1161 the FieldPath is written in terms 1162 of, defaults to "v1". 1163 type: string 1164 fieldPath: 1165 description: Path of the field to 1166 select in the specified API version. 1167 type: string 1168 required: 1169 - fieldPath 1170 type: object 1171 x-kubernetes-map-type: atomic 1172 resourceFieldRef: 1173 description: |- 1174 Selects a resource of the container: only resources limits and requests 1175 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 1176 properties: 1177 containerName: 1178 description: 'Container name: required 1179 for volumes, optional for env 1180 vars' 1181 type: string 1182 divisor: 1183 anyOf: 1184 - type: integer 1185 - type: string 1186 description: Specifies the output 1187 format of the exposed resources, 1188 defaults to "1" 1189 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1190 x-kubernetes-int-or-string: true 1191 resource: 1192 description: 'Required: resource 1193 to select' 1194 type: string 1195 required: 1196 - resource 1197 type: object 1198 x-kubernetes-map-type: atomic 1199 secretKeyRef: 1200 description: Selects a key of a secret 1201 in the pod's namespace 1202 properties: 1203 key: 1204 description: The key of the secret 1205 to select from. Must be a valid 1206 secret key. 1207 type: string 1208 name: 1209 description: |- 1210 Name of the referent. 1211 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1212 TODO: Add other useful fields. apiVersion, kind, uid? 1213 type: string 1214 optional: 1215 description: Specify whether the 1216 Secret or its key must be defined 1217 type: boolean 1218 required: 1219 - key 1220 type: object 1221 x-kubernetes-map-type: atomic 1222 type: object 1223 required: 1224 - name 1225 type: object 1226 type: array 1227 envFrom: 1228 description: |- 1229 List of sources to populate environment variables in the container. 1230 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 1231 will be reported as an event when the container is starting. When a key exists in multiple 1232 sources, the value associated with the last source will take precedence. 1233 Values defined by an Env with a duplicate key will take precedence. 1234 Cannot be updated. 1235 items: 1236 description: EnvFromSource represents the source 1237 of a set of ConfigMaps 1238 properties: 1239 configMapRef: 1240 description: The ConfigMap to select from 1241 properties: 1242 name: 1243 description: |- 1244 Name of the referent. 1245 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1246 TODO: Add other useful fields. apiVersion, kind, uid? 1247 type: string 1248 optional: 1249 description: Specify whether the ConfigMap 1250 must be defined 1251 type: boolean 1252 type: object 1253 x-kubernetes-map-type: atomic 1254 prefix: 1255 description: An optional identifier to prepend 1256 to each key in the ConfigMap. Must be 1257 a C_IDENTIFIER. 1258 type: string 1259 secretRef: 1260 description: The Secret to select from 1261 properties: 1262 name: 1263 description: |- 1264 Name of the referent. 1265 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 1266 TODO: Add other useful fields. apiVersion, kind, uid? 1267 type: string 1268 optional: 1269 description: Specify whether the Secret 1270 must be defined 1271 type: boolean 1272 type: object 1273 x-kubernetes-map-type: atomic 1274 type: object 1275 type: array 1276 image: 1277 description: |- 1278 Container image name. 1279 More info: https://kubernetes.io/docs/concepts/containers/images 1280 This field is optional to allow higher level config management to default or override 1281 container images in workload controllers like Deployments and StatefulSets. 1282 type: string 1283 imagePullPolicy: 1284 description: |- 1285 Image pull policy. 1286 One of Always, Never, IfNotPresent. 1287 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 1288 Cannot be updated. 1289 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1290 type: string 1291 lifecycle: 1292 description: |- 1293 Actions that the management system should take in response to container lifecycle events. 1294 Cannot be updated. 1295 properties: 1296 postStart: 1297 description: |- 1298 PostStart is called immediately after a container is created. If the handler fails, 1299 the container is terminated and restarted according to its restart policy. 1300 Other management of the container blocks until the hook completes. 1301 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1302 properties: 1303 exec: 1304 description: Exec specifies the action 1305 to take. 1306 properties: 1307 command: 1308 description: |- 1309 Command is the command line to execute inside the container, the working directory for the 1310 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1311 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1312 a shell, you need to explicitly call out to that shell. 1313 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1314 items: 1315 type: string 1316 type: array 1317 type: object 1318 httpGet: 1319 description: HTTPGet specifies the http 1320 request to perform. 1321 properties: 1322 host: 1323 description: |- 1324 Host name to connect to, defaults to the pod IP. You probably want to set 1325 "Host" in httpHeaders instead. 1326 type: string 1327 httpHeaders: 1328 description: Custom headers to set 1329 in the request. HTTP allows repeated 1330 headers. 1331 items: 1332 description: HTTPHeader describes 1333 a custom header to be used in 1334 HTTP probes 1335 properties: 1336 name: 1337 description: |- 1338 The header field name. 1339 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1340 type: string 1341 value: 1342 description: The header field 1343 value 1344 type: string 1345 required: 1346 - name 1347 - value 1348 type: object 1349 type: array 1350 path: 1351 description: Path to access on the 1352 HTTP server. 1353 type: string 1354 port: 1355 anyOf: 1356 - type: integer 1357 - type: string 1358 description: |- 1359 Name or number of the port to access on the container. 1360 Number must be in the range 1 to 65535. 1361 Name must be an IANA_SVC_NAME. 1362 x-kubernetes-int-or-string: true 1363 scheme: 1364 description: |- 1365 Scheme to use for connecting to the host. 1366 Defaults to HTTP. 1367 type: string 1368 required: 1369 - port 1370 type: object 1371 sleep: 1372 description: Sleep represents the duration 1373 that the container should sleep before 1374 being terminated. 1375 properties: 1376 seconds: 1377 description: Seconds is the number 1378 of seconds to sleep. 1379 format: int64 1380 type: integer 1381 required: 1382 - seconds 1383 type: object 1384 tcpSocket: 1385 description: |- 1386 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 1387 for the backward compatibility. There are no validation of this field and 1388 lifecycle hooks will fail in runtime when tcp handler is specified. 1389 properties: 1390 host: 1391 description: 'Optional: Host name 1392 to connect to, defaults to the pod 1393 IP.' 1394 type: string 1395 port: 1396 anyOf: 1397 - type: integer 1398 - type: string 1399 description: |- 1400 Number or name of the port to access on the container. 1401 Number must be in the range 1 to 65535. 1402 Name must be an IANA_SVC_NAME. 1403 x-kubernetes-int-or-string: true 1404 required: 1405 - port 1406 type: object 1407 type: object 1408 preStop: 1409 description: |- 1410 PreStop is called immediately before a container is terminated due to an 1411 API request or management event such as liveness/startup probe failure, 1412 preemption, resource contention, etc. The handler is not called if the 1413 container crashes or exits. The Pod's termination grace period countdown begins before the 1414 PreStop hook is executed. Regardless of the outcome of the handler, the 1415 container will eventually terminate within the Pod's termination grace 1416 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 1417 or until the termination grace period is reached. 1418 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 1419 properties: 1420 exec: 1421 description: Exec specifies the action 1422 to take. 1423 properties: 1424 command: 1425 description: |- 1426 Command is the command line to execute inside the container, the working directory for the 1427 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1428 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1429 a shell, you need to explicitly call out to that shell. 1430 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1431 items: 1432 type: string 1433 type: array 1434 type: object 1435 httpGet: 1436 description: HTTPGet specifies the http 1437 request to perform. 1438 properties: 1439 host: 1440 description: |- 1441 Host name to connect to, defaults to the pod IP. You probably want to set 1442 "Host" in httpHeaders instead. 1443 type: string 1444 httpHeaders: 1445 description: Custom headers to set 1446 in the request. HTTP allows repeated 1447 headers. 1448 items: 1449 description: HTTPHeader describes 1450 a custom header to be used in 1451 HTTP probes 1452 properties: 1453 name: 1454 description: |- 1455 The header field name. 1456 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1457 type: string 1458 value: 1459 description: The header field 1460 value 1461 type: string 1462 required: 1463 - name 1464 - value 1465 type: object 1466 type: array 1467 path: 1468 description: Path to access on the 1469 HTTP server. 1470 type: string 1471 port: 1472 anyOf: 1473 - type: integer 1474 - type: string 1475 description: |- 1476 Name or number of the port to access on the container. 1477 Number must be in the range 1 to 65535. 1478 Name must be an IANA_SVC_NAME. 1479 x-kubernetes-int-or-string: true 1480 scheme: 1481 description: |- 1482 Scheme to use for connecting to the host. 1483 Defaults to HTTP. 1484 type: string 1485 required: 1486 - port 1487 type: object 1488 sleep: 1489 description: Sleep represents the duration 1490 that the container should sleep before 1491 being terminated. 1492 properties: 1493 seconds: 1494 description: Seconds is the number 1495 of seconds to sleep. 1496 format: int64 1497 type: integer 1498 required: 1499 - seconds 1500 type: object 1501 tcpSocket: 1502 description: |- 1503 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 1504 for the backward compatibility. There are no validation of this field and 1505 lifecycle hooks will fail in runtime when tcp handler is specified. 1506 properties: 1507 host: 1508 description: 'Optional: Host name 1509 to connect to, defaults to the pod 1510 IP.' 1511 type: string 1512 port: 1513 anyOf: 1514 - type: integer 1515 - type: string 1516 description: |- 1517 Number or name of the port to access on the container. 1518 Number must be in the range 1 to 65535. 1519 Name must be an IANA_SVC_NAME. 1520 x-kubernetes-int-or-string: true 1521 required: 1522 - port 1523 type: object 1524 type: object 1525 type: object 1526 livenessProbe: 1527 description: |- 1528 Periodic probe of container liveness. 1529 Container will be restarted if the probe fails. 1530 Cannot be updated. 1531 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1532 properties: 1533 exec: 1534 description: Exec specifies the action to 1535 take. 1536 properties: 1537 command: 1538 description: |- 1539 Command is the command line to execute inside the container, the working directory for the 1540 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1541 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1542 a shell, you need to explicitly call out to that shell. 1543 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1544 items: 1545 type: string 1546 type: array 1547 type: object 1548 failureThreshold: 1549 description: |- 1550 Minimum consecutive failures for the probe to be considered failed after having succeeded. 1551 Defaults to 3. Minimum value is 1. 1552 format: int32 1553 type: integer 1554 grpc: 1555 description: GRPC specifies an action involving 1556 a GRPC port. 1557 properties: 1558 port: 1559 description: Port number of the gRPC service. 1560 Number must be in the range 1 to 65535. 1561 format: int32 1562 type: integer 1563 service: 1564 description: |- 1565 Service is the name of the service to place in the gRPC HealthCheckRequest 1566 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1567 1568 1569 If this is not specified, the default behavior is defined by gRPC. 1570 type: string 1571 required: 1572 - port 1573 type: object 1574 httpGet: 1575 description: HTTPGet specifies the http request 1576 to perform. 1577 properties: 1578 host: 1579 description: |- 1580 Host name to connect to, defaults to the pod IP. You probably want to set 1581 "Host" in httpHeaders instead. 1582 type: string 1583 httpHeaders: 1584 description: Custom headers to set in 1585 the request. HTTP allows repeated headers. 1586 items: 1587 description: HTTPHeader describes a 1588 custom header to be used in HTTP probes 1589 properties: 1590 name: 1591 description: |- 1592 The header field name. 1593 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1594 type: string 1595 value: 1596 description: The header field value 1597 type: string 1598 required: 1599 - name 1600 - value 1601 type: object 1602 type: array 1603 path: 1604 description: Path to access on the HTTP 1605 server. 1606 type: string 1607 port: 1608 anyOf: 1609 - type: integer 1610 - type: string 1611 description: |- 1612 Name or number of the port to access on the container. 1613 Number must be in the range 1 to 65535. 1614 Name must be an IANA_SVC_NAME. 1615 x-kubernetes-int-or-string: true 1616 scheme: 1617 description: |- 1618 Scheme to use for connecting to the host. 1619 Defaults to HTTP. 1620 type: string 1621 required: 1622 - port 1623 type: object 1624 initialDelaySeconds: 1625 description: |- 1626 Number of seconds after the container has started before liveness probes are initiated. 1627 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1628 format: int32 1629 type: integer 1630 periodSeconds: 1631 description: |- 1632 How often (in seconds) to perform the probe. 1633 Default to 10 seconds. Minimum value is 1. 1634 format: int32 1635 type: integer 1636 successThreshold: 1637 description: |- 1638 Minimum consecutive successes for the probe to be considered successful after having failed. 1639 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1640 format: int32 1641 type: integer 1642 tcpSocket: 1643 description: TCPSocket specifies an action 1644 involving a TCP port. 1645 properties: 1646 host: 1647 description: 'Optional: Host name to connect 1648 to, defaults to the pod IP.' 1649 type: string 1650 port: 1651 anyOf: 1652 - type: integer 1653 - type: string 1654 description: |- 1655 Number or name of the port to access on the container. 1656 Number must be in the range 1 to 65535. 1657 Name must be an IANA_SVC_NAME. 1658 x-kubernetes-int-or-string: true 1659 required: 1660 - port 1661 type: object 1662 terminationGracePeriodSeconds: 1663 description: |- 1664 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 1665 The grace period is the duration in seconds after the processes running in the pod are sent 1666 a termination signal and the time when the processes are forcibly halted with a kill signal. 1667 Set this value longer than the expected cleanup time for your process. 1668 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 1669 value overrides the value provided by the pod spec. 1670 Value must be non-negative integer. The value zero indicates stop immediately via 1671 the kill signal (no opportunity to shut down). 1672 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 1673 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1674 format: int64 1675 type: integer 1676 timeoutSeconds: 1677 description: |- 1678 Number of seconds after which the probe times out. 1679 Defaults to 1 second. Minimum value is 1. 1680 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1681 format: int32 1682 type: integer 1683 type: object 1684 name: 1685 description: |- 1686 Name of the container specified as a DNS_LABEL. 1687 Each container in a pod must have a unique name (DNS_LABEL). 1688 Cannot be updated. 1689 type: string 1690 ports: 1691 description: |- 1692 List of ports to expose from the container. Not specifying a port here 1693 DOES NOT prevent that port from being exposed. Any port which is 1694 listening on the default "0.0.0.0" address inside a container will be 1695 accessible from the network. 1696 Modifying this array with strategic merge patch may corrupt the data. 1697 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 1698 Cannot be updated. 1699 items: 1700 description: ContainerPort represents a network 1701 port in a single container. 1702 properties: 1703 containerPort: 1704 description: |- 1705 Number of port to expose on the pod's IP address. 1706 This must be a valid port number, 0 < x < 65536. 1707 format: int32 1708 type: integer 1709 hostIP: 1710 description: What host IP to bind the external 1711 port to. 1712 type: string 1713 hostPort: 1714 description: |- 1715 Number of port to expose on the host. 1716 If specified, this must be a valid port number, 0 < x < 65536. 1717 If HostNetwork is specified, this must match ContainerPort. 1718 Most containers do not need this. 1719 format: int32 1720 type: integer 1721 name: 1722 description: |- 1723 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 1724 named port in a pod must have a unique name. Name for the port that can be 1725 referred to by services. 1726 type: string 1727 protocol: 1728 default: TCP 1729 description: |- 1730 Protocol for port. Must be UDP, TCP, or SCTP. 1731 Defaults to "TCP". 1732 type: string 1733 required: 1734 - containerPort 1735 type: object 1736 type: array 1737 x-kubernetes-list-map-keys: 1738 - containerPort 1739 - protocol 1740 x-kubernetes-list-type: map 1741 readinessProbe: 1742 description: |- 1743 Periodic probe of container service readiness. 1744 Container will be removed from service endpoints if the probe fails. 1745 Cannot be updated. 1746 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1747 properties: 1748 exec: 1749 description: Exec specifies the action to 1750 take. 1751 properties: 1752 command: 1753 description: |- 1754 Command is the command line to execute inside the container, the working directory for the 1755 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 1756 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 1757 a shell, you need to explicitly call out to that shell. 1758 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1759 items: 1760 type: string 1761 type: array 1762 type: object 1763 failureThreshold: 1764 description: |- 1765 Minimum consecutive failures for the probe to be considered failed after having succeeded. 1766 Defaults to 3. Minimum value is 1. 1767 format: int32 1768 type: integer 1769 grpc: 1770 description: GRPC specifies an action involving 1771 a GRPC port. 1772 properties: 1773 port: 1774 description: Port number of the gRPC service. 1775 Number must be in the range 1 to 65535. 1776 format: int32 1777 type: integer 1778 service: 1779 description: |- 1780 Service is the name of the service to place in the gRPC HealthCheckRequest 1781 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1782 1783 1784 If this is not specified, the default behavior is defined by gRPC. 1785 type: string 1786 required: 1787 - port 1788 type: object 1789 httpGet: 1790 description: HTTPGet specifies the http request 1791 to perform. 1792 properties: 1793 host: 1794 description: |- 1795 Host name to connect to, defaults to the pod IP. You probably want to set 1796 "Host" in httpHeaders instead. 1797 type: string 1798 httpHeaders: 1799 description: Custom headers to set in 1800 the request. HTTP allows repeated headers. 1801 items: 1802 description: HTTPHeader describes a 1803 custom header to be used in HTTP probes 1804 properties: 1805 name: 1806 description: |- 1807 The header field name. 1808 This will be canonicalized upon output, so case-variant names will be understood as the same header. 1809 type: string 1810 value: 1811 description: The header field value 1812 type: string 1813 required: 1814 - name 1815 - value 1816 type: object 1817 type: array 1818 path: 1819 description: Path to access on the HTTP 1820 server. 1821 type: string 1822 port: 1823 anyOf: 1824 - type: integer 1825 - type: string 1826 description: |- 1827 Name or number of the port to access on the container. 1828 Number must be in the range 1 to 65535. 1829 Name must be an IANA_SVC_NAME. 1830 x-kubernetes-int-or-string: true 1831 scheme: 1832 description: |- 1833 Scheme to use for connecting to the host. 1834 Defaults to HTTP. 1835 type: string 1836 required: 1837 - port 1838 type: object 1839 initialDelaySeconds: 1840 description: |- 1841 Number of seconds after the container has started before liveness probes are initiated. 1842 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1843 format: int32 1844 type: integer 1845 periodSeconds: 1846 description: |- 1847 How often (in seconds) to perform the probe. 1848 Default to 10 seconds. Minimum value is 1. 1849 format: int32 1850 type: integer 1851 successThreshold: 1852 description: |- 1853 Minimum consecutive successes for the probe to be considered successful after having failed. 1854 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1855 format: int32 1856 type: integer 1857 tcpSocket: 1858 description: TCPSocket specifies an action 1859 involving a TCP port. 1860 properties: 1861 host: 1862 description: 'Optional: Host name to connect 1863 to, defaults to the pod IP.' 1864 type: string 1865 port: 1866 anyOf: 1867 - type: integer 1868 - type: string 1869 description: |- 1870 Number or name of the port to access on the container. 1871 Number must be in the range 1 to 65535. 1872 Name must be an IANA_SVC_NAME. 1873 x-kubernetes-int-or-string: true 1874 required: 1875 - port 1876 type: object 1877 terminationGracePeriodSeconds: 1878 description: |- 1879 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 1880 The grace period is the duration in seconds after the processes running in the pod are sent 1881 a termination signal and the time when the processes are forcibly halted with a kill signal. 1882 Set this value longer than the expected cleanup time for your process. 1883 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 1884 value overrides the value provided by the pod spec. 1885 Value must be non-negative integer. The value zero indicates stop immediately via 1886 the kill signal (no opportunity to shut down). 1887 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 1888 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1889 format: int64 1890 type: integer 1891 timeoutSeconds: 1892 description: |- 1893 Number of seconds after which the probe times out. 1894 Defaults to 1 second. Minimum value is 1. 1895 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 1896 format: int32 1897 type: integer 1898 type: object 1899 resizePolicy: 1900 description: Resources resize policy for the container. 1901 items: 1902 description: ContainerResizePolicy represents 1903 resource resize policy for the container. 1904 properties: 1905 resourceName: 1906 description: |- 1907 Name of the resource to which this resource resize policy applies. 1908 Supported values: cpu, memory. 1909 type: string 1910 restartPolicy: 1911 description: |- 1912 Restart policy to apply when specified resource is resized. 1913 If not specified, it defaults to NotRequired. 1914 type: string 1915 required: 1916 - resourceName 1917 - restartPolicy 1918 type: object 1919 type: array 1920 x-kubernetes-list-type: atomic 1921 resources: 1922 description: |- 1923 Compute Resources required by this container. 1924 Cannot be updated. 1925 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1926 properties: 1927 claims: 1928 description: |- 1929 Claims lists the names of resources, defined in spec.resourceClaims, 1930 that are used by this container. 1931 1932 1933 This is an alpha field and requires enabling the 1934 DynamicResourceAllocation feature gate. 1935 1936 1937 This field is immutable. It can only be set for containers. 1938 items: 1939 description: ResourceClaim references one 1940 entry in PodSpec.ResourceClaims. 1941 properties: 1942 name: 1943 description: |- 1944 Name must match the name of one entry in pod.spec.resourceClaims of 1945 the Pod where this field is used. It makes that resource available 1946 inside a container. 1947 type: string 1948 required: 1949 - name 1950 type: object 1951 type: array 1952 x-kubernetes-list-map-keys: 1953 - name 1954 x-kubernetes-list-type: map 1955 limits: 1956 additionalProperties: 1957 anyOf: 1958 - type: integer 1959 - type: string 1960 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1961 x-kubernetes-int-or-string: true 1962 description: |- 1963 Limits describes the maximum amount of compute resources allowed. 1964 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1965 type: object 1966 requests: 1967 additionalProperties: 1968 anyOf: 1969 - type: integer 1970 - type: string 1971 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1972 x-kubernetes-int-or-string: true 1973 description: |- 1974 Requests describes the minimum amount of compute resources required. 1975 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 1976 otherwise to an implementation-defined value. Requests cannot exceed Limits. 1977 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1978 type: object 1979 type: object 1980 restartPolicy: 1981 description: |- 1982 RestartPolicy defines the restart behavior of individual containers in a pod. 1983 This field may only be set for init containers, and the only allowed value is "Always". 1984 For non-init containers or when this field is not specified, 1985 the restart behavior is defined by the Pod's restart policy and the container type. 1986 Setting the RestartPolicy as "Always" for the init container will have the following effect: 1987 this init container will be continually restarted on 1988 exit until all regular containers have terminated. Once all regular 1989 containers have completed, all init containers with restartPolicy "Always" 1990 will be shut down. This lifecycle differs from normal init containers and 1991 is often referred to as a "sidecar" container. Although this init 1992 container still starts in the init container sequence, it does not wait 1993 for the container to complete before proceeding to the next init 1994 container. Instead, the next init container starts immediately after this 1995 init container is started, or after any startupProbe has successfully 1996 completed. 1997 type: string 1998 securityContext: 1999 description: |- 2000 SecurityContext defines the security options the container should be run with. 2001 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 2002 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 2003 properties: 2004 allowPrivilegeEscalation: 2005 description: |- 2006 AllowPrivilegeEscalation controls whether a process can gain more 2007 privileges than its parent process. This bool directly controls if 2008 the no_new_privs flag will be set on the container process. 2009 AllowPrivilegeEscalation is true always when the container is: 2010 1) run as Privileged 2011 2) has CAP_SYS_ADMIN 2012 Note that this field cannot be set when spec.os.name is windows. 2013 type: boolean 2014 capabilities: 2015 description: |- 2016 The capabilities to add/drop when running containers. 2017 Defaults to the default set of capabilities granted by the container runtime. 2018 Note that this field cannot be set when spec.os.name is windows. 2019 properties: 2020 add: 2021 description: Added capabilities 2022 items: 2023 description: Capability represent POSIX 2024 capabilities type 2025 type: string 2026 type: array 2027 drop: 2028 description: Removed capabilities 2029 items: 2030 description: Capability represent POSIX 2031 capabilities type 2032 type: string 2033 type: array 2034 type: object 2035 privileged: 2036 description: |- 2037 Run container in privileged mode. 2038 Processes in privileged containers are essentially equivalent to root on the host. 2039 Defaults to false. 2040 Note that this field cannot be set when spec.os.name is windows. 2041 type: boolean 2042 procMount: 2043 description: |- 2044 procMount denotes the type of proc mount to use for the containers. 2045 The default is DefaultProcMount which uses the container runtime defaults for 2046 readonly paths and masked paths. 2047 This requires the ProcMountType feature flag to be enabled. 2048 Note that this field cannot be set when spec.os.name is windows. 2049 type: string 2050 readOnlyRootFilesystem: 2051 description: |- 2052 Whether this container has a read-only root filesystem. 2053 Default is false. 2054 Note that this field cannot be set when spec.os.name is windows. 2055 type: boolean 2056 runAsGroup: 2057 description: |- 2058 The GID to run the entrypoint of the container process. 2059 Uses runtime default if unset. 2060 May also be set in PodSecurityContext. If set in both SecurityContext and 2061 PodSecurityContext, the value specified in SecurityContext takes precedence. 2062 Note that this field cannot be set when spec.os.name is windows. 2063 format: int64 2064 type: integer 2065 runAsNonRoot: 2066 description: |- 2067 Indicates that the container must run as a non-root user. 2068 If true, the Kubelet will validate the image at runtime to ensure that it 2069 does not run as UID 0 (root) and fail to start the container if it does. 2070 If unset or false, no such validation will be performed. 2071 May also be set in PodSecurityContext. If set in both SecurityContext and 2072 PodSecurityContext, the value specified in SecurityContext takes precedence. 2073 type: boolean 2074 runAsUser: 2075 description: |- 2076 The UID to run the entrypoint of the container process. 2077 Defaults to user specified in image metadata if unspecified. 2078 May also be set in PodSecurityContext. If set in both SecurityContext and 2079 PodSecurityContext, the value specified in SecurityContext takes precedence. 2080 Note that this field cannot be set when spec.os.name is windows. 2081 format: int64 2082 type: integer 2083 seLinuxOptions: 2084 description: |- 2085 The SELinux context to be applied to the container. 2086 If unspecified, the container runtime will allocate a random SELinux context for each 2087 container. May also be set in PodSecurityContext. If set in both SecurityContext and 2088 PodSecurityContext, the value specified in SecurityContext takes precedence. 2089 Note that this field cannot be set when spec.os.name is windows. 2090 properties: 2091 level: 2092 description: Level is SELinux level label 2093 that applies to the container. 2094 type: string 2095 role: 2096 description: Role is a SELinux role label 2097 that applies to the container. 2098 type: string 2099 type: 2100 description: Type is a SELinux type label 2101 that applies to the container. 2102 type: string 2103 user: 2104 description: User is a SELinux user label 2105 that applies to the container. 2106 type: string 2107 type: object 2108 seccompProfile: 2109 description: |- 2110 The seccomp options to use by this container. If seccomp options are 2111 provided at both the pod & container level, the container options 2112 override the pod options. 2113 Note that this field cannot be set when spec.os.name is windows. 2114 properties: 2115 localhostProfile: 2116 description: |- 2117 localhostProfile indicates a profile defined in a file on the node should be used. 2118 The profile must be preconfigured on the node to work. 2119 Must be a descending path, relative to the kubelet's configured seccomp profile location. 2120 Must be set if type is "Localhost". Must NOT be set for any other type. 2121 type: string 2122 type: 2123 description: |- 2124 type indicates which kind of seccomp profile will be applied. 2125 Valid options are: 2126 2127 2128 Localhost - a profile defined in a file on the node should be used. 2129 RuntimeDefault - the container runtime default profile should be used. 2130 Unconfined - no profile should be applied. 2131 type: string 2132 required: 2133 - type 2134 type: object 2135 windowsOptions: 2136 description: |- 2137 The Windows specific settings applied to all containers. 2138 If unspecified, the options from the PodSecurityContext will be used. 2139 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2140 Note that this field cannot be set when spec.os.name is linux. 2141 properties: 2142 gmsaCredentialSpec: 2143 description: |- 2144 GMSACredentialSpec is where the GMSA admission webhook 2145 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 2146 GMSA credential spec named by the GMSACredentialSpecName field. 2147 type: string 2148 gmsaCredentialSpecName: 2149 description: GMSACredentialSpecName is 2150 the name of the GMSA credential spec 2151 to use. 2152 type: string 2153 hostProcess: 2154 description: |- 2155 HostProcess determines if a container should be run as a 'Host Process' container. 2156 All of a Pod's containers must have the same effective HostProcess value 2157 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 2158 In addition, if HostProcess is true then HostNetwork must also be set to true. 2159 type: boolean 2160 runAsUserName: 2161 description: |- 2162 The UserName in Windows to run the entrypoint of the container process. 2163 Defaults to the user specified in image metadata if unspecified. 2164 May also be set in PodSecurityContext. If set in both SecurityContext and 2165 PodSecurityContext, the value specified in SecurityContext takes precedence. 2166 type: string 2167 type: object 2168 type: object 2169 startupProbe: 2170 description: |- 2171 StartupProbe indicates that the Pod has successfully initialized. 2172 If specified, no other probes are executed until this completes successfully. 2173 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 2174 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 2175 when it might take a long time to load data or warm a cache, than during steady-state operation. 2176 This cannot be updated. 2177 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2178 properties: 2179 exec: 2180 description: Exec specifies the action to 2181 take. 2182 properties: 2183 command: 2184 description: |- 2185 Command is the command line to execute inside the container, the working directory for the 2186 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2187 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2188 a shell, you need to explicitly call out to that shell. 2189 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2190 items: 2191 type: string 2192 type: array 2193 type: object 2194 failureThreshold: 2195 description: |- 2196 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2197 Defaults to 3. Minimum value is 1. 2198 format: int32 2199 type: integer 2200 grpc: 2201 description: GRPC specifies an action involving 2202 a GRPC port. 2203 properties: 2204 port: 2205 description: Port number of the gRPC service. 2206 Number must be in the range 1 to 65535. 2207 format: int32 2208 type: integer 2209 service: 2210 description: |- 2211 Service is the name of the service to place in the gRPC HealthCheckRequest 2212 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2213 2214 2215 If this is not specified, the default behavior is defined by gRPC. 2216 type: string 2217 required: 2218 - port 2219 type: object 2220 httpGet: 2221 description: HTTPGet specifies the http request 2222 to perform. 2223 properties: 2224 host: 2225 description: |- 2226 Host name to connect to, defaults to the pod IP. You probably want to set 2227 "Host" in httpHeaders instead. 2228 type: string 2229 httpHeaders: 2230 description: Custom headers to set in 2231 the request. HTTP allows repeated headers. 2232 items: 2233 description: HTTPHeader describes a 2234 custom header to be used in HTTP probes 2235 properties: 2236 name: 2237 description: |- 2238 The header field name. 2239 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2240 type: string 2241 value: 2242 description: The header field value 2243 type: string 2244 required: 2245 - name 2246 - value 2247 type: object 2248 type: array 2249 path: 2250 description: Path to access on the HTTP 2251 server. 2252 type: string 2253 port: 2254 anyOf: 2255 - type: integer 2256 - type: string 2257 description: |- 2258 Name or number of the port to access on the container. 2259 Number must be in the range 1 to 65535. 2260 Name must be an IANA_SVC_NAME. 2261 x-kubernetes-int-or-string: true 2262 scheme: 2263 description: |- 2264 Scheme to use for connecting to the host. 2265 Defaults to HTTP. 2266 type: string 2267 required: 2268 - port 2269 type: object 2270 initialDelaySeconds: 2271 description: |- 2272 Number of seconds after the container has started before liveness probes are initiated. 2273 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2274 format: int32 2275 type: integer 2276 periodSeconds: 2277 description: |- 2278 How often (in seconds) to perform the probe. 2279 Default to 10 seconds. Minimum value is 1. 2280 format: int32 2281 type: integer 2282 successThreshold: 2283 description: |- 2284 Minimum consecutive successes for the probe to be considered successful after having failed. 2285 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2286 format: int32 2287 type: integer 2288 tcpSocket: 2289 description: TCPSocket specifies an action 2290 involving a TCP port. 2291 properties: 2292 host: 2293 description: 'Optional: Host name to connect 2294 to, defaults to the pod IP.' 2295 type: string 2296 port: 2297 anyOf: 2298 - type: integer 2299 - type: string 2300 description: |- 2301 Number or name of the port to access on the container. 2302 Number must be in the range 1 to 65535. 2303 Name must be an IANA_SVC_NAME. 2304 x-kubernetes-int-or-string: true 2305 required: 2306 - port 2307 type: object 2308 terminationGracePeriodSeconds: 2309 description: |- 2310 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 2311 The grace period is the duration in seconds after the processes running in the pod are sent 2312 a termination signal and the time when the processes are forcibly halted with a kill signal. 2313 Set this value longer than the expected cleanup time for your process. 2314 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 2315 value overrides the value provided by the pod spec. 2316 Value must be non-negative integer. The value zero indicates stop immediately via 2317 the kill signal (no opportunity to shut down). 2318 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 2319 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2320 format: int64 2321 type: integer 2322 timeoutSeconds: 2323 description: |- 2324 Number of seconds after which the probe times out. 2325 Defaults to 1 second. Minimum value is 1. 2326 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 2327 format: int32 2328 type: integer 2329 type: object 2330 stdin: 2331 description: |- 2332 Whether this container should allocate a buffer for stdin in the container runtime. If this 2333 is not set, reads from stdin in the container will always result in EOF. 2334 Default is false. 2335 type: boolean 2336 stdinOnce: 2337 description: |- 2338 Whether the container runtime should close the stdin channel after it has been opened by 2339 a single attach. When stdin is true the stdin stream will remain open across multiple attach 2340 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 2341 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 2342 at which time stdin is closed and remains closed until the container is restarted. If this 2343 flag is false, a container processes that reads from stdin will never receive an EOF. 2344 Default is false 2345 type: boolean 2346 terminationMessagePath: 2347 description: |- 2348 Optional: Path at which the file to which the container's termination message 2349 will be written is mounted into the container's filesystem. 2350 Message written is intended to be brief final status, such as an assertion failure message. 2351 Will be truncated by the node if greater than 4096 bytes. The total message length across 2352 all containers will be limited to 12kb. 2353 Defaults to /dev/termination-log. 2354 Cannot be updated. 2355 type: string 2356 terminationMessagePolicy: 2357 description: |- 2358 Indicate how the termination message should be populated. File will use the contents of 2359 terminationMessagePath to populate the container status message on both success and failure. 2360 FallbackToLogsOnError will use the last chunk of container log output if the termination 2361 message file is empty and the container exited with an error. 2362 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 2363 Defaults to File. 2364 Cannot be updated. 2365 type: string 2366 tty: 2367 description: |- 2368 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 2369 Default is false. 2370 type: boolean 2371 volumeDevices: 2372 description: volumeDevices is the list of block 2373 devices to be used by the container. 2374 items: 2375 description: volumeDevice describes a mapping 2376 of a raw block device within a container. 2377 properties: 2378 devicePath: 2379 description: devicePath is the path inside 2380 of the container that the device will 2381 be mapped to. 2382 type: string 2383 name: 2384 description: name must match the name of 2385 a persistentVolumeClaim in the pod 2386 type: string 2387 required: 2388 - devicePath 2389 - name 2390 type: object 2391 type: array 2392 volumeMounts: 2393 description: |- 2394 Pod volumes to mount into the container's filesystem. 2395 Cannot be updated. 2396 items: 2397 description: VolumeMount describes a mounting 2398 of a Volume within a container. 2399 properties: 2400 mountPath: 2401 description: |- 2402 Path within the container at which the volume should be mounted. Must 2403 not contain ':'. 2404 type: string 2405 mountPropagation: 2406 description: |- 2407 mountPropagation determines how mounts are propagated from the host 2408 to container and the other way around. 2409 When not set, MountPropagationNone is used. 2410 This field is beta in 1.10. 2411 type: string 2412 name: 2413 description: This must match the Name of 2414 a Volume. 2415 type: string 2416 readOnly: 2417 description: |- 2418 Mounted read-only if true, read-write otherwise (false or unspecified). 2419 Defaults to false. 2420 type: boolean 2421 subPath: 2422 description: |- 2423 Path within the volume from which the container's volume should be mounted. 2424 Defaults to "" (volume's root). 2425 type: string 2426 subPathExpr: 2427 description: |- 2428 Expanded path within the volume from which the container's volume should be mounted. 2429 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 2430 Defaults to "" (volume's root). 2431 SubPathExpr and SubPath are mutually exclusive. 2432 type: string 2433 required: 2434 - mountPath 2435 - name 2436 type: object 2437 type: array 2438 workingDir: 2439 description: |- 2440 Container's working directory. 2441 If not specified, the container runtime's default will be used, which 2442 might be configured in the container image. 2443 Cannot be updated. 2444 type: string 2445 required: 2446 - name 2447 type: object 2448 type: array 2449 dnsConfig: 2450 description: |- 2451 Specifies the DNS parameters of a pod. 2452 Parameters specified here will be merged to the generated DNS 2453 configuration based on DNSPolicy. 2454 properties: 2455 nameservers: 2456 description: |- 2457 A list of DNS name server IP addresses. 2458 This will be appended to the base nameservers generated from DNSPolicy. 2459 Duplicated nameservers will be removed. 2460 items: 2461 type: string 2462 type: array 2463 options: 2464 description: |- 2465 A list of DNS resolver options. 2466 This will be merged with the base options generated from DNSPolicy. 2467 Duplicated entries will be removed. Resolution options given in Options 2468 will override those that appear in the base DNSPolicy. 2469 items: 2470 description: PodDNSConfigOption defines DNS resolver 2471 options of a pod. 2472 properties: 2473 name: 2474 description: Required. 2475 type: string 2476 value: 2477 type: string 2478 type: object 2479 type: array 2480 searches: 2481 description: |- 2482 A list of DNS search domains for host-name lookup. 2483 This will be appended to the base search paths generated from DNSPolicy. 2484 Duplicated search paths will be removed. 2485 items: 2486 type: string 2487 type: array 2488 type: object 2489 dnsPolicy: 2490 description: |- 2491 Set DNS policy for the pod. 2492 Defaults to "ClusterFirst". 2493 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. 2494 DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. 2495 To have DNS options set along with hostNetwork, you have to specify DNS policy 2496 explicitly to 'ClusterFirstWithHostNet'. 2497 type: string 2498 enableServiceLinks: 2499 description: |- 2500 EnableServiceLinks indicates whether information about services should be injected into pod's 2501 environment variables, matching the syntax of Docker links. 2502 Optional: Defaults to true. 2503 type: boolean 2504 ephemeralContainers: 2505 description: |- 2506 List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing 2507 pod to perform user-initiated actions such as debugging. This list cannot be specified when 2508 creating a pod, and it cannot be modified by updating the pod spec. In order to add an 2509 ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 2510 items: 2511 description: |- 2512 An EphemeralContainer is a temporary container that you may add to an existing Pod for 2513 user-initiated activities such as debugging. Ephemeral containers have no resource or 2514 scheduling guarantees, and they will not be restarted when they exit or when a Pod is 2515 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the 2516 Pod to exceed its resource allocation. 2517 2518 2519 To add an ephemeral container, use the ephemeralcontainers subresource of an existing 2520 Pod. Ephemeral containers may not be removed or restarted. 2521 properties: 2522 args: 2523 description: |- 2524 Arguments to the entrypoint. 2525 The image's CMD is used if this is not provided. 2526 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 2527 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 2528 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2529 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 2530 of whether the variable exists or not. Cannot be updated. 2531 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 2532 items: 2533 type: string 2534 type: array 2535 command: 2536 description: |- 2537 Entrypoint array. Not executed within a shell. 2538 The image's ENTRYPOINT is used if this is not provided. 2539 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 2540 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 2541 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 2542 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 2543 of whether the variable exists or not. Cannot be updated. 2544 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 2545 items: 2546 type: string 2547 type: array 2548 env: 2549 description: |- 2550 List of environment variables to set in the container. 2551 Cannot be updated. 2552 items: 2553 description: EnvVar represents an environment 2554 variable present in a Container. 2555 properties: 2556 name: 2557 description: Name of the environment variable. 2558 Must be a C_IDENTIFIER. 2559 type: string 2560 value: 2561 description: |- 2562 Variable references $(VAR_NAME) are expanded 2563 using the previously defined environment variables in the container and 2564 any service environment variables. If a variable cannot be resolved, 2565 the reference in the input string will be unchanged. Double $$ are reduced 2566 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 2567 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 2568 Escaped references will never be expanded, regardless of whether the variable 2569 exists or not. 2570 Defaults to "". 2571 type: string 2572 valueFrom: 2573 description: Source for the environment 2574 variable's value. Cannot be used if value 2575 is not empty. 2576 properties: 2577 configMapKeyRef: 2578 description: Selects a key of a ConfigMap. 2579 properties: 2580 key: 2581 description: The key to select. 2582 type: string 2583 name: 2584 description: |- 2585 Name of the referent. 2586 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2587 TODO: Add other useful fields. apiVersion, kind, uid? 2588 type: string 2589 optional: 2590 description: Specify whether the 2591 ConfigMap or its key must be defined 2592 type: boolean 2593 required: 2594 - key 2595 type: object 2596 x-kubernetes-map-type: atomic 2597 fieldRef: 2598 description: |- 2599 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 2600 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 2601 properties: 2602 apiVersion: 2603 description: Version of the schema 2604 the FieldPath is written in terms 2605 of, defaults to "v1". 2606 type: string 2607 fieldPath: 2608 description: Path of the field to 2609 select in the specified API version. 2610 type: string 2611 required: 2612 - fieldPath 2613 type: object 2614 x-kubernetes-map-type: atomic 2615 resourceFieldRef: 2616 description: |- 2617 Selects a resource of the container: only resources limits and requests 2618 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 2619 properties: 2620 containerName: 2621 description: 'Container name: required 2622 for volumes, optional for env 2623 vars' 2624 type: string 2625 divisor: 2626 anyOf: 2627 - type: integer 2628 - type: string 2629 description: Specifies the output 2630 format of the exposed resources, 2631 defaults to "1" 2632 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 2633 x-kubernetes-int-or-string: true 2634 resource: 2635 description: 'Required: resource 2636 to select' 2637 type: string 2638 required: 2639 - resource 2640 type: object 2641 x-kubernetes-map-type: atomic 2642 secretKeyRef: 2643 description: Selects a key of a secret 2644 in the pod's namespace 2645 properties: 2646 key: 2647 description: The key of the secret 2648 to select from. Must be a valid 2649 secret key. 2650 type: string 2651 name: 2652 description: |- 2653 Name of the referent. 2654 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2655 TODO: Add other useful fields. apiVersion, kind, uid? 2656 type: string 2657 optional: 2658 description: Specify whether the 2659 Secret or its key must be defined 2660 type: boolean 2661 required: 2662 - key 2663 type: object 2664 x-kubernetes-map-type: atomic 2665 type: object 2666 required: 2667 - name 2668 type: object 2669 type: array 2670 envFrom: 2671 description: |- 2672 List of sources to populate environment variables in the container. 2673 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 2674 will be reported as an event when the container is starting. When a key exists in multiple 2675 sources, the value associated with the last source will take precedence. 2676 Values defined by an Env with a duplicate key will take precedence. 2677 Cannot be updated. 2678 items: 2679 description: EnvFromSource represents the source 2680 of a set of ConfigMaps 2681 properties: 2682 configMapRef: 2683 description: The ConfigMap to select from 2684 properties: 2685 name: 2686 description: |- 2687 Name of the referent. 2688 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2689 TODO: Add other useful fields. apiVersion, kind, uid? 2690 type: string 2691 optional: 2692 description: Specify whether the ConfigMap 2693 must be defined 2694 type: boolean 2695 type: object 2696 x-kubernetes-map-type: atomic 2697 prefix: 2698 description: An optional identifier to prepend 2699 to each key in the ConfigMap. Must be 2700 a C_IDENTIFIER. 2701 type: string 2702 secretRef: 2703 description: The Secret to select from 2704 properties: 2705 name: 2706 description: |- 2707 Name of the referent. 2708 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 2709 TODO: Add other useful fields. apiVersion, kind, uid? 2710 type: string 2711 optional: 2712 description: Specify whether the Secret 2713 must be defined 2714 type: boolean 2715 type: object 2716 x-kubernetes-map-type: atomic 2717 type: object 2718 type: array 2719 image: 2720 description: |- 2721 Container image name. 2722 More info: https://kubernetes.io/docs/concepts/containers/images 2723 type: string 2724 imagePullPolicy: 2725 description: |- 2726 Image pull policy. 2727 One of Always, Never, IfNotPresent. 2728 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 2729 Cannot be updated. 2730 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 2731 type: string 2732 lifecycle: 2733 description: Lifecycle is not allowed for ephemeral 2734 containers. 2735 properties: 2736 postStart: 2737 description: |- 2738 PostStart is called immediately after a container is created. If the handler fails, 2739 the container is terminated and restarted according to its restart policy. 2740 Other management of the container blocks until the hook completes. 2741 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 2742 properties: 2743 exec: 2744 description: Exec specifies the action 2745 to take. 2746 properties: 2747 command: 2748 description: |- 2749 Command is the command line to execute inside the container, the working directory for the 2750 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2751 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2752 a shell, you need to explicitly call out to that shell. 2753 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2754 items: 2755 type: string 2756 type: array 2757 type: object 2758 httpGet: 2759 description: HTTPGet specifies the http 2760 request to perform. 2761 properties: 2762 host: 2763 description: |- 2764 Host name to connect to, defaults to the pod IP. You probably want to set 2765 "Host" in httpHeaders instead. 2766 type: string 2767 httpHeaders: 2768 description: Custom headers to set 2769 in the request. HTTP allows repeated 2770 headers. 2771 items: 2772 description: HTTPHeader describes 2773 a custom header to be used in 2774 HTTP probes 2775 properties: 2776 name: 2777 description: |- 2778 The header field name. 2779 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2780 type: string 2781 value: 2782 description: The header field 2783 value 2784 type: string 2785 required: 2786 - name 2787 - value 2788 type: object 2789 type: array 2790 path: 2791 description: Path to access on the 2792 HTTP server. 2793 type: string 2794 port: 2795 anyOf: 2796 - type: integer 2797 - type: string 2798 description: |- 2799 Name or number of the port to access on the container. 2800 Number must be in the range 1 to 65535. 2801 Name must be an IANA_SVC_NAME. 2802 x-kubernetes-int-or-string: true 2803 scheme: 2804 description: |- 2805 Scheme to use for connecting to the host. 2806 Defaults to HTTP. 2807 type: string 2808 required: 2809 - port 2810 type: object 2811 sleep: 2812 description: Sleep represents the duration 2813 that the container should sleep before 2814 being terminated. 2815 properties: 2816 seconds: 2817 description: Seconds is the number 2818 of seconds to sleep. 2819 format: int64 2820 type: integer 2821 required: 2822 - seconds 2823 type: object 2824 tcpSocket: 2825 description: |- 2826 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2827 for the backward compatibility. There are no validation of this field and 2828 lifecycle hooks will fail in runtime when tcp handler is specified. 2829 properties: 2830 host: 2831 description: 'Optional: Host name 2832 to connect to, defaults to the pod 2833 IP.' 2834 type: string 2835 port: 2836 anyOf: 2837 - type: integer 2838 - type: string 2839 description: |- 2840 Number or name of the port to access on the container. 2841 Number must be in the range 1 to 65535. 2842 Name must be an IANA_SVC_NAME. 2843 x-kubernetes-int-or-string: true 2844 required: 2845 - port 2846 type: object 2847 type: object 2848 preStop: 2849 description: |- 2850 PreStop is called immediately before a container is terminated due to an 2851 API request or management event such as liveness/startup probe failure, 2852 preemption, resource contention, etc. The handler is not called if the 2853 container crashes or exits. The Pod's termination grace period countdown begins before the 2854 PreStop hook is executed. Regardless of the outcome of the handler, the 2855 container will eventually terminate within the Pod's termination grace 2856 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 2857 or until the termination grace period is reached. 2858 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 2859 properties: 2860 exec: 2861 description: Exec specifies the action 2862 to take. 2863 properties: 2864 command: 2865 description: |- 2866 Command is the command line to execute inside the container, the working directory for the 2867 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2868 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2869 a shell, you need to explicitly call out to that shell. 2870 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2871 items: 2872 type: string 2873 type: array 2874 type: object 2875 httpGet: 2876 description: HTTPGet specifies the http 2877 request to perform. 2878 properties: 2879 host: 2880 description: |- 2881 Host name to connect to, defaults to the pod IP. You probably want to set 2882 "Host" in httpHeaders instead. 2883 type: string 2884 httpHeaders: 2885 description: Custom headers to set 2886 in the request. HTTP allows repeated 2887 headers. 2888 items: 2889 description: HTTPHeader describes 2890 a custom header to be used in 2891 HTTP probes 2892 properties: 2893 name: 2894 description: |- 2895 The header field name. 2896 This will be canonicalized upon output, so case-variant names will be understood as the same header. 2897 type: string 2898 value: 2899 description: The header field 2900 value 2901 type: string 2902 required: 2903 - name 2904 - value 2905 type: object 2906 type: array 2907 path: 2908 description: Path to access on the 2909 HTTP server. 2910 type: string 2911 port: 2912 anyOf: 2913 - type: integer 2914 - type: string 2915 description: |- 2916 Name or number of the port to access on the container. 2917 Number must be in the range 1 to 65535. 2918 Name must be an IANA_SVC_NAME. 2919 x-kubernetes-int-or-string: true 2920 scheme: 2921 description: |- 2922 Scheme to use for connecting to the host. 2923 Defaults to HTTP. 2924 type: string 2925 required: 2926 - port 2927 type: object 2928 sleep: 2929 description: Sleep represents the duration 2930 that the container should sleep before 2931 being terminated. 2932 properties: 2933 seconds: 2934 description: Seconds is the number 2935 of seconds to sleep. 2936 format: int64 2937 type: integer 2938 required: 2939 - seconds 2940 type: object 2941 tcpSocket: 2942 description: |- 2943 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 2944 for the backward compatibility. There are no validation of this field and 2945 lifecycle hooks will fail in runtime when tcp handler is specified. 2946 properties: 2947 host: 2948 description: 'Optional: Host name 2949 to connect to, defaults to the pod 2950 IP.' 2951 type: string 2952 port: 2953 anyOf: 2954 - type: integer 2955 - type: string 2956 description: |- 2957 Number or name of the port to access on the container. 2958 Number must be in the range 1 to 65535. 2959 Name must be an IANA_SVC_NAME. 2960 x-kubernetes-int-or-string: true 2961 required: 2962 - port 2963 type: object 2964 type: object 2965 type: object 2966 livenessProbe: 2967 description: Probes are not allowed for ephemeral 2968 containers. 2969 properties: 2970 exec: 2971 description: Exec specifies the action to 2972 take. 2973 properties: 2974 command: 2975 description: |- 2976 Command is the command line to execute inside the container, the working directory for the 2977 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 2978 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 2979 a shell, you need to explicitly call out to that shell. 2980 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2981 items: 2982 type: string 2983 type: array 2984 type: object 2985 failureThreshold: 2986 description: |- 2987 Minimum consecutive failures for the probe to be considered failed after having succeeded. 2988 Defaults to 3. Minimum value is 1. 2989 format: int32 2990 type: integer 2991 grpc: 2992 description: GRPC specifies an action involving 2993 a GRPC port. 2994 properties: 2995 port: 2996 description: Port number of the gRPC service. 2997 Number must be in the range 1 to 65535. 2998 format: int32 2999 type: integer 3000 service: 3001 description: |- 3002 Service is the name of the service to place in the gRPC HealthCheckRequest 3003 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3004 3005 3006 If this is not specified, the default behavior is defined by gRPC. 3007 type: string 3008 required: 3009 - port 3010 type: object 3011 httpGet: 3012 description: HTTPGet specifies the http request 3013 to perform. 3014 properties: 3015 host: 3016 description: |- 3017 Host name to connect to, defaults to the pod IP. You probably want to set 3018 "Host" in httpHeaders instead. 3019 type: string 3020 httpHeaders: 3021 description: Custom headers to set in 3022 the request. HTTP allows repeated headers. 3023 items: 3024 description: HTTPHeader describes a 3025 custom header to be used in HTTP probes 3026 properties: 3027 name: 3028 description: |- 3029 The header field name. 3030 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3031 type: string 3032 value: 3033 description: The header field value 3034 type: string 3035 required: 3036 - name 3037 - value 3038 type: object 3039 type: array 3040 path: 3041 description: Path to access on the HTTP 3042 server. 3043 type: string 3044 port: 3045 anyOf: 3046 - type: integer 3047 - type: string 3048 description: |- 3049 Name or number of the port to access on the container. 3050 Number must be in the range 1 to 65535. 3051 Name must be an IANA_SVC_NAME. 3052 x-kubernetes-int-or-string: true 3053 scheme: 3054 description: |- 3055 Scheme to use for connecting to the host. 3056 Defaults to HTTP. 3057 type: string 3058 required: 3059 - port 3060 type: object 3061 initialDelaySeconds: 3062 description: |- 3063 Number of seconds after the container has started before liveness probes are initiated. 3064 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3065 format: int32 3066 type: integer 3067 periodSeconds: 3068 description: |- 3069 How often (in seconds) to perform the probe. 3070 Default to 10 seconds. Minimum value is 1. 3071 format: int32 3072 type: integer 3073 successThreshold: 3074 description: |- 3075 Minimum consecutive successes for the probe to be considered successful after having failed. 3076 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3077 format: int32 3078 type: integer 3079 tcpSocket: 3080 description: TCPSocket specifies an action 3081 involving a TCP port. 3082 properties: 3083 host: 3084 description: 'Optional: Host name to connect 3085 to, defaults to the pod IP.' 3086 type: string 3087 port: 3088 anyOf: 3089 - type: integer 3090 - type: string 3091 description: |- 3092 Number or name of the port to access on the container. 3093 Number must be in the range 1 to 65535. 3094 Name must be an IANA_SVC_NAME. 3095 x-kubernetes-int-or-string: true 3096 required: 3097 - port 3098 type: object 3099 terminationGracePeriodSeconds: 3100 description: |- 3101 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3102 The grace period is the duration in seconds after the processes running in the pod are sent 3103 a termination signal and the time when the processes are forcibly halted with a kill signal. 3104 Set this value longer than the expected cleanup time for your process. 3105 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3106 value overrides the value provided by the pod spec. 3107 Value must be non-negative integer. The value zero indicates stop immediately via 3108 the kill signal (no opportunity to shut down). 3109 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3110 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3111 format: int64 3112 type: integer 3113 timeoutSeconds: 3114 description: |- 3115 Number of seconds after which the probe times out. 3116 Defaults to 1 second. Minimum value is 1. 3117 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3118 format: int32 3119 type: integer 3120 type: object 3121 name: 3122 description: |- 3123 Name of the ephemeral container specified as a DNS_LABEL. 3124 This name must be unique among all containers, init containers and ephemeral containers. 3125 type: string 3126 ports: 3127 description: Ports are not allowed for ephemeral 3128 containers. 3129 items: 3130 description: ContainerPort represents a network 3131 port in a single container. 3132 properties: 3133 containerPort: 3134 description: |- 3135 Number of port to expose on the pod's IP address. 3136 This must be a valid port number, 0 < x < 65536. 3137 format: int32 3138 type: integer 3139 hostIP: 3140 description: What host IP to bind the external 3141 port to. 3142 type: string 3143 hostPort: 3144 description: |- 3145 Number of port to expose on the host. 3146 If specified, this must be a valid port number, 0 < x < 65536. 3147 If HostNetwork is specified, this must match ContainerPort. 3148 Most containers do not need this. 3149 format: int32 3150 type: integer 3151 name: 3152 description: |- 3153 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 3154 named port in a pod must have a unique name. Name for the port that can be 3155 referred to by services. 3156 type: string 3157 protocol: 3158 default: TCP 3159 description: |- 3160 Protocol for port. Must be UDP, TCP, or SCTP. 3161 Defaults to "TCP". 3162 type: string 3163 required: 3164 - containerPort 3165 type: object 3166 type: array 3167 x-kubernetes-list-map-keys: 3168 - containerPort 3169 - protocol 3170 x-kubernetes-list-type: map 3171 readinessProbe: 3172 description: Probes are not allowed for ephemeral 3173 containers. 3174 properties: 3175 exec: 3176 description: Exec specifies the action to 3177 take. 3178 properties: 3179 command: 3180 description: |- 3181 Command is the command line to execute inside the container, the working directory for the 3182 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3183 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3184 a shell, you need to explicitly call out to that shell. 3185 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3186 items: 3187 type: string 3188 type: array 3189 type: object 3190 failureThreshold: 3191 description: |- 3192 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3193 Defaults to 3. Minimum value is 1. 3194 format: int32 3195 type: integer 3196 grpc: 3197 description: GRPC specifies an action involving 3198 a GRPC port. 3199 properties: 3200 port: 3201 description: Port number of the gRPC service. 3202 Number must be in the range 1 to 65535. 3203 format: int32 3204 type: integer 3205 service: 3206 description: |- 3207 Service is the name of the service to place in the gRPC HealthCheckRequest 3208 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3209 3210 3211 If this is not specified, the default behavior is defined by gRPC. 3212 type: string 3213 required: 3214 - port 3215 type: object 3216 httpGet: 3217 description: HTTPGet specifies the http request 3218 to perform. 3219 properties: 3220 host: 3221 description: |- 3222 Host name to connect to, defaults to the pod IP. You probably want to set 3223 "Host" in httpHeaders instead. 3224 type: string 3225 httpHeaders: 3226 description: Custom headers to set in 3227 the request. HTTP allows repeated headers. 3228 items: 3229 description: HTTPHeader describes a 3230 custom header to be used in HTTP probes 3231 properties: 3232 name: 3233 description: |- 3234 The header field name. 3235 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3236 type: string 3237 value: 3238 description: The header field value 3239 type: string 3240 required: 3241 - name 3242 - value 3243 type: object 3244 type: array 3245 path: 3246 description: Path to access on the HTTP 3247 server. 3248 type: string 3249 port: 3250 anyOf: 3251 - type: integer 3252 - type: string 3253 description: |- 3254 Name or number of the port to access on the container. 3255 Number must be in the range 1 to 65535. 3256 Name must be an IANA_SVC_NAME. 3257 x-kubernetes-int-or-string: true 3258 scheme: 3259 description: |- 3260 Scheme to use for connecting to the host. 3261 Defaults to HTTP. 3262 type: string 3263 required: 3264 - port 3265 type: object 3266 initialDelaySeconds: 3267 description: |- 3268 Number of seconds after the container has started before liveness probes are initiated. 3269 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3270 format: int32 3271 type: integer 3272 periodSeconds: 3273 description: |- 3274 How often (in seconds) to perform the probe. 3275 Default to 10 seconds. Minimum value is 1. 3276 format: int32 3277 type: integer 3278 successThreshold: 3279 description: |- 3280 Minimum consecutive successes for the probe to be considered successful after having failed. 3281 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3282 format: int32 3283 type: integer 3284 tcpSocket: 3285 description: TCPSocket specifies an action 3286 involving a TCP port. 3287 properties: 3288 host: 3289 description: 'Optional: Host name to connect 3290 to, defaults to the pod IP.' 3291 type: string 3292 port: 3293 anyOf: 3294 - type: integer 3295 - type: string 3296 description: |- 3297 Number or name of the port to access on the container. 3298 Number must be in the range 1 to 65535. 3299 Name must be an IANA_SVC_NAME. 3300 x-kubernetes-int-or-string: true 3301 required: 3302 - port 3303 type: object 3304 terminationGracePeriodSeconds: 3305 description: |- 3306 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3307 The grace period is the duration in seconds after the processes running in the pod are sent 3308 a termination signal and the time when the processes are forcibly halted with a kill signal. 3309 Set this value longer than the expected cleanup time for your process. 3310 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3311 value overrides the value provided by the pod spec. 3312 Value must be non-negative integer. The value zero indicates stop immediately via 3313 the kill signal (no opportunity to shut down). 3314 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3315 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3316 format: int64 3317 type: integer 3318 timeoutSeconds: 3319 description: |- 3320 Number of seconds after which the probe times out. 3321 Defaults to 1 second. Minimum value is 1. 3322 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3323 format: int32 3324 type: integer 3325 type: object 3326 resizePolicy: 3327 description: Resources resize policy for the container. 3328 items: 3329 description: ContainerResizePolicy represents 3330 resource resize policy for the container. 3331 properties: 3332 resourceName: 3333 description: |- 3334 Name of the resource to which this resource resize policy applies. 3335 Supported values: cpu, memory. 3336 type: string 3337 restartPolicy: 3338 description: |- 3339 Restart policy to apply when specified resource is resized. 3340 If not specified, it defaults to NotRequired. 3341 type: string 3342 required: 3343 - resourceName 3344 - restartPolicy 3345 type: object 3346 type: array 3347 x-kubernetes-list-type: atomic 3348 resources: 3349 description: |- 3350 Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources 3351 already allocated to the pod. 3352 properties: 3353 claims: 3354 description: |- 3355 Claims lists the names of resources, defined in spec.resourceClaims, 3356 that are used by this container. 3357 3358 3359 This is an alpha field and requires enabling the 3360 DynamicResourceAllocation feature gate. 3361 3362 3363 This field is immutable. It can only be set for containers. 3364 items: 3365 description: ResourceClaim references one 3366 entry in PodSpec.ResourceClaims. 3367 properties: 3368 name: 3369 description: |- 3370 Name must match the name of one entry in pod.spec.resourceClaims of 3371 the Pod where this field is used. It makes that resource available 3372 inside a container. 3373 type: string 3374 required: 3375 - name 3376 type: object 3377 type: array 3378 x-kubernetes-list-map-keys: 3379 - name 3380 x-kubernetes-list-type: map 3381 limits: 3382 additionalProperties: 3383 anyOf: 3384 - type: integer 3385 - type: string 3386 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3387 x-kubernetes-int-or-string: true 3388 description: |- 3389 Limits describes the maximum amount of compute resources allowed. 3390 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 3391 type: object 3392 requests: 3393 additionalProperties: 3394 anyOf: 3395 - type: integer 3396 - type: string 3397 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 3398 x-kubernetes-int-or-string: true 3399 description: |- 3400 Requests describes the minimum amount of compute resources required. 3401 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 3402 otherwise to an implementation-defined value. Requests cannot exceed Limits. 3403 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 3404 type: object 3405 type: object 3406 restartPolicy: 3407 description: |- 3408 Restart policy for the container to manage the restart behavior of each 3409 container within a pod. 3410 This may only be set for init containers. You cannot set this field on 3411 ephemeral containers. 3412 type: string 3413 securityContext: 3414 description: |- 3415 Optional: SecurityContext defines the security options the ephemeral container should be run with. 3416 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 3417 properties: 3418 allowPrivilegeEscalation: 3419 description: |- 3420 AllowPrivilegeEscalation controls whether a process can gain more 3421 privileges than its parent process. This bool directly controls if 3422 the no_new_privs flag will be set on the container process. 3423 AllowPrivilegeEscalation is true always when the container is: 3424 1) run as Privileged 3425 2) has CAP_SYS_ADMIN 3426 Note that this field cannot be set when spec.os.name is windows. 3427 type: boolean 3428 capabilities: 3429 description: |- 3430 The capabilities to add/drop when running containers. 3431 Defaults to the default set of capabilities granted by the container runtime. 3432 Note that this field cannot be set when spec.os.name is windows. 3433 properties: 3434 add: 3435 description: Added capabilities 3436 items: 3437 description: Capability represent POSIX 3438 capabilities type 3439 type: string 3440 type: array 3441 drop: 3442 description: Removed capabilities 3443 items: 3444 description: Capability represent POSIX 3445 capabilities type 3446 type: string 3447 type: array 3448 type: object 3449 privileged: 3450 description: |- 3451 Run container in privileged mode. 3452 Processes in privileged containers are essentially equivalent to root on the host. 3453 Defaults to false. 3454 Note that this field cannot be set when spec.os.name is windows. 3455 type: boolean 3456 procMount: 3457 description: |- 3458 procMount denotes the type of proc mount to use for the containers. 3459 The default is DefaultProcMount which uses the container runtime defaults for 3460 readonly paths and masked paths. 3461 This requires the ProcMountType feature flag to be enabled. 3462 Note that this field cannot be set when spec.os.name is windows. 3463 type: string 3464 readOnlyRootFilesystem: 3465 description: |- 3466 Whether this container has a read-only root filesystem. 3467 Default is false. 3468 Note that this field cannot be set when spec.os.name is windows. 3469 type: boolean 3470 runAsGroup: 3471 description: |- 3472 The GID to run the entrypoint of the container process. 3473 Uses runtime default if unset. 3474 May also be set in PodSecurityContext. If set in both SecurityContext and 3475 PodSecurityContext, the value specified in SecurityContext takes precedence. 3476 Note that this field cannot be set when spec.os.name is windows. 3477 format: int64 3478 type: integer 3479 runAsNonRoot: 3480 description: |- 3481 Indicates that the container must run as a non-root user. 3482 If true, the Kubelet will validate the image at runtime to ensure that it 3483 does not run as UID 0 (root) and fail to start the container if it does. 3484 If unset or false, no such validation will be performed. 3485 May also be set in PodSecurityContext. If set in both SecurityContext and 3486 PodSecurityContext, the value specified in SecurityContext takes precedence. 3487 type: boolean 3488 runAsUser: 3489 description: |- 3490 The UID to run the entrypoint of the container process. 3491 Defaults to user specified in image metadata if unspecified. 3492 May also be set in PodSecurityContext. If set in both SecurityContext and 3493 PodSecurityContext, the value specified in SecurityContext takes precedence. 3494 Note that this field cannot be set when spec.os.name is windows. 3495 format: int64 3496 type: integer 3497 seLinuxOptions: 3498 description: |- 3499 The SELinux context to be applied to the container. 3500 If unspecified, the container runtime will allocate a random SELinux context for each 3501 container. May also be set in PodSecurityContext. If set in both SecurityContext and 3502 PodSecurityContext, the value specified in SecurityContext takes precedence. 3503 Note that this field cannot be set when spec.os.name is windows. 3504 properties: 3505 level: 3506 description: Level is SELinux level label 3507 that applies to the container. 3508 type: string 3509 role: 3510 description: Role is a SELinux role label 3511 that applies to the container. 3512 type: string 3513 type: 3514 description: Type is a SELinux type label 3515 that applies to the container. 3516 type: string 3517 user: 3518 description: User is a SELinux user label 3519 that applies to the container. 3520 type: string 3521 type: object 3522 seccompProfile: 3523 description: |- 3524 The seccomp options to use by this container. If seccomp options are 3525 provided at both the pod & container level, the container options 3526 override the pod options. 3527 Note that this field cannot be set when spec.os.name is windows. 3528 properties: 3529 localhostProfile: 3530 description: |- 3531 localhostProfile indicates a profile defined in a file on the node should be used. 3532 The profile must be preconfigured on the node to work. 3533 Must be a descending path, relative to the kubelet's configured seccomp profile location. 3534 Must be set if type is "Localhost". Must NOT be set for any other type. 3535 type: string 3536 type: 3537 description: |- 3538 type indicates which kind of seccomp profile will be applied. 3539 Valid options are: 3540 3541 3542 Localhost - a profile defined in a file on the node should be used. 3543 RuntimeDefault - the container runtime default profile should be used. 3544 Unconfined - no profile should be applied. 3545 type: string 3546 required: 3547 - type 3548 type: object 3549 windowsOptions: 3550 description: |- 3551 The Windows specific settings applied to all containers. 3552 If unspecified, the options from the PodSecurityContext will be used. 3553 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3554 Note that this field cannot be set when spec.os.name is linux. 3555 properties: 3556 gmsaCredentialSpec: 3557 description: |- 3558 GMSACredentialSpec is where the GMSA admission webhook 3559 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 3560 GMSA credential spec named by the GMSACredentialSpecName field. 3561 type: string 3562 gmsaCredentialSpecName: 3563 description: GMSACredentialSpecName is 3564 the name of the GMSA credential spec 3565 to use. 3566 type: string 3567 hostProcess: 3568 description: |- 3569 HostProcess determines if a container should be run as a 'Host Process' container. 3570 All of a Pod's containers must have the same effective HostProcess value 3571 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 3572 In addition, if HostProcess is true then HostNetwork must also be set to true. 3573 type: boolean 3574 runAsUserName: 3575 description: |- 3576 The UserName in Windows to run the entrypoint of the container process. 3577 Defaults to the user specified in image metadata if unspecified. 3578 May also be set in PodSecurityContext. If set in both SecurityContext and 3579 PodSecurityContext, the value specified in SecurityContext takes precedence. 3580 type: string 3581 type: object 3582 type: object 3583 startupProbe: 3584 description: Probes are not allowed for ephemeral 3585 containers. 3586 properties: 3587 exec: 3588 description: Exec specifies the action to 3589 take. 3590 properties: 3591 command: 3592 description: |- 3593 Command is the command line to execute inside the container, the working directory for the 3594 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 3595 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 3596 a shell, you need to explicitly call out to that shell. 3597 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3598 items: 3599 type: string 3600 type: array 3601 type: object 3602 failureThreshold: 3603 description: |- 3604 Minimum consecutive failures for the probe to be considered failed after having succeeded. 3605 Defaults to 3. Minimum value is 1. 3606 format: int32 3607 type: integer 3608 grpc: 3609 description: GRPC specifies an action involving 3610 a GRPC port. 3611 properties: 3612 port: 3613 description: Port number of the gRPC service. 3614 Number must be in the range 1 to 65535. 3615 format: int32 3616 type: integer 3617 service: 3618 description: |- 3619 Service is the name of the service to place in the gRPC HealthCheckRequest 3620 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3621 3622 3623 If this is not specified, the default behavior is defined by gRPC. 3624 type: string 3625 required: 3626 - port 3627 type: object 3628 httpGet: 3629 description: HTTPGet specifies the http request 3630 to perform. 3631 properties: 3632 host: 3633 description: |- 3634 Host name to connect to, defaults to the pod IP. You probably want to set 3635 "Host" in httpHeaders instead. 3636 type: string 3637 httpHeaders: 3638 description: Custom headers to set in 3639 the request. HTTP allows repeated headers. 3640 items: 3641 description: HTTPHeader describes a 3642 custom header to be used in HTTP probes 3643 properties: 3644 name: 3645 description: |- 3646 The header field name. 3647 This will be canonicalized upon output, so case-variant names will be understood as the same header. 3648 type: string 3649 value: 3650 description: The header field value 3651 type: string 3652 required: 3653 - name 3654 - value 3655 type: object 3656 type: array 3657 path: 3658 description: Path to access on the HTTP 3659 server. 3660 type: string 3661 port: 3662 anyOf: 3663 - type: integer 3664 - type: string 3665 description: |- 3666 Name or number of the port to access on the container. 3667 Number must be in the range 1 to 65535. 3668 Name must be an IANA_SVC_NAME. 3669 x-kubernetes-int-or-string: true 3670 scheme: 3671 description: |- 3672 Scheme to use for connecting to the host. 3673 Defaults to HTTP. 3674 type: string 3675 required: 3676 - port 3677 type: object 3678 initialDelaySeconds: 3679 description: |- 3680 Number of seconds after the container has started before liveness probes are initiated. 3681 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3682 format: int32 3683 type: integer 3684 periodSeconds: 3685 description: |- 3686 How often (in seconds) to perform the probe. 3687 Default to 10 seconds. Minimum value is 1. 3688 format: int32 3689 type: integer 3690 successThreshold: 3691 description: |- 3692 Minimum consecutive successes for the probe to be considered successful after having failed. 3693 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3694 format: int32 3695 type: integer 3696 tcpSocket: 3697 description: TCPSocket specifies an action 3698 involving a TCP port. 3699 properties: 3700 host: 3701 description: 'Optional: Host name to connect 3702 to, defaults to the pod IP.' 3703 type: string 3704 port: 3705 anyOf: 3706 - type: integer 3707 - type: string 3708 description: |- 3709 Number or name of the port to access on the container. 3710 Number must be in the range 1 to 65535. 3711 Name must be an IANA_SVC_NAME. 3712 x-kubernetes-int-or-string: true 3713 required: 3714 - port 3715 type: object 3716 terminationGracePeriodSeconds: 3717 description: |- 3718 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 3719 The grace period is the duration in seconds after the processes running in the pod are sent 3720 a termination signal and the time when the processes are forcibly halted with a kill signal. 3721 Set this value longer than the expected cleanup time for your process. 3722 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 3723 value overrides the value provided by the pod spec. 3724 Value must be non-negative integer. The value zero indicates stop immediately via 3725 the kill signal (no opportunity to shut down). 3726 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 3727 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3728 format: int64 3729 type: integer 3730 timeoutSeconds: 3731 description: |- 3732 Number of seconds after which the probe times out. 3733 Defaults to 1 second. Minimum value is 1. 3734 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 3735 format: int32 3736 type: integer 3737 type: object 3738 stdin: 3739 description: |- 3740 Whether this container should allocate a buffer for stdin in the container runtime. If this 3741 is not set, reads from stdin in the container will always result in EOF. 3742 Default is false. 3743 type: boolean 3744 stdinOnce: 3745 description: |- 3746 Whether the container runtime should close the stdin channel after it has been opened by 3747 a single attach. When stdin is true the stdin stream will remain open across multiple attach 3748 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 3749 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 3750 at which time stdin is closed and remains closed until the container is restarted. If this 3751 flag is false, a container processes that reads from stdin will never receive an EOF. 3752 Default is false 3753 type: boolean 3754 targetContainerName: 3755 description: |- 3756 If set, the name of the container from PodSpec that this ephemeral container targets. 3757 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. 3758 If not set then the ephemeral container uses the namespaces configured in the Pod spec. 3759 3760 3761 The container runtime must implement support for this feature. If the runtime does not 3762 support namespace targeting then the result of setting this field is undefined. 3763 type: string 3764 terminationMessagePath: 3765 description: |- 3766 Optional: Path at which the file to which the container's termination message 3767 will be written is mounted into the container's filesystem. 3768 Message written is intended to be brief final status, such as an assertion failure message. 3769 Will be truncated by the node if greater than 4096 bytes. The total message length across 3770 all containers will be limited to 12kb. 3771 Defaults to /dev/termination-log. 3772 Cannot be updated. 3773 type: string 3774 terminationMessagePolicy: 3775 description: |- 3776 Indicate how the termination message should be populated. File will use the contents of 3777 terminationMessagePath to populate the container status message on both success and failure. 3778 FallbackToLogsOnError will use the last chunk of container log output if the termination 3779 message file is empty and the container exited with an error. 3780 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 3781 Defaults to File. 3782 Cannot be updated. 3783 type: string 3784 tty: 3785 description: |- 3786 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 3787 Default is false. 3788 type: boolean 3789 volumeDevices: 3790 description: volumeDevices is the list of block 3791 devices to be used by the container. 3792 items: 3793 description: volumeDevice describes a mapping 3794 of a raw block device within a container. 3795 properties: 3796 devicePath: 3797 description: devicePath is the path inside 3798 of the container that the device will 3799 be mapped to. 3800 type: string 3801 name: 3802 description: name must match the name of 3803 a persistentVolumeClaim in the pod 3804 type: string 3805 required: 3806 - devicePath 3807 - name 3808 type: object 3809 type: array 3810 volumeMounts: 3811 description: |- 3812 Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. 3813 Cannot be updated. 3814 items: 3815 description: VolumeMount describes a mounting 3816 of a Volume within a container. 3817 properties: 3818 mountPath: 3819 description: |- 3820 Path within the container at which the volume should be mounted. Must 3821 not contain ':'. 3822 type: string 3823 mountPropagation: 3824 description: |- 3825 mountPropagation determines how mounts are propagated from the host 3826 to container and the other way around. 3827 When not set, MountPropagationNone is used. 3828 This field is beta in 1.10. 3829 type: string 3830 name: 3831 description: This must match the Name of 3832 a Volume. 3833 type: string 3834 readOnly: 3835 description: |- 3836 Mounted read-only if true, read-write otherwise (false or unspecified). 3837 Defaults to false. 3838 type: boolean 3839 subPath: 3840 description: |- 3841 Path within the volume from which the container's volume should be mounted. 3842 Defaults to "" (volume's root). 3843 type: string 3844 subPathExpr: 3845 description: |- 3846 Expanded path within the volume from which the container's volume should be mounted. 3847 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 3848 Defaults to "" (volume's root). 3849 SubPathExpr and SubPath are mutually exclusive. 3850 type: string 3851 required: 3852 - mountPath 3853 - name 3854 type: object 3855 type: array 3856 workingDir: 3857 description: |- 3858 Container's working directory. 3859 If not specified, the container runtime's default will be used, which 3860 might be configured in the container image. 3861 Cannot be updated. 3862 type: string 3863 required: 3864 - name 3865 type: object 3866 type: array 3867 hostAliases: 3868 description: |- 3869 HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts 3870 file if specified. This is only valid for non-hostNetwork pods. 3871 items: 3872 description: |- 3873 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the 3874 pod's hosts file. 3875 properties: 3876 hostnames: 3877 description: Hostnames for the above IP address. 3878 items: 3879 type: string 3880 type: array 3881 ip: 3882 description: IP address of the host file entry. 3883 type: string 3884 type: object 3885 type: array 3886 hostIPC: 3887 description: |- 3888 Use the host's ipc namespace. 3889 Optional: Default to false. 3890 type: boolean 3891 hostNetwork: 3892 description: |- 3893 Host networking requested for this pod. Use the host's network namespace. 3894 If this option is set, the ports that will be used must be specified. 3895 Default to false. 3896 type: boolean 3897 hostPID: 3898 description: |- 3899 Use the host's pid namespace. 3900 Optional: Default to false. 3901 type: boolean 3902 hostUsers: 3903 description: |- 3904 Use the host's user namespace. 3905 Optional: Default to true. 3906 If set to true or not present, the pod will be run in the host user namespace, useful 3907 for when the pod needs a feature only available to the host user namespace, such as 3908 loading a kernel module with CAP_SYS_MODULE. 3909 When set to false, a new userns is created for the pod. Setting false is useful for 3910 mitigating container breakout vulnerabilities even allowing users to run their 3911 containers as root without actually having root privileges on the host. 3912 This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. 3913 type: boolean 3914 hostname: 3915 description: |- 3916 Specifies the hostname of the Pod 3917 If not specified, the pod's hostname will be set to a system-defined value. 3918 type: string 3919 imagePullSecrets: 3920 description: |- 3921 ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. 3922 If specified, these secrets will be passed to individual puller implementations for them to use. 3923 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod 3924 items: 3925 description: |- 3926 LocalObjectReference contains enough information to let you locate the 3927 referenced object inside the same namespace. 3928 properties: 3929 name: 3930 description: |- 3931 Name of the referent. 3932 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 3933 TODO: Add other useful fields. apiVersion, kind, uid? 3934 type: string 3935 type: object 3936 x-kubernetes-map-type: atomic 3937 type: array 3938 initContainers: 3939 description: |- 3940 List of initialization containers belonging to the pod. 3941 Init containers are executed in order prior to containers being started. If any 3942 init container fails, the pod is considered to have failed and is handled according 3943 to its restartPolicy. The name for an init container or normal container must be 3944 unique among all containers. 3945 Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. 3946 The resourceRequirements of an init container are taken into account during scheduling 3947 by finding the highest request/limit for each resource type, and then using the max of 3948 of that value or the sum of the normal containers. Limits are applied to init containers 3949 in a similar fashion. 3950 Init containers cannot currently be added or removed. 3951 Cannot be updated. 3952 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ 3953 items: 3954 description: A single application container that you 3955 want to run within a pod. 3956 properties: 3957 args: 3958 description: |- 3959 Arguments to the entrypoint. 3960 The container image's CMD is used if this is not provided. 3961 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3962 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3963 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3964 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3965 of whether the variable exists or not. Cannot be updated. 3966 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3967 items: 3968 type: string 3969 type: array 3970 command: 3971 description: |- 3972 Entrypoint array. Not executed within a shell. 3973 The container image's ENTRYPOINT is used if this is not provided. 3974 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable 3975 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced 3976 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will 3977 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless 3978 of whether the variable exists or not. Cannot be updated. 3979 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell 3980 items: 3981 type: string 3982 type: array 3983 env: 3984 description: |- 3985 List of environment variables to set in the container. 3986 Cannot be updated. 3987 items: 3988 description: EnvVar represents an environment 3989 variable present in a Container. 3990 properties: 3991 name: 3992 description: Name of the environment variable. 3993 Must be a C_IDENTIFIER. 3994 type: string 3995 value: 3996 description: |- 3997 Variable references $(VAR_NAME) are expanded 3998 using the previously defined environment variables in the container and 3999 any service environment variables. If a variable cannot be resolved, 4000 the reference in the input string will be unchanged. Double $$ are reduced 4001 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. 4002 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". 4003 Escaped references will never be expanded, regardless of whether the variable 4004 exists or not. 4005 Defaults to "". 4006 type: string 4007 valueFrom: 4008 description: Source for the environment 4009 variable's value. Cannot be used if value 4010 is not empty. 4011 properties: 4012 configMapKeyRef: 4013 description: Selects a key of a ConfigMap. 4014 properties: 4015 key: 4016 description: The key to select. 4017 type: string 4018 name: 4019 description: |- 4020 Name of the referent. 4021 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4022 TODO: Add other useful fields. apiVersion, kind, uid? 4023 type: string 4024 optional: 4025 description: Specify whether the 4026 ConfigMap or its key must be defined 4027 type: boolean 4028 required: 4029 - key 4030 type: object 4031 x-kubernetes-map-type: atomic 4032 fieldRef: 4033 description: |- 4034 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, 4035 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. 4036 properties: 4037 apiVersion: 4038 description: Version of the schema 4039 the FieldPath is written in terms 4040 of, defaults to "v1". 4041 type: string 4042 fieldPath: 4043 description: Path of the field to 4044 select in the specified API version. 4045 type: string 4046 required: 4047 - fieldPath 4048 type: object 4049 x-kubernetes-map-type: atomic 4050 resourceFieldRef: 4051 description: |- 4052 Selects a resource of the container: only resources limits and requests 4053 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. 4054 properties: 4055 containerName: 4056 description: 'Container name: required 4057 for volumes, optional for env 4058 vars' 4059 type: string 4060 divisor: 4061 anyOf: 4062 - type: integer 4063 - type: string 4064 description: Specifies the output 4065 format of the exposed resources, 4066 defaults to "1" 4067 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4068 x-kubernetes-int-or-string: true 4069 resource: 4070 description: 'Required: resource 4071 to select' 4072 type: string 4073 required: 4074 - resource 4075 type: object 4076 x-kubernetes-map-type: atomic 4077 secretKeyRef: 4078 description: Selects a key of a secret 4079 in the pod's namespace 4080 properties: 4081 key: 4082 description: The key of the secret 4083 to select from. Must be a valid 4084 secret key. 4085 type: string 4086 name: 4087 description: |- 4088 Name of the referent. 4089 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4090 TODO: Add other useful fields. apiVersion, kind, uid? 4091 type: string 4092 optional: 4093 description: Specify whether the 4094 Secret or its key must be defined 4095 type: boolean 4096 required: 4097 - key 4098 type: object 4099 x-kubernetes-map-type: atomic 4100 type: object 4101 required: 4102 - name 4103 type: object 4104 type: array 4105 envFrom: 4106 description: |- 4107 List of sources to populate environment variables in the container. 4108 The keys defined within a source must be a C_IDENTIFIER. All invalid keys 4109 will be reported as an event when the container is starting. When a key exists in multiple 4110 sources, the value associated with the last source will take precedence. 4111 Values defined by an Env with a duplicate key will take precedence. 4112 Cannot be updated. 4113 items: 4114 description: EnvFromSource represents the source 4115 of a set of ConfigMaps 4116 properties: 4117 configMapRef: 4118 description: The ConfigMap to select from 4119 properties: 4120 name: 4121 description: |- 4122 Name of the referent. 4123 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4124 TODO: Add other useful fields. apiVersion, kind, uid? 4125 type: string 4126 optional: 4127 description: Specify whether the ConfigMap 4128 must be defined 4129 type: boolean 4130 type: object 4131 x-kubernetes-map-type: atomic 4132 prefix: 4133 description: An optional identifier to prepend 4134 to each key in the ConfigMap. Must be 4135 a C_IDENTIFIER. 4136 type: string 4137 secretRef: 4138 description: The Secret to select from 4139 properties: 4140 name: 4141 description: |- 4142 Name of the referent. 4143 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 4144 TODO: Add other useful fields. apiVersion, kind, uid? 4145 type: string 4146 optional: 4147 description: Specify whether the Secret 4148 must be defined 4149 type: boolean 4150 type: object 4151 x-kubernetes-map-type: atomic 4152 type: object 4153 type: array 4154 image: 4155 description: |- 4156 Container image name. 4157 More info: https://kubernetes.io/docs/concepts/containers/images 4158 This field is optional to allow higher level config management to default or override 4159 container images in workload controllers like Deployments and StatefulSets. 4160 type: string 4161 imagePullPolicy: 4162 description: |- 4163 Image pull policy. 4164 One of Always, Never, IfNotPresent. 4165 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 4166 Cannot be updated. 4167 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 4168 type: string 4169 lifecycle: 4170 description: |- 4171 Actions that the management system should take in response to container lifecycle events. 4172 Cannot be updated. 4173 properties: 4174 postStart: 4175 description: |- 4176 PostStart is called immediately after a container is created. If the handler fails, 4177 the container is terminated and restarted according to its restart policy. 4178 Other management of the container blocks until the hook completes. 4179 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4180 properties: 4181 exec: 4182 description: Exec specifies the action 4183 to take. 4184 properties: 4185 command: 4186 description: |- 4187 Command is the command line to execute inside the container, the working directory for the 4188 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4189 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4190 a shell, you need to explicitly call out to that shell. 4191 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4192 items: 4193 type: string 4194 type: array 4195 type: object 4196 httpGet: 4197 description: HTTPGet specifies the http 4198 request to perform. 4199 properties: 4200 host: 4201 description: |- 4202 Host name to connect to, defaults to the pod IP. You probably want to set 4203 "Host" in httpHeaders instead. 4204 type: string 4205 httpHeaders: 4206 description: Custom headers to set 4207 in the request. HTTP allows repeated 4208 headers. 4209 items: 4210 description: HTTPHeader describes 4211 a custom header to be used in 4212 HTTP probes 4213 properties: 4214 name: 4215 description: |- 4216 The header field name. 4217 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4218 type: string 4219 value: 4220 description: The header field 4221 value 4222 type: string 4223 required: 4224 - name 4225 - value 4226 type: object 4227 type: array 4228 path: 4229 description: Path to access on the 4230 HTTP server. 4231 type: string 4232 port: 4233 anyOf: 4234 - type: integer 4235 - type: string 4236 description: |- 4237 Name or number of the port to access on the container. 4238 Number must be in the range 1 to 65535. 4239 Name must be an IANA_SVC_NAME. 4240 x-kubernetes-int-or-string: true 4241 scheme: 4242 description: |- 4243 Scheme to use for connecting to the host. 4244 Defaults to HTTP. 4245 type: string 4246 required: 4247 - port 4248 type: object 4249 sleep: 4250 description: Sleep represents the duration 4251 that the container should sleep before 4252 being terminated. 4253 properties: 4254 seconds: 4255 description: Seconds is the number 4256 of seconds to sleep. 4257 format: int64 4258 type: integer 4259 required: 4260 - seconds 4261 type: object 4262 tcpSocket: 4263 description: |- 4264 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 4265 for the backward compatibility. There are no validation of this field and 4266 lifecycle hooks will fail in runtime when tcp handler is specified. 4267 properties: 4268 host: 4269 description: 'Optional: Host name 4270 to connect to, defaults to the pod 4271 IP.' 4272 type: string 4273 port: 4274 anyOf: 4275 - type: integer 4276 - type: string 4277 description: |- 4278 Number or name of the port to access on the container. 4279 Number must be in the range 1 to 65535. 4280 Name must be an IANA_SVC_NAME. 4281 x-kubernetes-int-or-string: true 4282 required: 4283 - port 4284 type: object 4285 type: object 4286 preStop: 4287 description: |- 4288 PreStop is called immediately before a container is terminated due to an 4289 API request or management event such as liveness/startup probe failure, 4290 preemption, resource contention, etc. The handler is not called if the 4291 container crashes or exits. The Pod's termination grace period countdown begins before the 4292 PreStop hook is executed. Regardless of the outcome of the handler, the 4293 container will eventually terminate within the Pod's termination grace 4294 period (unless delayed by finalizers). Other management of the container blocks until the hook completes 4295 or until the termination grace period is reached. 4296 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks 4297 properties: 4298 exec: 4299 description: Exec specifies the action 4300 to take. 4301 properties: 4302 command: 4303 description: |- 4304 Command is the command line to execute inside the container, the working directory for the 4305 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4306 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4307 a shell, you need to explicitly call out to that shell. 4308 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4309 items: 4310 type: string 4311 type: array 4312 type: object 4313 httpGet: 4314 description: HTTPGet specifies the http 4315 request to perform. 4316 properties: 4317 host: 4318 description: |- 4319 Host name to connect to, defaults to the pod IP. You probably want to set 4320 "Host" in httpHeaders instead. 4321 type: string 4322 httpHeaders: 4323 description: Custom headers to set 4324 in the request. HTTP allows repeated 4325 headers. 4326 items: 4327 description: HTTPHeader describes 4328 a custom header to be used in 4329 HTTP probes 4330 properties: 4331 name: 4332 description: |- 4333 The header field name. 4334 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4335 type: string 4336 value: 4337 description: The header field 4338 value 4339 type: string 4340 required: 4341 - name 4342 - value 4343 type: object 4344 type: array 4345 path: 4346 description: Path to access on the 4347 HTTP server. 4348 type: string 4349 port: 4350 anyOf: 4351 - type: integer 4352 - type: string 4353 description: |- 4354 Name or number of the port to access on the container. 4355 Number must be in the range 1 to 65535. 4356 Name must be an IANA_SVC_NAME. 4357 x-kubernetes-int-or-string: true 4358 scheme: 4359 description: |- 4360 Scheme to use for connecting to the host. 4361 Defaults to HTTP. 4362 type: string 4363 required: 4364 - port 4365 type: object 4366 sleep: 4367 description: Sleep represents the duration 4368 that the container should sleep before 4369 being terminated. 4370 properties: 4371 seconds: 4372 description: Seconds is the number 4373 of seconds to sleep. 4374 format: int64 4375 type: integer 4376 required: 4377 - seconds 4378 type: object 4379 tcpSocket: 4380 description: |- 4381 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept 4382 for the backward compatibility. There are no validation of this field and 4383 lifecycle hooks will fail in runtime when tcp handler is specified. 4384 properties: 4385 host: 4386 description: 'Optional: Host name 4387 to connect to, defaults to the pod 4388 IP.' 4389 type: string 4390 port: 4391 anyOf: 4392 - type: integer 4393 - type: string 4394 description: |- 4395 Number or name of the port to access on the container. 4396 Number must be in the range 1 to 65535. 4397 Name must be an IANA_SVC_NAME. 4398 x-kubernetes-int-or-string: true 4399 required: 4400 - port 4401 type: object 4402 type: object 4403 type: object 4404 livenessProbe: 4405 description: |- 4406 Periodic probe of container liveness. 4407 Container will be restarted if the probe fails. 4408 Cannot be updated. 4409 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4410 properties: 4411 exec: 4412 description: Exec specifies the action to 4413 take. 4414 properties: 4415 command: 4416 description: |- 4417 Command is the command line to execute inside the container, the working directory for the 4418 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4419 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4420 a shell, you need to explicitly call out to that shell. 4421 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4422 items: 4423 type: string 4424 type: array 4425 type: object 4426 failureThreshold: 4427 description: |- 4428 Minimum consecutive failures for the probe to be considered failed after having succeeded. 4429 Defaults to 3. Minimum value is 1. 4430 format: int32 4431 type: integer 4432 grpc: 4433 description: GRPC specifies an action involving 4434 a GRPC port. 4435 properties: 4436 port: 4437 description: Port number of the gRPC service. 4438 Number must be in the range 1 to 65535. 4439 format: int32 4440 type: integer 4441 service: 4442 description: |- 4443 Service is the name of the service to place in the gRPC HealthCheckRequest 4444 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4445 4446 4447 If this is not specified, the default behavior is defined by gRPC. 4448 type: string 4449 required: 4450 - port 4451 type: object 4452 httpGet: 4453 description: HTTPGet specifies the http request 4454 to perform. 4455 properties: 4456 host: 4457 description: |- 4458 Host name to connect to, defaults to the pod IP. You probably want to set 4459 "Host" in httpHeaders instead. 4460 type: string 4461 httpHeaders: 4462 description: Custom headers to set in 4463 the request. HTTP allows repeated headers. 4464 items: 4465 description: HTTPHeader describes a 4466 custom header to be used in HTTP probes 4467 properties: 4468 name: 4469 description: |- 4470 The header field name. 4471 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4472 type: string 4473 value: 4474 description: The header field value 4475 type: string 4476 required: 4477 - name 4478 - value 4479 type: object 4480 type: array 4481 path: 4482 description: Path to access on the HTTP 4483 server. 4484 type: string 4485 port: 4486 anyOf: 4487 - type: integer 4488 - type: string 4489 description: |- 4490 Name or number of the port to access on the container. 4491 Number must be in the range 1 to 65535. 4492 Name must be an IANA_SVC_NAME. 4493 x-kubernetes-int-or-string: true 4494 scheme: 4495 description: |- 4496 Scheme to use for connecting to the host. 4497 Defaults to HTTP. 4498 type: string 4499 required: 4500 - port 4501 type: object 4502 initialDelaySeconds: 4503 description: |- 4504 Number of seconds after the container has started before liveness probes are initiated. 4505 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4506 format: int32 4507 type: integer 4508 periodSeconds: 4509 description: |- 4510 How often (in seconds) to perform the probe. 4511 Default to 10 seconds. Minimum value is 1. 4512 format: int32 4513 type: integer 4514 successThreshold: 4515 description: |- 4516 Minimum consecutive successes for the probe to be considered successful after having failed. 4517 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4518 format: int32 4519 type: integer 4520 tcpSocket: 4521 description: TCPSocket specifies an action 4522 involving a TCP port. 4523 properties: 4524 host: 4525 description: 'Optional: Host name to connect 4526 to, defaults to the pod IP.' 4527 type: string 4528 port: 4529 anyOf: 4530 - type: integer 4531 - type: string 4532 description: |- 4533 Number or name of the port to access on the container. 4534 Number must be in the range 1 to 65535. 4535 Name must be an IANA_SVC_NAME. 4536 x-kubernetes-int-or-string: true 4537 required: 4538 - port 4539 type: object 4540 terminationGracePeriodSeconds: 4541 description: |- 4542 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 4543 The grace period is the duration in seconds after the processes running in the pod are sent 4544 a termination signal and the time when the processes are forcibly halted with a kill signal. 4545 Set this value longer than the expected cleanup time for your process. 4546 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 4547 value overrides the value provided by the pod spec. 4548 Value must be non-negative integer. The value zero indicates stop immediately via 4549 the kill signal (no opportunity to shut down). 4550 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 4551 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4552 format: int64 4553 type: integer 4554 timeoutSeconds: 4555 description: |- 4556 Number of seconds after which the probe times out. 4557 Defaults to 1 second. Minimum value is 1. 4558 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4559 format: int32 4560 type: integer 4561 type: object 4562 name: 4563 description: |- 4564 Name of the container specified as a DNS_LABEL. 4565 Each container in a pod must have a unique name (DNS_LABEL). 4566 Cannot be updated. 4567 type: string 4568 ports: 4569 description: |- 4570 List of ports to expose from the container. Not specifying a port here 4571 DOES NOT prevent that port from being exposed. Any port which is 4572 listening on the default "0.0.0.0" address inside a container will be 4573 accessible from the network. 4574 Modifying this array with strategic merge patch may corrupt the data. 4575 For more information See https://github.com/kubernetes/kubernetes/issues/108255. 4576 Cannot be updated. 4577 items: 4578 description: ContainerPort represents a network 4579 port in a single container. 4580 properties: 4581 containerPort: 4582 description: |- 4583 Number of port to expose on the pod's IP address. 4584 This must be a valid port number, 0 < x < 65536. 4585 format: int32 4586 type: integer 4587 hostIP: 4588 description: What host IP to bind the external 4589 port to. 4590 type: string 4591 hostPort: 4592 description: |- 4593 Number of port to expose on the host. 4594 If specified, this must be a valid port number, 0 < x < 65536. 4595 If HostNetwork is specified, this must match ContainerPort. 4596 Most containers do not need this. 4597 format: int32 4598 type: integer 4599 name: 4600 description: |- 4601 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each 4602 named port in a pod must have a unique name. Name for the port that can be 4603 referred to by services. 4604 type: string 4605 protocol: 4606 default: TCP 4607 description: |- 4608 Protocol for port. Must be UDP, TCP, or SCTP. 4609 Defaults to "TCP". 4610 type: string 4611 required: 4612 - containerPort 4613 type: object 4614 type: array 4615 x-kubernetes-list-map-keys: 4616 - containerPort 4617 - protocol 4618 x-kubernetes-list-type: map 4619 readinessProbe: 4620 description: |- 4621 Periodic probe of container service readiness. 4622 Container will be removed from service endpoints if the probe fails. 4623 Cannot be updated. 4624 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4625 properties: 4626 exec: 4627 description: Exec specifies the action to 4628 take. 4629 properties: 4630 command: 4631 description: |- 4632 Command is the command line to execute inside the container, the working directory for the 4633 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 4634 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 4635 a shell, you need to explicitly call out to that shell. 4636 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 4637 items: 4638 type: string 4639 type: array 4640 type: object 4641 failureThreshold: 4642 description: |- 4643 Minimum consecutive failures for the probe to be considered failed after having succeeded. 4644 Defaults to 3. Minimum value is 1. 4645 format: int32 4646 type: integer 4647 grpc: 4648 description: GRPC specifies an action involving 4649 a GRPC port. 4650 properties: 4651 port: 4652 description: Port number of the gRPC service. 4653 Number must be in the range 1 to 65535. 4654 format: int32 4655 type: integer 4656 service: 4657 description: |- 4658 Service is the name of the service to place in the gRPC HealthCheckRequest 4659 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 4660 4661 4662 If this is not specified, the default behavior is defined by gRPC. 4663 type: string 4664 required: 4665 - port 4666 type: object 4667 httpGet: 4668 description: HTTPGet specifies the http request 4669 to perform. 4670 properties: 4671 host: 4672 description: |- 4673 Host name to connect to, defaults to the pod IP. You probably want to set 4674 "Host" in httpHeaders instead. 4675 type: string 4676 httpHeaders: 4677 description: Custom headers to set in 4678 the request. HTTP allows repeated headers. 4679 items: 4680 description: HTTPHeader describes a 4681 custom header to be used in HTTP probes 4682 properties: 4683 name: 4684 description: |- 4685 The header field name. 4686 This will be canonicalized upon output, so case-variant names will be understood as the same header. 4687 type: string 4688 value: 4689 description: The header field value 4690 type: string 4691 required: 4692 - name 4693 - value 4694 type: object 4695 type: array 4696 path: 4697 description: Path to access on the HTTP 4698 server. 4699 type: string 4700 port: 4701 anyOf: 4702 - type: integer 4703 - type: string 4704 description: |- 4705 Name or number of the port to access on the container. 4706 Number must be in the range 1 to 65535. 4707 Name must be an IANA_SVC_NAME. 4708 x-kubernetes-int-or-string: true 4709 scheme: 4710 description: |- 4711 Scheme to use for connecting to the host. 4712 Defaults to HTTP. 4713 type: string 4714 required: 4715 - port 4716 type: object 4717 initialDelaySeconds: 4718 description: |- 4719 Number of seconds after the container has started before liveness probes are initiated. 4720 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4721 format: int32 4722 type: integer 4723 periodSeconds: 4724 description: |- 4725 How often (in seconds) to perform the probe. 4726 Default to 10 seconds. Minimum value is 1. 4727 format: int32 4728 type: integer 4729 successThreshold: 4730 description: |- 4731 Minimum consecutive successes for the probe to be considered successful after having failed. 4732 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 4733 format: int32 4734 type: integer 4735 tcpSocket: 4736 description: TCPSocket specifies an action 4737 involving a TCP port. 4738 properties: 4739 host: 4740 description: 'Optional: Host name to connect 4741 to, defaults to the pod IP.' 4742 type: string 4743 port: 4744 anyOf: 4745 - type: integer 4746 - type: string 4747 description: |- 4748 Number or name of the port to access on the container. 4749 Number must be in the range 1 to 65535. 4750 Name must be an IANA_SVC_NAME. 4751 x-kubernetes-int-or-string: true 4752 required: 4753 - port 4754 type: object 4755 terminationGracePeriodSeconds: 4756 description: |- 4757 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 4758 The grace period is the duration in seconds after the processes running in the pod are sent 4759 a termination signal and the time when the processes are forcibly halted with a kill signal. 4760 Set this value longer than the expected cleanup time for your process. 4761 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 4762 value overrides the value provided by the pod spec. 4763 Value must be non-negative integer. The value zero indicates stop immediately via 4764 the kill signal (no opportunity to shut down). 4765 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 4766 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 4767 format: int64 4768 type: integer 4769 timeoutSeconds: 4770 description: |- 4771 Number of seconds after which the probe times out. 4772 Defaults to 1 second. Minimum value is 1. 4773 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 4774 format: int32 4775 type: integer 4776 type: object 4777 resizePolicy: 4778 description: Resources resize policy for the container. 4779 items: 4780 description: ContainerResizePolicy represents 4781 resource resize policy for the container. 4782 properties: 4783 resourceName: 4784 description: |- 4785 Name of the resource to which this resource resize policy applies. 4786 Supported values: cpu, memory. 4787 type: string 4788 restartPolicy: 4789 description: |- 4790 Restart policy to apply when specified resource is resized. 4791 If not specified, it defaults to NotRequired. 4792 type: string 4793 required: 4794 - resourceName 4795 - restartPolicy 4796 type: object 4797 type: array 4798 x-kubernetes-list-type: atomic 4799 resources: 4800 description: |- 4801 Compute Resources required by this container. 4802 Cannot be updated. 4803 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4804 properties: 4805 claims: 4806 description: |- 4807 Claims lists the names of resources, defined in spec.resourceClaims, 4808 that are used by this container. 4809 4810 4811 This is an alpha field and requires enabling the 4812 DynamicResourceAllocation feature gate. 4813 4814 4815 This field is immutable. It can only be set for containers. 4816 items: 4817 description: ResourceClaim references one 4818 entry in PodSpec.ResourceClaims. 4819 properties: 4820 name: 4821 description: |- 4822 Name must match the name of one entry in pod.spec.resourceClaims of 4823 the Pod where this field is used. It makes that resource available 4824 inside a container. 4825 type: string 4826 required: 4827 - name 4828 type: object 4829 type: array 4830 x-kubernetes-list-map-keys: 4831 - name 4832 x-kubernetes-list-type: map 4833 limits: 4834 additionalProperties: 4835 anyOf: 4836 - type: integer 4837 - type: string 4838 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4839 x-kubernetes-int-or-string: true 4840 description: |- 4841 Limits describes the maximum amount of compute resources allowed. 4842 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4843 type: object 4844 requests: 4845 additionalProperties: 4846 anyOf: 4847 - type: integer 4848 - type: string 4849 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 4850 x-kubernetes-int-or-string: true 4851 description: |- 4852 Requests describes the minimum amount of compute resources required. 4853 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 4854 otherwise to an implementation-defined value. Requests cannot exceed Limits. 4855 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 4856 type: object 4857 type: object 4858 restartPolicy: 4859 description: |- 4860 RestartPolicy defines the restart behavior of individual containers in a pod. 4861 This field may only be set for init containers, and the only allowed value is "Always". 4862 For non-init containers or when this field is not specified, 4863 the restart behavior is defined by the Pod's restart policy and the container type. 4864 Setting the RestartPolicy as "Always" for the init container will have the following effect: 4865 this init container will be continually restarted on 4866 exit until all regular containers have terminated. Once all regular 4867 containers have completed, all init containers with restartPolicy "Always" 4868 will be shut down. This lifecycle differs from normal init containers and 4869 is often referred to as a "sidecar" container. Although this init 4870 container still starts in the init container sequence, it does not wait 4871 for the container to complete before proceeding to the next init 4872 container. Instead, the next init container starts immediately after this 4873 init container is started, or after any startupProbe has successfully 4874 completed. 4875 type: string 4876 securityContext: 4877 description: |- 4878 SecurityContext defines the security options the container should be run with. 4879 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. 4880 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 4881 properties: 4882 allowPrivilegeEscalation: 4883 description: |- 4884 AllowPrivilegeEscalation controls whether a process can gain more 4885 privileges than its parent process. This bool directly controls if 4886 the no_new_privs flag will be set on the container process. 4887 AllowPrivilegeEscalation is true always when the container is: 4888 1) run as Privileged 4889 2) has CAP_SYS_ADMIN 4890 Note that this field cannot be set when spec.os.name is windows. 4891 type: boolean 4892 capabilities: 4893 description: |- 4894 The capabilities to add/drop when running containers. 4895 Defaults to the default set of capabilities granted by the container runtime. 4896 Note that this field cannot be set when spec.os.name is windows. 4897 properties: 4898 add: 4899 description: Added capabilities 4900 items: 4901 description: Capability represent POSIX 4902 capabilities type 4903 type: string 4904 type: array 4905 drop: 4906 description: Removed capabilities 4907 items: 4908 description: Capability represent POSIX 4909 capabilities type 4910 type: string 4911 type: array 4912 type: object 4913 privileged: 4914 description: |- 4915 Run container in privileged mode. 4916 Processes in privileged containers are essentially equivalent to root on the host. 4917 Defaults to false. 4918 Note that this field cannot be set when spec.os.name is windows. 4919 type: boolean 4920 procMount: 4921 description: |- 4922 procMount denotes the type of proc mount to use for the containers. 4923 The default is DefaultProcMount which uses the container runtime defaults for 4924 readonly paths and masked paths. 4925 This requires the ProcMountType feature flag to be enabled. 4926 Note that this field cannot be set when spec.os.name is windows. 4927 type: string 4928 readOnlyRootFilesystem: 4929 description: |- 4930 Whether this container has a read-only root filesystem. 4931 Default is false. 4932 Note that this field cannot be set when spec.os.name is windows. 4933 type: boolean 4934 runAsGroup: 4935 description: |- 4936 The GID to run the entrypoint of the container process. 4937 Uses runtime default if unset. 4938 May also be set in PodSecurityContext. If set in both SecurityContext and 4939 PodSecurityContext, the value specified in SecurityContext takes precedence. 4940 Note that this field cannot be set when spec.os.name is windows. 4941 format: int64 4942 type: integer 4943 runAsNonRoot: 4944 description: |- 4945 Indicates that the container must run as a non-root user. 4946 If true, the Kubelet will validate the image at runtime to ensure that it 4947 does not run as UID 0 (root) and fail to start the container if it does. 4948 If unset or false, no such validation will be performed. 4949 May also be set in PodSecurityContext. If set in both SecurityContext and 4950 PodSecurityContext, the value specified in SecurityContext takes precedence. 4951 type: boolean 4952 runAsUser: 4953 description: |- 4954 The UID to run the entrypoint of the container process. 4955 Defaults to user specified in image metadata if unspecified. 4956 May also be set in PodSecurityContext. If set in both SecurityContext and 4957 PodSecurityContext, the value specified in SecurityContext takes precedence. 4958 Note that this field cannot be set when spec.os.name is windows. 4959 format: int64 4960 type: integer 4961 seLinuxOptions: 4962 description: |- 4963 The SELinux context to be applied to the container. 4964 If unspecified, the container runtime will allocate a random SELinux context for each 4965 container. May also be set in PodSecurityContext. If set in both SecurityContext and 4966 PodSecurityContext, the value specified in SecurityContext takes precedence. 4967 Note that this field cannot be set when spec.os.name is windows. 4968 properties: 4969 level: 4970 description: Level is SELinux level label 4971 that applies to the container. 4972 type: string 4973 role: 4974 description: Role is a SELinux role label 4975 that applies to the container. 4976 type: string 4977 type: 4978 description: Type is a SELinux type label 4979 that applies to the container. 4980 type: string 4981 user: 4982 description: User is a SELinux user label 4983 that applies to the container. 4984 type: string 4985 type: object 4986 seccompProfile: 4987 description: |- 4988 The seccomp options to use by this container. If seccomp options are 4989 provided at both the pod & container level, the container options 4990 override the pod options. 4991 Note that this field cannot be set when spec.os.name is windows. 4992 properties: 4993 localhostProfile: 4994 description: |- 4995 localhostProfile indicates a profile defined in a file on the node should be used. 4996 The profile must be preconfigured on the node to work. 4997 Must be a descending path, relative to the kubelet's configured seccomp profile location. 4998 Must be set if type is "Localhost". Must NOT be set for any other type. 4999 type: string 5000 type: 5001 description: |- 5002 type indicates which kind of seccomp profile will be applied. 5003 Valid options are: 5004 5005 5006 Localhost - a profile defined in a file on the node should be used. 5007 RuntimeDefault - the container runtime default profile should be used. 5008 Unconfined - no profile should be applied. 5009 type: string 5010 required: 5011 - type 5012 type: object 5013 windowsOptions: 5014 description: |- 5015 The Windows specific settings applied to all containers. 5016 If unspecified, the options from the PodSecurityContext will be used. 5017 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 5018 Note that this field cannot be set when spec.os.name is linux. 5019 properties: 5020 gmsaCredentialSpec: 5021 description: |- 5022 GMSACredentialSpec is where the GMSA admission webhook 5023 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5024 GMSA credential spec named by the GMSACredentialSpecName field. 5025 type: string 5026 gmsaCredentialSpecName: 5027 description: GMSACredentialSpecName is 5028 the name of the GMSA credential spec 5029 to use. 5030 type: string 5031 hostProcess: 5032 description: |- 5033 HostProcess determines if a container should be run as a 'Host Process' container. 5034 All of a Pod's containers must have the same effective HostProcess value 5035 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 5036 In addition, if HostProcess is true then HostNetwork must also be set to true. 5037 type: boolean 5038 runAsUserName: 5039 description: |- 5040 The UserName in Windows to run the entrypoint of the container process. 5041 Defaults to the user specified in image metadata if unspecified. 5042 May also be set in PodSecurityContext. If set in both SecurityContext and 5043 PodSecurityContext, the value specified in SecurityContext takes precedence. 5044 type: string 5045 type: object 5046 type: object 5047 startupProbe: 5048 description: |- 5049 StartupProbe indicates that the Pod has successfully initialized. 5050 If specified, no other probes are executed until this completes successfully. 5051 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. 5052 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, 5053 when it might take a long time to load data or warm a cache, than during steady-state operation. 5054 This cannot be updated. 5055 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5056 properties: 5057 exec: 5058 description: Exec specifies the action to 5059 take. 5060 properties: 5061 command: 5062 description: |- 5063 Command is the command line to execute inside the container, the working directory for the 5064 command is root ('/') in the container's filesystem. The command is simply exec'd, it is 5065 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use 5066 a shell, you need to explicitly call out to that shell. 5067 Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 5068 items: 5069 type: string 5070 type: array 5071 type: object 5072 failureThreshold: 5073 description: |- 5074 Minimum consecutive failures for the probe to be considered failed after having succeeded. 5075 Defaults to 3. Minimum value is 1. 5076 format: int32 5077 type: integer 5078 grpc: 5079 description: GRPC specifies an action involving 5080 a GRPC port. 5081 properties: 5082 port: 5083 description: Port number of the gRPC service. 5084 Number must be in the range 1 to 65535. 5085 format: int32 5086 type: integer 5087 service: 5088 description: |- 5089 Service is the name of the service to place in the gRPC HealthCheckRequest 5090 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 5091 5092 5093 If this is not specified, the default behavior is defined by gRPC. 5094 type: string 5095 required: 5096 - port 5097 type: object 5098 httpGet: 5099 description: HTTPGet specifies the http request 5100 to perform. 5101 properties: 5102 host: 5103 description: |- 5104 Host name to connect to, defaults to the pod IP. You probably want to set 5105 "Host" in httpHeaders instead. 5106 type: string 5107 httpHeaders: 5108 description: Custom headers to set in 5109 the request. HTTP allows repeated headers. 5110 items: 5111 description: HTTPHeader describes a 5112 custom header to be used in HTTP probes 5113 properties: 5114 name: 5115 description: |- 5116 The header field name. 5117 This will be canonicalized upon output, so case-variant names will be understood as the same header. 5118 type: string 5119 value: 5120 description: The header field value 5121 type: string 5122 required: 5123 - name 5124 - value 5125 type: object 5126 type: array 5127 path: 5128 description: Path to access on the HTTP 5129 server. 5130 type: string 5131 port: 5132 anyOf: 5133 - type: integer 5134 - type: string 5135 description: |- 5136 Name or number of the port to access on the container. 5137 Number must be in the range 1 to 65535. 5138 Name must be an IANA_SVC_NAME. 5139 x-kubernetes-int-or-string: true 5140 scheme: 5141 description: |- 5142 Scheme to use for connecting to the host. 5143 Defaults to HTTP. 5144 type: string 5145 required: 5146 - port 5147 type: object 5148 initialDelaySeconds: 5149 description: |- 5150 Number of seconds after the container has started before liveness probes are initiated. 5151 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5152 format: int32 5153 type: integer 5154 periodSeconds: 5155 description: |- 5156 How often (in seconds) to perform the probe. 5157 Default to 10 seconds. Minimum value is 1. 5158 format: int32 5159 type: integer 5160 successThreshold: 5161 description: |- 5162 Minimum consecutive successes for the probe to be considered successful after having failed. 5163 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 5164 format: int32 5165 type: integer 5166 tcpSocket: 5167 description: TCPSocket specifies an action 5168 involving a TCP port. 5169 properties: 5170 host: 5171 description: 'Optional: Host name to connect 5172 to, defaults to the pod IP.' 5173 type: string 5174 port: 5175 anyOf: 5176 - type: integer 5177 - type: string 5178 description: |- 5179 Number or name of the port to access on the container. 5180 Number must be in the range 1 to 65535. 5181 Name must be an IANA_SVC_NAME. 5182 x-kubernetes-int-or-string: true 5183 required: 5184 - port 5185 type: object 5186 terminationGracePeriodSeconds: 5187 description: |- 5188 Optional duration in seconds the pod needs to terminate gracefully upon probe failure. 5189 The grace period is the duration in seconds after the processes running in the pod are sent 5190 a termination signal and the time when the processes are forcibly halted with a kill signal. 5191 Set this value longer than the expected cleanup time for your process. 5192 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this 5193 value overrides the value provided by the pod spec. 5194 Value must be non-negative integer. The value zero indicates stop immediately via 5195 the kill signal (no opportunity to shut down). 5196 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. 5197 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 5198 format: int64 5199 type: integer 5200 timeoutSeconds: 5201 description: |- 5202 Number of seconds after which the probe times out. 5203 Defaults to 1 second. Minimum value is 1. 5204 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes 5205 format: int32 5206 type: integer 5207 type: object 5208 stdin: 5209 description: |- 5210 Whether this container should allocate a buffer for stdin in the container runtime. If this 5211 is not set, reads from stdin in the container will always result in EOF. 5212 Default is false. 5213 type: boolean 5214 stdinOnce: 5215 description: |- 5216 Whether the container runtime should close the stdin channel after it has been opened by 5217 a single attach. When stdin is true the stdin stream will remain open across multiple attach 5218 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the 5219 first client attaches to stdin, and then remains open and accepts data until the client disconnects, 5220 at which time stdin is closed and remains closed until the container is restarted. If this 5221 flag is false, a container processes that reads from stdin will never receive an EOF. 5222 Default is false 5223 type: boolean 5224 terminationMessagePath: 5225 description: |- 5226 Optional: Path at which the file to which the container's termination message 5227 will be written is mounted into the container's filesystem. 5228 Message written is intended to be brief final status, such as an assertion failure message. 5229 Will be truncated by the node if greater than 4096 bytes. The total message length across 5230 all containers will be limited to 12kb. 5231 Defaults to /dev/termination-log. 5232 Cannot be updated. 5233 type: string 5234 terminationMessagePolicy: 5235 description: |- 5236 Indicate how the termination message should be populated. File will use the contents of 5237 terminationMessagePath to populate the container status message on both success and failure. 5238 FallbackToLogsOnError will use the last chunk of container log output if the termination 5239 message file is empty and the container exited with an error. 5240 The log output is limited to 2048 bytes or 80 lines, whichever is smaller. 5241 Defaults to File. 5242 Cannot be updated. 5243 type: string 5244 tty: 5245 description: |- 5246 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. 5247 Default is false. 5248 type: boolean 5249 volumeDevices: 5250 description: volumeDevices is the list of block 5251 devices to be used by the container. 5252 items: 5253 description: volumeDevice describes a mapping 5254 of a raw block device within a container. 5255 properties: 5256 devicePath: 5257 description: devicePath is the path inside 5258 of the container that the device will 5259 be mapped to. 5260 type: string 5261 name: 5262 description: name must match the name of 5263 a persistentVolumeClaim in the pod 5264 type: string 5265 required: 5266 - devicePath 5267 - name 5268 type: object 5269 type: array 5270 volumeMounts: 5271 description: |- 5272 Pod volumes to mount into the container's filesystem. 5273 Cannot be updated. 5274 items: 5275 description: VolumeMount describes a mounting 5276 of a Volume within a container. 5277 properties: 5278 mountPath: 5279 description: |- 5280 Path within the container at which the volume should be mounted. Must 5281 not contain ':'. 5282 type: string 5283 mountPropagation: 5284 description: |- 5285 mountPropagation determines how mounts are propagated from the host 5286 to container and the other way around. 5287 When not set, MountPropagationNone is used. 5288 This field is beta in 1.10. 5289 type: string 5290 name: 5291 description: This must match the Name of 5292 a Volume. 5293 type: string 5294 readOnly: 5295 description: |- 5296 Mounted read-only if true, read-write otherwise (false or unspecified). 5297 Defaults to false. 5298 type: boolean 5299 subPath: 5300 description: |- 5301 Path within the volume from which the container's volume should be mounted. 5302 Defaults to "" (volume's root). 5303 type: string 5304 subPathExpr: 5305 description: |- 5306 Expanded path within the volume from which the container's volume should be mounted. 5307 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. 5308 Defaults to "" (volume's root). 5309 SubPathExpr and SubPath are mutually exclusive. 5310 type: string 5311 required: 5312 - mountPath 5313 - name 5314 type: object 5315 type: array 5316 workingDir: 5317 description: |- 5318 Container's working directory. 5319 If not specified, the container runtime's default will be used, which 5320 might be configured in the container image. 5321 Cannot be updated. 5322 type: string 5323 required: 5324 - name 5325 type: object 5326 type: array 5327 nodeName: 5328 description: |- 5329 NodeName is a request to schedule this pod onto a specific node. If it is non-empty, 5330 the scheduler simply schedules this pod onto that node, assuming that it fits resource 5331 requirements. 5332 type: string 5333 nodeSelector: 5334 additionalProperties: 5335 type: string 5336 description: |- 5337 NodeSelector is a selector which must be true for the pod to fit on a node. 5338 Selector which must match a node's labels for the pod to be scheduled on that node. 5339 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ 5340 type: object 5341 x-kubernetes-map-type: atomic 5342 os: 5343 description: |- 5344 Specifies the OS of the containers in the pod. 5345 Some pod and container fields are restricted if this is set. 5346 5347 5348 If the OS field is set to linux, the following fields must be unset: 5349 -securityContext.windowsOptions 5350 5351 5352 If the OS field is set to windows, following fields must be unset: 5353 - spec.hostPID 5354 - spec.hostIPC 5355 - spec.hostUsers 5356 - spec.securityContext.seLinuxOptions 5357 - spec.securityContext.seccompProfile 5358 - spec.securityContext.fsGroup 5359 - spec.securityContext.fsGroupChangePolicy 5360 - spec.securityContext.sysctls 5361 - spec.shareProcessNamespace 5362 - spec.securityContext.runAsUser 5363 - spec.securityContext.runAsGroup 5364 - spec.securityContext.supplementalGroups 5365 - spec.containers[*].securityContext.seLinuxOptions 5366 - spec.containers[*].securityContext.seccompProfile 5367 - spec.containers[*].securityContext.capabilities 5368 - spec.containers[*].securityContext.readOnlyRootFilesystem 5369 - spec.containers[*].securityContext.privileged 5370 - spec.containers[*].securityContext.allowPrivilegeEscalation 5371 - spec.containers[*].securityContext.procMount 5372 - spec.containers[*].securityContext.runAsUser 5373 - spec.containers[*].securityContext.runAsGroup 5374 properties: 5375 name: 5376 description: |- 5377 Name is the name of the operating system. The currently supported values are linux and windows. 5378 Additional value may be defined in future and can be one of: 5379 https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration 5380 Clients should expect to handle additional values and treat unrecognized values in this field as os: null 5381 type: string 5382 required: 5383 - name 5384 type: object 5385 overhead: 5386 additionalProperties: 5387 anyOf: 5388 - type: integer 5389 - type: string 5390 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 5391 x-kubernetes-int-or-string: true 5392 description: |- 5393 Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. 5394 This field will be autopopulated at admission time by the RuntimeClass admission controller. If 5395 the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. 5396 The RuntimeClass admission controller will reject Pod create requests which have the overhead already 5397 set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value 5398 defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. 5399 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md 5400 type: object 5401 preemptionPolicy: 5402 description: |- 5403 PreemptionPolicy is the Policy for preempting pods with lower priority. 5404 One of Never, PreemptLowerPriority. 5405 Defaults to PreemptLowerPriority if unset. 5406 type: string 5407 priority: 5408 description: |- 5409 The priority value. Various system components use this field to find the 5410 priority of the pod. When Priority Admission Controller is enabled, it 5411 prevents users from setting this field. The admission controller populates 5412 this field from PriorityClassName. 5413 The higher the value, the higher the priority. 5414 format: int32 5415 type: integer 5416 priorityClassName: 5417 description: |- 5418 If specified, indicates the pod's priority. "system-node-critical" and 5419 "system-cluster-critical" are two special keywords which indicate the 5420 highest priorities with the former being the highest priority. Any other 5421 name must be defined by creating a PriorityClass object with that name. 5422 If not specified, the pod priority will be default or zero if there is no 5423 default. 5424 type: string 5425 readinessGates: 5426 description: |- 5427 If specified, all readiness gates will be evaluated for pod readiness. 5428 A pod is ready when all its containers are ready AND 5429 all conditions specified in the readiness gates have status equal to "True" 5430 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates 5431 items: 5432 description: PodReadinessGate contains the reference 5433 to a pod condition 5434 properties: 5435 conditionType: 5436 description: ConditionType refers to a condition 5437 in the pod's condition list with matching type. 5438 type: string 5439 required: 5440 - conditionType 5441 type: object 5442 type: array 5443 resourceClaims: 5444 description: |- 5445 ResourceClaims defines which ResourceClaims must be allocated 5446 and reserved before the Pod is allowed to start. The resources 5447 will be made available to those containers which consume them 5448 by name. 5449 5450 5451 This is an alpha field and requires enabling the 5452 DynamicResourceAllocation feature gate. 5453 5454 5455 This field is immutable. 5456 items: 5457 description: |- 5458 PodResourceClaim references exactly one ResourceClaim through a ClaimSource. 5459 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. 5460 Containers that need access to the ResourceClaim reference it with this name. 5461 properties: 5462 name: 5463 description: |- 5464 Name uniquely identifies this resource claim inside the pod. 5465 This must be a DNS_LABEL. 5466 type: string 5467 source: 5468 description: Source describes where to find the 5469 ResourceClaim. 5470 properties: 5471 resourceClaimName: 5472 description: |- 5473 ResourceClaimName is the name of a ResourceClaim object in the same 5474 namespace as this pod. 5475 type: string 5476 resourceClaimTemplateName: 5477 description: |- 5478 ResourceClaimTemplateName is the name of a ResourceClaimTemplate 5479 object in the same namespace as this pod. 5480 5481 5482 The template will be used to create a new ResourceClaim, which will 5483 be bound to this pod. When this pod is deleted, the ResourceClaim 5484 will also be deleted. The pod name and resource name, along with a 5485 generated component, will be used to form a unique name for the 5486 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 5487 5488 5489 This field is immutable and no changes will be made to the 5490 corresponding ResourceClaim by the control plane after creating the 5491 ResourceClaim. 5492 type: string 5493 type: object 5494 required: 5495 - name 5496 type: object 5497 type: array 5498 x-kubernetes-list-map-keys: 5499 - name 5500 x-kubernetes-list-type: map 5501 restartPolicy: 5502 description: |- 5503 Restart policy for all containers within the pod. 5504 One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. 5505 Default to Always. 5506 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 5507 type: string 5508 runtimeClassName: 5509 description: |- 5510 RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used 5511 to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. 5512 If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an 5513 empty definition that uses the default runtime handler. 5514 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class 5515 type: string 5516 schedulerName: 5517 description: |- 5518 If specified, the pod will be dispatched by specified scheduler. 5519 If not specified, the pod will be dispatched by default scheduler. 5520 type: string 5521 schedulingGates: 5522 description: |- 5523 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. 5524 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the 5525 scheduler will not attempt to schedule the pod. 5526 5527 5528 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 5529 5530 5531 This is a beta feature enabled by the PodSchedulingReadiness feature gate. 5532 items: 5533 description: PodSchedulingGate is associated to a 5534 Pod to guard its scheduling. 5535 properties: 5536 name: 5537 description: |- 5538 Name of the scheduling gate. 5539 Each scheduling gate must have a unique name field. 5540 type: string 5541 required: 5542 - name 5543 type: object 5544 type: array 5545 x-kubernetes-list-map-keys: 5546 - name 5547 x-kubernetes-list-type: map 5548 securityContext: 5549 description: |- 5550 SecurityContext holds pod-level security attributes and common container settings. 5551 Optional: Defaults to empty. See type description for default values of each field. 5552 properties: 5553 fsGroup: 5554 description: |- 5555 A special supplemental group that applies to all containers in a pod. 5556 Some volume types allow the Kubelet to change the ownership of that volume 5557 to be owned by the pod: 5558 5559 5560 1. The owning GID will be the FSGroup 5561 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 5562 3. The permission bits are OR'd with rw-rw---- 5563 5564 5565 If unset, the Kubelet will not modify the ownership and permissions of any volume. 5566 Note that this field cannot be set when spec.os.name is windows. 5567 format: int64 5568 type: integer 5569 fsGroupChangePolicy: 5570 description: |- 5571 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume 5572 before being exposed inside Pod. This field will only apply to 5573 volume types which support fsGroup based ownership(and permissions). 5574 It will have no effect on ephemeral volume types such as: secret, configmaps 5575 and emptydir. 5576 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. 5577 Note that this field cannot be set when spec.os.name is windows. 5578 type: string 5579 runAsGroup: 5580 description: |- 5581 The GID to run the entrypoint of the container process. 5582 Uses runtime default if unset. 5583 May also be set in SecurityContext. If set in both SecurityContext and 5584 PodSecurityContext, the value specified in SecurityContext takes precedence 5585 for that container. 5586 Note that this field cannot be set when spec.os.name is windows. 5587 format: int64 5588 type: integer 5589 runAsNonRoot: 5590 description: |- 5591 Indicates that the container must run as a non-root user. 5592 If true, the Kubelet will validate the image at runtime to ensure that it 5593 does not run as UID 0 (root) and fail to start the container if it does. 5594 If unset or false, no such validation will be performed. 5595 May also be set in SecurityContext. If set in both SecurityContext and 5596 PodSecurityContext, the value specified in SecurityContext takes precedence. 5597 type: boolean 5598 runAsUser: 5599 description: |- 5600 The UID to run the entrypoint of the container process. 5601 Defaults to user specified in image metadata if unspecified. 5602 May also be set in SecurityContext. If set in both SecurityContext and 5603 PodSecurityContext, the value specified in SecurityContext takes precedence 5604 for that container. 5605 Note that this field cannot be set when spec.os.name is windows. 5606 format: int64 5607 type: integer 5608 seLinuxOptions: 5609 description: |- 5610 The SELinux context to be applied to all containers. 5611 If unspecified, the container runtime will allocate a random SELinux context for each 5612 container. May also be set in SecurityContext. If set in 5613 both SecurityContext and PodSecurityContext, the value specified in SecurityContext 5614 takes precedence for that container. 5615 Note that this field cannot be set when spec.os.name is windows. 5616 properties: 5617 level: 5618 description: Level is SELinux level label that 5619 applies to the container. 5620 type: string 5621 role: 5622 description: Role is a SELinux role label that 5623 applies to the container. 5624 type: string 5625 type: 5626 description: Type is a SELinux type label that 5627 applies to the container. 5628 type: string 5629 user: 5630 description: User is a SELinux user label that 5631 applies to the container. 5632 type: string 5633 type: object 5634 seccompProfile: 5635 description: |- 5636 The seccomp options to use by the containers in this pod. 5637 Note that this field cannot be set when spec.os.name is windows. 5638 properties: 5639 localhostProfile: 5640 description: |- 5641 localhostProfile indicates a profile defined in a file on the node should be used. 5642 The profile must be preconfigured on the node to work. 5643 Must be a descending path, relative to the kubelet's configured seccomp profile location. 5644 Must be set if type is "Localhost". Must NOT be set for any other type. 5645 type: string 5646 type: 5647 description: |- 5648 type indicates which kind of seccomp profile will be applied. 5649 Valid options are: 5650 5651 5652 Localhost - a profile defined in a file on the node should be used. 5653 RuntimeDefault - the container runtime default profile should be used. 5654 Unconfined - no profile should be applied. 5655 type: string 5656 required: 5657 - type 5658 type: object 5659 supplementalGroups: 5660 description: |- 5661 A list of groups applied to the first process run in each container, in addition 5662 to the container's primary GID, the fsGroup (if specified), and group memberships 5663 defined in the container image for the uid of the container process. If unspecified, 5664 no additional groups are added to any container. Note that group memberships 5665 defined in the container image for the uid of the container process are still effective, 5666 even if they are not included in this list. 5667 Note that this field cannot be set when spec.os.name is windows. 5668 items: 5669 format: int64 5670 type: integer 5671 type: array 5672 sysctls: 5673 description: |- 5674 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported 5675 sysctls (by the container runtime) might fail to launch. 5676 Note that this field cannot be set when spec.os.name is windows. 5677 items: 5678 description: Sysctl defines a kernel parameter 5679 to be set 5680 properties: 5681 name: 5682 description: Name of a property to set 5683 type: string 5684 value: 5685 description: Value of a property to set 5686 type: string 5687 required: 5688 - name 5689 - value 5690 type: object 5691 type: array 5692 windowsOptions: 5693 description: |- 5694 The Windows specific settings applied to all containers. 5695 If unspecified, the options within a container's SecurityContext will be used. 5696 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 5697 Note that this field cannot be set when spec.os.name is linux. 5698 properties: 5699 gmsaCredentialSpec: 5700 description: |- 5701 GMSACredentialSpec is where the GMSA admission webhook 5702 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the 5703 GMSA credential spec named by the GMSACredentialSpecName field. 5704 type: string 5705 gmsaCredentialSpecName: 5706 description: GMSACredentialSpecName is the name 5707 of the GMSA credential spec to use. 5708 type: string 5709 hostProcess: 5710 description: |- 5711 HostProcess determines if a container should be run as a 'Host Process' container. 5712 All of a Pod's containers must have the same effective HostProcess value 5713 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). 5714 In addition, if HostProcess is true then HostNetwork must also be set to true. 5715 type: boolean 5716 runAsUserName: 5717 description: |- 5718 The UserName in Windows to run the entrypoint of the container process. 5719 Defaults to the user specified in image metadata if unspecified. 5720 May also be set in PodSecurityContext. If set in both SecurityContext and 5721 PodSecurityContext, the value specified in SecurityContext takes precedence. 5722 type: string 5723 type: object 5724 type: object 5725 serviceAccount: 5726 description: |- 5727 DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. 5728 Deprecated: Use serviceAccountName instead. 5729 type: string 5730 serviceAccountName: 5731 description: |- 5732 ServiceAccountName is the name of the ServiceAccount to use to run this pod. 5733 More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 5734 type: string 5735 setHostnameAsFQDN: 5736 description: |- 5737 If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). 5738 In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). 5739 In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. 5740 If a pod does not have FQDN, this has no effect. 5741 Default to false. 5742 type: boolean 5743 shareProcessNamespace: 5744 description: |- 5745 Share a single process namespace between all of the containers in a pod. 5746 When this is set containers will be able to view and signal processes from other containers 5747 in the same pod, and the first process in each container will not be assigned PID 1. 5748 HostPID and ShareProcessNamespace cannot both be set. 5749 Optional: Default to false. 5750 type: boolean 5751 subdomain: 5752 description: |- 5753 If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". 5754 If not specified, the pod will not have a domainname at all. 5755 type: string 5756 terminationGracePeriodSeconds: 5757 description: |- 5758 Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. 5759 Value must be non-negative integer. The value zero indicates stop immediately via 5760 the kill signal (no opportunity to shut down). 5761 If this value is nil, the default grace period will be used instead. 5762 The grace period is the duration in seconds after the processes running in the pod are sent 5763 a termination signal and the time when the processes are forcibly halted with a kill signal. 5764 Set this value longer than the expected cleanup time for your process. 5765 Defaults to 30 seconds. 5766 format: int64 5767 type: integer 5768 tolerations: 5769 description: If specified, the pod's tolerations. 5770 items: 5771 description: |- 5772 The pod this Toleration is attached to tolerates any taint that matches 5773 the triple <key,value,effect> using the matching operator <operator>. 5774 properties: 5775 effect: 5776 description: |- 5777 Effect indicates the taint effect to match. Empty means match all taint effects. 5778 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 5779 type: string 5780 key: 5781 description: |- 5782 Key is the taint key that the toleration applies to. Empty means match all taint keys. 5783 If the key is empty, operator must be Exists; this combination means to match all values and all keys. 5784 type: string 5785 operator: 5786 description: |- 5787 Operator represents a key's relationship to the value. 5788 Valid operators are Exists and Equal. Defaults to Equal. 5789 Exists is equivalent to wildcard for value, so that a pod can 5790 tolerate all taints of a particular category. 5791 type: string 5792 tolerationSeconds: 5793 description: |- 5794 TolerationSeconds represents the period of time the toleration (which must be 5795 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 5796 it is not set, which means tolerate the taint forever (do not evict). Zero and 5797 negative values will be treated as 0 (evict immediately) by the system. 5798 format: int64 5799 type: integer 5800 value: 5801 description: |- 5802 Value is the taint value the toleration matches to. 5803 If the operator is Exists, the value should be empty, otherwise just a regular string. 5804 type: string 5805 type: object 5806 type: array 5807 topologySpreadConstraints: 5808 description: |- 5809 TopologySpreadConstraints describes how a group of pods ought to spread across topology 5810 domains. Scheduler will schedule pods in a way which abides by the constraints. 5811 All topologySpreadConstraints are ANDed. 5812 items: 5813 description: TopologySpreadConstraint specifies how 5814 to spread matching pods among the given topology. 5815 properties: 5816 labelSelector: 5817 description: |- 5818 LabelSelector is used to find matching pods. 5819 Pods that match this label selector are counted to determine the number of pods 5820 in their corresponding topology domain. 5821 properties: 5822 matchExpressions: 5823 description: matchExpressions is a list of 5824 label selector requirements. The requirements 5825 are ANDed. 5826 items: 5827 description: |- 5828 A label selector requirement is a selector that contains values, a key, and an operator that 5829 relates the key and values. 5830 properties: 5831 key: 5832 description: key is the label key that 5833 the selector applies to. 5834 type: string 5835 operator: 5836 description: |- 5837 operator represents a key's relationship to a set of values. 5838 Valid operators are In, NotIn, Exists and DoesNotExist. 5839 type: string 5840 values: 5841 description: |- 5842 values is an array of string values. If the operator is In or NotIn, 5843 the values array must be non-empty. If the operator is Exists or DoesNotExist, 5844 the values array must be empty. This array is replaced during a strategic 5845 merge patch. 5846 items: 5847 type: string 5848 type: array 5849 required: 5850 - key 5851 - operator 5852 type: object 5853 type: array 5854 matchLabels: 5855 additionalProperties: 5856 type: string 5857 description: |- 5858 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 5859 map is equivalent to an element of matchExpressions, whose key field is "key", the 5860 operator is "In", and the values array contains only "value". The requirements are ANDed. 5861 type: object 5862 type: object 5863 x-kubernetes-map-type: atomic 5864 matchLabelKeys: 5865 description: |- 5866 MatchLabelKeys is a set of pod label keys to select the pods over which 5867 spreading will be calculated. The keys are used to lookup values from the 5868 incoming pod labels, those key-value labels are ANDed with labelSelector 5869 to select the group of existing pods over which spreading will be calculated 5870 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. 5871 MatchLabelKeys cannot be set when LabelSelector isn't set. 5872 Keys that don't exist in the incoming pod labels will 5873 be ignored. A null or empty list means only match against labelSelector. 5874 5875 5876 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 5877 items: 5878 type: string 5879 type: array 5880 x-kubernetes-list-type: atomic 5881 maxSkew: 5882 description: |- 5883 MaxSkew describes the degree to which pods may be unevenly distributed. 5884 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference 5885 between the number of matching pods in the target topology and the global minimum. 5886 The global minimum is the minimum number of matching pods in an eligible domain 5887 or zero if the number of eligible domains is less than MinDomains. 5888 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5889 labelSelector spread as 2/2/1: 5890 In this case, the global minimum is 1. 5891 | zone1 | zone2 | zone3 | 5892 | P P | P P | P | 5893 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; 5894 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) 5895 violate MaxSkew(1). 5896 - if MaxSkew is 2, incoming pod can be scheduled onto any zone. 5897 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence 5898 to topologies that satisfy it. 5899 It's a required field. Default value is 1 and 0 is not allowed. 5900 format: int32 5901 type: integer 5902 minDomains: 5903 description: |- 5904 MinDomains indicates a minimum number of eligible domains. 5905 When the number of eligible domains with matching topology keys is less than minDomains, 5906 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. 5907 And when the number of eligible domains with matching topology keys equals or greater than minDomains, 5908 this value has no effect on scheduling. 5909 As a result, when the number of eligible domains is less than minDomains, 5910 scheduler won't schedule more than maxSkew Pods to those domains. 5911 If value is nil, the constraint behaves as if MinDomains is equal to 1. 5912 Valid values are integers greater than 0. 5913 When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 5914 5915 5916 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same 5917 labelSelector spread as 2/2/2: 5918 | zone1 | zone2 | zone3 | 5919 | P P | P P | P P | 5920 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. 5921 In this situation, new pod with the same labelSelector cannot be scheduled, 5922 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, 5923 it will violate MaxSkew. 5924 5925 5926 This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). 5927 format: int32 5928 type: integer 5929 nodeAffinityPolicy: 5930 description: |- 5931 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector 5932 when calculating pod topology spread skew. Options are: 5933 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. 5934 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 5935 5936 5937 If this value is nil, the behavior is equivalent to the Honor policy. 5938 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 5939 type: string 5940 nodeTaintsPolicy: 5941 description: |- 5942 NodeTaintsPolicy indicates how we will treat node taints when calculating 5943 pod topology spread skew. Options are: 5944 - Honor: nodes without taints, along with tainted nodes for which the incoming pod 5945 has a toleration, are included. 5946 - Ignore: node taints are ignored. All nodes are included. 5947 5948 5949 If this value is nil, the behavior is equivalent to the Ignore policy. 5950 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 5951 type: string 5952 topologyKey: 5953 description: |- 5954 TopologyKey is the key of node labels. Nodes that have a label with this key 5955 and identical values are considered to be in the same topology. 5956 We consider each <key, value> as a "bucket", and try to put balanced number 5957 of pods into each bucket. 5958 We define a domain as a particular instance of a topology. 5959 Also, we define an eligible domain as a domain whose nodes meet the requirements of 5960 nodeAffinityPolicy and nodeTaintsPolicy. 5961 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. 5962 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. 5963 It's a required field. 5964 type: string 5965 whenUnsatisfiable: 5966 description: |- 5967 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy 5968 the spread constraint. 5969 - DoNotSchedule (default) tells the scheduler not to schedule it. 5970 - ScheduleAnyway tells the scheduler to schedule the pod in any location, 5971 but giving higher precedence to topologies that would help reduce the 5972 skew. 5973 A constraint is considered "Unsatisfiable" for an incoming pod 5974 if and only if every possible node assignment for that pod would violate 5975 "MaxSkew" on some topology. 5976 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same 5977 labelSelector spread as 3/1/1: 5978 | zone1 | zone2 | zone3 | 5979 | P P P | P | P | 5980 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled 5981 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies 5982 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler 5983 won't make it *more* imbalanced. 5984 It's a required field. 5985 type: string 5986 required: 5987 - maxSkew 5988 - topologyKey 5989 - whenUnsatisfiable 5990 type: object 5991 type: array 5992 x-kubernetes-list-map-keys: 5993 - topologyKey 5994 - whenUnsatisfiable 5995 x-kubernetes-list-type: map 5996 volumes: 5997 description: |- 5998 List of volumes that can be mounted by containers belonging to the pod. 5999 More info: https://kubernetes.io/docs/concepts/storage/volumes 6000 items: 6001 description: Volume represents a named volume in a 6002 pod that may be accessed by any container in the 6003 pod. 6004 properties: 6005 awsElasticBlockStore: 6006 description: |- 6007 awsElasticBlockStore represents an AWS Disk resource that is attached to a 6008 kubelet's host machine and then exposed to the pod. 6009 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6010 properties: 6011 fsType: 6012 description: |- 6013 fsType is the filesystem type of the volume that you want to mount. 6014 Tip: Ensure that the filesystem type is supported by the host operating system. 6015 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6016 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6017 TODO: how do we prevent errors in the filesystem from compromising the machine 6018 type: string 6019 partition: 6020 description: |- 6021 partition is the partition in the volume that you want to mount. 6022 If omitted, the default is to mount by volume name. 6023 Examples: For volume /dev/sda1, you specify the partition as "1". 6024 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 6025 format: int32 6026 type: integer 6027 readOnly: 6028 description: |- 6029 readOnly value true will force the readOnly setting in VolumeMounts. 6030 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6031 type: boolean 6032 volumeID: 6033 description: |- 6034 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). 6035 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore 6036 type: string 6037 required: 6038 - volumeID 6039 type: object 6040 azureDisk: 6041 description: azureDisk represents an Azure Data 6042 Disk mount on the host and bind mount to the 6043 pod. 6044 properties: 6045 cachingMode: 6046 description: 'cachingMode is the Host Caching 6047 mode: None, Read Only, Read Write.' 6048 type: string 6049 diskName: 6050 description: diskName is the Name of the data 6051 disk in the blob storage 6052 type: string 6053 diskURI: 6054 description: diskURI is the URI of data disk 6055 in the blob storage 6056 type: string 6057 fsType: 6058 description: |- 6059 fsType is Filesystem type to mount. 6060 Must be a filesystem type supported by the host operating system. 6061 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6062 type: string 6063 kind: 6064 description: 'kind expected values are Shared: 6065 multiple blob disks per storage account Dedicated: 6066 single blob disk per storage account Managed: 6067 azure managed data disk (only in managed 6068 availability set). defaults to shared' 6069 type: string 6070 readOnly: 6071 description: |- 6072 readOnly Defaults to false (read/write). ReadOnly here will force 6073 the ReadOnly setting in VolumeMounts. 6074 type: boolean 6075 required: 6076 - diskName 6077 - diskURI 6078 type: object 6079 azureFile: 6080 description: azureFile represents an Azure File 6081 Service mount on the host and bind mount to 6082 the pod. 6083 properties: 6084 readOnly: 6085 description: |- 6086 readOnly defaults to false (read/write). ReadOnly here will force 6087 the ReadOnly setting in VolumeMounts. 6088 type: boolean 6089 secretName: 6090 description: secretName is the name of secret 6091 that contains Azure Storage Account Name 6092 and Key 6093 type: string 6094 shareName: 6095 description: shareName is the azure share 6096 Name 6097 type: string 6098 required: 6099 - secretName 6100 - shareName 6101 type: object 6102 cephfs: 6103 description: cephFS represents a Ceph FS mount 6104 on the host that shares a pod's lifetime 6105 properties: 6106 monitors: 6107 description: |- 6108 monitors is Required: Monitors is a collection of Ceph monitors 6109 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6110 items: 6111 type: string 6112 type: array 6113 path: 6114 description: 'path is Optional: Used as the 6115 mounted root, rather than the full Ceph 6116 tree, default is /' 6117 type: string 6118 readOnly: 6119 description: |- 6120 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 6121 the ReadOnly setting in VolumeMounts. 6122 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6123 type: boolean 6124 secretFile: 6125 description: |- 6126 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret 6127 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6128 type: string 6129 secretRef: 6130 description: |- 6131 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. 6132 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6133 properties: 6134 name: 6135 description: |- 6136 Name of the referent. 6137 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6138 TODO: Add other useful fields. apiVersion, kind, uid? 6139 type: string 6140 type: object 6141 x-kubernetes-map-type: atomic 6142 user: 6143 description: |- 6144 user is optional: User is the rados user name, default is admin 6145 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it 6146 type: string 6147 required: 6148 - monitors 6149 type: object 6150 cinder: 6151 description: |- 6152 cinder represents a cinder volume attached and mounted on kubelets host machine. 6153 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6154 properties: 6155 fsType: 6156 description: |- 6157 fsType is the filesystem type to mount. 6158 Must be a filesystem type supported by the host operating system. 6159 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6160 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6161 type: string 6162 readOnly: 6163 description: |- 6164 readOnly defaults to false (read/write). ReadOnly here will force 6165 the ReadOnly setting in VolumeMounts. 6166 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6167 type: boolean 6168 secretRef: 6169 description: |- 6170 secretRef is optional: points to a secret object containing parameters used to connect 6171 to OpenStack. 6172 properties: 6173 name: 6174 description: |- 6175 Name of the referent. 6176 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6177 TODO: Add other useful fields. apiVersion, kind, uid? 6178 type: string 6179 type: object 6180 x-kubernetes-map-type: atomic 6181 volumeID: 6182 description: |- 6183 volumeID used to identify the volume in cinder. 6184 More info: https://examples.k8s.io/mysql-cinder-pd/README.md 6185 type: string 6186 required: 6187 - volumeID 6188 type: object 6189 configMap: 6190 description: configMap represents a configMap 6191 that should populate this volume 6192 properties: 6193 defaultMode: 6194 description: |- 6195 defaultMode is optional: mode bits used to set permissions on created files by default. 6196 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6197 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6198 Defaults to 0644. 6199 Directories within the path are not affected by this setting. 6200 This might be in conflict with other options that affect the file 6201 mode, like fsGroup, and the result can be other mode bits set. 6202 format: int32 6203 type: integer 6204 items: 6205 description: |- 6206 items if unspecified, each key-value pair in the Data field of the referenced 6207 ConfigMap will be projected into the volume as a file whose name is the 6208 key and content is the value. If specified, the listed keys will be 6209 projected into the specified paths, and unlisted keys will not be 6210 present. If a key is specified which is not present in the ConfigMap, 6211 the volume setup will error unless it is marked optional. Paths must be 6212 relative and may not contain the '..' path or start with '..'. 6213 items: 6214 description: Maps a string key to a path 6215 within a volume. 6216 properties: 6217 key: 6218 description: key is the key to project. 6219 type: string 6220 mode: 6221 description: |- 6222 mode is Optional: mode bits used to set permissions on this file. 6223 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6224 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6225 If not specified, the volume defaultMode will be used. 6226 This might be in conflict with other options that affect the file 6227 mode, like fsGroup, and the result can be other mode bits set. 6228 format: int32 6229 type: integer 6230 path: 6231 description: |- 6232 path is the relative path of the file to map the key to. 6233 May not be an absolute path. 6234 May not contain the path element '..'. 6235 May not start with the string '..'. 6236 type: string 6237 required: 6238 - key 6239 - path 6240 type: object 6241 type: array 6242 name: 6243 description: |- 6244 Name of the referent. 6245 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6246 TODO: Add other useful fields. apiVersion, kind, uid? 6247 type: string 6248 optional: 6249 description: optional specify whether the 6250 ConfigMap or its keys must be defined 6251 type: boolean 6252 type: object 6253 x-kubernetes-map-type: atomic 6254 csi: 6255 description: csi (Container Storage Interface) 6256 represents ephemeral storage that is handled 6257 by certain external CSI drivers (Beta feature). 6258 properties: 6259 driver: 6260 description: |- 6261 driver is the name of the CSI driver that handles this volume. 6262 Consult with your admin for the correct name as registered in the cluster. 6263 type: string 6264 fsType: 6265 description: |- 6266 fsType to mount. Ex. "ext4", "xfs", "ntfs". 6267 If not provided, the empty value is passed to the associated CSI driver 6268 which will determine the default filesystem to apply. 6269 type: string 6270 nodePublishSecretRef: 6271 description: |- 6272 nodePublishSecretRef is a reference to the secret object containing 6273 sensitive information to pass to the CSI driver to complete the CSI 6274 NodePublishVolume and NodeUnpublishVolume calls. 6275 This field is optional, and may be empty if no secret is required. If the 6276 secret object contains more than one secret, all secret references are passed. 6277 properties: 6278 name: 6279 description: |- 6280 Name of the referent. 6281 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6282 TODO: Add other useful fields. apiVersion, kind, uid? 6283 type: string 6284 type: object 6285 x-kubernetes-map-type: atomic 6286 readOnly: 6287 description: |- 6288 readOnly specifies a read-only configuration for the volume. 6289 Defaults to false (read/write). 6290 type: boolean 6291 volumeAttributes: 6292 additionalProperties: 6293 type: string 6294 description: |- 6295 volumeAttributes stores driver-specific properties that are passed to the CSI 6296 driver. Consult your driver's documentation for supported values. 6297 type: object 6298 required: 6299 - driver 6300 type: object 6301 downwardAPI: 6302 description: downwardAPI represents downward API 6303 about the pod that should populate this volume 6304 properties: 6305 defaultMode: 6306 description: |- 6307 Optional: mode bits to use on created files by default. Must be a 6308 Optional: mode bits used to set permissions on created files by default. 6309 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 6310 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6311 Defaults to 0644. 6312 Directories within the path are not affected by this setting. 6313 This might be in conflict with other options that affect the file 6314 mode, like fsGroup, and the result can be other mode bits set. 6315 format: int32 6316 type: integer 6317 items: 6318 description: Items is a list of downward API 6319 volume file 6320 items: 6321 description: DownwardAPIVolumeFile represents 6322 information to create the file containing 6323 the pod field 6324 properties: 6325 fieldRef: 6326 description: 'Required: Selects a field 6327 of the pod: only annotations, labels, 6328 name and namespace are supported.' 6329 properties: 6330 apiVersion: 6331 description: Version of the schema 6332 the FieldPath is written in terms 6333 of, defaults to "v1". 6334 type: string 6335 fieldPath: 6336 description: Path of the field to 6337 select in the specified API version. 6338 type: string 6339 required: 6340 - fieldPath 6341 type: object 6342 x-kubernetes-map-type: atomic 6343 mode: 6344 description: |- 6345 Optional: mode bits used to set permissions on this file, must be an octal value 6346 between 0000 and 0777 or a decimal value between 0 and 511. 6347 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 6348 If not specified, the volume defaultMode will be used. 6349 This might be in conflict with other options that affect the file 6350 mode, like fsGroup, and the result can be other mode bits set. 6351 format: int32 6352 type: integer 6353 path: 6354 description: 'Required: Path is the 6355 relative path name of the file to 6356 be created. Must not be absolute or 6357 contain the ''..'' path. Must be utf-8 6358 encoded. The first item of the relative 6359 path must not start with ''..''' 6360 type: string 6361 resourceFieldRef: 6362 description: |- 6363 Selects a resource of the container: only resources limits and requests 6364 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 6365 properties: 6366 containerName: 6367 description: 'Container name: required 6368 for volumes, optional for env 6369 vars' 6370 type: string 6371 divisor: 6372 anyOf: 6373 - type: integer 6374 - type: string 6375 description: Specifies the output 6376 format of the exposed resources, 6377 defaults to "1" 6378 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6379 x-kubernetes-int-or-string: true 6380 resource: 6381 description: 'Required: resource 6382 to select' 6383 type: string 6384 required: 6385 - resource 6386 type: object 6387 x-kubernetes-map-type: atomic 6388 required: 6389 - path 6390 type: object 6391 type: array 6392 type: object 6393 emptyDir: 6394 description: |- 6395 emptyDir represents a temporary directory that shares a pod's lifetime. 6396 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6397 properties: 6398 medium: 6399 description: |- 6400 medium represents what type of storage medium should back this directory. 6401 The default is "" which means to use the node's default medium. 6402 Must be an empty string (default) or Memory. 6403 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6404 type: string 6405 sizeLimit: 6406 anyOf: 6407 - type: integer 6408 - type: string 6409 description: |- 6410 sizeLimit is the total amount of local storage required for this EmptyDir volume. 6411 The size limit is also applicable for memory medium. 6412 The maximum usage on memory medium EmptyDir would be the minimum value between 6413 the SizeLimit specified here and the sum of memory limits of all containers in a pod. 6414 The default is nil which means that the limit is undefined. 6415 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir 6416 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6417 x-kubernetes-int-or-string: true 6418 type: object 6419 ephemeral: 6420 description: |- 6421 ephemeral represents a volume that is handled by a cluster storage driver. 6422 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, 6423 and deleted when the pod is removed. 6424 6425 6426 Use this if: 6427 a) the volume is only needed while the pod runs, 6428 b) features of normal volumes like restoring from snapshot or capacity 6429 tracking are needed, 6430 c) the storage driver is specified through a storage class, and 6431 d) the storage driver supports dynamic volume provisioning through 6432 a PersistentVolumeClaim (see EphemeralVolumeSource for more 6433 information on the connection between this volume type 6434 and PersistentVolumeClaim). 6435 6436 6437 Use PersistentVolumeClaim or one of the vendor-specific 6438 APIs for volumes that persist for longer than the lifecycle 6439 of an individual pod. 6440 6441 6442 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to 6443 be used that way - see the documentation of the driver for 6444 more information. 6445 6446 6447 A pod can use both types of ephemeral volumes and 6448 persistent volumes at the same time. 6449 properties: 6450 volumeClaimTemplate: 6451 description: |- 6452 Will be used to create a stand-alone PVC to provision the volume. 6453 The pod in which this EphemeralVolumeSource is embedded will be the 6454 owner of the PVC, i.e. the PVC will be deleted together with the 6455 pod. The name of the PVC will be `<pod name>-<volume name>` where 6456 `<volume name>` is the name from the `PodSpec.Volumes` array 6457 entry. Pod validation will reject the pod if the concatenated name 6458 is not valid for a PVC (for example, too long). 6459 6460 6461 An existing PVC with that name that is not owned by the pod 6462 will *not* be used for the pod to avoid using an unrelated 6463 volume by mistake. Starting the pod is then blocked until 6464 the unrelated PVC is removed. If such a pre-created PVC is 6465 meant to be used by the pod, the PVC has to updated with an 6466 owner reference to the pod once the pod exists. Normally 6467 this should not be necessary, but it may be useful when 6468 manually reconstructing a broken cluster. 6469 6470 6471 This field is read-only and no changes will be made by Kubernetes 6472 to the PVC after it has been created. 6473 6474 6475 Required, must not be nil. 6476 properties: 6477 metadata: 6478 description: |- 6479 May contain labels and annotations that will be copied into the PVC 6480 when creating it. No other fields are allowed and will be rejected during 6481 validation. 6482 properties: 6483 annotations: 6484 additionalProperties: 6485 type: string 6486 type: object 6487 finalizers: 6488 items: 6489 type: string 6490 type: array 6491 labels: 6492 additionalProperties: 6493 type: string 6494 type: object 6495 name: 6496 type: string 6497 namespace: 6498 type: string 6499 type: object 6500 spec: 6501 description: |- 6502 The specification for the PersistentVolumeClaim. The entire content is 6503 copied unchanged into the PVC that gets created from this 6504 template. The same fields as in a PersistentVolumeClaim 6505 are also valid here. 6506 properties: 6507 accessModes: 6508 description: |- 6509 accessModes contains the desired access modes the volume should have. 6510 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 6511 items: 6512 type: string 6513 type: array 6514 dataSource: 6515 description: |- 6516 dataSource field can be used to specify either: 6517 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) 6518 * An existing PVC (PersistentVolumeClaim) 6519 If the provisioner or an external controller can support the specified data source, 6520 it will create a new volume based on the contents of the specified data source. 6521 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, 6522 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. 6523 If the namespace is specified, then dataSourceRef will not be copied to dataSource. 6524 properties: 6525 apiGroup: 6526 description: |- 6527 APIGroup is the group for the resource being referenced. 6528 If APIGroup is not specified, the specified Kind must be in the core API group. 6529 For any other third-party types, APIGroup is required. 6530 type: string 6531 kind: 6532 description: Kind is the type 6533 of resource being referenced 6534 type: string 6535 name: 6536 description: Name is the name 6537 of resource being referenced 6538 type: string 6539 required: 6540 - kind 6541 - name 6542 type: object 6543 x-kubernetes-map-type: atomic 6544 dataSourceRef: 6545 description: |- 6546 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty 6547 volume is desired. This may be any object from a non-empty API group (non 6548 core object) or a PersistentVolumeClaim object. 6549 When this field is specified, volume binding will only succeed if the type of 6550 the specified object matches some installed volume populator or dynamic 6551 provisioner. 6552 This field will replace the functionality of the dataSource field and as such 6553 if both fields are non-empty, they must have the same value. For backwards 6554 compatibility, when namespace isn't specified in dataSourceRef, 6555 both fields (dataSource and dataSourceRef) will be set to the same 6556 value automatically if one of them is empty and the other is non-empty. 6557 When namespace is specified in dataSourceRef, 6558 dataSource isn't set to the same value and must be empty. 6559 There are three important differences between dataSource and dataSourceRef: 6560 * While dataSource only allows two specific types of objects, dataSourceRef 6561 allows any non-core object, as well as PersistentVolumeClaim objects. 6562 * While dataSource ignores disallowed values (dropping them), dataSourceRef 6563 preserves all values, and generates an error if a disallowed value is 6564 specified. 6565 * While dataSource only allows local objects, dataSourceRef allows objects 6566 in any namespaces. 6567 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. 6568 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 6569 properties: 6570 apiGroup: 6571 description: |- 6572 APIGroup is the group for the resource being referenced. 6573 If APIGroup is not specified, the specified Kind must be in the core API group. 6574 For any other third-party types, APIGroup is required. 6575 type: string 6576 kind: 6577 description: Kind is the type 6578 of resource being referenced 6579 type: string 6580 name: 6581 description: Name is the name 6582 of resource being referenced 6583 type: string 6584 namespace: 6585 description: |- 6586 Namespace is the namespace of resource being referenced 6587 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. 6588 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 6589 type: string 6590 required: 6591 - kind 6592 - name 6593 type: object 6594 resources: 6595 description: |- 6596 resources represents the minimum resources the volume should have. 6597 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements 6598 that are lower than previous value but must still be higher than capacity recorded in the 6599 status field of the claim. 6600 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources 6601 properties: 6602 limits: 6603 additionalProperties: 6604 anyOf: 6605 - type: integer 6606 - type: string 6607 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6608 x-kubernetes-int-or-string: true 6609 description: |- 6610 Limits describes the maximum amount of compute resources allowed. 6611 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 6612 type: object 6613 requests: 6614 additionalProperties: 6615 anyOf: 6616 - type: integer 6617 - type: string 6618 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 6619 x-kubernetes-int-or-string: true 6620 description: |- 6621 Requests describes the minimum amount of compute resources required. 6622 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 6623 otherwise to an implementation-defined value. Requests cannot exceed Limits. 6624 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 6625 type: object 6626 type: object 6627 selector: 6628 description: selector is a label query 6629 over volumes to consider for binding. 6630 properties: 6631 matchExpressions: 6632 description: matchExpressions 6633 is a list of label selector 6634 requirements. The requirements 6635 are ANDed. 6636 items: 6637 description: |- 6638 A label selector requirement is a selector that contains values, a key, and an operator that 6639 relates the key and values. 6640 properties: 6641 key: 6642 description: key is the 6643 label key that the selector 6644 applies to. 6645 type: string 6646 operator: 6647 description: |- 6648 operator represents a key's relationship to a set of values. 6649 Valid operators are In, NotIn, Exists and DoesNotExist. 6650 type: string 6651 values: 6652 description: |- 6653 values is an array of string values. If the operator is In or NotIn, 6654 the values array must be non-empty. If the operator is Exists or DoesNotExist, 6655 the values array must be empty. This array is replaced during a strategic 6656 merge patch. 6657 items: 6658 type: string 6659 type: array 6660 required: 6661 - key 6662 - operator 6663 type: object 6664 type: array 6665 matchLabels: 6666 additionalProperties: 6667 type: string 6668 description: |- 6669 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 6670 map is equivalent to an element of matchExpressions, whose key field is "key", the 6671 operator is "In", and the values array contains only "value". The requirements are ANDed. 6672 type: object 6673 type: object 6674 x-kubernetes-map-type: atomic 6675 storageClassName: 6676 description: |- 6677 storageClassName is the name of the StorageClass required by the claim. 6678 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 6679 type: string 6680 volumeAttributesClassName: 6681 description: |- 6682 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. 6683 If specified, the CSI driver will create or update the volume with the attributes defined 6684 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, 6685 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass 6686 will be applied to the claim but it's not allowed to reset this field to empty string once it is set. 6687 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass 6688 will be set by the persistentvolume controller if it exists. 6689 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be 6690 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource 6691 exists. 6692 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass 6693 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. 6694 type: string 6695 volumeMode: 6696 description: |- 6697 volumeMode defines what type of volume is required by the claim. 6698 Value of Filesystem is implied when not included in claim spec. 6699 type: string 6700 volumeName: 6701 description: volumeName is the binding 6702 reference to the PersistentVolume 6703 backing this claim. 6704 type: string 6705 type: object 6706 required: 6707 - spec 6708 type: object 6709 type: object 6710 fc: 6711 description: fc represents a Fibre Channel resource 6712 that is attached to a kubelet's host machine 6713 and then exposed to the pod. 6714 properties: 6715 fsType: 6716 description: |- 6717 fsType is the filesystem type to mount. 6718 Must be a filesystem type supported by the host operating system. 6719 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6720 TODO: how do we prevent errors in the filesystem from compromising the machine 6721 type: string 6722 lun: 6723 description: 'lun is Optional: FC target lun 6724 number' 6725 format: int32 6726 type: integer 6727 readOnly: 6728 description: |- 6729 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force 6730 the ReadOnly setting in VolumeMounts. 6731 type: boolean 6732 targetWWNs: 6733 description: 'targetWWNs is Optional: FC target 6734 worldwide names (WWNs)' 6735 items: 6736 type: string 6737 type: array 6738 wwids: 6739 description: |- 6740 wwids Optional: FC volume world wide identifiers (wwids) 6741 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. 6742 items: 6743 type: string 6744 type: array 6745 type: object 6746 flexVolume: 6747 description: |- 6748 flexVolume represents a generic volume resource that is 6749 provisioned/attached using an exec based plugin. 6750 properties: 6751 driver: 6752 description: driver is the name of the driver 6753 to use for this volume. 6754 type: string 6755 fsType: 6756 description: |- 6757 fsType is the filesystem type to mount. 6758 Must be a filesystem type supported by the host operating system. 6759 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 6760 type: string 6761 options: 6762 additionalProperties: 6763 type: string 6764 description: 'options is Optional: this field 6765 holds extra command options if any.' 6766 type: object 6767 readOnly: 6768 description: |- 6769 readOnly is Optional: defaults to false (read/write). ReadOnly here will force 6770 the ReadOnly setting in VolumeMounts. 6771 type: boolean 6772 secretRef: 6773 description: |- 6774 secretRef is Optional: secretRef is reference to the secret object containing 6775 sensitive information to pass to the plugin scripts. This may be 6776 empty if no secret object is specified. If the secret object 6777 contains more than one secret, all secrets are passed to the plugin 6778 scripts. 6779 properties: 6780 name: 6781 description: |- 6782 Name of the referent. 6783 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6784 TODO: Add other useful fields. apiVersion, kind, uid? 6785 type: string 6786 type: object 6787 x-kubernetes-map-type: atomic 6788 required: 6789 - driver 6790 type: object 6791 flocker: 6792 description: flocker represents a Flocker volume 6793 attached to a kubelet's host machine. This depends 6794 on the Flocker control service being running 6795 properties: 6796 datasetName: 6797 description: |- 6798 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker 6799 should be considered as deprecated 6800 type: string 6801 datasetUUID: 6802 description: datasetUUID is the UUID of the 6803 dataset. This is unique identifier of a 6804 Flocker dataset 6805 type: string 6806 type: object 6807 gcePersistentDisk: 6808 description: |- 6809 gcePersistentDisk represents a GCE Disk resource that is attached to a 6810 kubelet's host machine and then exposed to the pod. 6811 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6812 properties: 6813 fsType: 6814 description: |- 6815 fsType is filesystem type of the volume that you want to mount. 6816 Tip: Ensure that the filesystem type is supported by the host operating system. 6817 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6818 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6819 TODO: how do we prevent errors in the filesystem from compromising the machine 6820 type: string 6821 partition: 6822 description: |- 6823 partition is the partition in the volume that you want to mount. 6824 If omitted, the default is to mount by volume name. 6825 Examples: For volume /dev/sda1, you specify the partition as "1". 6826 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). 6827 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6828 format: int32 6829 type: integer 6830 pdName: 6831 description: |- 6832 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. 6833 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6834 type: string 6835 readOnly: 6836 description: |- 6837 readOnly here will force the ReadOnly setting in VolumeMounts. 6838 Defaults to false. 6839 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk 6840 type: boolean 6841 required: 6842 - pdName 6843 type: object 6844 gitRepo: 6845 description: |- 6846 gitRepo represents a git repository at a particular revision. 6847 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an 6848 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir 6849 into the Pod's container. 6850 properties: 6851 directory: 6852 description: |- 6853 directory is the target directory name. 6854 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the 6855 git repository. Otherwise, if specified, the volume will contain the git repository in 6856 the subdirectory with the given name. 6857 type: string 6858 repository: 6859 description: repository is the URL 6860 type: string 6861 revision: 6862 description: revision is the commit hash for 6863 the specified revision. 6864 type: string 6865 required: 6866 - repository 6867 type: object 6868 glusterfs: 6869 description: |- 6870 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. 6871 More info: https://examples.k8s.io/volumes/glusterfs/README.md 6872 properties: 6873 endpoints: 6874 description: |- 6875 endpoints is the endpoint name that details Glusterfs topology. 6876 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6877 type: string 6878 path: 6879 description: |- 6880 path is the Glusterfs volume path. 6881 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6882 type: string 6883 readOnly: 6884 description: |- 6885 readOnly here will force the Glusterfs volume to be mounted with read-only permissions. 6886 Defaults to false. 6887 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod 6888 type: boolean 6889 required: 6890 - endpoints 6891 - path 6892 type: object 6893 hostPath: 6894 description: |- 6895 hostPath represents a pre-existing file or directory on the host 6896 machine that is directly exposed to the container. This is generally 6897 used for system agents or other privileged things that are allowed 6898 to see the host machine. Most containers will NOT need this. 6899 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6900 --- 6901 TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not 6902 mount host directories as read/write. 6903 properties: 6904 path: 6905 description: |- 6906 path of the directory on the host. 6907 If the path is a symlink, it will follow the link to the real path. 6908 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6909 type: string 6910 type: 6911 description: |- 6912 type for HostPath Volume 6913 Defaults to "" 6914 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 6915 type: string 6916 required: 6917 - path 6918 type: object 6919 iscsi: 6920 description: |- 6921 iscsi represents an ISCSI Disk resource that is attached to a 6922 kubelet's host machine and then exposed to the pod. 6923 More info: https://examples.k8s.io/volumes/iscsi/README.md 6924 properties: 6925 chapAuthDiscovery: 6926 description: chapAuthDiscovery defines whether 6927 support iSCSI Discovery CHAP authentication 6928 type: boolean 6929 chapAuthSession: 6930 description: chapAuthSession defines whether 6931 support iSCSI Session CHAP authentication 6932 type: boolean 6933 fsType: 6934 description: |- 6935 fsType is the filesystem type of the volume that you want to mount. 6936 Tip: Ensure that the filesystem type is supported by the host operating system. 6937 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 6938 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi 6939 TODO: how do we prevent errors in the filesystem from compromising the machine 6940 type: string 6941 initiatorName: 6942 description: |- 6943 initiatorName is the custom iSCSI Initiator Name. 6944 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface 6945 <target portal>:<volume name> will be created for the connection. 6946 type: string 6947 iqn: 6948 description: iqn is the target iSCSI Qualified 6949 Name. 6950 type: string 6951 iscsiInterface: 6952 description: |- 6953 iscsiInterface is the interface Name that uses an iSCSI transport. 6954 Defaults to 'default' (tcp). 6955 type: string 6956 lun: 6957 description: lun represents iSCSI Target Lun 6958 number. 6959 format: int32 6960 type: integer 6961 portals: 6962 description: |- 6963 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port 6964 is other than default (typically TCP ports 860 and 3260). 6965 items: 6966 type: string 6967 type: array 6968 readOnly: 6969 description: |- 6970 readOnly here will force the ReadOnly setting in VolumeMounts. 6971 Defaults to false. 6972 type: boolean 6973 secretRef: 6974 description: secretRef is the CHAP Secret 6975 for iSCSI target and initiator authentication 6976 properties: 6977 name: 6978 description: |- 6979 Name of the referent. 6980 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 6981 TODO: Add other useful fields. apiVersion, kind, uid? 6982 type: string 6983 type: object 6984 x-kubernetes-map-type: atomic 6985 targetPortal: 6986 description: |- 6987 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port 6988 is other than default (typically TCP ports 860 and 3260). 6989 type: string 6990 required: 6991 - iqn 6992 - lun 6993 - targetPortal 6994 type: object 6995 name: 6996 description: |- 6997 name of the volume. 6998 Must be a DNS_LABEL and unique within the pod. 6999 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7000 type: string 7001 nfs: 7002 description: |- 7003 nfs represents an NFS mount on the host that shares a pod's lifetime 7004 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7005 properties: 7006 path: 7007 description: |- 7008 path that is exported by the NFS server. 7009 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7010 type: string 7011 readOnly: 7012 description: |- 7013 readOnly here will force the NFS export to be mounted with read-only permissions. 7014 Defaults to false. 7015 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7016 type: boolean 7017 server: 7018 description: |- 7019 server is the hostname or IP address of the NFS server. 7020 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs 7021 type: string 7022 required: 7023 - path 7024 - server 7025 type: object 7026 persistentVolumeClaim: 7027 description: |- 7028 persistentVolumeClaimVolumeSource represents a reference to a 7029 PersistentVolumeClaim in the same namespace. 7030 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7031 properties: 7032 claimName: 7033 description: |- 7034 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. 7035 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims 7036 type: string 7037 readOnly: 7038 description: |- 7039 readOnly Will force the ReadOnly setting in VolumeMounts. 7040 Default false. 7041 type: boolean 7042 required: 7043 - claimName 7044 type: object 7045 photonPersistentDisk: 7046 description: photonPersistentDisk represents a 7047 PhotonController persistent disk attached and 7048 mounted on kubelets host machine 7049 properties: 7050 fsType: 7051 description: |- 7052 fsType is the filesystem type to mount. 7053 Must be a filesystem type supported by the host operating system. 7054 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7055 type: string 7056 pdID: 7057 description: pdID is the ID that identifies 7058 Photon Controller persistent disk 7059 type: string 7060 required: 7061 - pdID 7062 type: object 7063 portworxVolume: 7064 description: portworxVolume represents a portworx 7065 volume attached and mounted on kubelets host 7066 machine 7067 properties: 7068 fsType: 7069 description: |- 7070 fSType represents the filesystem type to mount 7071 Must be a filesystem type supported by the host operating system. 7072 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 7073 type: string 7074 readOnly: 7075 description: |- 7076 readOnly defaults to false (read/write). ReadOnly here will force 7077 the ReadOnly setting in VolumeMounts. 7078 type: boolean 7079 volumeID: 7080 description: volumeID uniquely identifies 7081 a Portworx volume 7082 type: string 7083 required: 7084 - volumeID 7085 type: object 7086 projected: 7087 description: projected items for all in one resources 7088 secrets, configmaps, and downward API 7089 properties: 7090 defaultMode: 7091 description: |- 7092 defaultMode are the mode bits used to set permissions on created files by default. 7093 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7094 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7095 Directories within the path are not affected by this setting. 7096 This might be in conflict with other options that affect the file 7097 mode, like fsGroup, and the result can be other mode bits set. 7098 format: int32 7099 type: integer 7100 sources: 7101 description: sources is the list of volume 7102 projections 7103 items: 7104 description: Projection that may be projected 7105 along with other supported volume types 7106 properties: 7107 clusterTrustBundle: 7108 description: |- 7109 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field 7110 of ClusterTrustBundle objects in an auto-updating file. 7111 7112 7113 Alpha, gated by the ClusterTrustBundleProjection feature gate. 7114 7115 7116 ClusterTrustBundle objects can either be selected by name, or by the 7117 combination of signer name and a label selector. 7118 7119 7120 Kubelet performs aggressive normalization of the PEM contents written 7121 into the pod filesystem. Esoteric PEM features such as inter-block 7122 comments and block headers are stripped. Certificates are deduplicated. 7123 The ordering of certificates within the file is arbitrary, and Kubelet 7124 may change the order over time. 7125 properties: 7126 labelSelector: 7127 description: |- 7128 Select all ClusterTrustBundles that match this label selector. Only has 7129 effect if signerName is set. Mutually-exclusive with name. If unset, 7130 interpreted as "match nothing". If set but empty, interpreted as "match 7131 everything". 7132 properties: 7133 matchExpressions: 7134 description: matchExpressions 7135 is a list of label selector 7136 requirements. The requirements 7137 are ANDed. 7138 items: 7139 description: |- 7140 A label selector requirement is a selector that contains values, a key, and an operator that 7141 relates the key and values. 7142 properties: 7143 key: 7144 description: key is the 7145 label key that the selector 7146 applies to. 7147 type: string 7148 operator: 7149 description: |- 7150 operator represents a key's relationship to a set of values. 7151 Valid operators are In, NotIn, Exists and DoesNotExist. 7152 type: string 7153 values: 7154 description: |- 7155 values is an array of string values. If the operator is In or NotIn, 7156 the values array must be non-empty. If the operator is Exists or DoesNotExist, 7157 the values array must be empty. This array is replaced during a strategic 7158 merge patch. 7159 items: 7160 type: string 7161 type: array 7162 required: 7163 - key 7164 - operator 7165 type: object 7166 type: array 7167 matchLabels: 7168 additionalProperties: 7169 type: string 7170 description: |- 7171 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 7172 map is equivalent to an element of matchExpressions, whose key field is "key", the 7173 operator is "In", and the values array contains only "value". The requirements are ANDed. 7174 type: object 7175 type: object 7176 x-kubernetes-map-type: atomic 7177 name: 7178 description: |- 7179 Select a single ClusterTrustBundle by object name. Mutually-exclusive 7180 with signerName and labelSelector. 7181 type: string 7182 optional: 7183 description: |- 7184 If true, don't block pod startup if the referenced ClusterTrustBundle(s) 7185 aren't available. If using name, then the named ClusterTrustBundle is 7186 allowed not to exist. If using signerName, then the combination of 7187 signerName and labelSelector is allowed to match zero 7188 ClusterTrustBundles. 7189 type: boolean 7190 path: 7191 description: Relative path from 7192 the volume root to write the bundle. 7193 type: string 7194 signerName: 7195 description: |- 7196 Select all ClusterTrustBundles that match this signer name. 7197 Mutually-exclusive with name. The contents of all selected 7198 ClusterTrustBundles will be unified and deduplicated. 7199 type: string 7200 required: 7201 - path 7202 type: object 7203 configMap: 7204 description: configMap information about 7205 the configMap data to project 7206 properties: 7207 items: 7208 description: |- 7209 items if unspecified, each key-value pair in the Data field of the referenced 7210 ConfigMap will be projected into the volume as a file whose name is the 7211 key and content is the value. If specified, the listed keys will be 7212 projected into the specified paths, and unlisted keys will not be 7213 present. If a key is specified which is not present in the ConfigMap, 7214 the volume setup will error unless it is marked optional. Paths must be 7215 relative and may not contain the '..' path or start with '..'. 7216 items: 7217 description: Maps a string key 7218 to a path within a volume. 7219 properties: 7220 key: 7221 description: key is the key 7222 to project. 7223 type: string 7224 mode: 7225 description: |- 7226 mode is Optional: mode bits used to set permissions on this file. 7227 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7228 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7229 If not specified, the volume defaultMode will be used. 7230 This might be in conflict with other options that affect the file 7231 mode, like fsGroup, and the result can be other mode bits set. 7232 format: int32 7233 type: integer 7234 path: 7235 description: |- 7236 path is the relative path of the file to map the key to. 7237 May not be an absolute path. 7238 May not contain the path element '..'. 7239 May not start with the string '..'. 7240 type: string 7241 required: 7242 - key 7243 - path 7244 type: object 7245 type: array 7246 name: 7247 description: |- 7248 Name of the referent. 7249 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7250 TODO: Add other useful fields. apiVersion, kind, uid? 7251 type: string 7252 optional: 7253 description: optional specify whether 7254 the ConfigMap or its keys must 7255 be defined 7256 type: boolean 7257 type: object 7258 x-kubernetes-map-type: atomic 7259 downwardAPI: 7260 description: downwardAPI information 7261 about the downwardAPI data to project 7262 properties: 7263 items: 7264 description: Items is a list of 7265 DownwardAPIVolume file 7266 items: 7267 description: DownwardAPIVolumeFile 7268 represents information to create 7269 the file containing the pod 7270 field 7271 properties: 7272 fieldRef: 7273 description: 'Required: Selects 7274 a field of the pod: only 7275 annotations, labels, name 7276 and namespace are supported.' 7277 properties: 7278 apiVersion: 7279 description: Version of 7280 the schema the FieldPath 7281 is written in terms 7282 of, defaults to "v1". 7283 type: string 7284 fieldPath: 7285 description: Path of the 7286 field to select in the 7287 specified API version. 7288 type: string 7289 required: 7290 - fieldPath 7291 type: object 7292 x-kubernetes-map-type: atomic 7293 mode: 7294 description: |- 7295 Optional: mode bits used to set permissions on this file, must be an octal value 7296 between 0000 and 0777 or a decimal value between 0 and 511. 7297 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7298 If not specified, the volume defaultMode will be used. 7299 This might be in conflict with other options that affect the file 7300 mode, like fsGroup, and the result can be other mode bits set. 7301 format: int32 7302 type: integer 7303 path: 7304 description: 'Required: Path 7305 is the relative path name 7306 of the file to be created. 7307 Must not be absolute or 7308 contain the ''..'' path. 7309 Must be utf-8 encoded. The 7310 first item of the relative 7311 path must not start with 7312 ''..''' 7313 type: string 7314 resourceFieldRef: 7315 description: |- 7316 Selects a resource of the container: only resources limits and requests 7317 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. 7318 properties: 7319 containerName: 7320 description: 'Container 7321 name: required for volumes, 7322 optional for env vars' 7323 type: string 7324 divisor: 7325 anyOf: 7326 - type: integer 7327 - type: string 7328 description: Specifies 7329 the output format of 7330 the exposed resources, 7331 defaults to "1" 7332 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7333 x-kubernetes-int-or-string: true 7334 resource: 7335 description: 'Required: 7336 resource to select' 7337 type: string 7338 required: 7339 - resource 7340 type: object 7341 x-kubernetes-map-type: atomic 7342 required: 7343 - path 7344 type: object 7345 type: array 7346 type: object 7347 secret: 7348 description: secret information about 7349 the secret data to project 7350 properties: 7351 items: 7352 description: |- 7353 items if unspecified, each key-value pair in the Data field of the referenced 7354 Secret will be projected into the volume as a file whose name is the 7355 key and content is the value. If specified, the listed keys will be 7356 projected into the specified paths, and unlisted keys will not be 7357 present. If a key is specified which is not present in the Secret, 7358 the volume setup will error unless it is marked optional. Paths must be 7359 relative and may not contain the '..' path or start with '..'. 7360 items: 7361 description: Maps a string key 7362 to a path within a volume. 7363 properties: 7364 key: 7365 description: key is the key 7366 to project. 7367 type: string 7368 mode: 7369 description: |- 7370 mode is Optional: mode bits used to set permissions on this file. 7371 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7372 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7373 If not specified, the volume defaultMode will be used. 7374 This might be in conflict with other options that affect the file 7375 mode, like fsGroup, and the result can be other mode bits set. 7376 format: int32 7377 type: integer 7378 path: 7379 description: |- 7380 path is the relative path of the file to map the key to. 7381 May not be an absolute path. 7382 May not contain the path element '..'. 7383 May not start with the string '..'. 7384 type: string 7385 required: 7386 - key 7387 - path 7388 type: object 7389 type: array 7390 name: 7391 description: |- 7392 Name of the referent. 7393 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7394 TODO: Add other useful fields. apiVersion, kind, uid? 7395 type: string 7396 optional: 7397 description: optional field specify 7398 whether the Secret or its key 7399 must be defined 7400 type: boolean 7401 type: object 7402 x-kubernetes-map-type: atomic 7403 serviceAccountToken: 7404 description: serviceAccountToken is 7405 information about the serviceAccountToken 7406 data to project 7407 properties: 7408 audience: 7409 description: |- 7410 audience is the intended audience of the token. A recipient of a token 7411 must identify itself with an identifier specified in the audience of the 7412 token, and otherwise should reject the token. The audience defaults to the 7413 identifier of the apiserver. 7414 type: string 7415 expirationSeconds: 7416 description: |- 7417 expirationSeconds is the requested duration of validity of the service 7418 account token. As the token approaches expiration, the kubelet volume 7419 plugin will proactively rotate the service account token. The kubelet will 7420 start trying to rotate the token if the token is older than 80 percent of 7421 its time to live or if the token is older than 24 hours.Defaults to 1 hour 7422 and must be at least 10 minutes. 7423 format: int64 7424 type: integer 7425 path: 7426 description: |- 7427 path is the path relative to the mount point of the file to project the 7428 token into. 7429 type: string 7430 required: 7431 - path 7432 type: object 7433 type: object 7434 type: array 7435 type: object 7436 quobyte: 7437 description: quobyte represents a Quobyte mount 7438 on the host that shares a pod's lifetime 7439 properties: 7440 group: 7441 description: |- 7442 group to map volume access to 7443 Default is no group 7444 type: string 7445 readOnly: 7446 description: |- 7447 readOnly here will force the Quobyte volume to be mounted with read-only permissions. 7448 Defaults to false. 7449 type: boolean 7450 registry: 7451 description: |- 7452 registry represents a single or multiple Quobyte Registry services 7453 specified as a string as host:port pair (multiple entries are separated with commas) 7454 which acts as the central registry for volumes 7455 type: string 7456 tenant: 7457 description: |- 7458 tenant owning the given Quobyte volume in the Backend 7459 Used with dynamically provisioned Quobyte volumes, value is set by the plugin 7460 type: string 7461 user: 7462 description: |- 7463 user to map volume access to 7464 Defaults to serivceaccount user 7465 type: string 7466 volume: 7467 description: volume is a string that references 7468 an already created Quobyte volume by name. 7469 type: string 7470 required: 7471 - registry 7472 - volume 7473 type: object 7474 rbd: 7475 description: |- 7476 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. 7477 More info: https://examples.k8s.io/volumes/rbd/README.md 7478 properties: 7479 fsType: 7480 description: |- 7481 fsType is the filesystem type of the volume that you want to mount. 7482 Tip: Ensure that the filesystem type is supported by the host operating system. 7483 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7484 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd 7485 TODO: how do we prevent errors in the filesystem from compromising the machine 7486 type: string 7487 image: 7488 description: |- 7489 image is the rados image name. 7490 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7491 type: string 7492 keyring: 7493 description: |- 7494 keyring is the path to key ring for RBDUser. 7495 Default is /etc/ceph/keyring. 7496 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7497 type: string 7498 monitors: 7499 description: |- 7500 monitors is a collection of Ceph monitors. 7501 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7502 items: 7503 type: string 7504 type: array 7505 pool: 7506 description: |- 7507 pool is the rados pool name. 7508 Default is rbd. 7509 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7510 type: string 7511 readOnly: 7512 description: |- 7513 readOnly here will force the ReadOnly setting in VolumeMounts. 7514 Defaults to false. 7515 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7516 type: boolean 7517 secretRef: 7518 description: |- 7519 secretRef is name of the authentication secret for RBDUser. If provided 7520 overrides keyring. 7521 Default is nil. 7522 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7523 properties: 7524 name: 7525 description: |- 7526 Name of the referent. 7527 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7528 TODO: Add other useful fields. apiVersion, kind, uid? 7529 type: string 7530 type: object 7531 x-kubernetes-map-type: atomic 7532 user: 7533 description: |- 7534 user is the rados user name. 7535 Default is admin. 7536 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it 7537 type: string 7538 required: 7539 - image 7540 - monitors 7541 type: object 7542 scaleIO: 7543 description: scaleIO represents a ScaleIO persistent 7544 volume attached and mounted on Kubernetes nodes. 7545 properties: 7546 fsType: 7547 description: |- 7548 fsType is the filesystem type to mount. 7549 Must be a filesystem type supported by the host operating system. 7550 Ex. "ext4", "xfs", "ntfs". 7551 Default is "xfs". 7552 type: string 7553 gateway: 7554 description: gateway is the host address of 7555 the ScaleIO API Gateway. 7556 type: string 7557 protectionDomain: 7558 description: protectionDomain is the name 7559 of the ScaleIO Protection Domain for the 7560 configured storage. 7561 type: string 7562 readOnly: 7563 description: |- 7564 readOnly Defaults to false (read/write). ReadOnly here will force 7565 the ReadOnly setting in VolumeMounts. 7566 type: boolean 7567 secretRef: 7568 description: |- 7569 secretRef references to the secret for ScaleIO user and other 7570 sensitive information. If this is not provided, Login operation will fail. 7571 properties: 7572 name: 7573 description: |- 7574 Name of the referent. 7575 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7576 TODO: Add other useful fields. apiVersion, kind, uid? 7577 type: string 7578 type: object 7579 x-kubernetes-map-type: atomic 7580 sslEnabled: 7581 description: sslEnabled Flag enable/disable 7582 SSL communication with Gateway, default 7583 false 7584 type: boolean 7585 storageMode: 7586 description: |- 7587 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. 7588 Default is ThinProvisioned. 7589 type: string 7590 storagePool: 7591 description: storagePool is the ScaleIO Storage 7592 Pool associated with the protection domain. 7593 type: string 7594 system: 7595 description: system is the name of the storage 7596 system as configured in ScaleIO. 7597 type: string 7598 volumeName: 7599 description: |- 7600 volumeName is the name of a volume already created in the ScaleIO system 7601 that is associated with this volume source. 7602 type: string 7603 required: 7604 - gateway 7605 - secretRef 7606 - system 7607 type: object 7608 secret: 7609 description: |- 7610 secret represents a secret that should populate this volume. 7611 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 7612 properties: 7613 defaultMode: 7614 description: |- 7615 defaultMode is Optional: mode bits used to set permissions on created files by default. 7616 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7617 YAML accepts both octal and decimal values, JSON requires decimal values 7618 for mode bits. Defaults to 0644. 7619 Directories within the path are not affected by this setting. 7620 This might be in conflict with other options that affect the file 7621 mode, like fsGroup, and the result can be other mode bits set. 7622 format: int32 7623 type: integer 7624 items: 7625 description: |- 7626 items If unspecified, each key-value pair in the Data field of the referenced 7627 Secret will be projected into the volume as a file whose name is the 7628 key and content is the value. If specified, the listed keys will be 7629 projected into the specified paths, and unlisted keys will not be 7630 present. If a key is specified which is not present in the Secret, 7631 the volume setup will error unless it is marked optional. Paths must be 7632 relative and may not contain the '..' path or start with '..'. 7633 items: 7634 description: Maps a string key to a path 7635 within a volume. 7636 properties: 7637 key: 7638 description: key is the key to project. 7639 type: string 7640 mode: 7641 description: |- 7642 mode is Optional: mode bits used to set permissions on this file. 7643 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. 7644 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. 7645 If not specified, the volume defaultMode will be used. 7646 This might be in conflict with other options that affect the file 7647 mode, like fsGroup, and the result can be other mode bits set. 7648 format: int32 7649 type: integer 7650 path: 7651 description: |- 7652 path is the relative path of the file to map the key to. 7653 May not be an absolute path. 7654 May not contain the path element '..'. 7655 May not start with the string '..'. 7656 type: string 7657 required: 7658 - key 7659 - path 7660 type: object 7661 type: array 7662 optional: 7663 description: optional field specify whether 7664 the Secret or its keys must be defined 7665 type: boolean 7666 secretName: 7667 description: |- 7668 secretName is the name of the secret in the pod's namespace to use. 7669 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret 7670 type: string 7671 type: object 7672 storageos: 7673 description: storageOS represents a StorageOS 7674 volume attached and mounted on Kubernetes nodes. 7675 properties: 7676 fsType: 7677 description: |- 7678 fsType is the filesystem type to mount. 7679 Must be a filesystem type supported by the host operating system. 7680 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7681 type: string 7682 readOnly: 7683 description: |- 7684 readOnly defaults to false (read/write). ReadOnly here will force 7685 the ReadOnly setting in VolumeMounts. 7686 type: boolean 7687 secretRef: 7688 description: |- 7689 secretRef specifies the secret to use for obtaining the StorageOS API 7690 credentials. If not specified, default values will be attempted. 7691 properties: 7692 name: 7693 description: |- 7694 Name of the referent. 7695 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 7696 TODO: Add other useful fields. apiVersion, kind, uid? 7697 type: string 7698 type: object 7699 x-kubernetes-map-type: atomic 7700 volumeName: 7701 description: |- 7702 volumeName is the human-readable name of the StorageOS volume. Volume 7703 names are only unique within a namespace. 7704 type: string 7705 volumeNamespace: 7706 description: |- 7707 volumeNamespace specifies the scope of the volume within StorageOS. If no 7708 namespace is specified then the Pod's namespace will be used. This allows the 7709 Kubernetes name scoping to be mirrored within StorageOS for tighter integration. 7710 Set VolumeName to any name to override the default behaviour. 7711 Set to "default" if you are not using namespaces within StorageOS. 7712 Namespaces that do not pre-exist within StorageOS will be created. 7713 type: string 7714 type: object 7715 vsphereVolume: 7716 description: vsphereVolume represents a vSphere 7717 volume attached and mounted on kubelets host 7718 machine 7719 properties: 7720 fsType: 7721 description: |- 7722 fsType is filesystem type to mount. 7723 Must be a filesystem type supported by the host operating system. 7724 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 7725 type: string 7726 storagePolicyID: 7727 description: storagePolicyID is the storage 7728 Policy Based Management (SPBM) profile ID 7729 associated with the StoragePolicyName. 7730 type: string 7731 storagePolicyName: 7732 description: storagePolicyName is the storage 7733 Policy Based Management (SPBM) profile name. 7734 type: string 7735 volumePath: 7736 description: volumePath is the path that identifies 7737 vSphere volume vmdk 7738 type: string 7739 required: 7740 - volumePath 7741 type: object 7742 required: 7743 - name 7744 type: object 7745 type: array 7746 required: 7747 - containers 7748 type: object 7749 type: object 7750 required: 7751 - count 7752 - name 7753 - template 7754 type: object 7755 maxItems: 8 7756 minItems: 1 7757 type: array 7758 x-kubernetes-list-map-keys: 7759 - name 7760 x-kubernetes-list-type: map 7761 priority: 7762 description: |- 7763 Priority determines the order of access to the resources managed by the 7764 ClusterQueue where the workload is queued. 7765 The priority value is populated from PriorityClassName. 7766 The higher the value, the higher the priority. 7767 If priorityClassName is specified, priority must not be null. 7768 format: int32 7769 type: integer 7770 priorityClassName: 7771 description: |- 7772 If specified, indicates the workload's priority. 7773 "system-node-critical" and "system-cluster-critical" are two special 7774 keywords which indicate the highest priorities with the former being 7775 the highest priority. Any other name must be defined by creating a 7776 PriorityClass object with that name. If not specified, the workload 7777 priority will be default or zero if there is no default. 7778 type: string 7779 priorityClassSource: 7780 default: "" 7781 description: |- 7782 priorityClassSource determines whether the priorityClass field refers to a pod PriorityClass or kueue.x-k8s.io/workloadpriorityclass. 7783 Workload's PriorityClass can accept the name of a pod priorityClass or a workloadPriorityClass. 7784 When using pod PriorityClass, a priorityClassSource field has the scheduling.k8s.io/priorityclass value. 7785 enum: 7786 - kueue.x-k8s.io/workloadpriorityclass 7787 - scheduling.k8s.io/priorityclass 7788 - "" 7789 type: string 7790 queueName: 7791 description: |- 7792 queueName is the name of the LocalQueue the Workload is associated with. 7793 queueName cannot be changed while .status.admission is not null. 7794 type: string 7795 required: 7796 - podSets 7797 type: object 7798 status: 7799 description: WorkloadStatus defines the observed state of Workload 7800 properties: 7801 admission: 7802 description: |- 7803 admission holds the parameters of the admission of the workload by a 7804 ClusterQueue. admission can be set back to null, but its fields cannot be 7805 changed once set. 7806 properties: 7807 clusterQueue: 7808 description: clusterQueue is the name of the ClusterQueue that 7809 admitted this workload. 7810 type: string 7811 podSetAssignments: 7812 description: PodSetAssignments hold the admission results for 7813 each of the .spec.podSets entries. 7814 items: 7815 properties: 7816 count: 7817 description: |- 7818 count is the number of pods taken into account at admission time. 7819 This field will not change in case of quota reclaim. 7820 Value could be missing for Workloads created before this field was added, 7821 in that case spec.podSets[*].count value will be used. 7822 format: int32 7823 minimum: 0 7824 type: integer 7825 flavors: 7826 additionalProperties: 7827 description: ResourceFlavorReference is the name of the 7828 ResourceFlavor. 7829 type: string 7830 description: Flavors are the flavors assigned to the workload 7831 for each resource. 7832 type: object 7833 name: 7834 default: main 7835 description: Name is the name of the podSet. It should match 7836 one of the names in .spec.podSets. 7837 type: string 7838 resourceUsage: 7839 additionalProperties: 7840 anyOf: 7841 - type: integer 7842 - type: string 7843 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 7844 x-kubernetes-int-or-string: true 7845 description: |- 7846 resourceUsage keeps track of the total resources all the pods in the podset need to run. 7847 7848 7849 Beside what is provided in podSet's specs, this calculation takes into account 7850 the LimitRange defaults and RuntimeClass overheads at the moment of admission. 7851 This field will not change in case of quota reclaim. 7852 type: object 7853 required: 7854 - name 7855 type: object 7856 type: array 7857 x-kubernetes-list-map-keys: 7858 - name 7859 x-kubernetes-list-type: map 7860 required: 7861 - clusterQueue 7862 - podSetAssignments 7863 type: object 7864 admissionChecks: 7865 description: admissionChecks list all the admission checks required 7866 by the workload and the current status 7867 items: 7868 properties: 7869 lastTransitionTime: 7870 description: |- 7871 lastTransitionTime is the last time the condition transitioned from one status to another. 7872 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 7873 format: date-time 7874 type: string 7875 message: 7876 description: |- 7877 message is a human readable message indicating details about the transition. 7878 This may be an empty string. 7879 maxLength: 32768 7880 type: string 7881 name: 7882 description: name identifies the admission check. 7883 maxLength: 316 7884 type: string 7885 podSetUpdates: 7886 items: 7887 description: |- 7888 PodSetUpdate contains a list of pod set modifications suggested by AdmissionChecks. 7889 The modifications should be additive only - modifications of already existing keys 7890 or having the same key provided by multiple AdmissionChecks is not allowed and will 7891 result in failure during workload admission. 7892 properties: 7893 annotations: 7894 additionalProperties: 7895 type: string 7896 type: object 7897 labels: 7898 additionalProperties: 7899 type: string 7900 type: object 7901 name: 7902 description: Name of the PodSet to modify. Should match 7903 to one of the Workload's PodSets. 7904 type: string 7905 nodeSelector: 7906 additionalProperties: 7907 type: string 7908 type: object 7909 tolerations: 7910 items: 7911 description: |- 7912 The pod this Toleration is attached to tolerates any taint that matches 7913 the triple <key,value,effect> using the matching operator <operator>. 7914 properties: 7915 effect: 7916 description: |- 7917 Effect indicates the taint effect to match. Empty means match all taint effects. 7918 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 7919 type: string 7920 key: 7921 description: |- 7922 Key is the taint key that the toleration applies to. Empty means match all taint keys. 7923 If the key is empty, operator must be Exists; this combination means to match all values and all keys. 7924 type: string 7925 operator: 7926 description: |- 7927 Operator represents a key's relationship to the value. 7928 Valid operators are Exists and Equal. Defaults to Equal. 7929 Exists is equivalent to wildcard for value, so that a pod can 7930 tolerate all taints of a particular category. 7931 type: string 7932 tolerationSeconds: 7933 description: |- 7934 TolerationSeconds represents the period of time the toleration (which must be 7935 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 7936 it is not set, which means tolerate the taint forever (do not evict). Zero and 7937 negative values will be treated as 0 (evict immediately) by the system. 7938 format: int64 7939 type: integer 7940 value: 7941 description: |- 7942 Value is the taint value the toleration matches to. 7943 If the operator is Exists, the value should be empty, otherwise just a regular string. 7944 type: string 7945 type: object 7946 type: array 7947 required: 7948 - name 7949 type: object 7950 type: array 7951 x-kubernetes-list-type: atomic 7952 state: 7953 description: state of the admissionCheck, one of Pending, Ready, 7954 Retry, Rejected 7955 enum: 7956 - Pending 7957 - Ready 7958 - Retry 7959 - Rejected 7960 type: string 7961 required: 7962 - lastTransitionTime 7963 - message 7964 - name 7965 - state 7966 type: object 7967 type: array 7968 x-kubernetes-list-map-keys: 7969 - name 7970 x-kubernetes-list-type: map 7971 conditions: 7972 description: |- 7973 conditions hold the latest available observations of the Workload 7974 current state. 7975 7976 7977 The type of the condition could be: 7978 7979 7980 - Admitted: the Workload was admitted through a ClusterQueue. 7981 - Finished: the associated workload finished running (failed or succeeded). 7982 - PodsReady: at least `.spec.podSets[*].count` Pods are ready or have 7983 succeeded. 7984 items: 7985 description: "Condition contains details for one aspect of the current 7986 state of this API Resource.\n---\nThis struct is intended for 7987 direct use as an array at the field path .status.conditions. For 7988 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the 7989 observations of a foo's current state.\n\t // Known .status.conditions.type 7990 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // 7991 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t 7992 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" 7993 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t 7994 \ // other fields\n\t}" 7995 properties: 7996 lastTransitionTime: 7997 description: |- 7998 lastTransitionTime is the last time the condition transitioned from one status to another. 7999 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 8000 format: date-time 8001 type: string 8002 message: 8003 description: |- 8004 message is a human readable message indicating details about the transition. 8005 This may be an empty string. 8006 maxLength: 32768 8007 type: string 8008 observedGeneration: 8009 description: |- 8010 observedGeneration represents the .metadata.generation that the condition was set based upon. 8011 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 8012 with respect to the current state of the instance. 8013 format: int64 8014 minimum: 0 8015 type: integer 8016 reason: 8017 description: |- 8018 reason contains a programmatic identifier indicating the reason for the condition's last transition. 8019 Producers of specific condition types may define expected values and meanings for this field, 8020 and whether the values are considered a guaranteed API. 8021 The value should be a CamelCase string. 8022 This field may not be empty. 8023 maxLength: 1024 8024 minLength: 1 8025 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 8026 type: string 8027 status: 8028 description: status of the condition, one of True, False, Unknown. 8029 enum: 8030 - "True" 8031 - "False" 8032 - Unknown 8033 type: string 8034 type: 8035 description: |- 8036 type of condition in CamelCase or in foo.example.com/CamelCase. 8037 --- 8038 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be 8039 useful (see .node.status.conditions), the ability to deconflict is important. 8040 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 8041 maxLength: 316 8042 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 8043 type: string 8044 required: 8045 - lastTransitionTime 8046 - message 8047 - reason 8048 - status 8049 - type 8050 type: object 8051 type: array 8052 x-kubernetes-list-map-keys: 8053 - type 8054 x-kubernetes-list-type: map 8055 reclaimablePods: 8056 description: |- 8057 reclaimablePods keeps track of the number pods within a podset for which 8058 the resource reservation is no longer needed. 8059 items: 8060 properties: 8061 count: 8062 description: count is the number of pods for which the requested 8063 resources are no longer needed. 8064 format: int32 8065 minimum: 0 8066 type: integer 8067 name: 8068 description: name is the PodSet name. 8069 type: string 8070 required: 8071 - count 8072 - name 8073 type: object 8074 type: array 8075 x-kubernetes-list-map-keys: 8076 - name 8077 x-kubernetes-list-type: map 8078 requeueState: 8079 description: |- 8080 requeueState holds the re-queue state 8081 when a workload meets Eviction with PodsReadyTimeout reason. 8082 properties: 8083 count: 8084 description: |- 8085 count records the number of times a workload has been re-queued 8086 When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`), 8087 this count would be reset to null. 8088 format: int32 8089 minimum: 0 8090 type: integer 8091 requeueAt: 8092 description: |- 8093 requeueAt records the time when a workload will be re-queued. 8094 When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`), 8095 this time would be reset to null. 8096 format: date-time 8097 type: string 8098 type: object 8099 type: object 8100 type: object 8101 served: true 8102 storage: true 8103 subresources: 8104 status: {}